Inspector2 / Client / list_coverage

list_coverage#

Inspector2.Client.list_coverage(**kwargs)#

Lists coverage details for you environment.

See also: AWS API Documentation

Request Syntax

response = client.list_coverage(
    filterCriteria={
        'accountId': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ec2InstanceTags': [
            {
                'comparison': 'EQUALS',
                'key': 'string',
                'value': 'string'
            },
        ],
        'ecrImageTags': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrRepositoryName': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionName': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionRuntime': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionTags': [
            {
                'comparison': 'EQUALS',
                'key': 'string',
                'value': 'string'
            },
        ],
        'lastScannedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'resourceId': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'resourceType': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'scanStatusCode': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'scanStatusReason': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'scanType': [
            {
                'comparison': 'EQUALS'|'NOT_EQUALS',
                'value': 'string'
            },
        ]
    },
    maxResults=123,
    nextToken='string'
)
Parameters:
  • filterCriteria (dict) –

    An object that contains details on the filters to apply to the coverage data for your environment.

    • accountId (list) –

      An array of Amazon Web Services account IDs to return coverage statistics for.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • ec2InstanceTags (list) –

      The Amazon EC2 instance tags to filter on.

      • (dict) –

        Contains details of a coverage map filter.

        • comparison (string) – [REQUIRED]

          The operator to compare coverage on.

        • key (string) – [REQUIRED]

          The tag key associated with the coverage map filter.

        • value (string) –

          The tag value associated with the coverage map filter.

    • ecrImageTags (list) –

      The Amazon ECR image tags to filter on.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • ecrRepositoryName (list) –

      The Amazon ECR repository name to filter on.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • lambdaFunctionName (list) –

      Returns coverage statistics for AWS Lambda functions filtered by function names.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • lambdaFunctionRuntime (list) –

      Returns coverage statistics for AWS Lambda functions filtered by runtime.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • lambdaFunctionTags (list) –

      Returns coverage statistics for AWS Lambda functions filtered by tag.

      • (dict) –

        Contains details of a coverage map filter.

        • comparison (string) – [REQUIRED]

          The operator to compare coverage on.

        • key (string) – [REQUIRED]

          The tag key associated with the coverage map filter.

        • value (string) –

          The tag value associated with the coverage map filter.

    • lastScannedAt (list) –

      Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range.

      • (dict) –

        Contains details of a coverage date filter.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period to filter results by.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period to filter results by.

    • resourceId (list) –

      An array of Amazon Web Services resource IDs to return coverage statistics for.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • resourceType (list) –

      An array of Amazon Web Services resource types to return coverage statistics for. The values can be AWS_EC2_INSTANCE, AWS_LAMBDA_FUNCTION or AWS_ECR_REPOSITORY.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • scanStatusCode (list) –

      The scan status code to filter on.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • scanStatusReason (list) –

      The scan status reason to filter on.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

    • scanType (list) –

      An array of Amazon Inspector scan types to return coverage statistics for.

      • (dict) –

        Contains details of a coverage string filter.

        • comparison (string) – [REQUIRED]

          The operator to compare strings on.

        • value (string) – [REQUIRED]

          The value to compare strings on.

  • maxResults (integer) – The maximum number of results to return in the response.

  • nextToken (string) – A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Return type:

dict

Returns:

