SDK for PHP 3.x

Amazon CodeGuru Security 2018-05-10

Client: Aws\CodeGuruSecurity\CodeGuruSecurityClient
Service ID: codeguru-security
Version: 2018-05-10

This page describes the parameters and results for the operations of the Amazon CodeGuru Security (2018-05-10), and shows how to use the Aws\CodeGuruSecurity\CodeGuruSecurityClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

BatchGetFindings ( array $params = [] )
Returns a list of requested findings from standard scans.
CreateScan ( array $params = [] )
Use to create a scan using code uploaded to an Amazon S3 bucket.
CreateUploadUrl ( array $params = [] )
Generates a pre-signed URL, request headers used to upload a code resource, and code artifact identifier for the uploaded resource.
GetAccountConfiguration ( array $params = [] )
Use to get the encryption configuration for an account.
GetFindings ( array $params = [] )
Returns a list of all findings generated by a particular scan.
GetMetricsSummary ( array $params = [] )
Returns a summary of metrics for an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.
GetScan ( array $params = [] )
Returns details about a scan, including whether or not a scan has completed.
ListFindingsMetrics ( array $params = [] )
Returns metrics about all findings in an account within a specified time range.
ListScans ( array $params = [] )
Returns a list of all scans in an account.
ListTagsForResource ( array $params = [] )
Returns a list of all tags associated with a scan.
TagResource ( array $params = [] )
Use to add one or more tags to an existing scan.
UntagResource ( array $params = [] )
Use to remove one or more tags from an existing scan.
UpdateAccountConfiguration ( array $params = [] )
Use to update the encryption configuration for an account.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

GetFindings
ListFindingsMetrics
ListScans

Operations

BatchGetFindings 

$result = $client->batchGetFindings([/* ... */]);
$promise = $client->batchGetFindingsAsync([/* ... */]);

Returns a list of requested findings from standard scans.

Parameter Syntax

$result = $client->batchGetFindings([
    'findingIdentifiers' => [ // REQUIRED
        [
            'findingId' => '<string>', // REQUIRED
            'scanName' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
findingIdentifiers
Required: Yes
Type: Array of FindingIdentifier structures

A list of finding identifiers. Each identifier consists of a scanName and a findingId. You retrieve the findingId when you call GetFindings.

Result Syntax

[
    'failedFindings' => [
        [
            'errorCode' => 'DUPLICATE_IDENTIFIER|ITEM_DOES_NOT_EXIST|INTERNAL_ERROR|INVALID_FINDING_ID|INVALID_SCAN_NAME',
            'findingId' => '<string>',
            'message' => '<string>',
            'scanName' => '<string>',
        ],
        // ...
    ],
    'findings' => [
        [
            'createdAt' => <DateTime>,
            'description' => '<string>',
            'detectorId' => '<string>',
            'detectorName' => '<string>',
            'detectorTags' => ['<string>', ...],
            'generatorId' => '<string>',
            'id' => '<string>',
            'remediation' => [
                'recommendation' => [
                    'text' => '<string>',
                    'url' => '<string>',
                ],
                'suggestedFixes' => [
                    [
                        'code' => '<string>',
                        'description' => '<string>',
                    ],
                    // ...
                ],
            ],
            'resource' => [
                'id' => '<string>',
                'subResourceId' => '<string>',
            ],
            'ruleId' => '<string>',
            'severity' => 'Critical|High|Medium|Low|Info',
            'status' => 'Closed|Open|All',
            'title' => '<string>',
            'type' => '<string>',
            'updatedAt' => <DateTime>,
            'vulnerability' => [
                'filePath' => [
                    'codeSnippet' => [
                        [
                            'content' => '<string>',
                            'number' => <integer>,
                        ],
                        // ...
                    ],
                    'endLine' => <integer>,
                    'name' => '<string>',
                    'path' => '<string>',
                    'startLine' => <integer>,
                ],
                'id' => '<string>',
                'itemCount' => <integer>,
                'referenceUrls' => ['<string>', ...],
                'relatedVulnerabilities' => ['<string>', ...],
            ],
        ],
        // ...
    ],
]

Result Details

Members
failedFindings
Required: Yes
Type: Array of BatchGetFindingsError structures

A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the scanName, findingId, errorCode and error message.

findings
Required: Yes
Type: Array of Finding structures

A list of all findings which were successfully fetched.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

CreateScan 

$result = $client->createScan([/* ... */]);
$promise = $client->createScanAsync([/* ... */]);

Use to create a scan using code uploaded to an Amazon S3 bucket.

