Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, BatchGetCodeSnippetCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, BatchGetCodeSnippetCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // BatchGetCodeSnippetRequest + * findingArns: [ // FindingArns // required + * "STRING_VALUE", + * ], + * }; + * const command = new BatchGetCodeSnippetCommand(input); + * const response = await client.send(command); + * // { // BatchGetCodeSnippetResponse + * // codeSnippetResults: [ // CodeSnippetResultList + * // { // CodeSnippetResult + * // findingArn: "STRING_VALUE", + * // startLine: Number("int"), + * // endLine: Number("int"), + * // codeSnippet: [ // CodeLineList + * // { // CodeLine + * // content: "STRING_VALUE", // required + * // lineNumber: Number("int"), // required + * // }, + * // ], + * // suggestedFixes: [ // SuggestedFixes + * // { // SuggestedFix + * // description: "STRING_VALUE", + * // code: "STRING_VALUE", + * // }, + * // ], + * // }, + * // ], + * // errors: [ // CodeSnippetErrorList + * // { // CodeSnippetError + * // findingArn: "STRING_VALUE", // required + * // errorCode: "STRING_VALUE", // required + * // errorMessage: "STRING_VALUE", // required + * // }, + * // ], + * // }; + * + * ``` + * + * @param BatchGetCodeSnippetCommandInput - {@link BatchGetCodeSnippetCommandInput} + * @returns {@link BatchGetCodeSnippetCommandOutput} + * @see {@link BatchGetCodeSnippetCommandInput} for command's `input` shape. + * @see {@link BatchGetCodeSnippetCommandOutput} for command's `response` shape. + * @see {@link Inspector2ClientResolvedConfig | config} for Inspector2Client's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class BatchGetCodeSnippetCommand extends $Command< + BatchGetCodeSnippetCommandInput, + BatchGetCodeSnippetCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: BatchGetCodeSnippetCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackCancels a software bill of materials (SBOM) report.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, CancelSbomExportCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, CancelSbomExportCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // CancelSbomExportRequest + * reportId: "STRING_VALUE", // required + * }; + * const command = new CancelSbomExportCommand(input); + * const response = await client.send(command); + * // { // CancelSbomExportResponse + * // reportId: "STRING_VALUE", + * // }; + * + * ``` + * + * @param CancelSbomExportCommandInput - {@link CancelSbomExportCommandInput} + * @returns {@link CancelSbomExportCommandOutput} + * @see {@link CancelSbomExportCommandInput} for command's `input` shape. + * @see {@link CancelSbomExportCommandOutput} for command's `response` shape. + * @see {@link Inspector2ClientResolvedConfig | config} for Inspector2Client's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class CancelSbomExportCommand extends $Command< + CancelSbomExportCommandInput, + CancelSbomExportCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: CancelSbomExportCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackCreates a software bill of materials (SBOM) report.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, CreateSbomExportCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, CreateSbomExportCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // CreateSbomExportRequest + * resourceFilterCriteria: { // ResourceFilterCriteria + * accountId: [ // ResourceStringFilterList + * { // ResourceStringFilter + * comparison: "STRING_VALUE", // required + * value: "STRING_VALUE", // required + * }, + * ], + * resourceId: [ + * { + * comparison: "STRING_VALUE", // required + * value: "STRING_VALUE", // required + * }, + * ], + * resourceType: [ + * { + * comparison: "STRING_VALUE", // required + * value: "STRING_VALUE", // required + * }, + * ], + * ecrRepositoryName: [ + * { + * comparison: "STRING_VALUE", // required + * value: "STRING_VALUE", // required + * }, + * ], + * lambdaFunctionName: [ + * { + * comparison: "STRING_VALUE", // required + * value: "STRING_VALUE", // required + * }, + * ], + * ecrImageTags: "You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class CreateSbomExportCommand extends $Command< + CreateSbomExportCommandInput, + CreateSbomExportCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: CreateSbomExportCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackGets an encryption key.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, GetEncryptionKeyCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, GetEncryptionKeyCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // GetEncryptionKeyRequest + * scanType: "STRING_VALUE", // required + * resourceType: "STRING_VALUE", // required + * }; + * const command = new GetEncryptionKeyCommand(input); + * const response = await client.send(command); + * // { // GetEncryptionKeyResponse + * // kmsKeyId: "STRING_VALUE", // required + * // }; + * + * ``` + * + * @param GetEncryptionKeyCommandInput - {@link GetEncryptionKeyCommandInput} + * @returns {@link GetEncryptionKeyCommandOutput} + * @see {@link GetEncryptionKeyCommandInput} for command's `input` shape. + * @see {@link GetEncryptionKeyCommandOutput} for command's `response` shape. + * @see {@link Inspector2ClientResolvedConfig | config} for Inspector2Client's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class GetEncryptionKeyCommand extends $Command< + GetEncryptionKeyCommandInput, + GetEncryptionKeyCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: GetEncryptionKeyCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackGets details of a software bill of materials (SBOM) report.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, GetSbomExportCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, GetSbomExportCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // GetSbomExportRequest + * reportId: "STRING_VALUE", // required + * }; + * const command = new GetSbomExportCommand(input); + * const response = await client.send(command); + * // { // GetSbomExportResponse + * // reportId: "STRING_VALUE", + * // format: "STRING_VALUE", + * // status: "STRING_VALUE", + * // errorCode: "STRING_VALUE", + * // errorMessage: "STRING_VALUE", + * // s3Destination: { // Destination + * // bucketName: "STRING_VALUE", // required + * // keyPrefix: "STRING_VALUE", + * // kmsKeyArn: "STRING_VALUE", // required + * // }, + * // filterCriteria: { // ResourceFilterCriteria + * // accountId: [ // ResourceStringFilterList + * // { // ResourceStringFilter + * // comparison: "STRING_VALUE", // required + * // value: "STRING_VALUE", // required + * // }, + * // ], + * // resourceId: [ + * // { + * // comparison: "STRING_VALUE", // required + * // value: "STRING_VALUE", // required + * // }, + * // ], + * // resourceType: [ + * // { + * // comparison: "STRING_VALUE", // required + * // value: "STRING_VALUE", // required + * // }, + * // ], + * // ecrRepositoryName: [ + * // { + * // comparison: "STRING_VALUE", // required + * // value: "STRING_VALUE", // required + * // }, + * // ], + * // lambdaFunctionName: [ + * // { + * // comparison: "STRING_VALUE", // required + * // value: "STRING_VALUE", // required + * // }, + * // ], + * // ecrImageTags: "You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class GetSbomExportCommand extends $Command< + GetSbomExportCommandInput, + GetSbomExportCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: GetSbomExportCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackResets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { Inspector2Client, ResetEncryptionKeyCommand } from "@aws-sdk/client-inspector2"; // ES Modules import + * // const { Inspector2Client, ResetEncryptionKeyCommand } = require("@aws-sdk/client-inspector2"); // CommonJS import + * const client = new Inspector2Client(config); + * const input = { // ResetEncryptionKeyRequest + * scanType: "STRING_VALUE", // required + * resourceType: "STRING_VALUE", // required + * }; + * const command = new ResetEncryptionKeyCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param ResetEncryptionKeyCommandInput - {@link ResetEncryptionKeyCommandInput} + * @returns {@link ResetEncryptionKeyCommandOutput} + * @see {@link ResetEncryptionKeyCommandInput} for command's `input` shape. + * @see {@link ResetEncryptionKeyCommandOutput} for command's `response` shape. + * @see {@link Inspector2ClientResolvedConfig | config} for Inspector2Client's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class ResetEncryptionKeyCommand extends $Command< + ResetEncryptionKeyCommandInput, + ResetEncryptionKeyCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: ResetEncryptionKeyCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackUpdates an encryption key. A ResourceNotFoundException means that an AWS owned key is being used for encryption.
