The Amazon Inspector API provides programmatic access to vulnerability management for scanning EC2 instances, container images, and Lambda functions for software vulnerabilities and network exposure.
openapi: 3.0.0
info:
version: '2020-06-08'
x-release: v4
title: Inspector2
description: Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2 and Amazon ECR environments.
x-logo:
url: 'https://twitter.com/awscloud/profile_image?size=original'
backgroundColor: '#FFFFFF'
termsOfService: 'https://aws.amazon.com/service-terms/'
contact:
name: Mike Ralphson
email: [email protected]
url: 'https://github.com/mermade/aws2openapi'
x-twitter: PermittedSoc
license:
name: Apache 2.0 License
url: 'http://www.apache.org/licenses/'
x-providerName: amazonaws.com
x-serviceName: inspector2
x-aws-signingName: inspector2
x-origin:
- contentType: application/json
url: 'https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/inspector2-2020-06-08.normal.json'
converter:
url: 'https://github.com/mermade/aws2openapi'
version: 1.0.0
x-apisguru-driver: external
x-apiClientRegistration:
url: 'https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct'
x-apisguru-categories:
- cloud
x-preferred: true
externalDocs:
description: Amazon Web Services documentation
url: 'https://docs.aws.amazon.com/inspector2/'
servers:
- url: 'http://inspector2.{region}.amazonaws.com'
variables:
region:
description: The AWS region
enum:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-west-1
- us-gov-east-1
- ca-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-central-1
- eu-south-1
- af-south-1
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-southeast-1
- ap-southeast-2
- ap-east-1
- ap-south-1
- sa-east-1
- me-south-1
default: us-east-1
description: The Inspector2 multi-region endpoint
- url: 'https://inspector2.{region}.amazonaws.com'
variables:
region:
description: The AWS region
enum:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-west-1
- us-gov-east-1
- ca-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-central-1
- eu-south-1
- af-south-1
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-southeast-1
- ap-southeast-2
- ap-east-1
- ap-south-1
- sa-east-1
- me-south-1
default: us-east-1
description: The Inspector2 multi-region endpoint
- url: 'http://inspector2.{region}.amazonaws.com.cn'
variables:
region:
description: The AWS region
enum:
- cn-north-1
- cn-northwest-1
default: cn-north-1
description: The Inspector2 endpoint for China (Beijing) and China (Ningxia)
- url: 'https://inspector2.{region}.amazonaws.com.cn'
variables:
region:
description: The AWS region
enum:
- cn-north-1
- cn-northwest-1
default: cn-north-1
description: The Inspector2 endpoint for China (Beijing) and China (Ningxia)
x-hasEquivalentPaths: true
paths:
/members/associate:
post:
operationId: AssociateMember
description: 'Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate
whether it was completed. You can check if the association completed by using <a href="https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListMembers.html">ListMembers</a> for multiple accounts
or <a href="https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetMember.html">GetMembers</a> for a single account.'
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/AssociateMemberResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountId
properties:
accountId:
description: The Amazon Web Services account ID of the member account to be associated.
type: string
pattern: '^\d{12}$'
minLength: 12
maxLength: 12
summary: Amazon Inspector Associate Member
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/status/batch/get:
post:
operationId: BatchGetAccountStatus
description: Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchGetAccountStatusResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
'483':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'484':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accountIds:
description: The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for.
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 0
maxItems: 100
summary: Amazon Inspector Batch Get Account Status
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/codesnippet/batchget:
post:
operationId: BatchGetCodeSnippet
description: Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchGetCodeSnippetResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- findingArns
properties:
findingArns:
description: An array of finding ARNs for the findings you want to retrieve code snippets from.
type: array
items:
$ref: '#/components/schemas/FindingArn'
minItems: 1
maxItems: 10
summary: Amazon Inspector Batch Get Code Snippet
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/findings/details/batch/get:
post:
operationId: BatchGetFindingDetails
description: Gets vulnerability details for findings.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchGetFindingDetailsResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- findingArns
properties:
findingArns:
description: A list of finding ARNs.
type: array
items:
$ref: '#/components/schemas/FindingArn'
minItems: 1
maxItems: 10
summary: Amazon Inspector Batch Get Finding Details
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/freetrialinfo/batchget:
post:
operationId: BatchGetFreeTrialInfo
description: Gets free trial status for multiple Amazon Web Services accounts.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchGetFreeTrialInfoResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountIds
properties:
accountIds:
description: The account IDs to get free trial status for.
