Returns a list of requested findings from standard scans.
" }, "CreateScan":{ "name":"CreateScan", "http":{ "method":"POST", "requestUri":"/scans", "responseCode":200 }, "input":{"shape":"CreateScanRequest"}, "output":{"shape":"CreateScanResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Use to create a scan using code uploaded to an Amazon S3 bucket.
" }, "CreateUploadUrl":{ "name":"CreateUploadUrl", "http":{ "method":"POST", "requestUri":"/uploadUrl", "responseCode":200 }, "input":{"shape":"CreateUploadUrlRequest"}, "output":{"shape":"CreateUploadUrlResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Generates a pre-signed URL, request headers used to upload a code resource, and code artifact identifier for the uploaded resource.
You can upload your code resource to the URL with the request headers using any HTTP client.
" }, "GetAccountConfiguration":{ "name":"GetAccountConfiguration", "http":{ "method":"GET", "requestUri":"/accountConfiguration/get", "responseCode":200 }, "input":{"shape":"GetAccountConfigurationRequest"}, "output":{"shape":"GetAccountConfigurationResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Use to get the encryption configuration for an account.
" }, "GetFindings":{ "name":"GetFindings", "http":{ "method":"GET", "requestUri":"/findings/{scanName}", "responseCode":200 }, "input":{"shape":"GetFindingsRequest"}, "output":{"shape":"GetFindingsResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Returns a list of all findings generated by a particular scan.
" }, "GetMetricsSummary":{ "name":"GetMetricsSummary", "http":{ "method":"GET", "requestUri":"/metrics/summary", "responseCode":200 }, "input":{"shape":"GetMetricsSummaryRequest"}, "output":{"shape":"GetMetricsSummaryResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Returns a summary of metrics for an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.
" }, "GetScan":{ "name":"GetScan", "http":{ "method":"GET", "requestUri":"/scans/{scanName}", "responseCode":200 }, "input":{"shape":"GetScanRequest"}, "output":{"shape":"GetScanResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Returns details about a scan, including whether or not a scan has completed.
" }, "ListFindingsMetrics":{ "name":"ListFindingsMetrics", "http":{ "method":"GET", "requestUri":"/metrics/findings", "responseCode":200 }, "input":{"shape":"ListFindingsMetricsRequest"}, "output":{"shape":"ListFindingsMetricsResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Returns metrics about all findings in an account within a specified time range.
" }, "ListScans":{ "name":"ListScans", "http":{ "method":"GET", "requestUri":"/scans", "responseCode":200 }, "input":{"shape":"ListScansRequest"}, "output":{"shape":"ListScansResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Returns a list of all scans in an account. Does not return EXPRESS scans.
Returns a list of all tags associated with a scan.
" }, "TagResource":{ "name":"TagResource", "http":{ "method":"POST", "requestUri":"/tags/{resourceArn}", "responseCode":204 }, "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Use to add one or more tags to an existing scan.
" }, "UntagResource":{ "name":"UntagResource", "http":{ "method":"DELETE", "requestUri":"/tags/{resourceArn}", "responseCode":204 }, "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Use to remove one or more tags from an existing scan.
", "idempotent":true }, "UpdateAccountConfiguration":{ "name":"UpdateAccountConfiguration", "http":{ "method":"PUT", "requestUri":"/updateAccountConfiguration", "responseCode":200 }, "input":{"shape":"UpdateAccountConfigurationRequest"}, "output":{"shape":"UpdateAccountConfigurationResponse"}, "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], "documentation":"Use to update the encryption configuration for an account.
" } }, "shapes":{ "AccessDeniedException":{ "type":"structure", "required":[ "errorCode", "message" ], "members":{ "errorCode":{ "shape":"String", "documentation":"The identifier for the error.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" }, "resourceId":{ "shape":"String", "documentation":"The identifier for the resource you don't have access to.
" }, "resourceType":{ "shape":"String", "documentation":"The type of resource you don't have access to.
" } }, "documentation":"You do not have sufficient access to perform this action.
", "error":{ "httpStatusCode":403, "senderFault":true }, "exception":true }, "AccountFindingsMetric":{ "type":"structure", "members":{ "date":{ "shape":"Timestamp", "documentation":"The date from which the findings metrics were retrieved.
" }, "newFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"The number of new findings of each severity on the specified date.
