aws-sdk-securityhub 1.90.0 → 1.91.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1396b5b8daa3697fac2ad731b148d6abadf5e9da0978aaff2a4594bf6a141c44
-  data.tar.gz: 4ed199b559c28290db4f8d66c298eb7aa0384be1d9c1f594936faa2c69c5aadb
+  metadata.gz: 5711ac047fe6550301be8891499185af700b529c304fe8a6ab774c5db77ec369
+  data.tar.gz: 456b59d3a98611f196a1befe3c7b4305f13780d4b3149da57aca07df6afb60d3
 SHA512:
-  metadata.gz: 04bbab448a1645598864782958973c024beebe56bae6067ca2b72e2defa87f0e23ab288ec8723fe1c6eaa740666937f31479ce07349b0776fc530855e51ba06e
-  data.tar.gz: 0eb5a3826c5abdc8be6681f6f8e0ce2aaacb6b8bc1bda924e4e27f33b91db654f91902f7e2cf3a068fb0305c3606376b61e3d59529c06f178991129ffa1e86c8
+  metadata.gz: 772a55939b1b62429f8d71cd552a44fcee093e0da1458bec5f081b11ee47cf8cc1960c6578c114fc09ee15f719854a05a3f80e6f687c06229f22f1e60c073faa
+  data.tar.gz: 0e8eda805fc735e599ba0e5db294ee26efeb00c8d28113e87d83f533ee5f111c45d450bac32d8d904f2f725d4babac09ca8c29fabd1d1261875ccf995500b596

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.91.0 (2023-08-18)
+------------------
+
+* Feature - Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
+
 1.90.0 (2023-07-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.90.0
+1.91.0

data/lib/aws-sdk-securityhub/client.rb

@@ -3561,8 +3561,9 @@ module Aws::SecurityHub
 
     # Deletes the specified member accounts from Security Hub.
     #
-    # Can be used to delete member accounts that belong to an organization
-    # as well as member accounts that were invited manually.
+    # You can invoke this API only to delete accounts that became members
+    # through invitation. You can't invoke this API to delete accounts that
+    # belong to an Organizations organization.
     #
     # @option params [required, Array<String>] :account_ids
     #   The list of account IDs for the member accounts to delete.
@@ -4143,12 +4144,12 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
-    # Disables Security Hub in your account only in the current Region. To
-    # disable Security Hub in all Regions, you must submit one request per
-    # Region where you have enabled Security Hub.
+    # Disables Security Hub in your account only in the current Amazon Web
+    # Services Region. To disable Security Hub in all Regions, you must
+    # submit one request per Region where you have enabled Security Hub.
     #
-    # When you disable Security Hub for an administrator account, it
-    # doesn't disable Security Hub for any associated member accounts.
+    # You can't disable Security Hub in an account that is currently the
+    # Security Hub administrator.
     #
     # When you disable Security Hub, your existing findings and insights and
     # any Security Hub configuration settings are deleted after 90 days and
@@ -8702,7 +8703,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.90.0'
+      context[:gem_version] = '1.91.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -693,6 +693,7 @@ module Aws::SecurityHub
     City = Shapes::StructureShape.new(name: 'City')
     ClassificationResult = Shapes::StructureShape.new(name: 'ClassificationResult')
     ClassificationStatus = Shapes::StructureShape.new(name: 'ClassificationStatus')
+    CodeVulnerabilitiesFilePath = Shapes::StructureShape.new(name: 'CodeVulnerabilitiesFilePath')
     Compliance = Shapes::StructureShape.new(name: 'Compliance')
     ComplianceStatus = Shapes::StringShape.new(name: 'ComplianceStatus')
     ContainerDetails = Shapes::StructureShape.new(name: 'ContainerDetails')
@@ -784,6 +785,7 @@ module Aws::SecurityHub
     FirewallPolicyStatelessCustomActionsList = Shapes::ListShape.new(name: 'FirewallPolicyStatelessCustomActionsList')
     FirewallPolicyStatelessRuleGroupReferencesDetails = Shapes::StructureShape.new(name: 'FirewallPolicyStatelessRuleGroupReferencesDetails')
     FirewallPolicyStatelessRuleGroupReferencesList = Shapes::ListShape.new(name: 'FirewallPolicyStatelessRuleGroupReferencesList')
+    GeneratorDetails = Shapes::StructureShape.new(name: 'GeneratorDetails')
     GeoLocation = Shapes::StructureShape.new(name: 'GeoLocation')
     GetAdministratorAccountRequest = Shapes::StructureShape.new(name: 'GetAdministratorAccountRequest')
     GetAdministratorAccountResponse = Shapes::StructureShape.new(name: 'GetAdministratorAccountResponse')
@@ -1049,6 +1051,9 @@ module Aws::SecurityHub
     VpcInfoIpv6CidrBlockSetList = Shapes::ListShape.new(name: 'VpcInfoIpv6CidrBlockSetList')
     VpcInfoPeeringOptionsDetails = Shapes::StructureShape.new(name: 'VpcInfoPeeringOptionsDetails')
     Vulnerability = Shapes::StructureShape.new(name: 'Vulnerability')
+    VulnerabilityCodeVulnerabilities = Shapes::StructureShape.new(name: 'VulnerabilityCodeVulnerabilities')
+    VulnerabilityCodeVulnerabilitiesList = Shapes::ListShape.new(name: 'VulnerabilityCodeVulnerabilitiesList')
+    VulnerabilityExploitAvailable = Shapes::StringShape.new(name: 'VulnerabilityExploitAvailable')
     VulnerabilityFixAvailable = Shapes::StringShape.new(name: 'VulnerabilityFixAvailable')
     VulnerabilityList = Shapes::ListShape.new(name: 'VulnerabilityList')
     VulnerabilityVendor = Shapes::StructureShape.new(name: 'VulnerabilityVendor')
@@ -4314,6 +4319,7 @@ module Aws::SecurityHub
     AwsSecurityFinding.add_member(:action, Shapes::ShapeRef.new(shape: Action, location_name: "Action"))
     AwsSecurityFinding.add_member(:finding_provider_fields, Shapes::ShapeRef.new(shape: FindingProviderFields, location_name: "FindingProviderFields"))
     AwsSecurityFinding.add_member(:sample, Shapes::ShapeRef.new(shape: Boolean, location_name: "Sample"))
+    AwsSecurityFinding.add_member(:generator_details, Shapes::ShapeRef.new(shape: GeneratorDetails, location_name: "GeneratorDetails"))
     AwsSecurityFinding.struct_class = Types::AwsSecurityFinding
 
