create_scan¶

CodeGuruSecurity.Client.create_scan(**kwargs)¶

Use to create a scan using code uploaded to an Amazon S3 bucket.

Request Syntax

response = client.create_scan(
    clientToken='string',
    resourceId={
        'codeArtifactId': 'string'
    },
    scanName='string',
    scanType='Standard'|'Express',
    analysisType='Security'|'All',
    tags={
        'string': 'string'
    }
)

Parameters:

clientToken (string) –
The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.

This field is autopopulated if not provided.
resourceId (dict) –
[REQUIRED]

The identifier for the resource object to be scanned.

Note
This is a Tagged Union structure. Only one of the following top level keys can be set: codeArtifactId.
- codeArtifactId (string) –
  
  The identifier for the code file uploaded to the resource object. Returned by CreateUploadUrl when you upload resources to be scanned.
scanName (string) –
[REQUIRED]

The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a STANDARD scan type.
scanType (string) –
The type of scan, either Standard or Express. Defaults to Standard type if missing.

Express scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. Standard scans have standard resource limits and use the full set of detectors to analyze your code.
analysisType (string) – The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.
tags (dict) –
An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:
- A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.
- An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
- (string) –
  - (string) –

Return type:

dict

Returns:

Response Syntax

{
    'scanName': 'string',
    'runId': 'string',
    'resourceId': {
        'codeArtifactId': 'string'
    },
    'scanState': 'InProgress'|'Successful'|'Failed',
    'scanNameArn': 'string'
}

Response Structure

(dict) –
- scanName (string) –
  
  The name of the scan.
- runId (string) –
  
  UUID that identifies the individual scan run.
- resourceId (dict) –
  
  The identifier for the resource object that contains resources that were scanned.
  Note
  This is a Tagged Union structure. Only one of the following top level keys will be set: codeArtifactId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
  'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
  - codeArtifactId (string) –
    
    The identifier for the code file uploaded to the resource object. Returned by CreateUploadUrl when you upload resources to be scanned.
- scanState (string) –
  
  The current state of the scan. Returns either InProgress, Successful, or Failed.
- scanNameArn (string) –
  
  The ARN for the scan name.

Exceptions

CodeGuruSecurity.Client.exceptions.InternalServerException
CodeGuruSecurity.Client.exceptions.ConflictException
CodeGuruSecurity.Client.exceptions.ResourceNotFoundException
CodeGuruSecurity.Client.exceptions.ThrottlingException
CodeGuruSecurity.Client.exceptions.AccessDeniedException
CodeGuruSecurity.Client.exceptions.ValidationException