Parameter Syntax

$result = $client->createScan([
    'analysisType' => 'Security|All',
    'clientToken' => '<string>',
    'resourceId' => [ // REQUIRED
        'codeArtifactId' => '<string>',
    ],
    'scanName' => '<string>', // REQUIRED
    'scanType' => 'Standard|Express',
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
analysisType
Type: string

The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.

clientToken
Type: string

The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.

resourceId
Required: Yes
Type: ResourceId structure

The identifier for the resource object to be scanned.

scanName
Required: Yes
Type: string

The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a STANDARD scan type.

scanType
Type: string

The type of scan, either Standard or Express. Defaults to Standard type if missing.

Express scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. Standard scans have standard resource limits and use the full set of detectors to analyze your code.

tags
Type: Associative array of custom strings keys (TagKey) to strings

An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:

  • A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.

  • An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.

Result Syntax

[
    'resourceId' => [
        'codeArtifactId' => '<string>',
    ],
    'runId' => '<string>',
    'scanName' => '<string>',
    'scanNameArn' => '<string>',
    'scanState' => 'InProgress|Successful|Failed',
]

Result Details

Members
resourceId
Required: Yes
Type: ResourceId structure

The identifier for the resource object that contains resources that were scanned.

runId
Required: Yes
Type: string

UUID that identifies the individual scan run.

scanName
Required: Yes
Type: string

The name of the scan.

scanNameArn
Type: string

The ARN for the scan name.

scanState
Required: Yes
Type: string

The current state of the scan. Returns either InProgress, Successful, or Failed.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ConflictException:

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

CreateUploadUrl 

$result = $client->createUploadUrl([/* ... */]);
$promise = $client->createUploadUrlAsync([/* ... */]);

Generates a pre-signed URL, request headers used to upload a code resource, and code artifact identifier for the uploaded resource.

You can upload your code resource to the URL with the request headers using any HTTP client.

Parameter Syntax

$result = $client->createUploadUrl([
    'scanName' => '<string>', // REQUIRED
]);

Parameter Details

Members
scanName
Required: Yes
Type: string

The name of the scan that will use the uploaded resource. CodeGuru Security uses the unique scan name to track revisions across multiple scans of the same resource. Use this scanName when you call CreateScan on the code resource you upload to this URL.

Result Syntax

[
    'codeArtifactId' => '<string>',
    'requestHeaders' => ['<string>', ...],
    's3Url' => '<string>',
]

Result Details

Members
codeArtifactId
Required: Yes
Type: string

The identifier for the uploaded code resource. Pass this to CreateScan to use the uploaded resources.

requestHeaders
Required: Yes
Type: Associative array of custom strings keys (HeaderKey) to strings

A set of key-value pairs that contain the required headers when uploading your resource.

s3Url
Required: Yes
Type: string

A pre-signed S3 URL. You can upload the code file you want to scan with the required requestHeaders using any HTTP client.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

GetAccountConfiguration 

$result = $client->getAccountConfiguration([/* ... */]);
$promise = $client->getAccountConfigurationAsync([/* ... */]);

Use to get the encryption configuration for an account.

Parameter Syntax

$result = $client->getAccountConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'encryptionConfig' => [
        'kmsKeyArn' => '<string>',
    ],
]

Result Details

Members
encryptionConfig
Required: Yes
Type: EncryptionConfig structure

An EncryptionConfig object that contains the KMS key ARN that is used for encryption. By default, CodeGuru Security uses an AWS-managed key for encryption. To specify your own key, call UpdateAccountConfiguration. If you do not specify a customer-managed key, returns empty.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

GetFindings 

$result = $client->getFindings([/* ... */]);
$promise = $client->getFindingsAsync([/* ... */]);

Returns a list of all findings generated by a particular scan.

Parameter Syntax

$result = $client->getFindings([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'scanName' => '<string>', // REQUIRED
    'status' => 'Closed|Open|All',
]);

Parameter Details

Members
maxResults
Type: int

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.

nextToken
Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

scanName
Required: Yes
Type: string

The name of the scan you want to retrieve findings from.

status
Type: string

The status of the findings you want to get. Pass either Open, Closed, or All.