     AwsSecurityFindingFilters.add_member(:product_arn, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ProductArn"))
@@ -4834,6 +4840,12 @@ module Aws::SecurityHub
     ClassificationStatus.add_member(:reason, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Reason"))
     ClassificationStatus.struct_class = Types::ClassificationStatus
 
+    CodeVulnerabilitiesFilePath.add_member(:end_line, Shapes::ShapeRef.new(shape: Integer, location_name: "EndLine"))
+    CodeVulnerabilitiesFilePath.add_member(:file_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "FileName"))
+    CodeVulnerabilitiesFilePath.add_member(:file_path, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "FilePath"))
+    CodeVulnerabilitiesFilePath.add_member(:start_line, Shapes::ShapeRef.new(shape: Integer, location_name: "StartLine"))
+    CodeVulnerabilitiesFilePath.struct_class = Types::CodeVulnerabilitiesFilePath
+
     Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
     Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
     Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
@@ -5143,6 +5155,11 @@ module Aws::SecurityHub
 
     FirewallPolicyStatelessRuleGroupReferencesList.member = Shapes::ShapeRef.new(shape: FirewallPolicyStatelessRuleGroupReferencesDetails)
 
+    GeneratorDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    GeneratorDetails.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
+    GeneratorDetails.add_member(:labels, Shapes::ShapeRef.new(shape: TypeList, location_name: "Labels"))
+    GeneratorDetails.struct_class = Types::GeneratorDetails
+
     GeoLocation.add_member(:lon, Shapes::ShapeRef.new(shape: Double, location_name: "Lon"))
     GeoLocation.add_member(:lat, Shapes::ShapeRef.new(shape: Double, location_name: "Lat"))
     GeoLocation.struct_class = Types::GeoLocation
@@ -6162,8 +6179,18 @@ module Aws::SecurityHub
     Vulnerability.add_member(:vendor, Shapes::ShapeRef.new(shape: VulnerabilityVendor, location_name: "Vendor"))
     Vulnerability.add_member(:reference_urls, Shapes::ShapeRef.new(shape: StringList, location_name: "ReferenceUrls"))
     Vulnerability.add_member(:fix_available, Shapes::ShapeRef.new(shape: VulnerabilityFixAvailable, location_name: "FixAvailable"))
+    Vulnerability.add_member(:epss_score, Shapes::ShapeRef.new(shape: Double, location_name: "EpssScore"))
+    Vulnerability.add_member(:exploit_available, Shapes::ShapeRef.new(shape: VulnerabilityExploitAvailable, location_name: "ExploitAvailable"))
+    Vulnerability.add_member(:code_vulnerabilities, Shapes::ShapeRef.new(shape: VulnerabilityCodeVulnerabilitiesList, location_name: "CodeVulnerabilities"))
     Vulnerability.struct_class = Types::Vulnerability
 
+    VulnerabilityCodeVulnerabilities.add_member(:cwes, Shapes::ShapeRef.new(shape: TypeList, location_name: "Cwes"))
+    VulnerabilityCodeVulnerabilities.add_member(:file_path, Shapes::ShapeRef.new(shape: CodeVulnerabilitiesFilePath, location_name: "FilePath"))
+    VulnerabilityCodeVulnerabilities.add_member(:source_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SourceArn"))
+    VulnerabilityCodeVulnerabilities.struct_class = Types::VulnerabilityCodeVulnerabilities
+
+    VulnerabilityCodeVulnerabilitiesList.member = Shapes::ShapeRef.new(shape: VulnerabilityCodeVulnerabilities)
+
     VulnerabilityList.member = Shapes::ShapeRef.new(shape: Vulnerability)
 
