INSPECTOR2
AssociateMember
valid {
input.Body.accountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetAccountStatus
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetCodeSnippet
valid {
input.Body.findingArns[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetFindingDetails
valid {
input.Body.findingArns[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetFreeTrialInfo
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetMemberEc2DeepInspectionStatus
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchUpdateMemberEc2DeepInspectionStatus
valid {
input.Body.accountIds[_].accountId == STRING
input.Body.accountIds[_].activateDeepInspection == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelFindingsReport
valid {
input.Body.reportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelSbomExport
valid {
input.Body.reportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCisScanConfiguration
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_Day := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]
valid {
input.Body.scanName == STRING
input.Body.schedule.daily.startTime.timeOfDay == STRING
input.Body.schedule.daily.startTime.timezone == STRING
input.Body.schedule.monthly.day == enum_Day[_]
input.Body.schedule.monthly.startTime.timeOfDay == STRING
input.Body.schedule.monthly.startTime.timezone == STRING
input.Body.schedule.oneTime == {}
input.Body.schedule.weekly.days[_] == enum_Day[_]
input.Body.schedule.weekly.startTime.timeOfDay == STRING
input.Body.schedule.weekly.startTime.timezone == STRING
input.Body.securityLevel == enum_CisSecurityLevel[_]
input.Body.tags.STRING == STRING
input.Body.targets.accountIds[_] == STRING
input.Body.targets.targetResourceTags.STRING[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFilter
enum_FilterAction := [ "NONE", "SUPPRESS" ]
enum_MapComparison := [ "EQUALS" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.action == enum_FilterAction[_]
input.Body.description == STRING
input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.awsAccountId[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentId[_].value == STRING
input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentType[_].value == STRING
input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageHash[_].value == STRING
input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.exploitAvailable[_].value == STRING
input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingArn[_].value == STRING
input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingStatus[_].value == STRING
input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingType[_].value == STRING
input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.fixAvailable[_].value == STRING
input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.networkProtocol[_].value == STRING
input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
input.Body.filterCriteria.resourceTags[_].key == STRING
input.Body.filterCriteria.resourceTags[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.severity[_].value == STRING
input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.title[_].value == STRING
input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vendorSeverity[_].value == STRING
input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilityId[_].value == STRING
input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].filePath.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].filePath.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
input.Body.name == STRING
input.Body.reason == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFindingsReport
enum_MapComparison := [ "EQUALS" ]
enum_ReportFormat := [ "CSV", "JSON" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.awsAccountId[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentId[_].value == STRING
input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentType[_].value == STRING
input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageHash[_].value == STRING
input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.exploitAvailable[_].value == STRING
input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingArn[_].value == STRING
input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingStatus[_].value == STRING
input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingType[_].value == STRING
input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.fixAvailable[_].value == STRING
input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.networkProtocol[_].value == STRING
input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
input.Body.filterCriteria.resourceTags[_].key == STRING
input.Body.filterCriteria.resourceTags[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.severity[_].value == STRING
input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.title[_].value == STRING
input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vendorSeverity[_].value == STRING
input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilityId[_].value == STRING
input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].filePath.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].filePath.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