Result Syntax

[
    'findings' => [
        [
            'createdAt' => <DateTime>,
            'description' => '<string>',
            'detectorId' => '<string>',
            'detectorName' => '<string>',
            'detectorTags' => ['<string>', ...],
            'generatorId' => '<string>',
            'id' => '<string>',
            'remediation' => [
                'recommendation' => [
                    'text' => '<string>',
                    'url' => '<string>',
                ],
                'suggestedFixes' => [
                    [
                        'code' => '<string>',
                        'description' => '<string>',
                    ],
                    // ...
                ],
            ],
            'resource' => [
                'id' => '<string>',
                'subResourceId' => '<string>',
            ],
            'ruleId' => '<string>',
            'severity' => 'Critical|High|Medium|Low|Info',
            'status' => 'Closed|Open|All',
            'title' => '<string>',
            'type' => '<string>',
            'updatedAt' => <DateTime>,
            'vulnerability' => [
                'filePath' => [
                    'codeSnippet' => [
                        [
                            'content' => '<string>',
                            'number' => <integer>,
                        ],
                        // ...
                    ],
                    'endLine' => <integer>,
                    'name' => '<string>',
                    'path' => '<string>',
                    'startLine' => <integer>,
                ],
                'id' => '<string>',
                'itemCount' => <integer>,
                'referenceUrls' => ['<string>', ...],
                'relatedVulnerabilities' => ['<string>', ...],
            ],
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
findings
Type: Array of Finding structures

A list of findings generated by the specified scan.

nextToken
Type: string

A pagination token. You can use this in future calls to GetFindings to continue listing results after the current page.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ConflictException:

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

GetMetricsSummary 

$result = $client->getMetricsSummary([/* ... */]);
$promise = $client->getMetricsSummaryAsync([/* ... */]);

Returns a summary of metrics for an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.

Parameter Syntax

$result = $client->getMetricsSummary([
    'date' => <integer || string || DateTime>, // REQUIRED
]);

Parameter Details

Members
date
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date you want to retrieve summary metrics from, rounded to the nearest day. The date must be within the past two years.

Result Syntax

[
    'metricsSummary' => [
        'categoriesWithMostFindings' => [
            [
                'categoryName' => '<string>',
                'findingNumber' => <integer>,
            ],
            // ...
        ],
        'date' => <DateTime>,
        'openFindings' => [
            'critical' => <float>,
            'high' => <float>,
            'info' => <float>,
            'low' => <float>,
            'medium' => <float>,
        ],
        'scansWithMostOpenCriticalFindings' => [
            [
                'findingNumber' => <integer>,
                'scanName' => '<string>',
            ],
            // ...
        ],
        'scansWithMostOpenFindings' => [
            [
                'findingNumber' => <integer>,
                'scanName' => '<string>',
            ],
            // ...
        ],
    ],
]

Result Details

Members
metricsSummary
Type: MetricsSummary structure

The summary metrics from the specified date.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

GetScan 

$result = $client->getScan([/* ... */]);
$promise = $client->getScanAsync([/* ... */]);

Returns details about a scan, including whether or not a scan has completed.

Parameter Syntax

$result = $client->getScan([
    'runId' => '<string>',
    'scanName' => '<string>', // REQUIRED
]);

Parameter Details

Members
runId
Type: string

UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the CreateScan operation. Defaults to the latest scan run if missing.

scanName
Required: Yes
Type: string

The name of the scan you want to view details about.

Result Syntax

[
    'analysisType' => 'Security|All',
    'createdAt' => <DateTime>,
    'errorMessage' => '<string>',
    'numberOfRevisions' => <integer>,
    'runId' => '<string>',
    'scanName' => '<string>',
    'scanNameArn' => '<string>',
    'scanState' => 'InProgress|Successful|Failed',
    'updatedAt' => <DateTime>,
]

Result Details

Members
analysisType
Required: Yes
Type: string

The type of analysis CodeGuru Security performed in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings.

createdAt
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the scan was created.

errorMessage
Type: string

Details about the error that causes a scan to fail to be retrieved.

numberOfRevisions
Type: long (int|float)

The number of times a scan has been re-run on a revised resource.

runId
Required: Yes
Type: string

UUID that identifies the individual scan run.

scanName
Required: Yes
Type: string

The name of the scan.

scanNameArn
Type: string

The ARN for the scan name.

scanState
Required: Yes
Type: string

The current state of the scan. Returns either InProgress, Successful, or Failed.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the scan was last updated. Only available for STANDARD scan types.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

ListFindingsMetrics 

$result = $client->listFindingsMetrics([/* ... */]);
$promise = $client->listFindingsMetricsAsync([/* ... */]);

Returns metrics about all findings in an account within a specified time range.