" }, "closedFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"The number of closed findings of each severity on the specified date.
" }, "openFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"The number of open findings of each severity as of the specified date.
" }, "meanTimeToClose":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"The average time in days it takes to close findings of each severity as of a specified date.
" } }, "documentation":"A summary of findings metrics for an account on a specified date.
" }, "AnalysisType":{ "type":"string", "enum":[ "Security", "All" ] }, "BatchGetFindingsError":{ "type":"structure", "required":[ "scanName", "findingId", "errorCode", "message" ], "members":{ "scanName":{ "shape":"ScanName", "documentation":"The name of the scan that generated the finding.
" }, "findingId":{ "shape":"String", "documentation":"The finding ID of the finding that was not fetched.
" }, "errorCode":{ "shape":"ErrorCode", "documentation":"A code associated with the type of error.
" }, "message":{ "shape":"String", "documentation":"Describes the error.
" } }, "documentation":"Contains information about the error that caused a finding to fail to be retrieved.
" }, "BatchGetFindingsErrors":{ "type":"list", "member":{"shape":"BatchGetFindingsError"} }, "BatchGetFindingsRequest":{ "type":"structure", "required":["findingIdentifiers"], "members":{ "findingIdentifiers":{ "shape":"FindingIdentifiers", "documentation":"A list of finding identifiers. Each identifier consists of a scanName and a findingId. You retrieve the findingId when you call GetFindings.
A list of all findings which were successfully fetched.
" }, "failedFindings":{ "shape":"BatchGetFindingsErrors", "documentation":"A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the scanName, findingId, errorCode and error message.
The name of the finding category. A finding category is determined by the detector that detected the finding.
" }, "findingNumber":{ "shape":"Integer", "documentation":"The number of open findings in the category.
" } }, "documentation":"Information about a finding category with open findings.
" }, "ClientToken":{ "type":"string", "max":64, "min":1, "pattern":"[\\S]+" }, "CodeLine":{ "type":"structure", "members":{ "number":{ "shape":"Integer", "documentation":"The code line number.
" }, "content":{ "shape":"String", "documentation":"The code that contains a vulnerability.
" } }, "documentation":"The line of code where a finding was detected.
" }, "CodeSnippet":{ "type":"list", "member":{"shape":"CodeLine"} }, "ConflictException":{ "type":"structure", "required":[ "errorCode", "message", "resourceId", "resourceType" ], "members":{ "errorCode":{ "shape":"String", "documentation":"The identifier for the error.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" }, "resourceId":{ "shape":"String", "documentation":"The identifier for the service resource associated with the request.
" }, "resourceType":{ "shape":"String", "documentation":"The type of resource associated with the request.
" } }, "documentation":"The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, "CreateScanRequest":{ "type":"structure", "required":[ "resourceId", "scanName" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.
", "idempotencyToken":true }, "resourceId":{ "shape":"ResourceId", "documentation":"The identifier for the resource object to be scanned.
" }, "scanName":{ "shape":"ScanName", "documentation":"The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a STANDARD scan type.
The type of scan, either Standard or Express. Defaults to Standard type if missing.
Express scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. Standard scans have standard resource limits and use the full set of detectors to analyze your code.
The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.
An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
The name of the scan.
" }, "runId":{ "shape":"Uuid", "documentation":"UUID that identifies the individual scan run.
" }, "resourceId":{ "shape":"ResourceId", "documentation":"The identifier for the resource object that contains resources that were scanned.
" }, "scanState":{ "shape":"ScanState", "documentation":"The current state of the scan. Returns either InProgress, Successful, or Failed.
The ARN for the scan name.
" } } }, "CreateUploadUrlRequest":{ "type":"structure", "required":["scanName"], "members":{ "scanName":{ "shape":"ScanName", "documentation":"The name of the scan that will use the uploaded resource. CodeGuru Security uses the unique scan name to track revisions across multiple scans of the same resource. Use this scanName when you call CreateScan on the code resource you upload to this URL.
A pre-signed S3 URL. You can upload the code file you want to scan with the required requestHeaders using any HTTP client.
A set of key-value pairs that contain the required headers when uploading your resource.
" }, "codeArtifactId":{ "shape":"Uuid", "documentation":"The identifier for the uploaded code resource. Pass this to CreateScan to use the uploaded resources.
