create_scan#

CodeGuruSecurity.Client.create_scan(**kwargs)#

Use to create a scan using code uploaded to an S3 bucket.

Request Syntax

response = client.create_scan(
    analysisType='Security'|'All',
    clientToken='string',
    resourceId={
        'codeArtifactId': 'string'
    },
    scanName='string',
    scanType='Standard'|'Express',
    tags={
        'string': 'string'
    }
)

Parameters:

analysisType (string) – The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.
clientToken (string) –
The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.

This field is autopopulated if not provided.
resourceId (dict) –
[REQUIRED]

The identifier for an input resource used to create a scan.

Note
This is a Tagged Union structure. Only one of the following top level keys can be set: codeArtifactId.
- codeArtifactId (string) –
  
  The identifier for the code file uploaded to the resource where a finding was detected.
scanName (string) –
[REQUIRED]

The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a STANDARD scan type. If not specified, it will be auto generated.
scanType (string) –
The type of scan, either Standard or Express. Defaults to Standard type if missing.

Express scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. Standard scans have standard resource limits and use the full set of detectors to analyze your code.
tags (dict) –
An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:
- A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.
- An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
- (string) –
  - (string) –

Return type:

dict

Returns:

Response Syntax

{
    'resourceId': {
        'codeArtifactId': 'string'
    },
    'runId': 'string',
    'scanName': 'string',
    'scanNameArn': 'string',
    'scanState': 'InProgress'|'Successful'|'Failed'
}

Response Structure

(dict) –
- resourceId (dict) –
  
  The identifier for the resource object that contains resources that were scanned.
  Note
  This is a Tagged Union structure. Only one of the following top level keys will be set: codeArtifactId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
  'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
  - codeArtifactId (string) –
    
    The identifier for the code file uploaded to the resource where a finding was detected.
- runId (string) –
  
  UUID that identifies the individual scan run.
- scanName (string) –
  
  The name of the scan.
- scanNameArn (string) –
  
  The ARN for the scan name.
- scanState (string) –
  
  The current state of the scan. Returns either InProgress, Successful, or Failed.

Exceptions

CodeGuruSecurity.Client.exceptions.InternalServerException
CodeGuruSecurity.Client.exceptions.ConflictException
CodeGuruSecurity.Client.exceptions.ResourceNotFoundException
CodeGuruSecurity.Client.exceptions.ThrottlingException
CodeGuruSecurity.Client.exceptions.ValidationException
CodeGuruSecurity.Client.exceptions.AccessDeniedException