2026/05/13 - AWS Security Agent - 11 new3 updated api methods
Changes Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories.
Stops a running code review job. The job transitions to a stopping state and then to stopped after cleanup completes.
See also: AWS API Documentation
Request Syntax
client.stop_code_review_job(
agentSpaceId='string',
codeReviewJobId='string'
)
string
[REQUIRED]
The unique identifier of the agent space.
string
[REQUIRED]
The unique identifier of the code review job to stop.
dict
Response Syntax
{}
Response Structure
(dict) --
Output for the StopCodeReviewJob operation.
Creates a new code review configuration in an agent space. A code review defines the parameters for automated security-focused code analysis.
See also: AWS API Documentation
Request Syntax
client.create_code_review(
title='string',
agentSpaceId='string',
assets={
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
serviceRole='string',
logConfig={
'logGroup': 'string',
'logStream': 'string'
},
codeRemediationStrategy='AUTOMATIC'|'DISABLED'
)
string
[REQUIRED]
The title of the code review.
string
[REQUIRED]
The unique identifier of the agent space to create the code review in.
dict
[REQUIRED]
The assets to include in the code review, such as documents and source code.
endpoints (list) --
The list of endpoints to test during the pentest.
(dict) --
Represents a target endpoint for penetration testing.
uri (string) --
The URI of the endpoint.
actors (list) --
The list of actors used during penetration testing.
(dict) --
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
identifier (string) --
The unique identifier for the actor.
uris (list) --
The list of URIs that the actor targets during testing.
(string) --
authentication (dict) --
The authentication configuration for the actor.
providerType (string) --
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
value (string) --
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
description (string) --
A description of the actor.
documents (list) --
The list of documents that provide context for the pentest.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories to analyze during the pentest.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --
The list of integrated repositories associated with the pentest.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) -- [REQUIRED]
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) -- [REQUIRED]
The provider-specific resource identifier for the repository.
string
The IAM service role to use for the code review.
dict
The CloudWatch Logs configuration for the code review.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
string
The code remediation strategy for the code review. Valid values are AUTOMATIC and DISABLED.
dict
Response Syntax
{
'codeReviewId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'agentSpaceId': 'string',
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED'
}
Response Structure
(dict) --
Output for the CreateCodeReview operation.
codeReviewId (string) --
The unique identifier of the created code review.
title (string) --
The title of the code review.
createdAt (datetime) --
The date and time the code review was created, in UTC format.
updatedAt (datetime) --
The date and time the code review was last updated, in UTC format.
assets (dict) --
The assets included in the code review.
endpoints (list) --
The list of endpoints to test during the pentest.
(dict) --
Represents a target endpoint for penetration testing.
uri (string) --
The URI of the endpoint.
actors (list) --
The list of actors used during penetration testing.
(dict) --
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
identifier (string) --
The unique identifier for the actor.
uris (list) --
The list of URIs that the actor targets during testing.
(string) --
authentication (dict) --
The authentication configuration for the actor.
providerType (string) --
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
value (string) --
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
description (string) --
A description of the actor.
documents (list) --
The list of documents that provide context for the pentest.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories to analyze during the pentest.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --
The list of integrated repositories associated with the pentest.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) --
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) --
The provider-specific resource identifier for the repository.
serviceRole (string) --
The IAM service role used for the code review.
logConfig (dict) --
The CloudWatch Logs configuration for the code review.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
agentSpaceId (string) --
The unique identifier of the agent space that contains the code review.
codeRemediationStrategy (string) --
The code remediation strategy for the code review.
Retrieves information about one or more tasks within a code review job.
See also: AWS API Documentation
Request Syntax
client.batch_get_code_review_job_tasks(
agentSpaceId='string',
codeReviewJobTaskIds=[
'string',
]
)
string
[REQUIRED]
The unique identifier of the agent space that contains the tasks.
list
[REQUIRED]
The list of task identifiers to retrieve.
