2026/05/22 - AWS Security Agent - 1 updated api methods
Changes Adds support for verification scripts on penetration test findings. Customers can now download executable scripts to independently reproduce confirmed vulnerabilities, with instructions and required environment variables provided for each finding.
{'findings': {'verificationScript': {'envVars': [{'name': 'string',
'value': 'string'}],
'instructions': 'string',
'scriptType': 'string',
'scriptUrl': 'string'}}}
Retrieves information about one or more security findings in an agent space.
See also: AWS API Documentation
Request Syntax
client.batch_get_findings(
findingIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
The list of finding identifiers to retrieve.
(string) --
string
[REQUIRED]
The unique identifier of the agent space that contains the findings.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'agentSpaceId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'codeReviewId': 'string',
'codeReviewJobId': 'string',
'taskId': 'string',
'name': 'string',
'description': 'string',
'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
'riskType': 'string',
'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'riskScore': 'string',
'reasoning': 'string',
'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
'attackScript': 'string',
'codeRemediationTask': {
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED',
'statusReason': 'string',
'taskDetails': [
{
'repoName': 'string',
'codeDiffLink': 'string',
'pullRequestLink': 'string'
},
]
},
'lastUpdatedBy': 'string',
'codeLocations': [
{
'filePath': 'string',
'lineStart': 123,
'lineEnd': 123,
'label': 'string'
},
],
'verificationScript': {
'scriptType': 'string',
'scriptUrl': 'string',
'instructions': 'string',
'envVars': [
{
'name': 'string',
'value': 'string'
},
]
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetFindings operation.
findings (list) --
The list of findings that were found.
(dict) --
Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
findingId (string) --
The unique identifier of the finding.
agentSpaceId (string) --
The unique identifier of the agent space associated with the finding.
pentestId (string) --
The unique identifier of the pentest associated with the finding.
pentestJobId (string) --
The unique identifier of the pentest job that produced the finding.
codeReviewId (string) --
The unique identifier of the code review associated with the finding.
codeReviewJobId (string) --
The unique identifier of the code review job that produced the finding.
taskId (string) --
The unique identifier of the task that produced the finding.
name (string) --
The name of the finding.
description (string) --
A description of the finding.
status (string) --
The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
riskType (string) --
The type of security risk identified by the finding.
riskLevel (string) --
The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
riskScore (string) --
The numerical risk score of the finding.
reasoning (string) --
The reasoning behind the finding, explaining why it was identified as a vulnerability.
confidence (string) --
The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
attackScript (string) --
The attack script used to reproduce the finding.
codeRemediationTask (dict) --
The code remediation task associated with the finding, if code remediation was initiated.
status (string) --
The current status of the code remediation task.
statusReason (string) --
The reason for the current status of the code remediation task.
taskDetails (list) --
The list of details for the code remediation task, including repository name, code diff link, and pull request link.
(dict) --
Contains details about a code remediation task, including links to the code diff and pull request.
repoName (string) --
The name of the repository where the remediation was applied.
codeDiffLink (string) --
The link to the code diff for the remediation.
pullRequestLink (string) --
The link to the pull request created for the remediation.
lastUpdatedBy (string) --
The identifier of the entity that last updated the finding.
codeLocations (list) --
The file locations involved in the vulnerability, as reported by the code scanner.
(dict) --
Represents a location in source code associated with a security finding.
filePath (string) --
The absolute path to the file containing the code location.
lineStart (integer) --
The starting line number of the code location.
lineEnd (integer) --
The ending line number of the code location.
label (string) --
The role of this location in the vulnerability, such as source or sink.
verificationScript (dict) --
The verification script metadata for reproducing the finding, including download URL, instructions, and required environment variables.
scriptType (string) --
The type of script. Valid values are python and bash.
scriptUrl (string) --
URL to download the verification script.
instructions (string) --
Instructions for running the verification script, including prerequisites and how to interpret results.
envVars (list) --
The list of environment variables required to run the verification script.
(dict) --
Represents an environment variable required to run a verification script.
name (string) --
The name of the environment variable.
value (string) --
The value of the environment variable.
createdAt (datetime) --
The date and time the finding was created, in UTC format.
updatedAt (datetime) --
The date and time the finding was last updated, in UTC format.
notFound (list) --
The list of finding identifiers that were not found.
(string) --