The KMS key ARN that is used for encryption. If an AWS-managed key is used for encryption, returns empty.
" } }, "documentation":"Information about the encryption configuration for an account. Required to call UpdateAccountConfiguration.
The name of the file.
" }, "path":{ "shape":"String", "documentation":"The path to the resource with the security vulnerability.
" }, "startLine":{ "shape":"Integer", "documentation":"The first line number of the code snippet where the security vulnerability appears in your code.
" }, "endLine":{ "shape":"Integer", "documentation":"The last line number of the code snippet where the security vulnerability appears in your code.
" }, "codeSnippet":{ "shape":"CodeSnippet", "documentation":"A list of CodeLine objects that describe where the security vulnerability appears in your code.
Information about the location of security vulnerabilities that Amazon CodeGuru Security detected in your code.
" }, "Finding":{ "type":"structure", "members":{ "createdAt":{ "shape":"Timestamp", "documentation":"The time when the finding was created.
" }, "description":{ "shape":"String", "documentation":"A description of the finding.
" }, "generatorId":{ "shape":"String", "documentation":"The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.
" }, "id":{ "shape":"String", "documentation":"The identifier for a finding.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.
" }, "type":{ "shape":"String", "documentation":"The type of finding.
" }, "status":{ "shape":"Status", "documentation":"The status of the finding. A finding status can be open or closed.
" }, "resource":{ "shape":"Resource", "documentation":"The resource where Amazon CodeGuru Security detected a finding.
" }, "vulnerability":{ "shape":"Vulnerability", "documentation":"An object that describes the detected security vulnerability.
" }, "severity":{ "shape":"Severity", "documentation":"The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the Amazon CodeGuru Security User Guide.
" }, "remediation":{ "shape":"Remediation", "documentation":"An object that contains the details about how to remediate a finding.
" }, "title":{ "shape":"String", "documentation":"The title of the finding.
" }, "detectorTags":{ "shape":"DetectorTags", "documentation":"One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.
" }, "detectorId":{ "shape":"String", "documentation":"The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.
" }, "detectorName":{ "shape":"String", "documentation":"The name of the detector that identified the security vulnerability in your code.
" }, "ruleId":{ "shape":"String", "documentation":"The identifier for the rule that generated the finding.
" } }, "documentation":"Information about a finding that was detected in your code.
" }, "FindingIdentifier":{ "type":"structure", "required":[ "scanName", "findingId" ], "members":{ "scanName":{ "shape":"String", "documentation":"The name of the scan that generated the finding.
" }, "findingId":{ "shape":"String", "documentation":"The identifier for a finding.
" } }, "documentation":"An object that contains information about a finding and the scan that generated it.
" }, "FindingIdentifiers":{ "type":"list", "member":{"shape":"FindingIdentifier"}, "max":25, "min":1 }, "FindingMetricsValuePerSeverity":{ "type":"structure", "members":{ "info":{ "shape":"Double", "documentation":"A numeric value corresponding to an informational finding.
" }, "low":{ "shape":"Double", "documentation":"A numeric value corresponding to a low severity finding.
" }, "medium":{ "shape":"Double", "documentation":"A numeric value corresponding to a medium severity finding.
" }, "high":{ "shape":"Double", "documentation":"A numeric value corresponding to a high severity finding.
" }, "critical":{ "shape":"Double", "documentation":"A numeric value corresponding to a critical finding.
" } }, "documentation":"A numeric value corresponding to the severity of a finding, such as the number of open findings or the average time it takes to close findings of a given severity.
" }, "Findings":{ "type":"list", "member":{"shape":"Finding"} }, "FindingsMetricList":{ "type":"list", "member":{"shape":"AccountFindingsMetric"} }, "GetAccountConfigurationRequest":{ "type":"structure", "members":{} }, "GetAccountConfigurationResponse":{ "type":"structure", "required":["encryptionConfig"], "members":{ "encryptionConfig":{ "shape":"EncryptionConfig", "documentation":"An EncryptionConfig object that contains the KMS key ARN that is used for encryption. By default, CodeGuru Security uses an AWS-managed key for encryption. To specify your own key, call UpdateAccountConfiguration. If you do not specify a customer-managed key, returns empty.
The name of the scan you want to retrieve findings from.
", "location":"uri", "locationName":"scanName" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.
