SecurityAgent / Client / batch_get_findings
batch_get_findings¶
- SecurityAgent.Client.batch_get_findings(**kwargs)¶
Retrieves information about one or more security findings in an agent space.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_findings( findingIds=[ 'string', ], agentSpaceId='string' )
- Parameters:
findingIds (list) –
[REQUIRED]
The list of finding identifiers to retrieve.
(string) –
agentSpaceId (string) –
[REQUIRED]
The unique identifier of the agent space that contains the findings.
- Return type:
dict
- Returns:
Response Syntax
{ 'findings': [ { 'findingId': 'string', 'agentSpaceId': 'string', 'pentestId': 'string', 'pentestJobId': 'string', 'codeReviewId': 'string', 'codeReviewJobId': 'string', 'taskId': 'string', 'name': 'string', 'description': 'string', 'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE', 'riskType': 'string', 'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL', 'riskScore': 'string', 'reasoning': 'string', 'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH', 'attackScript': 'string', 'codeRemediationTask': { 'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED', 'statusReason': 'string', 'taskDetails': [ { 'repoName': 'string', 'codeDiffLink': 'string', 'pullRequestLink': 'string' }, ] }, 'lastUpdatedBy': 'string', 'codeLocations': [ { 'filePath': 'string', 'lineStart': 123, 'lineEnd': 123, 'label': 'string' }, ], 'verificationScript': { 'scriptType': 'string', 'scriptUrl': 'string', 'instructions': 'string', 'envVars': [ { 'name': 'string', 'value': 'string' }, ] }, 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1) }, ], 'notFound': [ 'string', ] }
Response Structure
(dict) –
Output for the BatchGetFindings operation.
findings (list) –
The list of findings that were found.
(dict) –
Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
findingId (string) –
The unique identifier of the finding.
agentSpaceId (string) –
The unique identifier of the agent space associated with the finding.
pentestId (string) –
The unique identifier of the pentest associated with the finding.
pentestJobId (string) –
The unique identifier of the pentest job that produced the finding.
codeReviewId (string) –
The unique identifier of the code review associated with the finding.
codeReviewJobId (string) –
The unique identifier of the code review job that produced the finding.
taskId (string) –
The unique identifier of the task that produced the finding.
name (string) –
The name of the finding.
description (string) –
A description of the finding.
status (string) –
The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
riskType (string) –
The type of security risk identified by the finding.
riskLevel (string) –
The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
riskScore (string) –
The numerical risk score of the finding.
reasoning (string) –
The reasoning behind the finding, explaining why it was identified as a vulnerability.
confidence (string) –
The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
attackScript (string) –
The attack script used to reproduce the finding.
codeRemediationTask (dict) –
The code remediation task associated with the finding, if code remediation was initiated.
status (string) –
The current status of the code remediation task.
statusReason (string) –
The reason for the current status of the code remediation task.
taskDetails (list) –
The list of details for the code remediation task, including repository name, code diff link, and pull request link.
(dict) –
Contains details about a code remediation task, including links to the code diff and pull request.
repoName (string) –
The name of the repository where the remediation was applied.
codeDiffLink (string) –
The link to the code diff for the remediation.
pullRequestLink (string) –
The link to the pull request created for the remediation.
lastUpdatedBy (string) –
The identifier of the entity that last updated the finding.
codeLocations (list) –
The file locations involved in the vulnerability, as reported by the code scanner.
(dict) –
Represents a location in source code associated with a security finding.
filePath (string) –
The absolute path to the file containing the code location.
lineStart (integer) –
The starting line number of the code location.
lineEnd (integer) –
The ending line number of the code location.
label (string) –
The role of this location in the vulnerability, such as source or sink.
verificationScript (dict) –
The verification script metadata for reproducing the finding, including download URL, instructions, and required environment variables.
scriptType (string) –
The type of script. Valid values are python and bash.
scriptUrl (string) –
URL to download the verification script.
instructions (string) –
Instructions for running the verification script, including prerequisites and how to interpret results.
envVars (list) –
The list of environment variables required to run the verification script.
(dict) –
Represents an environment variable required to run a verification script.
name (string) –
The name of the environment variable.
value (string) –
The value of the environment variable.
createdAt (datetime) –
The date and time the finding was created, in UTC format.
updatedAt (datetime) –
The date and time the finding was last updated, in UTC format.
notFound (list) –
The list of finding identifiers that were not found.
(string) –