ECR / Paginator / DescribeImageScanFindings

DescribeImageScanFindings#

class ECR.Paginator.DescribeImageScanFindings#
paginator = client.get_paginator('describe_image_scan_findings')
paginate(**kwargs)#

Creates an iterator that will paginate through responses from ECR.Client.describe_image_scan_findings().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    registryId='string',
    repositoryName='string',
    imageId={
        'imageDigest': 'string',
        'imageTag': 'string'
    },
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters:
  • registryId (string) – The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

  • repositoryName (string) –

    [REQUIRED]

    The repository for the image for which to describe the scan findings.

  • imageId (dict) –

    [REQUIRED]

    An object with identifying information for an image in an Amazon ECR repository.

    • imageDigest (string) –

      The sha256 digest of the image manifest.

    • imageTag (string) –

      The tag used for the image.

  • PaginationConfig (dict) –

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) –

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) –

      The size of each page.

    • StartingToken (string) –

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type:

dict

Returns:

Response Syntax

{
    'registryId': 'string',
    'repositoryName': 'string',
    'imageId': {
        'imageDigest': 'string',
        'imageTag': 'string'
    },
    'imageScanStatus': {
        'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
        'description': 'string'
    },
    'imageScanFindings': {
        'imageScanCompletedAt': datetime(2015, 1, 1),
        'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
        'findingSeverityCounts': {
            'string': 123
        },
        'findings': [
            {
                'name': 'string',
                'description': 'string',
                'uri': 'string',
                'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
                'attributes': [
                    {
                        'key': 'string',
                        'value': 'string'
                    },
                ]
            },
        ],
        'enhancedFindings': [
            {
                'awsAccountId': 'string',
                'description': 'string',
                'findingArn': 'string',
                'firstObservedAt': datetime(2015, 1, 1),
                'lastObservedAt': datetime(2015, 1, 1),
                'packageVulnerabilityDetails': {
                    'cvss': [
                        {
                            'baseScore': 123.0,
                            'scoringVector': 'string',
                            'source': 'string',
                            'version': 'string'
                        },
                    ],
                    'referenceUrls': [
                        'string',
                    ],
                    'relatedVulnerabilities': [
                        'string',
                    ],
                    'source': 'string',
                    'sourceUrl': 'string',
                    'vendorCreatedAt': datetime(2015, 1, 1),
                    'vendorSeverity': 'string',
                    'vendorUpdatedAt': datetime(2015, 1, 1),
                    'vulnerabilityId': 'string',
                    'vulnerablePackages': [
                        {
                            'arch': 'string',
                            'epoch': 123,
                            'filePath': 'string',
                            'name': 'string',
                            'packageManager': 'string',
                            'release': 'string',
                            'sourceLayerHash': 'string',
                            'version': 'string',
                            'fixedInVersion': 'string'
                        },
                    ]
                },
                'remediation': {
                    'recommendation': {
                        'url': 'string',
                        'text': 'string'
                    }
                },
                'resources': [
                    {
                        'details': {
                            'awsEcrContainerImage': {
                                'architecture': 'string',
                                'author': 'string',
                                'imageHash': 'string',
                                'imageTags': [
                                    'string',
                                ],
                                'platform': 'string',
                                'pushedAt': datetime(2015, 1, 1),
                                'registry': 'string',
                                'repositoryName': 'string'
                            }
                        },
                        'id': 'string',
                        'tags': {
                            'string': 'string'
                        },
                        'type': 'string'
                    },
                ],
                'score': 123.0,
                'scoreDetails': {
                    'cvss': {
                        'adjustments': [
                            {
                                'metric': 'string',
                                'reason': 'string'
                            },
                        ],
                        'score': 123.0,
                        'scoreSource': 'string',
                        'scoringVector': 'string',
                        'version': 'string'
                    }
                },
                'severity': 'string',
                'status': 'string',
                'title': 'string',
                'type': 'string',
                'updatedAt': datetime(2015, 1, 1),
                'fixAvailable': 'string',
                'exploitAvailable': 'string'
            },
        ]
    },
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • registryId (string) –

      The registry ID associated with the request.

    • repositoryName (string) –

      The repository name associated with the request.

    • imageId (dict) –

      An object with identifying information for an image in an Amazon ECR repository.

      • imageDigest (string) –

        The sha256 digest of the image manifest.

      • imageTag (string) –

        The tag used for the image.

    • imageScanStatus (dict) –

      The current state of the scan.

      • status (string) –

        The current state of an image scan.

      • description (string) –

        The description of the image scan status.

    • imageScanFindings (dict) –

      The information contained in the image scan findings.

      • imageScanCompletedAt (datetime) –

        The time of the last completed image scan.

      • vulnerabilitySourceUpdatedAt (datetime) –

        The time when the vulnerability data was last scanned.

      • findingSeverityCounts (dict) –

        The image vulnerability counts, sorted by severity.

        • (string) –

          • (integer) –

      • findings (list) –

        The findings from the image scan.

        • (dict) –

          Contains information about an image scan finding.

          • name (string) –

            The name associated with the finding, usually a CVE number.

          • description (string) –

            The description of the finding.

          • uri (string) –

            A link containing additional details about the security vulnerability.

          • severity (string) –

            The finding severity.

          • attributes (list) –

            A collection of attributes of the host from which the finding is generated.