You do not have sufficient access to perform this action.
+ * + * @throws {@link InternalServerException} (server fault) + *The request has failed due to an internal failure of the Amazon Inspector service.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The operation tried to access an invalid resource. Make sure the resource is specified correctly.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link ValidationException} (client fault) + *The request has failed validation due to missing required fields or having invalid + * inputs.
+ * + * @throws {@link Inspector2ServiceException} + *Base exception class for all service exceptions from Inspector2 service.
+ * + */ +export class UpdateEncryptionKeyCommand extends $Command< + UpdateEncryptionKeyCommandInput, + UpdateEncryptionKeyCommandOutput, + Inspector2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UpdateEncryptionKeyCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackThe status of Amazon Inspector scanning for AWS Lambda function.
*/ lambda?: Status | string; + + /** + *The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. + *
+ */ + lambdaCode?: Status | string; } /** @@ -88,6 +94,7 @@ export interface Account { * @enum */ export const AggregationFindingType = { + CODE_VULNERABILITY: "CODE_VULNERABILITY", NETWORK_REACHABILITY: "NETWORK_REACHABILITY", PACKAGE_VULNERABILITY: "PACKAGE_VULNERABILITY", } as const; @@ -276,6 +283,11 @@ export interface ResourceState { *An object that described the state of Amazon Inspector scans for an account.
*/ lambda?: State; + + /** + *An object that described the state of Amazon Inspector scans for an account.
+ */ + lambdaCode?: State; } /** @@ -813,6 +825,11 @@ export interface TitleAggregation { *The value to sort results by.
*/ sortBy?: TitleSortBy | string; + + /** + *The type of finding to aggregate on.
+ */ + findingType?: AggregationFindingType | string; } /** @@ -1890,6 +1907,13 @@ export interface AutoEnable { * */ lambda?: boolean; + + /** + *Represents whether AWS Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. + * + *
+ */ + lambdaCode?: boolean; } /** @@ -2015,6 +2039,7 @@ export type PackageType = (typeof PackageType)[keyof typeof PackageType]; export const Runtime = { GO_1_X: "GO_1_X", JAVA_11: "JAVA_11", + JAVA_17: "JAVA_17", JAVA_8: "JAVA_8", JAVA_8_AL2: "JAVA_8_AL2", NODEJS: "NODEJS", @@ -2022,6 +2047,7 @@ export const Runtime = { NODEJS_14_X: "NODEJS_14_X", NODEJS_16_X: "NODEJS_16_X", NODEJS_18_X: "NODEJS_18_X", + PYTHON_3_10: "PYTHON_3_10", PYTHON_3_7: "PYTHON_3_7", PYTHON_3_8: "PYTHON_3_8", PYTHON_3_9: "PYTHON_3_9", @@ -2209,6 +2235,131 @@ export class ResourceNotFoundException extends __BaseException { } } +/** + * @public + */ +export interface BatchGetCodeSnippetRequest { + /** + *An array of finding ARNs for the findings you want to retrieve code snippets from.
+ */ + findingArns: string[] | undefined; +} + +/** + * @public + *Contains information on the lines of code associated with a code snippet.
+ */ +export interface CodeLine { + /** + *The content of a line of code
+ */ + content: string | undefined; + + /** + *The line number that a section of code is located at.
+ */ + lineNumber: number | undefined; +} + +/** + * @public + *A suggested fix for a vulnerability in your Lambda function code.
+ */ +export interface SuggestedFix { + /** + *The fix's description.
+ */ + description?: string; + + /** + *The fix's code.
+ */ + code?: string; +} + +/** + * @public + *Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding.
+ */ +export interface CodeSnippetResult { + /** + *The ARN of a finding that the code snippet is associated with.
+ */ + findingArn?: string; + + /** + *The line number of the first line of a code snippet.
+ */ + startLine?: number; + + /** + *The line number of the last line of a code snippet.
+ */ + endLine?: number; + + /** + *Contains information on the retrieved code snippet.
+ */ + codeSnippet?: CodeLine[]; + + /** + *Details of a suggested code fix.
+ */ + suggestedFixes?: SuggestedFix[]; +} + +/** + * @public + * @enum + */ +export const CodeSnippetErrorCode = { + ACCESS_DENIED: "ACCESS_DENIED", + CODE_SNIPPET_NOT_FOUND: "CODE_SNIPPET_NOT_FOUND", + INTERNAL_ERROR: "INTERNAL_ERROR", + INVALID_INPUT: "INVALID_INPUT", +} as const; + +/** + * @public + */ +export type CodeSnippetErrorCode = (typeof CodeSnippetErrorCode)[keyof typeof CodeSnippetErrorCode]; + +/** + * @public + *Contains information about any errors encountered while trying to retrieve a code snippet.
+ */ +export interface CodeSnippetError { + /** + *The ARN of the finding that a code snippet couldn't be retrieved for.
+ */ + findingArn: string | undefined; + + /** + *The error code for the error that prevented a code snippet from being retrieved.
+ */ + errorCode: CodeSnippetErrorCode | string | undefined; + + /** + *The error message received when Amazon Inspector failed to retrieve a code snippet.
+ */ + errorMessage: string | undefined; +} + +/** + * @public + */ +export interface BatchGetCodeSnippetResponse { + /** + *The retrieved code snippets associated with the provided finding ARNs.
+ */ + codeSnippetResults?: CodeSnippetResult[]; + + /** + *Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets.
+ */ + errors?: CodeSnippetError[]; +} + /** * @public */ @@ -2241,6 +2392,7 @@ export const FreeTrialType = { EC2: "EC2", ECR: "ECR", LAMBDA: "LAMBDA", + LAMBDA_CODE: "LAMBDA_CODE", } as const; /** @@ -2493,6 +2645,26 @@ export interface CancelFindingsReportResponse { reportId: string | undefined; } +/** + * @public + */ +export interface CancelSbomExportRequest { + /** + *The report ID of the SBOM export to cancel.
+ */ + reportId: string | undefined; +} + +/** + * @public + */ +export interface CancelSbomExportResponse { + /** + *The report ID of the canceled SBOM export.
+ */ + reportId?: string; +} + /** * @public *The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
@@ -2514,6 +2686,79 @@ export interface CisaData { action?: string; } +/** + * @public + *Contains information on where a code vulnerability is located in your Lambda function.
+ */ +export interface CodeFilePath { + /** + *The name of the file the code vulnerability was found in.
+ */ + fileName: string | undefined; + + /** + *The file path to the code that a vulnerability was found in.
+ */ + filePath: string | undefined; + + /** + *The line number of the first line of code that a vulnerability was found in.
+ */ + startLine: number | undefined; + + /** + *The line number of the last line of code that a vulnerability was found in.
+ */ + endLine: number | undefined; +} + +/** + * @public + *Contains information on the code vulnerability identified in your Lambda function.
+ */ +export interface CodeVulnerabilityDetails { + /** + *Contains information on where the code vulnerability is located in your code.