The status of the findings you want to get. Pass either Open, Closed, or All.
A list of findings generated by the specified scan.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token. You can use this in future calls to GetFindings to continue listing results after the current page.
The date you want to retrieve summary metrics from, rounded to the nearest day. The date must be within the past two years.
", "location":"querystring", "locationName":"date" } } }, "GetMetricsSummaryResponse":{ "type":"structure", "members":{ "metricsSummary":{ "shape":"MetricsSummary", "documentation":"The summary metrics from the specified date.
" } } }, "GetScanRequest":{ "type":"structure", "required":["scanName"], "members":{ "scanName":{ "shape":"ScanName", "documentation":"The name of the scan you want to view details about.
", "location":"uri", "locationName":"scanName" }, "runId":{ "shape":"Uuid", "documentation":"UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the CreateScan operation. Defaults to the latest scan run if missing.
The name of the scan.
" }, "runId":{ "shape":"Uuid", "documentation":"UUID that identifies the individual scan run.
" }, "scanState":{ "shape":"ScanState", "documentation":"The current state of the scan. Returns either InProgress, Successful, or Failed.
The time the scan was created.
" }, "analysisType":{ "shape":"AnalysisType", "documentation":"The type of analysis CodeGuru Security performed in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings.
The time when the scan was last updated. Only available for STANDARD scan types.
The number of times a scan has been re-run on a revised resource.
" }, "scanNameArn":{ "shape":"ScanNameArn", "documentation":"The ARN for the scan name.
" }, "errorMessage":{ "shape":"ErrorMessage", "documentation":"Details about the error that causes a scan to fail to be retrieved.
" } } }, "HeaderKey":{ "type":"string", "min":1 }, "HeaderValue":{ "type":"string", "min":1 }, "Integer":{ "type":"integer", "box":true }, "InternalServerException":{ "type":"structure", "members":{ "error":{ "shape":"String", "documentation":"The internal error encountered by the server.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" } }, "documentation":"The server encountered an internal error and is unable to complete the request.
", "error":{"httpStatusCode":500}, "exception":true, "fault":true, "retryable":{"throttling":false} }, "KmsKeyArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws:kms:[\\S]+:[\\d]{12}:key\\/(([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})|(mrk-[0-9a-zA-Z]{32}))" }, "ListFindingsMetricsRequest":{ "type":"structure", "required":[ "startDate", "endDate" ], "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.
The start date of the interval which you want to retrieve metrics from. Rounds to the nearest day.
", "location":"querystring", "locationName":"startDate" }, "endDate":{ "shape":"Timestamp", "documentation":"The end date of the interval which you want to retrieve metrics from. Round to the nearest day.
", "location":"querystring", "locationName":"endDate" } } }, "ListFindingsMetricsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":1000, "min":1 }, "ListFindingsMetricsResponse":{ "type":"structure", "members":{ "findingsMetrics":{ "shape":"FindingsMetricList", "documentation":"A list of AccountFindingsMetric objects retrieved from the specified time interval.
A pagination token. You can use this in future calls to ListFindingMetrics to continue listing results after the current page.
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 100 results.
A list of ScanSummary objects with information about all scans in an account.
A pagination token. You can use this in future calls to ListScans to continue listing results after the current page.
The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
The date from which the metrics summary information was retrieved.
" }, "openFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"The number of open findings of each severity.
" }, "categoriesWithMostFindings":{ "shape":"CategoriesWithMostFindings", "documentation":"A list of CategoryWithFindingNum objects for the top 5 finding categories with the most findings.
A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open findings.
A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open critical findings.
A summary of metrics for an account as of a specified date.
" }, "NextToken":{ "type":"string", "max":2048, "min":1, "pattern":"[\\S]+" }, "Recommendation":{ "type":"structure", "members":{ "text":{ "shape":"String", "documentation":"The recommended course of action to remediate the finding.
" }, "url":{ "shape":"String", "documentation":"The URL address to the recommendation for remediating the finding.
" } }, "documentation":"Information about the recommended course of action to remediate a finding.
" }, "ReferenceUrls":{ "type":"list", "member":{"shape":"String"} }, "RelatedVulnerabilities":{ "type":"list", "member":{"shape":"String"} }, "Remediation":{ "type":"structure", "members":{ "recommendation":{ "shape":"Recommendation", "documentation":"An object that contains information about the recommended course of action to remediate a finding.