input.Body.reportFormat == enum_ReportFormat[_]
input.Body.s3Destination.bucketName == STRING
input.Body.s3Destination.keyPrefix == STRING
input.Body.s3Destination.kmsKeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSbomExport
enum_ResourceMapComparison := [ "EQUALS" ]
enum_ResourceStringComparison := [ "EQUALS", "NOT_EQUALS" ]
enum_SbomReportFormat := [ "CYCLONEDX_1_4", "SPDX_2_3" ]
valid {
input.Body.reportFormat == enum_SbomReportFormat[_]
input.Body.resourceFilterCriteria.accountId[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.accountId[_].value == STRING
input.Body.resourceFilterCriteria.ec2InstanceTags[_].comparison == enum_ResourceMapComparison[_]
input.Body.resourceFilterCriteria.ec2InstanceTags[_].key == STRING
input.Body.resourceFilterCriteria.ec2InstanceTags[_].value == STRING
input.Body.resourceFilterCriteria.ecrImageTags[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.ecrImageTags[_].value == STRING
input.Body.resourceFilterCriteria.ecrRepositoryName[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.ecrRepositoryName[_].value == STRING
input.Body.resourceFilterCriteria.lambdaFunctionName[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.lambdaFunctionName[_].value == STRING
input.Body.resourceFilterCriteria.lambdaFunctionTags[_].comparison == enum_ResourceMapComparison[_]
input.Body.resourceFilterCriteria.lambdaFunctionTags[_].key == STRING
input.Body.resourceFilterCriteria.lambdaFunctionTags[_].value == STRING
input.Body.resourceFilterCriteria.resourceId[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.resourceId[_].value == STRING
input.Body.resourceFilterCriteria.resourceType[_].comparison == enum_ResourceStringComparison[_]
input.Body.resourceFilterCriteria.resourceType[_].value == STRING
input.Body.s3Destination.bucketName == STRING
input.Body.s3Destination.keyPrefix == STRING
input.Body.s3Destination.kmsKeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteCisScanConfiguration
valid {
input.Body.scanConfigurationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFilter
valid {
input.Body.arn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeOrganizationConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Disable
enum_ResourceScanType := [ "EC2", "ECR", "LAMBDA", "LAMBDA_CODE" ]
valid {
input.Body.accountIds[_] == STRING
input.Body.resourceTypes[_] == enum_ResourceScanType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableDelegatedAdminAccount
valid {
input.Body.delegatedAdminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateMember
valid {
input.Body.accountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Enable
enum_ResourceScanType := [ "EC2", "ECR", "LAMBDA", "LAMBDA_CODE" ]
valid {
input.Body.accountIds[_] == STRING
input.Body.clientToken == STRING
input.Body.resourceTypes[_] == enum_ResourceScanType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableDelegatedAdminAccount
valid {
input.Body.clientToken == STRING
input.Body.delegatedAdminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCisScanReport
enum_CisReportFormat := [ "PDF", "CSV" ]
valid {
input.Body.reportFormat == enum_CisReportFormat[_]
input.Body.scanArn == STRING
input.Body.targetAccounts[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCisScanResultDetails
enum_CisFindingStatus := [ "PASSED", "FAILED", "SKIPPED" ]
enum_CisFindingStatusComparison := [ "EQUALS" ]
enum_CisScanResultDetailsSortBy := [ "CHECK_ID", "STATUS" ]
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_CisSecurityLevelComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.accountId == STRING
input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.checkIdFilters[_].value == STRING
input.Body.filterCriteria.findingArnFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.findingArnFilters[_].value == STRING
input.Body.filterCriteria.findingStatusFilters[_].comparison == enum_CisFindingStatusComparison[_]
input.Body.filterCriteria.findingStatusFilters[_].value == enum_CisFindingStatus[_]
input.Body.filterCriteria.securityLevelFilters[_].comparison == enum_CisSecurityLevelComparison[_]
input.Body.filterCriteria.securityLevelFilters[_].value == enum_CisSecurityLevel[_]
input.Body.filterCriteria.titleFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.titleFilters[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.scanArn == STRING
input.Body.sortBy == enum_CisScanResultDetailsSortBy[_]
input.Body.sortOrder == enum_CisSortOrder[_]
input.Body.targetResourceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDelegatedAdminAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEc2DeepInspectionConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEncryptionKey
enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]
valid {
input.Qs.resourceType == enum_ResourceType[_]
input.Qs.scanType == enum_ScanType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindingsReportStatus
valid {
input.Body.reportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMember
valid {
input.Body.accountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSbomExport
valid {
input.Body.reportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountPermissions
enum_Service := [ "EC2", "ECR", "LAMBDA" ]
valid {