+ */ + filePath: CodeFilePath | undefined; + + /** + *The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
+ */ + detectorTags?: string[]; + + /** + *A URL containing supporting documentation about the code vulnerability detected.
+ */ + referenceUrls?: string[]; + + /** + *The identifier for a rule that was used to detect the code vulnerability.
+ */ + ruleId?: string; + + /** + *The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.
+ */ + sourceLambdaLayerArn?: string; + + /** + *The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru + * Detector Library.
+ */ + detectorId: string | undefined; + + /** + *The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.
+ */ + detectorName: string | undefined; + + /** + *The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.
+ */ + cwes: string[] | undefined; +} + /** * @public *A conflict occurred.
@@ -2947,6 +3192,7 @@ export interface ScanStatus { * @enum */ export const ScanType = { + CODE: "CODE", NETWORK: "NETWORK", PACKAGE: "PACKAGE", } as const; @@ -3296,6 +3542,26 @@ export interface FilterCriteria { *Filters the list of AWS Lambda findings by the availability of exploits.
*/ exploitAvailable?: StringFilter[]; + + /** + *The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
+ */ + codeVulnerabilityDetectorName?: StringFilter[]; + + /** + *The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
+ */ + codeVulnerabilityDetectorTags?: StringFilter[]; + + /** + *The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
+ */ + codeVulnerabilityFilePath?: StringFilter[]; + + /** + *The EPSS score used to filter findings.
+ */ + epssScore?: NumberFilter[]; } /** @@ -3437,6 +3703,160 @@ export interface CreateFindingsReportResponse { reportId?: string; } +/** + * @public + * @enum + */ +export const SbomReportFormat = { + CYCLONEDX_1_4: "CYCLONEDX_1_4", + SPDX_2_3: "SPDX_2_3", +} as const; + +/** + * @public + */ +export type SbomReportFormat = (typeof SbomReportFormat)[keyof typeof SbomReportFormat]; + +/** + * @public + * @enum + */ +export const ResourceStringComparison = { + EQUALS: "EQUALS", + NOT_EQUALS: "NOT_EQUALS", +} as const; + +/** + * @public + */ +export type ResourceStringComparison = (typeof ResourceStringComparison)[keyof typeof ResourceStringComparison]; + +/** + * @public + *A resource string filter for a software bill of materials report.
+ */ +export interface ResourceStringFilter { + /** + *The filter's comparison.
+ */ + comparison: ResourceStringComparison | string | undefined; + + /** + *The filter's value.
+ */ + value: string | undefined; +} + +/** + * @public + * @enum + */ +export const ResourceMapComparison = { + EQUALS: "EQUALS", +} as const; + +/** + * @public + */ +export type ResourceMapComparison = (typeof ResourceMapComparison)[keyof typeof ResourceMapComparison]; + +/** + * @public + *A resource map filter for a software bill of material report.
+ */ +export interface ResourceMapFilter { + /** + *The filter's comparison.
+ */ + comparison: ResourceMapComparison | string | undefined; + + /** + *The filter's key.
+ */ + key: string | undefined; + + /** + *The filter's value.
+ */ + value?: string; +} + +/** + * @public + *The resource filter criteria for a Software bill of materials (SBOM) report.
+ */ +export interface ResourceFilterCriteria { + /** + *The account IDs used as resource filter criteria.
+ */ + accountId?: ResourceStringFilter[]; + + /** + *The resource IDs used as resource filter criteria.
+ */ + resourceId?: ResourceStringFilter[]; + + /** + *The resource types used as resource filter criteria.
+ */ + resourceType?: ResourceStringFilter[]; + + /** + *The ECR repository names used as resource filter criteria.
+ */ + ecrRepositoryName?: ResourceStringFilter[]; + + /** + *The AWS Lambda function name used as resource filter criteria.
+ */ + lambdaFunctionName?: ResourceStringFilter[]; + + /** + *The ECR image tags used as resource filter criteria.
+ */ + ecrImageTags?: ResourceStringFilter[]; + + /** + *The EC2 instance tags used as resource filter criteria.
+ */ + ec2InstanceTags?: ResourceMapFilter[]; + + /** + *The AWS Lambda function tags used as resource filter criteria.
+ */ + lambdaFunctionTags?: ResourceMapFilter[]; +} + +/** + * @public + */ +export interface CreateSbomExportRequest { + /** + *The resource filter criteria for the software bill of materials (SBOM) report.
+ */ + resourceFilterCriteria?: ResourceFilterCriteria; + + /** + *The output format for the software bill of materials (SBOM) report.
+ */ + reportFormat: SbomReportFormat | string | undefined; + + /** + *Contains details of the Amazon S3 bucket and KMS key used to export findings.
+ */ + s3Destination: Destination | undefined; +} + +/** + * @public + */ +export interface CreateSbomExportResponse { + /** + *The report ID for the software bill of materials (SBOM) report.
+ */ + reportId?: string; +} + /** * @public * @enum @@ -3678,6 +4098,7 @@ export const ResourceScanType = { EC2: "EC2", ECR: "ECR", LAMBDA: "LAMBDA", + LAMBDA_CODE: "LAMBDA_CODE", } as const; /** @@ -3903,6 +4324,17 @@ export interface Epss { score?: number; } +/** + * @public + *Details about the Exploit Prediction Scoring System (EPSS) score for a finding.
+ */ +export interface EpssDetails { + /** + *The EPSS score.
+ */ + score?: number; +} + /** * @public *The details of an exploit available for a finding discovered in your environment.
@@ -4404,6 +4836,7 @@ export type FindingStatus = (typeof FindingStatus)[keyof typeof FindingStatus]; * @enum */ export const FindingType = { + CODE_VULNERABILITY: "CODE_VULNERABILITY", NETWORK_REACHABILITY: "NETWORK_REACHABILITY", PACKAGE_VULNERABILITY: "PACKAGE_VULNERABILITY", } as const; @@ -4512,6 +4945,16 @@ export interface Finding { *The details of an exploit available for a finding discovered in your environment.
*/ exploitabilityDetails?: ExploitabilityDetails; + + /** + *Details about the code vulnerability identified in a Lambda function used to filter findings.
+ */ + codeVulnerabilityDetails?: CodeVulnerabilityDetails; + + /** + *The finding's EPSS score.
+ */ + epss?: EpssDetails; } /** @@ -4574,6 +5017,31 @@ export interface GetEc2DeepInspectionConfigurationResponse { errorMessage?: string; } +/** + * @public + */ +export interface GetEncryptionKeyRequest { + /** + *The scan type the key encrypts.
+ */ + scanType: ScanType | string | undefined; + + /** + *The resource type the key encrypts.
+ */ + resourceType: ResourceType | string | undefined; +} + +/** + * @public + */ +export interface GetEncryptionKeyResponse { + /** + *A kms key ID.
+ */ + kmsKeyId: string | undefined; +} + /** * @public */ @@ -4683,6 +5151,56 @@ export interface GetMemberResponse { member?: Member; } +/** + * @public + */ +export interface GetSbomExportRequest { + /** + *The report ID of the SBOM export to get details for.
+ */ + reportId: string | undefined; +} + +/** + * @public + */ +export interface GetSbomExportResponse { + /** + *The report ID of the software bill of materials (SBOM) report.
+ */ + reportId?: string; + + /** + *The format of the software bill of materials (SBOM) report.
+ */ + format?: SbomReportFormat | string; + + /** + *The status of the software bill of materials (SBOM) report.