" }, "suggestedFixes":{ "shape":"SuggestedFixes", "documentation":"A list of SuggestedFix objects. Each object contains information about a suggested code fix to remediate the finding.
Information about how to remediate a finding.
" }, "RequestHeaderMap":{ "type":"map", "key":{"shape":"HeaderKey"}, "value":{"shape":"HeaderValue"}, "sensitive":true }, "Resource":{ "type":"structure", "members":{ "id":{ "shape":"String", "documentation":"The scanName of the scan that was run on the resource.
The identifier for a section of the resource.
" } }, "documentation":"Information about a resource that contains a finding.
" }, "ResourceId":{ "type":"structure", "members":{ "codeArtifactId":{ "shape":"Uuid", "documentation":"The identifier for the code file uploaded to the resource object. Returned by CreateUploadUrl when you upload resources to be scanned.
The identifier for a resource object that contains resources to scan. Specifying a codeArtifactId is required to create a scan.
", "union":true }, "ResourceNotFoundException":{ "type":"structure", "required":[ "errorCode", "message", "resourceId", "resourceType" ], "members":{ "errorCode":{ "shape":"String", "documentation":"The identifier for the error.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" }, "resourceId":{ "shape":"String", "documentation":"The identifier for the resource that was not found.
" }, "resourceType":{ "shape":"String", "documentation":"The type of resource that was not found.
" } }, "documentation":"The resource specified in the request was not found.
", "error":{ "httpStatusCode":404, "senderFault":true }, "exception":true }, "S3Url":{ "type":"string", "min":1, "sensitive":true }, "ScanName":{ "type":"string", "max":140, "min":1, "pattern":"[a-zA-Z0-9-_$:.]*" }, "ScanNameArn":{ "type":"string", "max":300, "min":1, "pattern":"arn:aws:codeguru-security:[\\S]+:[\\d]{12}:scans\\/[a-zA-Z0-9-_$:.]*" }, "ScanNameWithFindingNum":{ "type":"structure", "members":{ "scanName":{ "shape":"String", "documentation":"The name of the scan.
" }, "findingNumber":{ "shape":"Integer", "documentation":"The number of findings generated by a scan.
" } }, "documentation":"Information about the number of findings generated by a scan.
" }, "ScanState":{ "type":"string", "enum":[ "InProgress", "Successful", "Failed" ] }, "ScanSummaries":{ "type":"list", "member":{"shape":"ScanSummary"} }, "ScanSummary":{ "type":"structure", "required":[ "scanState", "createdAt", "scanName", "runId" ], "members":{ "scanState":{ "shape":"ScanState", "documentation":"The state of the scan. A scan can be In Progress, Complete, or Failed.
The time when the scan was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The time the scan was last updated. A scan is updated when it is re-run.
" }, "scanName":{ "shape":"ScanName", "documentation":"The name of the scan.
" }, "runId":{ "shape":"Uuid", "documentation":"The identifier for the scan run.
" }, "scanNameArn":{ "shape":"ScanNameArn", "documentation":"The ARN for the scan name.
" } }, "documentation":"Information about a scan.
" }, "ScanType":{ "type":"string", "enum":[ "Standard", "Express" ] }, "ScansWithMostOpenCriticalFindings":{ "type":"list", "member":{"shape":"ScanNameWithFindingNum"}, "max":3, "min":0 }, "ScansWithMostOpenFindings":{ "type":"list", "member":{"shape":"ScanNameWithFindingNum"}, "max":3, "min":0 }, "Severity":{ "type":"string", "enum":[ "Critical", "High", "Medium", "Low", "Info" ] }, "Status":{ "type":"string", "enum":[ "Closed", "Open", "All" ] }, "String":{"type":"string"}, "SuggestedFix":{ "type":"structure", "members":{ "description":{ "shape":"String", "documentation":"A description of the suggested code fix and why it is being suggested.
" }, "code":{ "shape":"String", "documentation":"The suggested code fix. If applicable, includes code patch to replace your source code.
" } }, "documentation":"Information about the suggested code fix to remediate a finding.
