Inspector2 / Client / create_code_security_scan_configuration

create_code_security_scan_configuration

Inspector2.Client.create_code_security_scan_configuration(**kwargs)

Creates a scan configuration for code security scanning.

See also: AWS API Documentation

Request Syntax

response = client.create_code_security_scan_configuration(
    name='string',
    level='ORGANIZATION'|'ACCOUNT',
    configuration={
        'periodicScanConfiguration': {
            'frequency': 'WEEKLY'|'MONTHLY'|'NEVER',
            'frequencyExpression': 'string'
        },
        'continuousIntegrationScanConfiguration': {
            'supportedEvents': [
                'PULL_REQUEST'|'PUSH',
            ]
        },
        'ruleSetCategories': [
            'SAST'|'IAC'|'SCA',
        ]
    },
    scopeSettings={
        'projectSelectionScope': 'ALL'
    },
    tags={
        'string': 'string'
    }
)
Parameters:

  • name (string) –

    [REQUIRED]

    The name of the scan configuration.

  • level (string) –

    [REQUIRED]

    The security level for the scan configuration.

  • configuration (dict) –

    [REQUIRED]

    The configuration settings for the code security scan.

    • periodicScanConfiguration (dict) –

      Configuration settings for periodic scans that run on a scheduled basis.

      • frequency (string) –

        The frequency at which periodic scans are performed (such as weekly or monthly).

        If you don’t provide the frequencyExpression Amazon Inspector chooses day for the scan to run. If you provide the frequencyExpression, the schedule must match the specified frequency.

      • frequencyExpression (string) –

        The schedule expression for periodic scans, in cron format.

    • continuousIntegrationScanConfiguration (dict) –

      Configuration settings for continuous integration scans that run automatically when code changes are made.

      • supportedEvents (list) – [REQUIRED]

        The repository events that trigger continuous integration scans, such as pull requests or commits.

        • (string) –

    • ruleSetCategories (list) – [REQUIRED]

      The categories of security rules to be applied during the scan.

      • (string) –

  • scopeSettings (dict) –

    The scope settings that define which repositories will be scanned. Include this parameter to create a default scan configuration. Otherwise Amazon Inspector creates a general scan configuration.

    A default scan configuration automatically applies to all existing and future projects imported into Amazon Inspector. Use the BatchAssociateCodeSecurityScanConfiguration operation to associate a general scan configuration with projects.

    • projectSelectionScope (string) –

      The scope of projects to be selected for scanning within the integrated repositories. Setting the value to ALL applies the scope settings to all existing and future projects imported into Amazon Inspector.

  • tags (dict) –

    The tags to apply to the scan configuration.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'scanConfigurationArn': 'string'
}

Response Structure

  • (dict) –

    • scanConfigurationArn (string) –

      The Amazon Resource Name (ARN) of the created scan configuration.

Exceptions

  • Inspector2.Client.exceptions.ServiceQuotaExceededException

  • Inspector2.Client.exceptions.ConflictException

  • Inspector2.Client.exceptions.AccessDeniedException

  • Inspector2.Client.exceptions.ValidationException

  • Inspector2.Client.exceptions.ThrottlingException

  • Inspector2.Client.exceptions.InternalServerException