(string) --
dict
Response Syntax
{
'codeReviewJobTasks': [
{
'taskId': 'string',
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'description': 'string',
'categories': [
{
'name': 'string',
'isPrimary': True|False
},
],
'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
'logsLocation': {
'logType': 'CLOUDWATCH',
'cloudWatchLog': {
'logGroup': 'string',
'logStream': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetCodeReviewJobTasks operation.
codeReviewJobTasks (list) --
The list of code review job tasks that were found.
(dict) --
Represents an individual security test task within a code review job. Each task targets a specific risk type and executes independently.
taskId (string) --
The unique identifier of the task.
codeReviewId (string) --
The unique identifier of the code review associated with the task.
codeReviewJobId (string) --
The unique identifier of the code review job that contains the task.
agentSpaceId (string) --
The unique identifier of the agent space.
title (string) --
The title of the task.
description (string) --
A description of the task.
categories (list) --
The list of categories assigned to the task.
(dict) --
Represents a category assigned to a security testing task.
name (string) --
The name of the category.
isPrimary (boolean) --
Indicates whether this is the primary category for the task.
riskType (string) --
The type of security risk the task is testing for.
executionStatus (string) --
The current execution status of the task.
logsLocation (dict) --
The location of the task execution logs.
logType (string) --
The type of log storage. Currently, only CLOUDWATCH is supported.
cloudWatchLog (dict) --
The CloudWatch Logs location for the task logs.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
createdAt (datetime) --
The date and time the task was created, in UTC format.
updatedAt (datetime) --
The date and time the task was last updated, in UTC format.
notFound (list) --
The list of task identifiers that were not found.
(string) --
Deletes one or more code reviews from an agent space.
See also: AWS API Documentation
Request Syntax
client.batch_delete_code_reviews(
codeReviewIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
The list of code review identifiers to delete.
(string) --
string
[REQUIRED]
The unique identifier of the agent space that contains the code reviews to delete.
dict
Response Syntax
{
'deleted': [
'string',
],
'failed': [
{
'codeReviewId': 'string',
'reason': 'string'
},
]
}
Response Structure
(dict) --
Output for the BatchDeleteCodeReviews operation.
deleted (list) --
The list of identifiers of the code reviews that were successfully deleted.
(string) --
failed (list) --
The list of code reviews that failed to delete, including the reason for each failure.
(dict) --
Contains information about a code review that failed to delete.
codeReviewId (string) --
The unique identifier of the code review that failed to delete.
reason (string) --
The reason the code review failed to delete.
Retrieves information about one or more code reviews in an agent space.
See also: AWS API Documentation
Request Syntax
client.batch_get_code_reviews(
codeReviewIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
The list of code review identifiers to retrieve.
(string) --
string
[REQUIRED]
The unique identifier of the agent space that contains the code reviews.
dict
Response Syntax
{
'codeReviews': [
{
'codeReviewId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetCodeReviews operation.
codeReviews (list) --
The list of code reviews that were found.
(dict) --
Represents a code review configuration that defines the parameters for automated security-focused code analysis, including target assets and logging configuration.
codeReviewId (string) --
The unique identifier of the code review.
agentSpaceId (string) --
The unique identifier of the agent space that contains the code review.
title (string) --
The title of the code review.
assets (dict) --
The assets included in the code review.
endpoints (list) --
The list of endpoints to test during the pentest.
(dict) --
Represents a target endpoint for penetration testing.
uri (string) --
The URI of the endpoint.
actors (list) --
The list of actors used during penetration testing.
(dict) --
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
identifier (string) --
The unique identifier for the actor.
uris (list) --
The list of URIs that the actor targets during testing.
(string) --
authentication (dict) --
The authentication configuration for the actor.
providerType (string) --
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
value (string) --
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
description (string) --
A description of the actor.
documents (list) --
The list of documents that provide context for the pentest.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories to analyze during the pentest.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --
The list of integrated repositories associated with the pentest.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) --
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) --
The provider-specific resource identifier for the repository.
serviceRole (string) --
The IAM service role used for the code review.
logConfig (dict) --
The CloudWatch Logs configuration for the code review.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
codeRemediationStrategy (string) --
The code remediation strategy for the code review.
createdAt (datetime) --
The date and time the code review was created, in UTC format.
updatedAt (datetime) --
The date and time the code review was last updated, in UTC format.
notFound (list) --
The list of code review identifiers that were not found.