+ */ + status?: ExternalReportStatus | string; + + /** + *An error code.
+ */ + errorCode?: ReportingErrorCode | string; + + /** + *An error message.
+ */ + errorMessage?: string; + + /** + *Contains details of the Amazon S3 bucket and KMS key used to export findings.
+ */ + s3Destination?: Destination; + + /** + *Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.
+ */ + filterCriteria?: ResourceFilterCriteria; +} + /** * @public * @enum @@ -5008,6 +5526,7 @@ export const SortField = { ECR_IMAGE_PUSHED_AT: "ECR_IMAGE_PUSHED_AT", ECR_IMAGE_REGISTRY: "ECR_IMAGE_REGISTRY", ECR_IMAGE_REPOSITORY_NAME: "ECR_IMAGE_REPOSITORY_NAME", + EPSS_SCORE: "EPSS_SCORE", FINDING_STATUS: "FINDING_STATUS", FINDING_TYPE: "FINDING_TYPE", FIRST_OBSERVED_AT: "FIRST_OBSERVED_AT", @@ -5179,6 +5698,7 @@ export const UsageType = { EC2_INSTANCE_HOURS: "EC2_INSTANCE_HOURS", ECR_INITIAL_SCAN: "ECR_INITIAL_SCAN", ECR_RESCAN: "ECR_RESCAN", + LAMBDA_FUNCTION_CODE_HOURS: "LAMBDA_FUNCTION_CODE_HOURS", LAMBDA_FUNCTION_HOURS: "LAMBDA_FUNCTION_HOURS", } as const; @@ -5244,6 +5764,26 @@ export interface ListUsageTotalsResponse { totals?: UsageTotal[]; } +/** + * @public + */ +export interface ResetEncryptionKeyRequest { + /** + *The scan type the key encrypts.
+ */ + scanType: ScanType | string | undefined; + + /** + *The resource type the key encrypts.
+ */ + resourceType: ResourceType | string | undefined; +} + +/** + * @public + */ +export interface ResetEncryptionKeyResponse {} + /** * @public *Details on the criteria used to define the filter for a vulnerability search. @@ -5373,7 +5913,7 @@ export interface Vulnerability { detectionPlatforms?: string[]; /** - *
An object that contains the Exploit Prediction Scoring System (EPSS) score.
+ *An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.
*/ epss?: Epss; } @@ -5488,6 +6028,31 @@ export interface UpdateEc2DeepInspectionConfigurationResponse { errorMessage?: string; } +/** + * @public + */ +export interface UpdateEncryptionKeyRequest { + /** + *A KMS key ID for the encryption key.
+ */ + kmsKeyId: string | undefined; + + /** + *The scan type for the encryption key.
+ */ + scanType: ScanType | string | undefined; + + /** + *The resource type for the encryption key.
+ */ + resourceType: ResourceType | string | undefined; +} + +/** + * @public + */ +export interface UpdateEncryptionKeyResponse {} + /** * @public */ diff --git a/clients/client-inspector2/src/protocols/Aws_restJson1.ts b/clients/client-inspector2/src/protocols/Aws_restJson1.ts index d6007ce7ba37..211572ba9e1f 100644 --- a/clients/client-inspector2/src/protocols/Aws_restJson1.ts +++ b/clients/client-inspector2/src/protocols/Aws_restJson1.ts @@ -30,6 +30,10 @@ import { BatchGetAccountStatusCommandInput, BatchGetAccountStatusCommandOutput, } from "../commands/BatchGetAccountStatusCommand"; +import { + BatchGetCodeSnippetCommandInput, + BatchGetCodeSnippetCommandOutput, +} from "../commands/BatchGetCodeSnippetCommand"; import { BatchGetFreeTrialInfoCommandInput, BatchGetFreeTrialInfoCommandOutput, @@ -46,11 +50,13 @@ import { CancelFindingsReportCommandInput, CancelFindingsReportCommandOutput, } from "../commands/CancelFindingsReportCommand"; +import { CancelSbomExportCommandInput, CancelSbomExportCommandOutput } from "../commands/CancelSbomExportCommand"; import { CreateFilterCommandInput, CreateFilterCommandOutput } from "../commands/CreateFilterCommand"; import { CreateFindingsReportCommandInput, CreateFindingsReportCommandOutput, } from "../commands/CreateFindingsReportCommand"; +import { CreateSbomExportCommandInput, CreateSbomExportCommandOutput } from "../commands/CreateSbomExportCommand"; import { DeleteFilterCommandInput, DeleteFilterCommandOutput } from "../commands/DeleteFilterCommand"; import { DescribeOrganizationConfigurationCommandInput, @@ -76,11 +82,13 @@ import { GetEc2DeepInspectionConfigurationCommandInput, GetEc2DeepInspectionConfigurationCommandOutput, } from "../commands/GetEc2DeepInspectionConfigurationCommand"; +import { GetEncryptionKeyCommandInput, GetEncryptionKeyCommandOutput } from "../commands/GetEncryptionKeyCommand"; import { GetFindingsReportStatusCommandInput, GetFindingsReportStatusCommandOutput, } from "../commands/GetFindingsReportStatusCommand"; import { GetMemberCommandInput, GetMemberCommandOutput } from "../commands/GetMemberCommand"; +import { GetSbomExportCommandInput, GetSbomExportCommandOutput } from "../commands/GetSbomExportCommand"; import { ListAccountPermissionsCommandInput, ListAccountPermissionsCommandOutput, @@ -106,6 +114,7 @@ import { ListTagsForResourceCommandOutput, } from "../commands/ListTagsForResourceCommand"; import { ListUsageTotalsCommandInput, ListUsageTotalsCommandOutput } from "../commands/ListUsageTotalsCommand"; +import { ResetEncryptionKeyCommandInput, ResetEncryptionKeyCommandOutput } from "../commands/ResetEncryptionKeyCommand"; import { SearchVulnerabilitiesCommandInput, SearchVulnerabilitiesCommandOutput, @@ -120,6 +129,10 @@ import { UpdateEc2DeepInspectionConfigurationCommandInput, UpdateEc2DeepInspectionConfigurationCommandOutput, } from "../commands/UpdateEc2DeepInspectionConfigurationCommand"; +import { + UpdateEncryptionKeyCommandInput, + UpdateEncryptionKeyCommandOutput, +} from "../commands/UpdateEncryptionKeyCommand"; import { UpdateFilterCommandInput, UpdateFilterCommandOutput } from "../commands/UpdateFilterCommand"; import { UpdateOrganizationConfigurationCommandInput, @@ -161,6 +174,7 @@ import { EcrConfigurationState, EcrRescanDurationState, Epss, + EpssDetails, ExploitabilityDetails, ExploitObserved, Filter, @@ -186,8 +200,11 @@ import { RepositoryAggregation, Resource, ResourceDetails, + ResourceFilterCriteria, + ResourceMapFilter, ResourceNotFoundException, ResourceScanType, + ResourceStringFilter, SearchVulnerabilitiesFilterCriteria, ServiceQuotaExceededException, SortCriteria, @@ -258,6 +275,35 @@ export const se_BatchGetAccountStatusCommand = async ( }); }; +/** + * serializeAws_restJson1BatchGetCodeSnippetCommand + */ +export const se_BatchGetCodeSnippetCommand = async ( + input: BatchGetCodeSnippetCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/codesnippet/batchget"; + let body: any; + body = JSON.stringify( + take(input, { + findingArns: (_) => _json(_), + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1BatchGetFreeTrialInfoCommand */ @@ -378,6 +424,35 @@ export const se_CancelFindingsReportCommand = async ( }); }; +/** + * serializeAws_restJson1CancelSbomExportCommand + */ +export const se_CancelSbomExportCommand = async ( + input: CancelSbomExportCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/sbomexport/cancel"; + let body: any; + body = JSON.stringify( + take(input, { + reportId: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1CreateFilterCommand */ @@ -443,6 +518,37 @@ export const se_CreateFindingsReportCommand = async ( }); }; +/** + * serializeAws_restJson1CreateSbomExportCommand + */ +export const se_CreateSbomExportCommand = async ( + input: CreateSbomExportCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/sbomexport/create"; + let body: any; + body = JSON.stringify( + take(input, { + reportFormat: [], + resourceFilterCriteria: (_) => _json(_), + s3Destination: (_) => _json(_), + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1DeleteFilterCommand */ @@ -723,6 +829,33 @@ export const se_GetEc2DeepInspectionConfigurationCommand = async ( }); }; +/** + * serializeAws_restJson1GetEncryptionKeyCommand + */ +export const