CodeGuruSecurity / Client / batch_get_findings

batch_get_findings#

CodeGuruSecurity.Client.batch_get_findings(**kwargs)#

Returns a list of requested findings from standard scans.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_findings(
    findingIdentifiers=[
        {
            'findingId': 'string',
            'scanName': 'string'
        },
    ]
)
Parameters:

findingIdentifiers (list) –

[REQUIRED]

A list of finding identifiers. Each identifier consists of a scanName and a findingId. You retrieve the findingId when you call GetFindings.

  • (dict) –

    An object that contains information about a finding and the scan that generated it.

    • findingId (string) – [REQUIRED]

      The identifier for a finding.

    • scanName (string) – [REQUIRED]

      The name of the scan that generated the finding.

Return type:

dict

Returns:

Response Syntax

{
    'failedFindings': [
        {
            'errorCode': 'DUPLICATE_IDENTIFIER'|'ITEM_DOES_NOT_EXIST'|'INTERNAL_ERROR'|'INVALID_FINDING_ID'|'INVALID_SCAN_NAME',
            'findingId': 'string',
            'message': 'string',
            'scanName': 'string'
        },
    ],
    'findings': [
        {
            'createdAt': datetime(2015, 1, 1),
            'description': 'string',
            'detectorId': 'string',
            'detectorName': 'string',
            'detectorTags': [
                'string',
            ],
            'generatorId': 'string',
            'id': 'string',
            'remediation': {
                'recommendation': {
                    'text': 'string',
                    'url': 'string'
                },
                'suggestedFixes': [
                    {
                        'code': 'string',
                        'description': 'string'
                    },
                ]
            },
            'resource': {
                'id': 'string',
                'subResourceId': 'string'
            },
            'ruleId': 'string',
            'severity': 'Critical'|'High'|'Medium'|'Low'|'Info',
            'status': 'Closed'|'Open'|'All',
            'title': 'string',
            'type': 'string',
            'updatedAt': datetime(2015, 1, 1),
            'vulnerability': {
                'filePath': {
                    'codeSnippet': [
                        {
                            'content': 'string',
                            'number': 123
                        },
                    ],
                    'endLine': 123,
                    'name': 'string',
                    'path': 'string',
                    'startLine': 123
                },
                'id': 'string',
                'itemCount': 123,
                'referenceUrls': [
                    'string',
                ],
                'relatedVulnerabilities': [
                    'string',
                ]
            }
        },
    ]
}

Response Structure

  • (dict) –

    • failedFindings (list) –

      A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the scanName, findingId, errorCode and error message.

      • (dict) –

        Contains information about the error that caused a finding to fail to be retrieved.

        • errorCode (string) –

          A code associated with the type of error.

        • findingId (string) –

          The finding ID of the finding that was not fetched.

        • message (string) –

          Describes the error.

        • scanName (string) –

          The name of the scan that generated the finding.

    • findings (list) –

      A list of all findings which were successfully fetched.

      • (dict) –

        Information about a finding that was detected in your code.

        • createdAt (datetime) –

          The time when the finding was created.

        • description (string) –

          A description of the finding.

        • detectorId (string) –

          The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.

        • detectorName (string) –

          The name of the detector that identified the security vulnerability in your code.

        • detectorTags (list) –

          One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.

          • (string) –

        • generatorId (string) –

          The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.

        • id (string) –

          The identifier for a finding.

        • remediation (dict) –

          An object that contains the details about how to remediate a finding.

          • recommendation (dict) –

            An object that contains information about the recommended course of action to remediate a finding.

            • text (string) –

              The recommended course of action to remediate the finding.

            • url (string) –

              The URL address to the recommendation for remediating the finding.

          • suggestedFixes (list) –

            A list of SuggestedFix objects. Each object contains information about a suggested code fix to remediate the finding.

            • (dict) –

              Information about the suggested code fix to remediate a finding.

              • code (string) –

                The suggested code fix. If applicable, includes code patch to replace your source code.

              • description (string) –

                A description of the suggested code fix and why it is being suggested.

        • resource (dict) –

          The resource where Amazon CodeGuru Security detected a finding.

          • id (string) –

            The scanName of the scan that was run on the resource.

          • subResourceId (string) –

            The identifier for a section of the resource.

        • ruleId (string) –

          The identifier for the rule that generated the finding.

        • severity (string) –

          The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the Amazon CodeGuru Security User Guide.

        • status (string) –

          The status of the finding. A finding status can be open or closed.

        • title (string) –

          The title of the finding.

        • type (string) –

          The type of finding.

        • updatedAt (datetime) –

          The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.

        • vulnerability (dict) –

          An object that describes the detected security vulnerability.

          • filePath (dict) –

            An object that describes the location of the detected security vulnerability in your code.

            • codeSnippet (list) –

              A list of CodeLine objects that describe where the security vulnerability appears in your code.

              • (dict) –

                The line of code where a finding was detected.

                • content (string) –

                  The code that contains a vulnerability.

                • number (integer) –

                  The code line number.

            • endLine (integer) –

              The last line number of the code snippet where the security vulnerability appears in your code.

            • name (string) –

              The name of the file.

            • path (string) –

              The path to the resource with the security vulnerability.

            • startLine (integer) –

              The first line number of the code snippet where the security vulnerability appears in your code.

          • id (string) –

            The identifier for the vulnerability.

          • itemCount (integer) –

            The number of times the vulnerability appears in your code.

          • referenceUrls (list) –

            One or more URL addresses that contain details about a vulnerability.

            • (string) –

          • relatedVulnerabilities (list) –

            One or more vulnerabilities that are related to the vulnerability being described.

            • (string) –

Exceptions