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.service == enum_Service[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCisScanConfigurations
enum_CisScanConfigurationsSortBy := [ "SCAN_NAME", "SCAN_CONFIGURATION_ARN" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_TagComparison := [ "EQUALS" ]
valid {
input.Body.filterCriteria.scanConfigurationArnFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scanConfigurationArnFilters[_].value == STRING
input.Body.filterCriteria.scanNameFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scanNameFilters[_].value == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortBy == enum_CisScanConfigurationsSortBy[_]
input.Body.sortOrder == enum_CisSortOrder[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCisScanResultsAggregatedByChecks
enum_CisScanResultsAggregatedByChecksSortBy := [ "CHECK_ID", "TITLE", "PLATFORM", "FAILED_COUNTS", "SECURITY_LEVEL" ]
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_CisSecurityLevelComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.filterCriteria.accountIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.accountIdFilters[_].value == STRING
input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.checkIdFilters[_].value == STRING
input.Body.filterCriteria.failedResourcesFilters[_].lowerInclusive == INTEGER
input.Body.filterCriteria.failedResourcesFilters[_].upperInclusive == INTEGER
input.Body.filterCriteria.platformFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.platformFilters[_].value == STRING
input.Body.filterCriteria.securityLevelFilters[_].comparison == enum_CisSecurityLevelComparison[_]
input.Body.filterCriteria.securityLevelFilters[_].value == enum_CisSecurityLevel[_]
input.Body.filterCriteria.titleFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.titleFilters[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.scanArn == STRING
input.Body.sortBy == enum_CisScanResultsAggregatedByChecksSortBy[_]
input.Body.sortOrder == enum_CisSortOrder[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCisScanResultsAggregatedByTargetResource
enum_CisResultStatus := [ "PASSED", "FAILED", "SKIPPED" ]
enum_CisResultStatusComparison := [ "EQUALS" ]
enum_CisScanResultsAggregatedByTargetResourceSortBy := [ "RESOURCE_ID", "FAILED_COUNTS", "ACCOUNT_ID", "PLATFORM", "TARGET_STATUS", "TARGET_STATUS_REASON" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_CisTargetStatus := [ "TIMED_OUT", "CANCELLED", "COMPLETED" ]
enum_CisTargetStatusComparison := [ "EQUALS" ]
enum_CisTargetStatusReason := [ "SCAN_IN_PROGRESS", "UNSUPPORTED_OS", "SSM_UNMANAGED" ]
enum_TagComparison := [ "EQUALS" ]
valid {
input.Body.filterCriteria.accountIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.accountIdFilters[_].value == STRING
input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.checkIdFilters[_].value == STRING
input.Body.filterCriteria.failedChecksFilters[_].lowerInclusive == INTEGER
input.Body.filterCriteria.failedChecksFilters[_].upperInclusive == INTEGER
input.Body.filterCriteria.platformFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.platformFilters[_].value == STRING
input.Body.filterCriteria.statusFilters[_].comparison == enum_CisResultStatusComparison[_]
input.Body.filterCriteria.statusFilters[_].value == enum_CisResultStatus[_]
input.Body.filterCriteria.targetResourceIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.targetResourceIdFilters[_].value == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
input.Body.filterCriteria.targetStatusFilters[_].comparison == enum_CisTargetStatusComparison[_]
input.Body.filterCriteria.targetStatusFilters[_].value == enum_CisTargetStatus[_]
input.Body.filterCriteria.targetStatusReasonFilters[_].comparison == enum_CisTargetStatusComparison[_]
input.Body.filterCriteria.targetStatusReasonFilters[_].value == enum_CisTargetStatusReason[_]
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.scanArn == STRING
input.Body.sortBy == enum_CisScanResultsAggregatedByTargetResourceSortBy[_]
input.Body.sortOrder == enum_CisSortOrder[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCisScans
enum_CisScanStatus := [ "FAILED", "COMPLETED", "CANCELLED", "IN_PROGRESS" ]
enum_CisScanStatusComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_ListCisScansDetailLevel := [ "ORGANIZATION", "MEMBER" ]
enum_ListCisScansSortBy := [ "STATUS", "SCHEDULED_BY", "SCAN_START_DATE", "FAILED_CHECKS" ]
enum_TagComparison := [ "EQUALS" ]
valid {
input.Body.detailLevel == enum_ListCisScansDetailLevel[_]
input.Body.filterCriteria.failedChecksFilters[_].lowerInclusive == INTEGER
input.Body.filterCriteria.failedChecksFilters[_].upperInclusive == INTEGER
input.Body.filterCriteria.scanArnFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scanArnFilters[_].value == STRING
input.Body.filterCriteria.scanAtFilters[_].earliestScanStartTime == TIMESTAMP
input.Body.filterCriteria.scanAtFilters[_].latestScanStartTime == TIMESTAMP
input.Body.filterCriteria.scanConfigurationArnFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scanConfigurationArnFilters[_].value == STRING
input.Body.filterCriteria.scanNameFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scanNameFilters[_].value == STRING
input.Body.filterCriteria.scanStatusFilters[_].comparison == enum_CisScanStatusComparison[_]