se_GetEncryptionKeyCommand = async ( + input: GetEncryptionKeyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/encryptionkey/get"; + const query: any = map({ + scanType: [, __expectNonNull(input.scanType!, `scanType`)], + resourceType: [, __expectNonNull(input.resourceType!, `resourceType`)], + }); + let body: any; + return new __HttpRequest({ + protocol, + hostname, + port, + method: "GET", + headers, + path: resolvedPath, + query, + body, + }); +}; + /** * serializeAws_restJson1GetFindingsReportStatusCommand */ @@ -781,6 +914,35 @@ export const se_GetMemberCommand = async ( }); }; +/** + * serializeAws_restJson1GetSbomExportCommand + */ +export const se_GetSbomExportCommand = async ( + input: GetSbomExportCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/sbomexport/get"; + let body: any; + body = JSON.stringify( + take(input, { + reportId: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1ListAccountPermissionsCommand */ @@ -1090,6 +1252,36 @@ export const se_ListUsageTotalsCommand = async ( }); }; +/** + * serializeAws_restJson1ResetEncryptionKeyCommand + */ +export const se_ResetEncryptionKeyCommand = async ( + input: ResetEncryptionKeyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/encryptionkey/reset"; + let body: any; + body = JSON.stringify( + take(input, { + resourceType: [], + scanType: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "PUT", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1SearchVulnerabilitiesCommand */ @@ -1241,6 +1433,37 @@ export const se_UpdateEc2DeepInspectionConfigurationCommand = async ( }); }; +/** + * serializeAws_restJson1UpdateEncryptionKeyCommand + */ +export const se_UpdateEncryptionKeyCommand = async ( + input: UpdateEncryptionKeyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/encryptionkey/update"; + let body: any; + body = JSON.stringify( + take(input, { + kmsKeyId: [], + resourceType: [], + scanType: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "PUT", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1UpdateFilterCommand */ @@ -1452,6 +1675,63 @@ const de_BatchGetAccountStatusCommandError = async ( } }; +/** + * deserializeAws_restJson1BatchGetCodeSnippetCommand + */ +export const de_BatchGetCodeSnippetCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): PromiseRepresents whether AWS Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization.\n
" } + }, + "lambdaCode": { + "target": "smithy.api#Boolean", + "traits": { + "smithy.api#documentation": "Represents whether AWS Lambda code scans are automatically enabled for new members of your Amazon Inspector organization.\n \n
" + } } }, "traits": { @@ -1070,6 +1080,76 @@ } } }, + "com.amazonaws.inspector2#BatchGetCodeSnippet": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#BatchGetCodeSnippetRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#BatchGetCodeSnippetResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/codesnippet/batchget" + } + } + }, + "com.amazonaws.inspector2#BatchGetCodeSnippetRequest": { + "type": "structure", + "members": { + "findingArns": { + "target": "com.amazonaws.inspector2#FindingArns", + "traits": { + "smithy.api#documentation": "An array of finding ARNs for the findings you want to retrieve code snippets from.
", + "smithy.api#length": { + "min": 1, + "max": 10 + }, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#BatchGetCodeSnippetResponse": { + "type": "structure", + "members": { + "codeSnippetResults": { + "target": "com.amazonaws.inspector2#CodeSnippetResultList", + "traits": { + "smithy.api#documentation": "The retrieved code snippets associated with the provided finding ARNs.
" + } + }, + "errors": { + "target": "com.amazonaws.inspector2#CodeSnippetErrorList", + "traits": { + "smithy.api#documentation": "Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#BatchGetFreeTrialInfo": { "type": "operation", "input": { @@ -1325,6 +1405,70 @@ } } }, + "com.amazonaws.inspector2#CancelSbomExport": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#CancelSbomExportRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#CancelSbomExportResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Cancels a software bill of materials (SBOM) report.
", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/sbomexport/cancel" + }, + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.inspector2#CancelSbomExportRequest": { + "type": "structure", + "members": { + "reportId": { + "target": "com.amazonaws.inspector2#ReportId", + "traits": { + "smithy.api#documentation": "The report ID of the SBOM export to cancel.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#CancelSbomExportResponse": { + "type": "structure", + "members": { + "reportId": { + "target": "com.amazonaws.inspector2#ReportId", + "traits": { + "smithy.api#documentation": "The report ID of the canceled SBOM export.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#CisaAction": { "type": "string", "traits": { @@ -1374,6 +1518,244 @@ } } }, + "com.amazonaws.inspector2#CodeFilePath": { + "type": "structure", + "members": { + "fileName": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The name of the file the code vulnerability was found in.
", + "smithy.api#required": {} + } + }, + "filePath": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The file path to the code that a vulnerability was found in.
", + "smithy.api#required": {} + } + }, + "startLine": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#default": null, + "smithy.api#documentation": "The line number of the first line of code that a vulnerability was found in.
", + "smithy.api#required": {} + } + }, + "endLine": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#default": null, + "smithy.api#documentation": "The line number of the last line of code that a vulnerability was found in.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information on where a code vulnerability is located in your Lambda function.
" + } + }, + "com.amazonaws.inspector2#CodeLine": { + "type": "structure", + "members": { + "content": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The content of a line of code
", + "smithy.api#length": { + "min": 0, + "max": 240 + }, + "smithy.api#required": {} + } + }, + "lineNumber": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The line number that a section of code is located at.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information on the lines of code associated with a code snippet.
" + } + }, + "com.amazonaws.inspector2#CodeLineList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#CodeLine" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 20 + } + } + }, + "com.amazonaws.inspector2#CodeSnippetError": { + "type": "structure", + "members": { + "findingArn": { + "target": "com.amazonaws.inspector2#FindingArn", + "traits": { + "smithy.api#documentation": "The ARN of the finding that a code snippet couldn't be retrieved for.
", + "smithy.api#required": {} + } + }, + "errorCode": { + "target": "com.amazonaws.inspector2#CodeSnippetErrorCode", + "traits": { + "smithy.api#documentation": "The error code for the error that prevented a code snippet from being retrieved.
", + "smithy.api#required": {} + } + }, + "errorMessage": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The error message received when Amazon Inspector failed to retrieve a code snippet.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information about any errors encountered while trying to retrieve a code snippet.