Parameter Syntax

$result = $client->listFindingsMetrics([
    'endDate' => <integer || string || DateTime>, // REQUIRED
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'startDate' => <integer || string || DateTime>, // REQUIRED
]);

Parameter Details

Members
endDate
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The end date of the interval which you want to retrieve metrics from. Round to the nearest day.

maxResults
Type: int

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.

nextToken
Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

startDate
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The start date of the interval which you want to retrieve metrics from. Rounds to the nearest day.

Result Syntax

[
    'findingsMetrics' => [
        [
            'closedFindings' => [
                'critical' => <float>,
                'high' => <float>,
                'info' => <float>,
                'low' => <float>,
                'medium' => <float>,
            ],
            'date' => <DateTime>,
            'meanTimeToClose' => [
                'critical' => <float>,
                'high' => <float>,
                'info' => <float>,
                'low' => <float>,
                'medium' => <float>,
            ],
            'newFindings' => [
                'critical' => <float>,
                'high' => <float>,
                'info' => <float>,
                'low' => <float>,
                'medium' => <float>,
            ],
            'openFindings' => [
                'critical' => <float>,
                'high' => <float>,
                'info' => <float>,
                'low' => <float>,
                'medium' => <float>,
            ],
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
findingsMetrics
Type: Array of AccountFindingsMetric structures

A list of AccountFindingsMetric objects retrieved from the specified time interval.

nextToken
Type: string

A pagination token. You can use this in future calls to ListFindingMetrics to continue listing results after the current page.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

ListScans 

$result = $client->listScans([/* ... */]);
$promise = $client->listScansAsync([/* ... */]);

Returns a list of all scans in an account. Does not return EXPRESS scans.

Parameter Syntax

$result = $client->listScans([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 100 results.

nextToken
Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

Result Syntax

[
    'nextToken' => '<string>',
    'summaries' => [
        [
            'createdAt' => <DateTime>,
            'runId' => '<string>',
            'scanName' => '<string>',
            'scanNameArn' => '<string>',
            'scanState' => 'InProgress|Successful|Failed',
            'updatedAt' => <DateTime>,
        ],
        // ...
    ],
]

Result Details

Members
nextToken
Type: string

A pagination token. You can use this in future calls to ListScans to continue listing results after the current page.

summaries
Type: Array of ScanSummary structures

A list of ScanSummary objects with information about all scans in an account.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

ListTagsForResource 

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Returns a list of all tags associated with a scan.

Parameter Syntax

$result = $client->listTagsForResource([
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.

Result Syntax

[
    'tags' => ['<string>', ...],
]

Result Details

Members
tags
Type: Associative array of custom strings keys (TagKey) to strings

An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:

  • A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.

  • An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ConflictException:

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

TagResource 

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Use to add one or more tags to an existing scan.

Parameter Syntax

$result = $client->tagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.

tags
Required: Yes
Type: Associative array of custom strings keys (TagKey) to strings

An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:

  • A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.

  • An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ConflictException:

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

UntagResource 

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Use to remove one or more tags from an existing scan.

Parameter Syntax

$result = $client->untagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.

tagKeys
Required: Yes
Type: Array of strings

A list of keys for each tag you want to remove from a scan.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ConflictException:

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

UpdateAccountConfiguration 

$result = $client->updateAccountConfiguration([/* ... */]);
$promise = $client->updateAccountConfigurationAsync([/* ... */]);

Use to update the encryption configuration for an account.

Parameter Syntax

$result = $client->updateAccountConfiguration([
    'encryptionConfig' => [ // REQUIRED
        'kmsKeyArn' => '<string>',
    ],
]);

Parameter Details

Members
encryptionConfig
Required: Yes
Type: EncryptionConfig structure

The customer-managed KMS key ARN you want to use for encryption. If not specified, CodeGuru Security will use an AWS-managed key for encryption. If you previously specified a customer-managed KMS key and want CodeGuru Security to use an AWS-managed key for encryption instead, pass nothing.

Result Syntax

[
    'encryptionConfig' => [
        'kmsKeyArn' => '<string>',
    ],
]

Result Details

Members
encryptionConfig
Required: Yes
Type: EncryptionConfig structure

An EncryptionConfig object that contains the KMS key ARN that is used for encryption. If you did not specify a customer-managed KMS key in the request, returns empty.

Errors

InternalServerException:

The server encountered an internal error and is unable to complete the request.