input.Body.filterCriteria.scanStatusFilters[_].value == enum_CisScanStatus[_]
input.Body.filterCriteria.scheduledByFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.scheduledByFilters[_].value == STRING
input.Body.filterCriteria.targetAccountIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.targetAccountIdFilters[_].value == STRING
input.Body.filterCriteria.targetResourceIdFilters[_].comparison == enum_CisStringComparison[_]
input.Body.filterCriteria.targetResourceIdFilters[_].value == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortBy == enum_ListCisScansSortBy[_]
input.Body.sortOrder == enum_CisSortOrder[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCoverage
enum_CoverageMapComparison := [ "EQUALS" ]
enum_CoverageStringComparison := [ "EQUALS", "NOT_EQUALS" ]
valid {
input.Body.filterCriteria.accountId[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.accountId[_].value == STRING
input.Body.filterCriteria.ec2InstanceTags[_].comparison == enum_CoverageMapComparison[_]
input.Body.filterCriteria.ec2InstanceTags[_].key == STRING
input.Body.filterCriteria.ec2InstanceTags[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.ecrRepositoryName[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.ecrRepositoryName[_].value == STRING
input.Body.filterCriteria.imagePulledAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.imagePulledAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lambdaFunctionTags[_].comparison == enum_CoverageMapComparison[_]
input.Body.filterCriteria.lambdaFunctionTags[_].key == STRING
input.Body.filterCriteria.lambdaFunctionTags[_].value == STRING
input.Body.filterCriteria.lastScannedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastScannedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.resourceId[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.scanMode[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanMode[_].value == STRING
input.Body.filterCriteria.scanStatusCode[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanStatusCode[_].value == STRING
input.Body.filterCriteria.scanStatusReason[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanStatusReason[_].value == STRING
input.Body.filterCriteria.scanType[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanType[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCoverageStatistics
enum_CoverageMapComparison := [ "EQUALS" ]
enum_CoverageStringComparison := [ "EQUALS", "NOT_EQUALS" ]
enum_GroupKey := [ "SCAN_STATUS_CODE", "SCAN_STATUS_REASON", "ACCOUNT_ID", "RESOURCE_TYPE", "ECR_REPOSITORY_NAME" ]
valid {
input.Body.filterCriteria.accountId[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.accountId[_].value == STRING
input.Body.filterCriteria.ec2InstanceTags[_].comparison == enum_CoverageMapComparison[_]
input.Body.filterCriteria.ec2InstanceTags[_].key == STRING
input.Body.filterCriteria.ec2InstanceTags[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.ecrRepositoryName[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.ecrRepositoryName[_].value == STRING
input.Body.filterCriteria.imagePulledAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.imagePulledAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lambdaFunctionTags[_].comparison == enum_CoverageMapComparison[_]
input.Body.filterCriteria.lambdaFunctionTags[_].key == STRING
input.Body.filterCriteria.lambdaFunctionTags[_].value == STRING
input.Body.filterCriteria.lastScannedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastScannedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.resourceId[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.scanMode[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanMode[_].value == STRING
input.Body.filterCriteria.scanStatusCode[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanStatusCode[_].value == STRING
input.Body.filterCriteria.scanStatusReason[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanStatusReason[_].value == STRING
input.Body.filterCriteria.scanType[_].comparison == enum_CoverageStringComparison[_]
input.Body.filterCriteria.scanType[_].value == STRING
input.Body.groupBy == enum_GroupKey[_]
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListDelegatedAdminAccounts
valid {
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFilters
enum_FilterAction := [ "NONE", "SUPPRESS" ]
valid {
input.Body.action == enum_FilterAction[_]
input.Body.arns[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFindingAggregations
enum_AccountSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_AggregationFindingType := [ "NETWORK_REACHABILITY", "PACKAGE_VULNERABILITY", "CODE_VULNERABILITY" ]
enum_AggregationResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_LAMBDA_FUNCTION" ]
enum_AggregationType := [ "FINDING_TYPE", "PACKAGE", "TITLE", "REPOSITORY", "AMI", "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER", "IMAGE_LAYER", "ACCOUNT", "AWS_LAMBDA_FUNCTION", "LAMBDA_LAYER" ]
enum_AmiSortBy := [ "CRITICAL", "HIGH", "ALL", "AFFECTED_INSTANCES" ]
enum_AwsEcrContainerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_Ec2InstanceSortBy := [ "NETWORK_FINDINGS", "CRITICAL", "HIGH", "ALL" ]