" + } + }, + "com.amazonaws.inspector2#CodeSnippetErrorCode": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "INTERNAL_ERROR", + "name": "INTERNAL_ERROR" + }, + { + "value": "ACCESS_DENIED", + "name": "ACCESS_DENIED" + }, + { + "value": "CODE_SNIPPET_NOT_FOUND", + "name": "CODE_SNIPPET_NOT_FOUND" + }, + { + "value": "INVALID_INPUT", + "name": "INVALID_INPUT" + } + ] + } + }, + "com.amazonaws.inspector2#CodeSnippetErrorList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#CodeSnippetError" + } + }, + "com.amazonaws.inspector2#CodeSnippetResult": { + "type": "structure", + "members": { + "findingArn": { + "target": "com.amazonaws.inspector2#FindingArn", + "traits": { + "smithy.api#documentation": "The ARN of a finding that the code snippet is associated with.
" + } + }, + "startLine": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The line number of the first line of a code snippet.
" + } + }, + "endLine": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The line number of the last line of a code snippet.
" + } + }, + "codeSnippet": { + "target": "com.amazonaws.inspector2#CodeLineList", + "traits": { + "smithy.api#documentation": "Contains information on the retrieved code snippet.
" + } + }, + "suggestedFixes": { + "target": "com.amazonaws.inspector2#SuggestedFixes", + "traits": { + "smithy.api#documentation": "Details of a suggested code fix.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding.
" + } + }, + "com.amazonaws.inspector2#CodeSnippetResultList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#CodeSnippetResult" + } + }, + "com.amazonaws.inspector2#CodeVulnerabilityDetails": { + "type": "structure", + "members": { + "filePath": { + "target": "com.amazonaws.inspector2#CodeFilePath", + "traits": { + "smithy.api#documentation": "Contains information on where the code vulnerability is located in your code.
", + "smithy.api#required": {} + } + }, + "detectorTags": { + "target": "com.amazonaws.inspector2#DetectorTagList", + "traits": { + "smithy.api#documentation": "The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
" + } + }, + "referenceUrls": { + "target": "com.amazonaws.inspector2#ReferenceUrls", + "traits": { + "smithy.api#documentation": "A URL containing supporting documentation about the code vulnerability detected.
" + } + }, + "ruleId": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The identifier for a rule that was used to detect the code vulnerability.
" + } + }, + "sourceLambdaLayerArn": { + "target": "com.amazonaws.inspector2#LambdaLayerArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.
" + } + }, + "detectorId": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru\n Detector Library.
", + "smithy.api#required": {} + } + }, + "detectorName": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.
", + "smithy.api#required": {} + } + }, + "cwes": { + "target": "com.amazonaws.inspector2#CweList", + "traits": { + "smithy.api#documentation": "The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information on the code vulnerability identified in your Lambda function.
" + } + }, "com.amazonaws.inspector2#Component": { "type": "string" }, @@ -1916,6 +2298,82 @@ } } }, + "com.amazonaws.inspector2#CreateSbomExport": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#CreateSbomExportRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#CreateSbomExportResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Creates a software bill of materials (SBOM) report.
", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/sbomexport/create" + }, + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.inspector2#CreateSbomExportRequest": { + "type": "structure", + "members": { + "resourceFilterCriteria": { + "target": "com.amazonaws.inspector2#ResourceFilterCriteria", + "traits": { + "smithy.api#documentation": "The resource filter criteria for the software bill of materials (SBOM) report.
" + } + }, + "reportFormat": { + "target": "com.amazonaws.inspector2#SbomReportFormat", + "traits": { + "smithy.api#documentation": "The output format for the software bill of materials (SBOM) report.
", + "smithy.api#required": {} + } + }, + "s3Destination": { + "target": "com.amazonaws.inspector2#Destination", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#CreateSbomExportResponse": { + "type": "structure", + "members": { + "reportId": { + "target": "com.amazonaws.inspector2#ReportId", + "traits": { + "smithy.api#documentation": "The report ID for the software bill of materials (SBOM) report.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#Currency": { "type": "string", "traits": { @@ -2123,6 +2581,18 @@ } } }, + "com.amazonaws.inspector2#CweList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#NonEmptyString" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, "com.amazonaws.inspector2#Cwes": { "type": "list", "member": { @@ -2386,6 +2856,18 @@ } } }, + "com.amazonaws.inspector2#DetectorTagList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#NonEmptyString" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, "com.amazonaws.inspector2#Disable": { "type": "operation", "input": { @@ -3079,12 +3561,27 @@ "target": "com.amazonaws.inspector2#EpssScore", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "The Exploit Prediction Scoring System (EPSS) score.
" + "smithy.api#documentation": "The Exploit Prediction Scoring System (EPSS) score.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Details about the Exploit Prediction Scoring System (EPSS) score.
" + } + }, + "com.amazonaws.inspector2#EpssDetails": { + "type": "structure", + "members": { + "score": { + "target": "com.amazonaws.inspector2#EpssScoreValue", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The EPSS score.
" } } }, "traits": { - "smithy.api#documentation": "Details about the Exploit Prediction Scoring System (EPSS) score.
" + "smithy.api#documentation": "Details about the Exploit Prediction Scoring System (EPSS) score for a finding.
" } }, "com.amazonaws.inspector2#EpssScore": { @@ -3093,6 +3590,16 @@ "smithy.api#default": 0 } }, + "com.amazonaws.inspector2#EpssScoreValue": { + "type": "double", + "traits": { + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0.0, + "max": 1.0 + } + } + }, "com.amazonaws.inspector2#ErrorCode": { "type": "string", "traits": { @@ -3673,6 +4180,30 @@ "traits": { "smithy.api#documentation": "Filters the list of AWS Lambda findings by the availability of exploits.
" } + }, + "codeVulnerabilityDetectorName": { + "target": "com.amazonaws.inspector2#StringFilterList", + "traits": { + "smithy.api#documentation": "The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
" + } + }, + "codeVulnerabilityDetectorTags": { + "target": "com.amazonaws.inspector2#StringFilterList", + "traits": { + "smithy.api#documentation": "The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
" + } + }, + "codeVulnerabilityFilePath": { + "target": "com.amazonaws.inspector2#StringFilterList", + "traits": { + "smithy.api#documentation": "The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
" + } + }, + "epssScore": { + "target": "com.amazonaws.inspector2#NumberFilterList", + "traits": { + "smithy.api#documentation": "The EPSS score used to filter findings.
" + } } }, "traits": { @@ -3838,6 +4369,18 @@ "traits": { "smithy.api#documentation": "The details of an exploit available for a finding discovered in your environment.
" } + }, + "codeVulnerabilityDetails": { + "target": "com.amazonaws.inspector2#CodeVulnerabilityDetails", + "traits": { + "smithy.api#documentation": "Details about the code vulnerability identified in a Lambda function used to filter findings.
" + } + }, + "epss": { + "target": "com.amazonaws.inspector2#EpssDetails", + "traits": { + "smithy.api#documentation": "The finding's EPSS score.