(string) --
Starts a new code review job for a code review configuration. The job executes the security-focused code analysis defined in the code review.
See also: AWS API Documentation
Request Syntax
client.start_code_review_job(
agentSpaceId='string',
codeReviewId='string'
)
string
[REQUIRED]
The unique identifier of the agent space.
string
[REQUIRED]
The unique identifier of the code review to start a job for.
dict
Response Syntax
{
'title': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'agentSpaceId': 'string'
}
Response Structure
(dict) --
Output for the StartCodeReviewJob operation.
title (string) --
The title of the code review job.
status (string) --
The current status of the code review job.
createdAt (datetime) --
The date and time the code review job was created, in UTC format.
updatedAt (datetime) --
The date and time the code review job was last updated, in UTC format.
codeReviewId (string) --
The unique identifier of the code review.
codeReviewJobId (string) --
The unique identifier of the started code review job.
agentSpaceId (string) --
The unique identifier of the agent space.
Returns a paginated list of code review job summaries for the specified code review configuration.
See also: AWS API Documentation
Request Syntax
client.list_code_review_jobs_for_code_review(
maxResults=123,
codeReviewId='string',
agentSpaceId='string',
nextToken='string'
)
integer
The maximum number of results to return in a single call.
string
[REQUIRED]
The unique identifier of the code review to list jobs for.
string
[REQUIRED]
The unique identifier of the agent space.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
dict
Response Syntax
{
'codeReviewJobSummaries': [
{
'codeReviewJobId': 'string',
'codeReviewId': 'string',
'title': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListCodeReviewJobsForCodeReview operation.
codeReviewJobSummaries (list) --
The list of code review job summaries.
(dict) --
Contains summary information about a code review job.
codeReviewJobId (string) --
The unique identifier of the code review job.
codeReviewId (string) --
The unique identifier of the code review associated with the job.
title (string) --
The title of the code review job.
status (string) --
The current status of the code review job.
createdAt (datetime) --
The date and time the code review job was created, in UTC format.
updatedAt (datetime) --
The date and time the code review job was last updated, in UTC format.
nextToken (string) --
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Returns a paginated list of task summaries for the specified code review job, optionally filtered by step name or category.
See also: AWS API Documentation
Request Syntax
client.list_code_review_job_tasks(
agentSpaceId='string',
maxResults=123,
codeReviewJobId='string',
stepName='PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING',
categoryName='string',
nextToken='string'
)
string
[REQUIRED]
The unique identifier of the agent space.
integer
The maximum number of results to return in a single call.
string
The unique identifier of the code review job to list tasks for.
string
Filter tasks by step name.
string
Filter tasks by category name.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
dict
Response Syntax
{
'codeReviewJobTaskSummaries': [
{
'taskId': 'string',
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListCodeReviewJobTasks operation.
codeReviewJobTaskSummaries (list) --
The list of code review job task summaries.
(dict) --
Contains summary information about a code review job task.
taskId (string) --
The unique identifier of the task.
codeReviewId (string) --
The unique identifier of the code review associated with the task.
codeReviewJobId (string) --
The unique identifier of the code review job that contains the task.
agentSpaceId (string) --
The unique identifier of the agent space.
title (string) --
The title of the task.
riskType (string) --
The type of security risk the task is testing for.
executionStatus (string) --
The current execution status of the task.
createdAt (datetime) --
The date and time the task was created, in UTC format.
updatedAt (datetime) --
The date and time the task was last updated, in UTC format.
nextToken (string) --
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Updates an existing code review configuration.
See also: AWS API Documentation
Request Syntax
client.update_code_review(
codeReviewId='string',
agentSpaceId='string',
title='string',
assets={
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
serviceRole='string',
logConfig={
'logGroup': 'string',
'logStream': 'string'
},
codeRemediationStrategy='AUTOMATIC'|'DISABLED'
)
string
[REQUIRED]
The unique identifier of the code review to update.
string
[REQUIRED]
The unique identifier of the agent space that contains the code review.
string
The updated title of the code review.
dict
The updated assets for the code review.
endpoints (list) --
The list of endpoints to test during the pentest.