enum_FindingTypeSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_ImageLayerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_LambdaFunctionSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_LambdaLayerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_MapComparison := [ "EQUALS" ]
enum_PackageSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_RepositorySortBy := [ "CRITICAL", "HIGH", "ALL", "AFFECTED_IMAGES" ]
enum_SortOrder := [ "ASC", "DESC" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_TitleSortBy := [ "CRITICAL", "HIGH", "ALL" ]
valid {
input.Body.accountIds[_].comparison == enum_StringComparison[_]
input.Body.accountIds[_].value == STRING
input.Body.aggregationRequest.accountAggregation.findingType == enum_AggregationFindingType[_]
input.Body.aggregationRequest.accountAggregation.resourceType == enum_AggregationResourceType[_]
input.Body.aggregationRequest.accountAggregation.sortBy == enum_AccountSortBy[_]
input.Body.aggregationRequest.accountAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.amiAggregation.amis[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.amiAggregation.amis[_].value == STRING
input.Body.aggregationRequest.amiAggregation.sortBy == enum_AmiSortBy[_]
input.Body.aggregationRequest.amiAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.architectures[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.architectures[_].value == STRING
input.Body.aggregationRequest.awsEcrContainerAggregation.imageShas[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.imageShas[_].value == STRING
input.Body.aggregationRequest.awsEcrContainerAggregation.imageTags[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.imageTags[_].value == STRING
input.Body.aggregationRequest.awsEcrContainerAggregation.repositories[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.repositories[_].value == STRING
input.Body.aggregationRequest.awsEcrContainerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.resourceIds[_].value == STRING
input.Body.aggregationRequest.awsEcrContainerAggregation.sortBy == enum_AwsEcrContainerSortBy[_]
input.Body.aggregationRequest.awsEcrContainerAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.ec2InstanceAggregation.amis[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.ec2InstanceAggregation.amis[_].value == STRING
input.Body.aggregationRequest.ec2InstanceAggregation.instanceIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.ec2InstanceAggregation.instanceIds[_].value == STRING
input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].comparison == enum_MapComparison[_]
input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].key == STRING
input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].value == STRING
input.Body.aggregationRequest.ec2InstanceAggregation.operatingSystems[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.ec2InstanceAggregation.operatingSystems[_].value == STRING
input.Body.aggregationRequest.ec2InstanceAggregation.sortBy == enum_Ec2InstanceSortBy[_]
input.Body.aggregationRequest.ec2InstanceAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.findingTypeAggregation.findingType == enum_AggregationFindingType[_]
input.Body.aggregationRequest.findingTypeAggregation.resourceType == enum_AggregationResourceType[_]
input.Body.aggregationRequest.findingTypeAggregation.sortBy == enum_FindingTypeSortBy[_]
input.Body.aggregationRequest.findingTypeAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.imageLayerAggregation.layerHashes[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.imageLayerAggregation.layerHashes[_].value == STRING
input.Body.aggregationRequest.imageLayerAggregation.repositories[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.imageLayerAggregation.repositories[_].value == STRING
input.Body.aggregationRequest.imageLayerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.imageLayerAggregation.resourceIds[_].value == STRING
input.Body.aggregationRequest.imageLayerAggregation.sortBy == enum_ImageLayerSortBy[_]
input.Body.aggregationRequest.imageLayerAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.functionNames[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.functionNames[_].value == STRING
input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].comparison == enum_MapComparison[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].key == STRING
input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].value == STRING
input.Body.aggregationRequest.lambdaFunctionAggregation.resourceIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.resourceIds[_].value == STRING
input.Body.aggregationRequest.lambdaFunctionAggregation.runtimes[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.runtimes[_].value == STRING
input.Body.aggregationRequest.lambdaFunctionAggregation.sortBy == enum_LambdaFunctionSortBy[_]
input.Body.aggregationRequest.lambdaFunctionAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.lambdaLayerAggregation.functionNames[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaLayerAggregation.functionNames[_].value == STRING
input.Body.aggregationRequest.lambdaLayerAggregation.layerArns[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaLayerAggregation.layerArns[_].value == STRING