" + } } }, "traits": { @@ -3854,6 +4397,12 @@ "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:finding/[a-f0-9]{32}$" } }, + "com.amazonaws.inspector2#FindingArns": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#FindingArn" + } + }, "com.amazonaws.inspector2#FindingDescription": { "type": "string", "traits": { @@ -3913,6 +4462,10 @@ { "value": "PACKAGE_VULNERABILITY", "name": "PACKAGE_VULNERABILITY" + }, + { + "value": "CODE_VULNERABILITY", + "name": "CODE_VULNERABILITY" } ] } @@ -4160,6 +4713,10 @@ { "name": "LAMBDA", "value": "LAMBDA" + }, + { + "name": "LAMBDA_CODE", + "value": "LAMBDA_CODE" } ] } @@ -4332,6 +4889,80 @@ "smithy.api#output": {} } }, + "com.amazonaws.inspector2#GetEncryptionKey": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#GetEncryptionKeyRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#GetEncryptionKeyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Gets an encryption key.
", + "smithy.api#http": { + "code": 200, + "method": "GET", + "uri": "/encryptionkey/get" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.inspector2#GetEncryptionKeyRequest": { + "type": "structure", + "members": { + "scanType": { + "target": "com.amazonaws.inspector2#ScanType", + "traits": { + "smithy.api#documentation": "The scan type the key encrypts.
", + "smithy.api#httpQuery": "scanType", + "smithy.api#required": {} + } + }, + "resourceType": { + "target": "com.amazonaws.inspector2#ResourceType", + "traits": { + "smithy.api#documentation": "The resource type the key encrypts.
", + "smithy.api#httpQuery": "resourceType", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#GetEncryptionKeyResponse": { + "type": "structure", + "members": { + "kmsKeyId": { + "target": "com.amazonaws.inspector2#KmsKeyArn", + "traits": { + "smithy.api#documentation": "A kms key ID.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#GetFindingsReportStatus": { "type": "operation", "input": { @@ -4475,6 +5106,103 @@ } } }, + "com.amazonaws.inspector2#GetSbomExport": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#GetSbomExportRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#GetSbomExportResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Gets details of a software bill of materials (SBOM) report.
", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/sbomexport/get" + }, + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.inspector2#GetSbomExportRequest": { + "type": "structure", + "members": { + "reportId": { + "target": "com.amazonaws.inspector2#ReportId", + "traits": { + "smithy.api#documentation": "The report ID of the SBOM export to get details for.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#GetSbomExportResponse": { + "type": "structure", + "members": { + "reportId": { + "target": "com.amazonaws.inspector2#ReportId", + "traits": { + "smithy.api#documentation": "The report ID of the software bill of materials (SBOM) report.
" + } + }, + "format": { + "target": "com.amazonaws.inspector2#SbomReportFormat", + "traits": { + "smithy.api#documentation": "The format of the software bill of materials (SBOM) report.
" + } + }, + "status": { + "target": "com.amazonaws.inspector2#ExternalReportStatus", + "traits": { + "smithy.api#documentation": "The status of the software bill of materials (SBOM) report.
" + } + }, + "errorCode": { + "target": "com.amazonaws.inspector2#ReportingErrorCode", + "traits": { + "smithy.api#documentation": "An error code.
" + } + }, + "errorMessage": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "An error message.
" + } + }, + "s3Destination": { + "target": "com.amazonaws.inspector2#Destination" + }, + "filterCriteria": { + "target": "com.amazonaws.inspector2#ResourceFilterCriteria", + "traits": { + "smithy.api#documentation": "Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#GroupKey": { "type": "string", "traits": { @@ -4627,6 +5355,9 @@ { "target": "com.amazonaws.inspector2#BatchGetAccountStatus" }, + { + "target": "com.amazonaws.inspector2#BatchGetCodeSnippet" + }, { "target": "com.amazonaws.inspector2#BatchGetFreeTrialInfo" }, @@ -4639,12 +5370,18 @@ { "target": "com.amazonaws.inspector2#CancelFindingsReport" }, + { + "target": "com.amazonaws.inspector2#CancelSbomExport" + }, { "target": "com.amazonaws.inspector2#CreateFilter" }, { "target": "com.amazonaws.inspector2#CreateFindingsReport" }, + { + "target": "com.amazonaws.inspector2#CreateSbomExport" + }, { "target": "com.amazonaws.inspector2#DeleteFilter" }, @@ -4675,12 +5412,18 @@ { "target": "com.amazonaws.inspector2#GetEc2DeepInspectionConfiguration" }, + { + "target": "com.amazonaws.inspector2#GetEncryptionKey" + }, { "target": "com.amazonaws.inspector2#GetFindingsReportStatus" }, { "target": "com.amazonaws.inspector2#GetMember" }, + { + "target": "com.amazonaws.inspector2#GetSbomExport" + }, { "target": "com.amazonaws.inspector2#ListAccountPermissions" }, @@ -4711,6 +5454,9 @@ { "target": "com.amazonaws.inspector2#ListUsageTotals" }, + { + "target": "com.amazonaws.inspector2#ResetEncryptionKey" + }, { "target": "com.amazonaws.inspector2#SearchVulnerabilities" }, @@ -4726,6 +5472,9 @@ { "target": "com.amazonaws.inspector2#UpdateEc2DeepInspectionConfiguration" }, + { + "target": "com.amazonaws.inspector2#UpdateEncryptionKey" + }, { "target": "com.amazonaws.inspector2#UpdateFilter" }, @@ -5721,6 +6470,12 @@ "target": "com.amazonaws.inspector2#IpV6Address" } }, + "com.amazonaws.inspector2#KmsKeyArn": { + "type": "string", + "traits": { + "smithy.api#pattern": "^arn:aws(-(us-gov|cn))?:kms:([a-z0-9][-.a-z0-9]{0,62})?:[0-9]{12}?:key/(([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(mrk-[0-9a-zA-Z]{32}))$" + } + }, "com.amazonaws.inspector2#LambdaFunctionAggregation": { "type": "structure", "members": { @@ -7700,6 +8455,18 @@ "smithy.api#documentation": "Details about the recommended course of action to remediate the finding.
" } }, + "com.amazonaws.inspector2#ReferenceUrls": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#NonEmptyString" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, "com.amazonaws.inspector2#RelatedVulnerabilities": { "type": "list", "member": { @@ -7923,6 +8690,70 @@ ] } }, + "com.amazonaws.inspector2#ResetEncryptionKey": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#ResetEncryptionKeyRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#ResetEncryptionKeyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Resets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key.
", + "smithy.api#http": { + "code": 200, + "method": "PUT", + "uri": "/encryptionkey/reset" + }, + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.inspector2#ResetEncryptionKeyRequest": { + "type": "structure", + "members": { + "scanType": { + "target": "com.amazonaws.inspector2#ScanType", + "traits": { + "smithy.api#documentation": "The scan type the key encrypts.
", + "smithy.api#required": {} + } + }, + "resourceType": { + "target": "com.amazonaws.inspector2#ResourceType", + "traits": { + "smithy.api#documentation": "The resource type the key encrypts.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#ResetEncryptionKeyResponse": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#Resource": { "type": "structure", "members": { @@ -7995,6 +8826,62 @@ "smithy.api#documentation": "Contains details about the resource involved in the finding.
" } }, + "com.amazonaws.inspector2#ResourceFilterCriteria": { + "type": "structure", + "members": { + "accountId": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The account IDs used as resource filter criteria.
" + } + }, + "resourceId": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The resource IDs used as resource filter criteria.
" + } + }, + "resourceType": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The resource types used as resource filter criteria.
" + } + }, + "ecrRepositoryName": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The ECR repository names used as resource filter criteria.
" + } + }, + "lambdaFunctionName": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The AWS Lambda function name used as resource filter criteria.