     VulnerabilityVendor.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Name"))

data/lib/aws-sdk-securityhub/types.rb

@@ -17721,6 +17721,15 @@ module Aws::SecurityHub
     #   Indicates whether the finding is a sample finding.
     #   @return [Boolean]
     #
+    # @!attribute [rw] generator_details
+    #   Provides metadata for the Amazon CodeGuru detector associated with a
+    #   finding. This field pertains to findings that relate to Lambda
+    #   functions. Amazon Inspector identifies policy violations and
+    #   vulnerabilities in Lambda function code based on internal detectors
+    #   developed in collaboration with Amazon CodeGuru. Security Hub
+    #   receives those findings.
+    #   @return [Types::GeneratorDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
     #
     class AwsSecurityFinding < Struct.new(
@@ -17764,7 +17773,8 @@ module Aws::SecurityHub
       :patch_summary,
       :action,
       :finding_provider_fields,
-      :sample)
+      :sample,
+      :generator_details)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -20662,6 +20672,38 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about where a code vulnerability is located in your
+    # Lambda function.
+    #
+    # @!attribute [rw] end_line
+    #   The line number of the last line of code in which the vulnerability
+    #   is located.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] file_name
+    #   The name of the file in which the code vulnerability is located.
+    #   @return [String]
+    #
+    # @!attribute [rw] file_path
+    #   The file path to the code in which the vulnerability is located.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_line
+    #   The line number of the first line of code in which the vulnerability
+    #   is located.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CodeVulnerabilitiesFilePath AWS API Documentation
+    #
+    class CodeVulnerabilitiesFilePath < Struct.new(
+      :end_line,
+      :file_name,
+      :file_path,
+      :start_line)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains finding details that are specific to control-based findings.
     # Only returned for findings generated from controls.
     #
@@ -22193,6 +22235,37 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides metadata for the Amazon CodeGuru detector associated with a
+    # finding. This field pertains to findings that relate to Lambda
+    # functions. Amazon Inspector identifies policy violations and
+    # vulnerabilities in Lambda function code based on internal detectors
+    # developed in collaboration with Amazon CodeGuru. Security Hub receives
+    # those findings.
+    #
+    # @!attribute [rw] name
+    #   The name of the detector used to identify the code vulnerability.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of the detector used to identify the code
+    #   vulnerability.
+    #   @return [String]
+    #
+    # @!attribute [rw] labels
+    #   An array of tags used to identify the detector associated with the
+    #   finding.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeneratorDetails AWS API Documentation
+    #
+    class GeneratorDetails < Struct.new(
+      :name,
+      :description,
+      :labels)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides the latitude and longitude coordinates of a location.
     #
     # @!attribute [rw] lon
@@ -27193,6 +27266,20 @@ module Aws::SecurityHub
     #   * `PARTIAL` otherwise
     #   @return [String]
     #
+    # @!attribute [rw] epss_score
+    #   The Exploit Prediction Scoring System (EPSS) score for a finding.
+    #   @return [Float]
+    #
+    # @!attribute [rw] exploit_available
+    #   Whether an exploit is available for a finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] code_vulnerabilities
+    #   The vulnerabilities found in your Lambda function code. This field
+    #   pertains to findings that Security Hub receives from Amazon
+    #   Inspector.
+    #   @return [Array<Types::VulnerabilityCodeVulnerabilities>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Vulnerability AWS API Documentation
     #
     class Vulnerability < Struct.new(
@@ -27202,7 +27289,39 @@ module Aws::SecurityHub
       :related_vulnerabilities,
       :vendor,
       :reference_urls,
-      :fix_available)
+      :fix_available,
+      :epss_score,
+      :exploit_available,
+      :code_vulnerabilities)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides details about the vulnerabilities found in your Lambda
+    # function code. This field pertains to findings that Security Hub
+    # receives from Amazon Inspector.
+    #
+    # @!attribute [rw] cwes
+    #   The Common Weakness Enumeration (CWE) item associated with the
+    #   detected code vulnerability.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] file_path
+    #   Provides details about where a code vulnerability is located in your
+    #   Lambda function.
+    #   @return [Types::CodeVulnerabilitiesFilePath]
+    #
+    # @!attribute [rw] source_arn
+    #   The Amazon Resource Name (ARN) of the Lambda layer in which the code
+    #   vulnerability is located.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VulnerabilityCodeVulnerabilities AWS API Documentation
+    #
+    class VulnerabilityCodeVulnerabilities < Struct.new(
+      :cwes,
+      :file_path,
+      :source_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -27317,8 +27436,7 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Provides information about the status of the investigation into a
-    # finding.
+    # Provides details about the status of the investigation into a finding.
     #
     # @!attribute [rw] status
     #   The status of the investigation into the finding. The workflow

data/lib/aws-sdk-securityhub.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @!group service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.90.0'
+  GEM_VERSION = '1.91.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.90.0
+  version: 1.91.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-25 00:00:00.000000000 Z
+date: 2023-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core