input.Body.aggregationRequest.lambdaLayerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.lambdaLayerAggregation.resourceIds[_].value == STRING
input.Body.aggregationRequest.lambdaLayerAggregation.sortBy == enum_LambdaLayerSortBy[_]
input.Body.aggregationRequest.lambdaLayerAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.packageAggregation.packageNames[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.packageAggregation.packageNames[_].value == STRING
input.Body.aggregationRequest.packageAggregation.sortBy == enum_PackageSortBy[_]
input.Body.aggregationRequest.packageAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.repositoryAggregation.repositories[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.repositoryAggregation.repositories[_].value == STRING
input.Body.aggregationRequest.repositoryAggregation.sortBy == enum_RepositorySortBy[_]
input.Body.aggregationRequest.repositoryAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.titleAggregation.findingType == enum_AggregationFindingType[_]
input.Body.aggregationRequest.titleAggregation.resourceType == enum_AggregationResourceType[_]
input.Body.aggregationRequest.titleAggregation.sortBy == enum_TitleSortBy[_]
input.Body.aggregationRequest.titleAggregation.sortOrder == enum_SortOrder[_]
input.Body.aggregationRequest.titleAggregation.titles[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.titleAggregation.titles[_].value == STRING
input.Body.aggregationRequest.titleAggregation.vulnerabilityIds[_].comparison == enum_StringComparison[_]
input.Body.aggregationRequest.titleAggregation.vulnerabilityIds[_].value == STRING
input.Body.aggregationType == enum_AggregationType[_]
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFindings
enum_MapComparison := [ "EQUALS" ]
enum_SortField := [ "AWS_ACCOUNT_ID", "FINDING_TYPE", "SEVERITY", "FIRST_OBSERVED_AT", "LAST_OBSERVED_AT", "FINDING_STATUS", "RESOURCE_TYPE", "ECR_IMAGE_PUSHED_AT", "ECR_IMAGE_REPOSITORY_NAME", "ECR_IMAGE_REGISTRY", "NETWORK_PROTOCOL", "COMPONENT_TYPE", "VULNERABILITY_ID", "VULNERABILITY_SOURCE", "INSPECTOR_SCORE", "VENDOR_SEVERITY", "EPSS_SCORE" ]
enum_SortOrder := [ "ASC", "DESC" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.awsAccountId[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentId[_].value == STRING
input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentType[_].value == STRING
input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageHash[_].value == STRING
input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.exploitAvailable[_].value == STRING
input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingArn[_].value == STRING
input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingStatus[_].value == STRING
input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingType[_].value == STRING
input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.fixAvailable[_].value == STRING
input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.networkProtocol[_].value == STRING
input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
input.Body.filterCriteria.resourceTags[_].key == STRING
input.Body.filterCriteria.resourceTags[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.severity[_].value == STRING
input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.title[_].value == STRING
input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vendorSeverity[_].value == STRING
input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilityId[_].value == STRING
input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].filePath.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].filePath.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortCriteria.field == enum_SortField[_]
input.Body.sortCriteria.sortOrder == enum_SortOrder[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMembers
valid {
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.onlyAssociated == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUsageTotals
valid {
input.Body.accountIds[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ResetEncryptionKey
enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]
valid {
input.Body.resourceType == enum_ResourceType[_]
input.Body.scanType == enum_ScanType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SearchVulnerabilities
valid {
input.Body.filterCriteria.vulnerabilityIds[_] == STRING
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SendCisSessionHealth
valid {
input.Body.scanJobId == STRING
input.Body.sessionToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SendCisSessionTelemetry
enum_CisRuleStatus := [ "FAILED", "PASSED", "NOT_EVALUATED", "INFORMATIONAL", "UNKNOWN", "NOT_APPLICABLE", "ERROR" ]
valid {
input.Body.messages[_].cisRuleDetails == BLOB
input.Body.messages[_].ruleId == STRING
input.Body.messages[_].status == enum_CisRuleStatus[_]
input.Body.scanJobId == STRING
input.Body.sessionToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartCisSession
valid {
input.Body.message.sessionToken == STRING
input.Body.scanJobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopCisSession
enum_StopCisSessionStatus := [ "SUCCESS", "FAILED", "INTERRUPTED", "UNSUPPORTED_OS" ]
valid {
input.Body.message.benchmarkProfile == STRING
input.Body.message.benchmarkVersion == STRING