Response Syntax

{
    'coveredResources': [
        {
            'accountId': 'string',
            'lastScannedAt': datetime(2015, 1, 1),
            'resourceId': 'string',
            'resourceMetadata': {
                'ec2': {
                    'amiId': 'string',
                    'platform': 'WINDOWS'|'LINUX'|'UNKNOWN',
                    'tags': {
                        'string': 'string'
                    }
                },
                'ecrImage': {
                    'tags': [
                        'string',
                    ]
                },
                'ecrRepository': {
                    'name': 'string',
                    'scanFrequency': 'MANUAL'|'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'
                },
                'lambdaFunction': {
                    'functionName': 'string',
                    'functionTags': {
                        'string': 'string'
                    },
                    'layers': [
                        'string',
                    ],
                    'runtime': 'NODEJS'|'NODEJS_12_X'|'NODEJS_14_X'|'NODEJS_16_X'|'JAVA_8'|'JAVA_8_AL2'|'JAVA_11'|'PYTHON_3_7'|'PYTHON_3_8'|'PYTHON_3_9'|'UNSUPPORTED'|'NODEJS_18_X'|'GO_1_X'|'JAVA_17'|'PYTHON_3_10'
                }
            },
            'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION',
            'scanStatus': {
                'reason': 'PENDING_INITIAL_SCAN'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'UNMANAGED_EC2_INSTANCE'|'UNSUPPORTED_OS'|'SCAN_ELIGIBILITY_EXPIRED'|'RESOURCE_TERMINATED'|'SUCCESSFUL'|'NO_RESOURCES_FOUND'|'IMAGE_SIZE_EXCEEDED'|'SCAN_FREQUENCY_MANUAL'|'SCAN_FREQUENCY_SCAN_ON_PUSH'|'EC2_INSTANCE_STOPPED'|'PENDING_DISABLE'|'NO_INVENTORY'|'STALE_INVENTORY'|'EXCLUDED_BY_TAG'|'UNSUPPORTED_RUNTIME'|'UNSUPPORTED_MEDIA_TYPE'|'UNSUPPORTED_CONFIG_FILE'|'DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED'|'DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED'|'DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED'|'DEEP_INSPECTION_NO_INVENTORY',
                'statusCode': 'ACTIVE'|'INACTIVE'
            },
            'scanType': 'NETWORK'|'PACKAGE'|'CODE'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • coveredResources (list) –

      An object that contains details on the covered resources in your environment.

      • (dict) –

        An object that contains details about a resource covered by Amazon Inspector.

        • accountId (string) –

          The Amazon Web Services account ID of the covered resource.

        • lastScannedAt (datetime) –

          The date and time the resource was last checked for vulnerabilities.

        • resourceId (string) –

          The ID of the covered resource.

        • resourceMetadata (dict) –

          An object that contains details about the metadata.

          • ec2 (dict) –

            An object that contains metadata details for an Amazon EC2 instance.

            • amiId (string) –

              The ID of the Amazon Machine Image (AMI) used to launch the instance.

            • platform (string) –

              The platform of the instance.

            • tags (dict) –

              The tags attached to the instance.

              • (string) –

                • (string) –

          • ecrImage (dict) –

            An object that contains details about the container metadata for an Amazon ECR image.

            • tags (list) –

              Tags associated with the Amazon ECR image metadata.

              • (string) –

          • ecrRepository (dict) –

            An object that contains details about the repository an Amazon ECR image resides in.

            • name (string) –

              The name of the Amazon ECR repository.

            • scanFrequency (string) –

              The frequency of scans.

          • lambdaFunction (dict) –

            An object that contains metadata details for an AWS Lambda function.

            • functionName (string) –

              The name of a function.

            • functionTags (dict) –

              The resource tags on an AWS Lambda function.

              • (string) –

                • (string) –

            • layers (list) –

              The layers for an AWS Lambda function. A Lambda function can have up to five layers.

              • (string) –

            • runtime (string) –

              An AWS Lambda function’s runtime.

        • resourceType (string) –

          The type of the covered resource.

        • scanStatus (dict) –

          The status of the scan covering the resource.

          • reason (string) –

            The reason for the scan.

          • statusCode (string) –

            The status code of the scan.

        • scanType (string) –

          The Amazon Inspector scan type covering the resource.

    • nextToken (string) –

      A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Exceptions

  • Inspector2.Client.exceptions.ValidationException

  • Inspector2.Client.exceptions.ThrottlingException

  • Inspector2.Client.exceptions.InternalServerException