(dict) --
Represents a target endpoint for penetration testing.
uri (string) --
The URI of the endpoint.
actors (list) --
The list of actors used during penetration testing.
(dict) --
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
identifier (string) --
The unique identifier for the actor.
uris (list) --
The list of URIs that the actor targets during testing.
(string) --
authentication (dict) --
The authentication configuration for the actor.
providerType (string) --
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
value (string) --
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
description (string) --
A description of the actor.
documents (list) --
The list of documents that provide context for the pentest.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories to analyze during the pentest.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --
The list of integrated repositories associated with the pentest.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) -- [REQUIRED]
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) -- [REQUIRED]
The provider-specific resource identifier for the repository.
string
The updated IAM service role for the code review.
dict
The updated CloudWatch Logs configuration for the code review.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
string
The updated code remediation strategy for the code review.
dict
Response Syntax
{
'codeReviewId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'agentSpaceId': 'string',
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED'
}
Response Structure
(dict) --
Output for the UpdateCodeReview operation.
codeReviewId (string) --
The unique identifier of the code review.
title (string) --
The title of the code review.
createdAt (datetime) --
The date and time the code review was created, in UTC format.
updatedAt (datetime) --
The date and time the code review was last updated, in UTC format.
assets (dict) --
The assets included in the code review.
endpoints (list) --
The list of endpoints to test during the pentest.
(dict) --
Represents a target endpoint for penetration testing.
uri (string) --
The URI of the endpoint.
actors (list) --
The list of actors used during penetration testing.
(dict) --
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
identifier (string) --
The unique identifier for the actor.
uris (list) --
The list of URIs that the actor targets during testing.
(string) --
authentication (dict) --
The authentication configuration for the actor.
providerType (string) --
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
value (string) --
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
description (string) --
A description of the actor.
documents (list) --
The list of documents that provide context for the pentest.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories to analyze during the pentest.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --
The list of integrated repositories associated with the pentest.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) --
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) --
The provider-specific resource identifier for the repository.
serviceRole (string) --
The IAM service role used for the code review.
logConfig (dict) --
The CloudWatch Logs configuration for the code review.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
agentSpaceId (string) --
The unique identifier of the agent space that contains the code review.
codeRemediationStrategy (string) --
The code remediation strategy for the code review.
Returns a paginated list of code review summaries for the specified agent space.
See also: AWS API Documentation
Request Syntax
client.list_code_reviews(
maxResults=123,
nextToken='string',
agentSpaceId='string'
)
integer
The maximum number of results to return in a single call.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
string
[REQUIRED]
The unique identifier of the agent space to list code reviews for.
dict
Response Syntax
{
'codeReviewSummaries': [
{
'codeReviewId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListCodeReviews operation.
codeReviewSummaries (list) --
The list of code review summaries.
(dict) --
Contains summary information about a code review.
codeReviewId (string) --
The unique identifier of the code review.
agentSpaceId (string) --
The unique identifier of the agent space that contains the code review.
title (string) --
The title of the code review.
createdAt (datetime) --
The date and time the code review was created, in UTC format.
updatedAt (datetime) --
The date and time the code review was last updated, in UTC format.
nextToken (string) --
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Retrieves information about one or more code review jobs in an agent space.
See also: AWS API Documentation
Request Syntax
client.batch_get_code_review_jobs(
codeReviewJobIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
The list of code review job identifiers to retrieve.
(string) --
string
[REQUIRED]
The unique identifier of the agent space that contains the code review jobs.
dict
Response Syntax
{
'codeReviewJobs': [
{
'codeReviewJobId': 'string',
'codeReviewId': 'string',
'title': 'string',
'overview': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'steps': [
{
'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING',
'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'executionContext': [
{
'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
'context': 'string',
'timestamp': datetime(2015, 1, 1)
},
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'errorInformation': {
'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
'message': 'string'
},
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
],
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetCodeReviewJobs operation.
codeReviewJobs (list) --
The list of code review jobs that were found.