input.Body.message.computePlatform.product == STRING
input.Body.message.computePlatform.vendor == STRING
input.Body.message.computePlatform.version == STRING
input.Body.message.progress.errorChecks == INTEGER
input.Body.message.progress.failedChecks == INTEGER
input.Body.message.progress.informationalChecks == INTEGER
input.Body.message.progress.notApplicableChecks == INTEGER
input.Body.message.progress.notEvaluatedChecks == INTEGER
input.Body.message.progress.successfulChecks == INTEGER
input.Body.message.progress.totalChecks == INTEGER
input.Body.message.progress.unknownChecks == INTEGER
input.Body.message.reason == STRING
input.Body.message.status == enum_StopCisSessionStatus[_]
input.Body.scanJobId == STRING
input.Body.sessionToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCisScanConfiguration
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_Day := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]
valid {
input.Body.scanConfigurationArn == STRING
input.Body.scanName == STRING
input.Body.schedule.daily.startTime.timeOfDay == STRING
input.Body.schedule.daily.startTime.timezone == STRING
input.Body.schedule.monthly.day == enum_Day[_]
input.Body.schedule.monthly.startTime.timeOfDay == STRING
input.Body.schedule.monthly.startTime.timezone == STRING
input.Body.schedule.oneTime == {}
input.Body.schedule.weekly.days[_] == enum_Day[_]
input.Body.schedule.weekly.startTime.timeOfDay == STRING
input.Body.schedule.weekly.startTime.timezone == STRING
input.Body.securityLevel == enum_CisSecurityLevel[_]
input.Body.targets.accountIds[_] == STRING
input.Body.targets.targetResourceTags.STRING[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateConfiguration
enum_Ec2ScanMode := [ "EC2_SSM_AGENT_BASED", "EC2_HYBRID" ]
enum_EcrPullDateRescanDuration := [ "DAYS_14", "DAYS_30", "DAYS_60", "DAYS_90", "DAYS_180" ]
enum_EcrRescanDuration := [ "LIFETIME", "DAYS_30", "DAYS_180", "DAYS_14", "DAYS_60", "DAYS_90" ]
valid {
input.Body.ec2Configuration.scanMode == enum_Ec2ScanMode[_]
input.Body.ecrConfiguration.pullDateRescanDuration == enum_EcrPullDateRescanDuration[_]
input.Body.ecrConfiguration.rescanDuration == enum_EcrRescanDuration[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateEc2DeepInspectionConfiguration
valid {
input.Body.activateDeepInspection == BOOLEAN
input.Body.packagePaths[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateEncryptionKey
enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]
valid {
input.Body.kmsKeyId == STRING
input.Body.resourceType == enum_ResourceType[_]
input.Body.scanType == enum_ScanType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFilter
enum_FilterAction := [ "NONE", "SUPPRESS" ]
enum_MapComparison := [ "EQUALS" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
valid {
input.Body.action == enum_FilterAction[_]
input.Body.description == STRING
input.Body.filterArn == STRING
input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.awsAccountId[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentId[_].value == STRING
input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.componentType[_].value == STRING
input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageHash[_].value == STRING
input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.ecrImageTags[_].value == STRING
input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.exploitAvailable[_].value == STRING
input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingArn[_].value == STRING
input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingStatus[_].value == STRING
input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.findingType[_].value == STRING
input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.fixAvailable[_].value == STRING
input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.networkProtocol[_].value == STRING
input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceId[_].value == STRING
input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
input.Body.filterCriteria.resourceTags[_].key == STRING
input.Body.filterCriteria.resourceTags[_].value == STRING
input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.resourceType[_].value == STRING
input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.severity[_].value == STRING
input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.title[_].value == STRING
input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vendorSeverity[_].value == STRING
input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilityId[_].value == STRING
input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
input.Body.filterCriteria.vulnerablePackages[_].filePath.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].filePath.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
input.Body.name == STRING
input.Body.reason == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateOrgEc2DeepInspectionConfiguration
valid {
input.Body.orgPackagePaths[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateOrganizationConfiguration
valid {
input.Body.autoEnable.ec2 == BOOLEAN
input.Body.autoEnable.ecr == BOOLEAN
input.Body.autoEnable.lambda == BOOLEAN
input.Body.autoEnable.lambdaCode == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 9 days ago