" }, "SuggestedFixes":{ "type":"list", "member":{"shape":"SuggestedFix"} }, "TagKey":{ "type":"string", "max":128, "min":1 }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"}, "max":200, "min":0 }, "TagMap":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":200, "min":0 }, "TagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tags" ], "members":{ "resourceArn":{ "shape":"ScanNameArn", "documentation":"The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
The identifier for the error.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" }, "serviceCode":{ "shape":"String", "documentation":"The identifier for the originating service.
" }, "quotaCode":{ "shape":"String", "documentation":"The identifier for the originating quota.
" } }, "documentation":"The request was denied due to request throttling.
", "error":{ "httpStatusCode":429, "senderFault":true }, "exception":true, "retryable":{"throttling":true} }, "Timestamp":{"type":"timestamp"}, "UntagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tagKeys" ], "members":{ "resourceArn":{ "shape":"ScanNameArn", "documentation":"The ARN of the ScanName object. You can retrieve this ARN by calling CreateScan, ListScans, or GetScan.
A list of keys for each tag you want to remove from a scan.
", "location":"querystring", "locationName":"tagKeys" } } }, "UntagResourceResponse":{ "type":"structure", "members":{} }, "UpdateAccountConfigurationRequest":{ "type":"structure", "required":["encryptionConfig"], "members":{ "encryptionConfig":{ "shape":"EncryptionConfig", "documentation":"The customer-managed KMS key ARN you want to use for encryption. If not specified, CodeGuru Security will use an AWS-managed key for encryption. If you previously specified a customer-managed KMS key and want CodeGuru Security to use an AWS-managed key for encryption instead, pass nothing.
" } } }, "UpdateAccountConfigurationResponse":{ "type":"structure", "required":["encryptionConfig"], "members":{ "encryptionConfig":{ "shape":"EncryptionConfig", "documentation":"An EncryptionConfig object that contains the KMS key ARN that is used for encryption. If you did not specify a customer-managed KMS key in the request, returns empty.
The identifier for the error.
" }, "message":{ "shape":"String", "documentation":"Description of the error.
" }, "reason":{ "shape":"ValidationExceptionReason", "documentation":"The reason the request failed validation.
" }, "fieldList":{ "shape":"ValidationExceptionFieldList", "documentation":"The field that caused the error, if applicable.
" } }, "documentation":"The input fails to satisfy the specified constraints.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "ValidationExceptionField":{ "type":"structure", "required":[ "name", "message" ], "members":{ "name":{ "shape":"String", "documentation":"The name of the exception.
" }, "message":{ "shape":"String", "documentation":"Describes the exception.
" } }, "documentation":"Information about a validation exception.
" }, "ValidationExceptionFieldList":{ "type":"list", "member":{"shape":"ValidationExceptionField"} }, "ValidationExceptionReason":{ "type":"string", "enum":[ "unknownOperation", "cannotParse", "fieldValidationFailed", "other", "lambdaCodeShaMisMatch" ] }, "Vulnerability":{ "type":"structure", "members":{ "referenceUrls":{ "shape":"ReferenceUrls", "documentation":"One or more URL addresses that contain details about a vulnerability.
" }, "relatedVulnerabilities":{ "shape":"RelatedVulnerabilities", "documentation":"One or more vulnerabilities that are related to the vulnerability being described.
" }, "id":{ "shape":"String", "documentation":"The identifier for the vulnerability.
" }, "filePath":{ "shape":"FilePath", "documentation":"An object that describes the location of the detected security vulnerability in your code.
" }, "itemCount":{ "shape":"Integer", "documentation":"The number of times the vulnerability appears in your code.
", "deprecated":true, "deprecatedMessage":"This shape is not used." } }, "documentation":"Information about a security vulnerability that Amazon CodeGuru Security detected.
" } }, "documentation":"On November 20, 2025, AWS will discontinue support for Amazon CodeGuru Security. After November 20, 2025, you will no longer be able to access the /codeguru/security console, service resources, or documentation. For more information, see https://docs.aws.amazon.com/codeguru/latest/security-ug/end-of-support.html.
This section provides documentation for the Amazon CodeGuru Security API operations. CodeGuru Security is a service that uses program analysis and machine learning to detect security policy violations and vulnerabilities, and recommends ways to address these security risks.
By proactively detecting and providing recommendations for addressing security risks, CodeGuru Security improves the overall security of your application code. For more information about CodeGuru Security, see the Amazon CodeGuru Security User Guide.
" }