            • (dict) –

              This data type is used in the ImageScanFinding data type.

              • key (string) –

                The attribute key.

              • value (string) –

                The value assigned to the attribute key.

      • enhancedFindings (list) –

        Details about the enhanced scan findings from Amazon Inspector.

        • (dict) –

          The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.

          • awsAccountId (string) –

            The Amazon Web Services account ID associated with the image.

          • description (string) –

            The description of the finding.

          • findingArn (string) –

            The Amazon Resource Number (ARN) of the finding.

          • firstObservedAt (datetime) –

            The date and time that the finding was first observed.

          • lastObservedAt (datetime) –

            The date and time that the finding was last observed.

          • packageVulnerabilityDetails (dict) –

            An object that contains the details of a package vulnerability finding.

            • cvss (list) –

              An object that contains details about the CVSS score of a finding.

              • (dict) –

                The CVSS score for a finding.

                • baseScore (float) –

                  The base CVSS score used for the finding.

                • scoringVector (string) –

                  The vector string of the CVSS score.

                • source (string) –

                  The source of the CVSS score.

                • version (string) –

                  The version of CVSS used for the score.

            • referenceUrls (list) –

              One or more URLs that contain details about this vulnerability type.

              • (string) –

            • relatedVulnerabilities (list) –

              One or more vulnerabilities related to the one identified in this finding.

              • (string) –

            • source (string) –

              The source of the vulnerability information.

            • sourceUrl (string) –

              A URL to the source of the vulnerability information.

            • vendorCreatedAt (datetime) –

              The date and time that this vulnerability was first added to the vendor’s database.

            • vendorSeverity (string) –

              The severity the vendor has given to this vulnerability type.

            • vendorUpdatedAt (datetime) –

              The date and time the vendor last updated this vulnerability in their database.

            • vulnerabilityId (string) –

              The ID given to this vulnerability.

            • vulnerablePackages (list) –

              The packages impacted by this vulnerability.

              • (dict) –

                Information on the vulnerable package identified by a finding.

                • arch (string) –

                  The architecture of the vulnerable package.

                • epoch (integer) –

                  The epoch of the vulnerable package.

                • filePath (string) –

                  The file path of the vulnerable package.

                • name (string) –

                  The name of the vulnerable package.

                • packageManager (string) –

                  The package manager of the vulnerable package.

                • release (string) –

                  The release of the vulnerable package.

                • sourceLayerHash (string) –

                  The source layer hash of the vulnerable package.

                • version (string) –

                  The version of the vulnerable package.

                • fixedInVersion (string) –

                  The version of the package that contains the vulnerability fix.

          • remediation (dict) –

            An object that contains the details about how to remediate a finding.

            • recommendation (dict) –

              An object that contains information about the recommended course of action to remediate the finding.

              • url (string) –

                The URL address to the CVE remediation recommendations.

              • text (string) –

                The recommended course of action to remediate the finding.

          • resources (list) –

            Contains information on the resources involved in a finding.

            • (dict) –

              Details about the resource involved in a finding.

              • details (dict) –

                An object that contains details about the resource involved in a finding.

                • awsEcrContainerImage (dict) –

                  An object that contains details about the Amazon ECR container image involved in the finding.

                  • architecture (string) –

                    The architecture of the Amazon ECR container image.

                  • author (string) –

                    The image author of the Amazon ECR container image.

                  • imageHash (string) –

                    The image hash of the Amazon ECR container image.

                  • imageTags (list) –

                    The image tags attached to the Amazon ECR container image.

                    • (string) –

                  • platform (string) –

                    The platform of the Amazon ECR container image.

                  • pushedAt (datetime) –

                    The date and time the Amazon ECR container image was pushed.

                  • registry (string) –

                    The registry the Amazon ECR container image belongs to.

                  • repositoryName (string) –

                    The name of the repository the Amazon ECR container image resides in.

              • id (string) –

                The ID of the resource.

              • tags (dict) –

                The tags attached to the resource.

                • (string) –

                  • (string) –

              • type (string) –

                The type of resource.

          • score (float) –

            The Amazon Inspector score given to the finding.

          • scoreDetails (dict) –

            An object that contains details of the Amazon Inspector score.

            • cvss (dict) –

              An object that contains details about the CVSS score given to a finding.

              • adjustments (list) –

                An object that contains details about adjustment Amazon Inspector made to the CVSS score.

                • (dict) –

                  Details on adjustments Amazon Inspector made to the CVSS score for a finding.

                  • metric (string) –

                    The metric used to adjust the CVSS score.

                  • reason (string) –

                    The reason the CVSS score has been adjustment.

              • score (float) –

                The CVSS score.

              • scoreSource (string) –

                The source for the CVSS score.

              • scoringVector (string) –

                The vector for the CVSS score.

              • version (string) –

                The CVSS version used in scoring.

          • severity (string) –

            The severity of the finding.

          • status (string) –

            The status of the finding.

          • title (string) –

            The title of the finding.

          • type (string) –

            The type of the finding.

          • updatedAt (datetime) –

            The date and time the finding was last updated at.

          • fixAvailable (string) –

            Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

          • exploitAvailable (string) –

            If a finding discovered in your environment has an exploit available.

    • NextToken (string) –

      A token to resume pagination.