(dict) --
Represents a code review job, which is an execution instance of a code review. A code review job progresses through preflight, static analysis, and finalizing steps.
codeReviewJobId (string) --
The unique identifier of the code review job.
codeReviewId (string) --
The unique identifier of the code review associated with the job.
title (string) --
The title of the code review job.
overview (string) --
An overview of the code review job results.
status (string) --
The current status of the code review job.
documents (list) --
The list of documents providing context for the code review job.
(dict) --
Represents a document that provides context for security testing.
s3Location (string) --
The Amazon S3 location of the document.
artifactId (string) --
The unique identifier of the artifact associated with the document.
sourceCode (list) --
The list of source code repositories analyzed during the code review job.
(dict) --
Represents a source code repository used for security analysis during a pentest.
s3Location (string) --
The Amazon S3 location of the source code repository archive.
steps (list) --
The list of steps in the code review job execution.
(dict) --
Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.
name (string) --
The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, and FINALIZING.
status (string) --
The current status of the step.
createdAt (datetime) --
The date and time the step was created, in UTC format.
updatedAt (datetime) --
The date and time the step was last updated, in UTC format.
executionContext (list) --
The execution context messages for the code review job.
(dict) --
Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.
contextType (string) --
The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.
context (string) --
The context message.
timestamp (datetime) --
The date and time the context was recorded, in UTC format.
serviceRole (string) --
The IAM service role used for the code review job.
logConfig (dict) --
The CloudWatch Logs configuration for the code review job.
logGroup (string) --
The name of the CloudWatch log group.
logStream (string) --
The name of the CloudWatch log stream.
errorInformation (dict) --
Error information if the code review job encountered an error.
code (string) --
The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.
message (string) --
A message describing the error.
integratedRepositories (list) --
The list of integrated repositories associated with the code review job.
(dict) --
Represents a code repository that is integrated with the service through a third-party provider.
integrationId (string) --
The unique identifier of the integration that provides access to the repository.
providerResourceId (string) --
The provider-specific resource identifier for the repository.
codeRemediationStrategy (string) --
The code remediation strategy for the code review job.
createdAt (datetime) --
The date and time the code review job was created, in UTC format.
updatedAt (datetime) --
The date and time the code review job was last updated, in UTC format.
notFound (list) --
The list of code review job identifiers that were not found.
(string) --
{'findings': {'codeLocations': [{'filePath': 'string',
'label': 'string',
'lineEnd': 'integer',
'lineStart': 'integer'}],
'codeReviewId': 'string',
'codeReviewJobId': 'string'}}
Retrieves information about one or more security findings in an agent space.
See also: AWS API Documentation
Request Syntax
client.batch_get_findings(
findingIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
The list of finding identifiers to retrieve.
(string) --
string
[REQUIRED]
The unique identifier of the agent space that contains the findings.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'agentSpaceId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'taskId': 'string',
'name': 'string',
'description': 'string',
'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
'riskType': 'string',
'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'riskScore': 'string',
'reasoning': 'string',
'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
'attackScript': 'string',
'codeRemediationTask': {
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED',
'statusReason': 'string',
'taskDetails': [
{
'repoName': 'string',
'codeDiffLink': 'string',
'pullRequestLink': 'string'
},
]
},
'lastUpdatedBy': 'string',
'codeLocations': [
{
'filePath': 'string',
'lineStart': 123,
'lineEnd': 123,
'label': 'string'
},
],
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetFindings operation.
findings (list) --
The list of findings that were found.
(dict) --
Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
findingId (string) --
The unique identifier of the finding.
agentSpaceId (string) --
The unique identifier of the agent space associated with the finding.
pentestId (string) --
The unique identifier of the pentest associated with the finding.
pentestJobId (string) --
The unique identifier of the pentest job that produced the finding.
codeReviewId (string) --
The unique identifier of the code review associated with the finding.
codeReviewJobId (string) --
The unique identifier of the code review job that produced the finding.
taskId (string) --
The unique identifier of the task that produced the finding.
name (string) --
The name of the finding.
description (string) --
A description of the finding.
status (string) --
The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
riskType (string) --
The type of security risk identified by the finding.
riskLevel (string) --
The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
riskScore (string) --
The numerical risk score of the finding.
reasoning (string) --
The reasoning behind the finding, explaining why it was identified as a vulnerability.
confidence (string) --
The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
attackScript (string) --
The attack script used to reproduce the finding.
codeRemediationTask (dict) --
The code remediation task associated with the finding, if code remediation was initiated.
status (string) --
The current status of the code remediation task.
statusReason (string) --
The reason for the current status of the code remediation task.
taskDetails (list) --
The list of details for the code remediation task, including repository name, code diff link, and pull request link.