ResourceNotFoundException:

The resource specified in the request was not found.

ThrottlingException:

The request was denied due to request throttling.

ValidationException:

The input fails to satisfy the specified constraints.

AccessDeniedException:

You do not have sufficient access to perform this action.

Shapes

AccessDeniedException

Description

You do not have sufficient access to perform this action.

Members
errorCode
Required: Yes
Type: string

The identifier for the error.

message
Required: Yes
Type: string

Description of the error.

resourceId
Type: string

The identifier for the resource you don't have access to.

resourceType
Type: string

The type of resource you don't have access to.

AccountFindingsMetric

Description

A summary of findings metrics for an account on a specified date.

Members
closedFindings
Type: FindingMetricsValuePerSeverity structure

The number of closed findings of each severity on the specified date.

date
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date from which the findings metrics were retrieved.

meanTimeToClose
Type: FindingMetricsValuePerSeverity structure

The average time in days it takes to close findings of each severity as of a specified date.

newFindings
Type: FindingMetricsValuePerSeverity structure

The number of new findings of each severity on the specified date.

openFindings
Type: FindingMetricsValuePerSeverity structure

The number of open findings of each severity as of the specified date.

BatchGetFindingsError

Description

Contains information about the error that caused a finding to fail to be retrieved.

Members
errorCode
Required: Yes
Type: string

A code associated with the type of error.

findingId
Required: Yes
Type: string

The finding ID of the finding that was not fetched.

message
Required: Yes
Type: string

Describes the error.

scanName
Required: Yes
Type: string

The name of the scan that generated the finding.

CategoryWithFindingNum

Description

Information about a finding category with open findings.

Members
categoryName
Type: string

The name of the finding category. A finding category is determined by the detector that detected the finding.

findingNumber
Type: int

The number of open findings in the category.

CodeLine

Description

The line of code where a finding was detected.

Members
content
Type: string

The code that contains a vulnerability.

number
Type: int

The code line number.

ConflictException

Description

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

Members
errorCode
Required: Yes
Type: string

The identifier for the error.

message
Required: Yes
Type: string

Description of the error.

resourceId
Required: Yes
Type: string

The identifier for the service resource associated with the request.

resourceType
Required: Yes
Type: string

The type of resource associated with the request.

EncryptionConfig

Description

Information about the encryption configuration for an account. Required to call UpdateAccountConfiguration.

Members
kmsKeyArn
Type: string

The KMS key ARN that is used for encryption. If an AWS-managed key is used for encryption, returns empty.

FilePath

Description

Information about the location of security vulnerabilities that Amazon CodeGuru Security detected in your code.

Members
codeSnippet
Type: Array of CodeLine structures

A list of CodeLine objects that describe where the security vulnerability appears in your code.

endLine
Type: int

The last line number of the code snippet where the security vulnerability appears in your code.

name
Type: string

The name of the file.

path
Type: string

The path to the resource with the security vulnerability.

startLine
Type: int

The first line number of the code snippet where the security vulnerability appears in your code.

Finding

Description

Information about a finding that was detected in your code.

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the finding was created.

description
Type: string

A description of the finding.

detectorId
Type: string

The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.

detectorName
Type: string

The name of the detector that identified the security vulnerability in your code.

detectorTags
Type: Array of strings

One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.

generatorId
Type: string

The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.

id
Type: string

The identifier for a finding.

remediation
Type: Remediation structure

An object that contains the details about how to remediate a finding.

resource
Type: Resource structure

The resource where Amazon CodeGuru Security detected a finding.

ruleId
Type: string

The identifier for the rule that generated the finding.

severity
Type: string

The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the Amazon CodeGuru Security User Guide.

status
Type: string

The status of the finding. A finding status can be open or closed.

title
Type: string

The title of the finding.

type
Type: string

The type of finding.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.

vulnerability
Type: Vulnerability structure

An object that describes the detected security vulnerability.

FindingIdentifier

Description

An object that contains information about a finding and the scan that generated it.

Members
findingId
Required: Yes
Type: string

The identifier for a finding.

scanName
Required: Yes
Type: string

The name of the scan that generated the finding.

FindingMetricsValuePerSeverity

Description

A numeric value corresponding to the severity of a finding, such as the number of open findings or the average time it takes to close findings of a given severity.