type: array
items:
$ref: '#/components/schemas/MeteringAccountId'
minItems: 1
maxItems: 100
summary: Amazon Inspector Batch Get Free Trial Info
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/ec2deepinspectionstatus/member/batch/get:
post:
operationId: BatchGetMemberEc2DeepInspectionStatus
description: Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization. You must be the delegated administrator of an organization in
Amazon Inspector to use this API.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchGetMemberEc2DeepInspectionStatusResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accountIds:
description: The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for. <pre><code> </p> </code></pre>
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 0
maxItems: 100
summary: Amazon Inspector Batch Get Member Ec2 Deep Inspection Status
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/ec2deepinspectionstatus/member/batch/update:
post:
operationId: BatchUpdateMemberEc2DeepInspectionStatus
description: Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization. You must be the delegated administrator of an organization in Amazon
Inspector to use this API.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/BatchUpdateMemberEc2DeepInspectionStatusResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountIds
properties:
accountIds:
description: The unique identifiers for the Amazon Web Services accounts to change Amazon Inspector deep inspection status for.
type: array
items:
$ref: '#/components/schemas/MemberAccountEc2DeepInspectionStatus'
minItems: 0
maxItems: 100
summary: Amazon Inspector Batch Update Member Ec2 Deep Inspection Status
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/reporting/cancel:
post:
operationId: CancelFindingsReport
description: Cancels the given findings report.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CancelFindingsReportResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
'483':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'484':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- reportId
properties:
reportId:
description: The ID of the report to be canceled.
type: string
pattern: '\b[a-f0-9]{8}\b-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-\b[a-f0-9]{12}\b'
summary: Amazon Inspector Cancel Findings Report
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/sbomexport/cancel:
post:
operationId: CancelSbomExport
description: Cancels a software bill of materials (SBOM) report.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CancelSbomExportResponse'
'480':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'481':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'482':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'483':
description: ResourceNotFoundException
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceNotFoundException'
'484':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- reportId
properties:
reportId:
description: The report ID of the SBOM export to cancel.
type: string
pattern: '\b[a-f0-9]{8}\b-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-\b[a-f0-9]{12}\b'
summary: Amazon Inspector Cancel Sbom Export
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/filters/create:
post:
operationId: CreateFilter
description: Creates a filter resource using specified filter criteria.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CreateFilterResponse'
'480':
description: ServiceQuotaExceededException
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceQuotaExceededException'
'481':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
'482':
description: ValidationException
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationException'
'483':
description: AccessDeniedException
content:
application/json:
schema:
$ref: '#/components/schemas/AccessDeniedException'
'484':
description: ThrottlingException
content:
application/json:
schema:
$ref: '#/components/schemas/ThrottlingException'
'485':
description: InternalServerException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerException'
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- action
- filterCriteria
- name
properties:
action:
description: Defines the action that is to be applied to the findings that match the filter.
type: string
enum:
- NONE
- SUPPRESS
description:
description: A description of the filter.
type: string
minLength: 1
maxLength: 512
filterCriteria:
description: Details on the criteria used to define the filter.
type: object
properties:
awsAccountId:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon Web Services account IDs used to filter findings.
codeVulnerabilityDetectorName:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
codeVulnerabilityDetectorTags:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: 'The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list
of available tags by programming language, see <a href="https://docs.aws.amazon.com/codeguru/detector-library/java/tags/">Java tags</a>, or <a href="https://docs.aws.amazon.com/codeguru/detector-library/python/tags/">Python
tags</a>. '
codeVulnerabilityFilePath:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
componentId:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the component IDs used to filter findings.
componentType:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the component types used to filter findings.
ec2InstanceImageId:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon EC2 instance image IDs used to filter findings.
ec2InstanceSubnetId:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon EC2 instance subnet IDs used to filter findings.
ec2InstanceVpcId:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon EC2 instance VPC IDs used to filter findings.
ecrImageArchitecture:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon ECR image architecture types used to filter findings.
ecrImageHash:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details of the Amazon ECR image hashes used to filter findings.
ecrImagePushedAt:
allOf:
- $ref: '#/components/schemas/DateFilterList'
- description: Details on the Amazon ECR image push date and time used to filter findings.
ecrImageRegistry:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details on the Amazon ECR registry used to filter findings.
ecrImageRepositoryName:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details on the name of the Amazon ECR repository used to filter findings.
ecrImageTags:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: The tags attached to the Amazon ECR container image.
epssScore:
allOf:
- $ref: '#/components/schemas/NumberFilterList'
- description: The EPSS score used to filter findings.
exploitAvailable:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Filters the list of AWS Lambda findings by the availability of exploits.
findingArn:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details on the finding ARNs used to filter findings.
findingStatus:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details on the finding status types used to filter findings.
findingType:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: Details on the finding types used to filter findings.
firstObservedAt:
allOf:
- $ref: '#/components/schemas/DateFilterList'
- description: Details on the date and time a finding was first seen used to filter findings.
fixAvailable:
allOf:
- $ref: '#/components/schemas/StringFilterList'
- description: 'Details on whether a fix is available through a version update. This value
# --- truncated at 32 KB (356 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/amazon-inspector/refs/heads/main/openapi/amazon-inspector-openapi-original.yml