(dict) --
Contains details about a code remediation task, including links to the code diff and pull request.
repoName (string) --
The name of the repository where the remediation was applied.
codeDiffLink (string) --
The link to the code diff for the remediation.
pullRequestLink (string) --
The link to the pull request created for the remediation.
lastUpdatedBy (string) --
The identifier of the entity that last updated the finding.
codeLocations (list) --
The file locations involved in the vulnerability, as reported by the code scanner.
(dict) --
Represents a location in source code associated with a security finding.
filePath (string) --
The absolute path to the file containing the code location.
lineStart (integer) --
The starting line number of the code location.
lineEnd (integer) --
The ending line number of the code location.
label (string) --
The role of this location in the vulnerability, such as source or sink.
createdAt (datetime) --
The date and time the finding was created, in UTC format.
updatedAt (datetime) --
The date and time the finding was last updated, in UTC format.
notFound (list) --
The list of finding identifiers that were not found.
(string) --
{'codeReviewJobId': 'string'}
Response {'findingsSummaries': {'codeReviewId': 'string', 'codeReviewJobId': 'string'}}
Lists the security findings for a pentest job.
See also: AWS API Documentation
Request Syntax
client.list_findings(
maxResults=123,
pentestJobId='string',
codeReviewJobId='string',
agentSpaceId='string',
nextToken='string',
riskType='string',
riskLevel='UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
status='ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
confidence='FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
name='string'
)
integer
The maximum number of results to return in a single call.
string
The unique identifier of the pentest job to list findings for.
string
The unique identifier of the code review job to list findings for. Mutually exclusive with pentestJobId.
string
[REQUIRED]
The unique identifier of the agent space.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
string
Filter findings by risk type.
string
Filter findings by risk level.
string
Filter findings by status.
string
Filter findings by confidence level.
string
Filter findings by name.
dict
Response Syntax
{
'findingsSummaries': [
{
'findingId': 'string',
'agentSpaceId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'name': 'string',
'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
'riskType': 'string',
'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListFindings operation.
findingsSummaries (list) --
The list of finding summaries.
(dict) --
Contains summary information about a security finding.
findingId (string) --
The unique identifier of the finding.
agentSpaceId (string) --
The unique identifier of the agent space associated with the finding.
pentestId (string) --
The unique identifier of the pentest associated with the finding.
pentestJobId (string) --
The unique identifier of the pentest job that produced the finding.
codeReviewId (string) --
The unique identifier of the code review associated with the finding.
codeReviewJobId (string) --
The unique identifier of the code review job that produced the finding.
name (string) --
The name of the finding.
status (string) --
The current status of the finding.
riskType (string) --
The type of security risk identified by the finding.
riskLevel (string) --
The risk level of the finding.
confidence (string) --
The confidence level of the finding.
createdAt (datetime) --
The date and time the finding was created, in UTC format.
updatedAt (datetime) --
The date and time the finding was last updated, in UTC format.
nextToken (string) --
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
{'codeReviewJobId': 'string'}
Initiates code remediation for one or more security findings. This creates pull requests in integrated repositories to fix the identified vulnerabilities.
See also: AWS API Documentation
Request Syntax
client.start_code_remediation(
agentSpaceId='string',
pentestJobId='string',
codeReviewJobId='string',
findingIds=[
'string',
]
)
string
[REQUIRED]
The unique identifier of the agent space.
string
The unique identifier of the pentest job that produced the findings. Mutually exclusive with codeReviewJobId.
string
The unique identifier of the code review job that produced the findings. Mutually exclusive with pentestJobId.
list
[REQUIRED]
The list of finding identifiers to initiate code remediation for.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Output for the StartCodeRemediation operation.