" + } + }, + "ecrImageTags": { + "target": "com.amazonaws.inspector2#ResourceStringFilterList", + "traits": { + "smithy.api#documentation": "The ECR image tags used as resource filter criteria.
" + } + }, + "ec2InstanceTags": { + "target": "com.amazonaws.inspector2#ResourceMapFilterList", + "traits": { + "smithy.api#documentation": "The EC2 instance tags used as resource filter criteria.
" + } + }, + "lambdaFunctionTags": { + "target": "com.amazonaws.inspector2#ResourceMapFilterList", + "traits": { + "smithy.api#documentation": "The AWS Lambda function tags used as resource filter criteria.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The resource filter criteria for a Software bill of materials (SBOM) report.
" + } + }, "com.amazonaws.inspector2#ResourceId": { "type": "string", "traits": { @@ -8017,6 +8904,57 @@ } } }, + "com.amazonaws.inspector2#ResourceMapComparison": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "EQUALS", + "name": "EQUALS" + } + ] + } + }, + "com.amazonaws.inspector2#ResourceMapFilter": { + "type": "structure", + "members": { + "comparison": { + "target": "com.amazonaws.inspector2#ResourceMapComparison", + "traits": { + "smithy.api#documentation": "The filter's comparison.
", + "smithy.api#required": {} + } + }, + "key": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The filter's key.
", + "smithy.api#required": {} + } + }, + "value": { + "target": "com.amazonaws.inspector2#NonEmptyString", + "traits": { + "smithy.api#documentation": "The filter's value.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A resource map filter for a software bill of material report.
" + } + }, + "com.amazonaws.inspector2#ResourceMapFilterList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#ResourceMapFilter" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, "com.amazonaws.inspector2#ResourceNotFoundException": { "type": "structure", "members": { @@ -8080,6 +9018,10 @@ { "value": "LAMBDA", "name": "LAMBDA" + }, + { + "value": "LAMBDA_CODE", + "name": "LAMBDA_CODE" } ] } @@ -8103,6 +9045,9 @@ }, "lambda": { "target": "com.amazonaws.inspector2#State" + }, + "lambdaCode": { + "target": "com.amazonaws.inspector2#State" } }, "traits": { @@ -8131,12 +9076,76 @@ "traits": { "smithy.api#documentation": "The status of Amazon Inspector scanning for AWS Lambda function.
" } + }, + "lambdaCode": { + "target": "com.amazonaws.inspector2#Status", + "traits": { + "smithy.api#documentation": "The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. \n
" + } } }, "traits": { "smithy.api#documentation": "Details the status of Amazon Inspector for each resource type Amazon Inspector scans.
" } }, + "com.amazonaws.inspector2#ResourceStringComparison": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "EQUALS", + "name": "EQUALS" + }, + { + "value": "NOT_EQUALS", + "name": "NOT_EQUALS" + } + ] + } + }, + "com.amazonaws.inspector2#ResourceStringFilter": { + "type": "structure", + "members": { + "comparison": { + "target": "com.amazonaws.inspector2#ResourceStringComparison", + "traits": { + "smithy.api#documentation": "The filter's comparison.
", + "smithy.api#required": {} + } + }, + "value": { + "target": "com.amazonaws.inspector2#ResourceStringInput", + "traits": { + "smithy.api#documentation": "The filter's value.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A resource string filter for a software bill of materials report.
" + } + }, + "com.amazonaws.inspector2#ResourceStringFilterList": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#ResourceStringFilter" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, + "com.amazonaws.inspector2#ResourceStringInput": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 1024 + } + } + }, "com.amazonaws.inspector2#ResourceType": { "type": "string", "traits": { @@ -8215,6 +9224,29 @@ { "value": "GO_1_X", "name": "GO_1_X" + }, + { + "value": "JAVA_17", + "name": "JAVA_17" + }, + { + "value": "PYTHON_3_10", + "name": "PYTHON_3_10" + } + ] + } + }, + "com.amazonaws.inspector2#SbomReportFormat": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "CYCLONEDX_1_4", + "name": "CYCLONEDX_1_4" + }, + { + "value": "SPDX_2_3", + "name": "SPDX_2_3" } ] } @@ -8370,6 +9402,10 @@ { "value": "PACKAGE", "name": "PACKAGE" + }, + { + "value": "CODE", + "name": "CODE" } ] } @@ -8678,6 +9714,10 @@ { "value": "VENDOR_SEVERITY", "name": "VENDOR_SEVERITY" + }, + { + "value": "EPSS_SCORE", + "name": "EPSS_SCORE" } ] } @@ -8886,6 +9926,46 @@ } } }, + "com.amazonaws.inspector2#SuggestedFix": { + "type": "structure", + "members": { + "description": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The fix's description.
", + "smithy.api#length": { + "min": 1, + "max": 1000 + } + } + }, + "code": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The fix's code.
", + "smithy.api#length": { + "min": 1, + "max": 2500 + } + } + } + }, + "traits": { + "smithy.api#documentation": "A suggested fix for a vulnerability in your Lambda function code.
" + } + }, + "com.amazonaws.inspector2#SuggestedFixes": { + "type": "list", + "member": { + "target": "com.amazonaws.inspector2#SuggestedFix" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 5 + } + } + }, "com.amazonaws.inspector2#TagKey": { "type": "string", "traits": { @@ -9059,6 +10139,12 @@ "traits": { "smithy.api#documentation": "The value to sort results by.
" } + }, + "findingType": { + "target": "com.amazonaws.inspector2#AggregationFindingType", + "traits": { + "smithy.api#documentation": "The type of finding to aggregate on.
" + } } }, "traits": { @@ -9322,6 +10408,77 @@ "smithy.api#output": {} } }, + "com.amazonaws.inspector2#UpdateEncryptionKey": { + "type": "operation", + "input": { + "target": "com.amazonaws.inspector2#UpdateEncryptionKeyRequest" + }, + "output": { + "target": "com.amazonaws.inspector2#UpdateEncryptionKeyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.inspector2#AccessDeniedException" + }, + { + "target": "com.amazonaws.inspector2#InternalServerException" + }, + { + "target": "com.amazonaws.inspector2#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.inspector2#ThrottlingException" + }, + { + "target": "com.amazonaws.inspector2#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Updates an encryption key. A ResourceNotFoundException means that an AWS owned key is being used for encryption.
A KMS key ID for the encryption key.
", + "smithy.api#required": {} + } + }, + "scanType": { + "target": "com.amazonaws.inspector2#ScanType", + "traits": { + "smithy.api#documentation": "The scan type for the encryption key.
", + "smithy.api#required": {} + } + }, + "resourceType": { + "target": "com.amazonaws.inspector2#ResourceType", + "traits": { + "smithy.api#documentation": "The resource type for the encryption key.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.inspector2#UpdateEncryptionKeyResponse": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.inspector2#UpdateFilter": { "type": "operation", "input": { @@ -9621,6 +10778,10 @@ { "name": "LAMBDA_FUNCTION_HOURS", "value": "LAMBDA_FUNCTION_HOURS" + }, + { + "name": "LAMBDA_FUNCTION_CODE_HOURS", + "value": "LAMBDA_FUNCTION_CODE_HOURS" } ] } @@ -9870,7 +11031,7 @@ "epss": { "target": "com.amazonaws.inspector2#Epss", "traits": { - "smithy.api#documentation": "An object that contains the Exploit Prediction Scoring System (EPSS) score.
" + "smithy.api#documentation": "An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.
" } } },