Members
critical
Type: double

A numeric value corresponding to a critical finding.

high
Type: double

A numeric value corresponding to a high severity finding.

info
Type: double

A numeric value corresponding to an informational finding.

low
Type: double

A numeric value corresponding to a low severity finding.

medium
Type: double

A numeric value corresponding to a medium severity finding.

InternalServerException

Description

The server encountered an internal error and is unable to complete the request.

Members
error
Type: string

The internal error encountered by the server.

message
Type: string

Description of the error.

MetricsSummary

Description

A summary of metrics for an account as of a specified date.

Members
categoriesWithMostFindings
Type: Array of CategoryWithFindingNum structures

A list of CategoryWithFindingNum objects for the top 5 finding categories with the most findings.

date
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date from which the metrics summary information was retrieved.

openFindings
Type: FindingMetricsValuePerSeverity structure

The number of open findings of each severity.

scansWithMostOpenCriticalFindings
Type: Array of ScanNameWithFindingNum structures

A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open critical findings.

scansWithMostOpenFindings
Type: Array of ScanNameWithFindingNum structures

A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open findings.

Recommendation

Description

Information about the recommended course of action to remediate a finding.

Members
text
Type: string

The recommended course of action to remediate the finding.

url
Type: string

The URL address to the recommendation for remediating the finding.

Remediation

Description

Information about how to remediate a finding.

Members
recommendation
Type: Recommendation structure

An object that contains information about the recommended course of action to remediate a finding.

suggestedFixes
Type: Array of SuggestedFix structures

A list of SuggestedFix objects. Each object contains information about a suggested code fix to remediate the finding.

Resource

Description

Information about a resource that contains a finding.

Members
id
Type: string

The scanName of the scan that was run on the resource.

subResourceId
Type: string

The identifier for a section of the resource.

ResourceId

Description

The identifier for a resource object that contains resources to scan. Specifying a codeArtifactId is required to create a scan.

Members
codeArtifactId
Type: string

The identifier for the code file uploaded to the resource object. Returned by CreateUploadUrl when you upload resources to be scanned.

ResourceNotFoundException

Description

The resource specified in the request was not found.

Members
errorCode
Required: Yes
Type: string

The identifier for the error.

message
Required: Yes
Type: string

Description of the error.

resourceId
Required: Yes
Type: string

The identifier for the resource that was not found.

resourceType
Required: Yes
Type: string

The type of resource that was not found.

ScanNameWithFindingNum

Description

Information about the number of findings generated by a scan.

Members
findingNumber
Type: int

The number of findings generated by a scan.

scanName
Type: string

The name of the scan.

ScanSummary

Description

Information about a scan.

Members
createdAt
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the scan was created.

runId
Required: Yes
Type: string

The identifier for the scan run.

scanName
Required: Yes
Type: string

The name of the scan.

scanNameArn
Type: string

The ARN for the scan name.

scanState
Required: Yes
Type: string

The state of the scan. A scan can be In Progress, Complete, or Failed.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the scan was last updated. A scan is updated when it is re-run.

SuggestedFix

Description

Information about the suggested code fix to remediate a finding.

Members
code
Type: string

The suggested code fix. If applicable, includes code patch to replace your source code.

description
Type: string

A description of the suggested code fix and why it is being suggested.

ThrottlingException

Description

The request was denied due to request throttling.

Members
errorCode
Required: Yes
Type: string

The identifier for the error.

message
Required: Yes
Type: string

Description of the error.

quotaCode
Type: string

The identifier for the originating quota.

serviceCode
Type: string

The identifier for the originating service.

ValidationException

Description

The input fails to satisfy the specified constraints.

Members
errorCode
Required: Yes
Type: string

The identifier for the error.

fieldList
Type: Array of ValidationExceptionField structures

The field that caused the error, if applicable.

message
Required: Yes
Type: string

Description of the error.

reason
Required: Yes
Type: string

The reason the request failed validation.

ValidationExceptionField

Description

Information about a validation exception.

Members
message
Required: Yes
Type: string

Describes the exception.

name
Required: Yes
Type: string

The name of the exception.

Vulnerability

Description

Information about a security vulnerability that Amazon CodeGuru Security detected.

Members
filePath
Type: FilePath structure

An object that describes the location of the detected security vulnerability in your code.

id
Type: string

The identifier for the vulnerability.

itemCount
Type: int

The number of times the vulnerability appears in your code.

referenceUrls
Type: Array of strings

One or more URL addresses that contain details about a vulnerability.

relatedVulnerabilities
Type: Array of strings

One or more vulnerabilities that are related to the vulnerability being described.