AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-08-28 · Documentation low

File: cli/latest/reference/codeguru-security/batch-get-findings.md

Summary

Updated CLI reference version, reordered parameters in syntax examples, restructured findings output documentation with added vulnerability details, and moved failedFindings error section.

Security assessment

The changes significantly expand vulnerability documentation details including code snippets, file paths, severity levels, and remediation guidance. While this improves security transparency, there's no evidence of addressing a specific vulnerability. The changes enhance documentation of existing security features rather than patching issues.

Diff

diff --git a/cli/latest/reference/codeguru-security/batch-get-findings.md b/cli/latest/reference/codeguru-security/batch-get-findings.md
index b2eddc00b..cd166bb28 100644
--- a//cli/latest/reference/codeguru-security/batch-get-findings.md
+++ b//cli/latest/reference/codeguru-security/batch-get-findings.md
@@ -15 +15 @@
-  * [AWS CLI 2.28.16 Command Reference](../../index.html) »
+  * [AWS CLI 2.28.19 Command Reference](../../index.html) »
@@ -100,4 +99,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/codegu
->> findingId -> (string)
->>
->>> The identifier for a finding.
->> 
@@ -106,0 +103,4 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/codegu
+>> 
+>> findingId -> (string)
+>>
+>>> The identifier for a finding.
@@ -111 +111 @@ Shorthand Syntax:
-    findingId=string,scanName=string ...
+    scanName=string,findingId=string ...
@@ -119,2 +119,2 @@ JSON Syntax:
-        "findingId": "string",
-        "scanName": "string"
+        "scanName": "string",
+        "findingId": "string"
@@ -225,24 +224,0 @@ Disable automatically prompt for CLI input parameters.
-failedFindings -> (list)
-
-> A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the `scanName` , `findingId` , `errorCode` and error `message` .
-> 
-> (structure)
->
->> Contains information about the error that caused a finding to fail to be retrieved.
->> 
->> errorCode -> (string)
->>
->>> A code associated with the type of error.
->> 
->> findingId -> (string)
->>
->>> The finding ID of the finding that was not fetched.
->> 
->> message -> (string)
->>
->>> Describes the error.
->> 
->> scanName -> (string)
->>
->>> The name of the scan that generated the finding.
-
@@ -265 +241 @@ findings -> (list)
->> detectorId -> (string)
+>> generatorId -> (string)
@@ -267 +243 @@ findings -> (list)
->>> The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.
+>>> The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.
@@ -269 +245 @@ findings -> (list)
->> detectorName -> (string)
+>> id -> (string)
@@ -271 +247 @@ findings -> (list)
->>> The name of the detector that identified the security vulnerability in your code.
+>>> The identifier for a finding.
@@ -273 +249 @@ findings -> (list)
->> detectorTags -> (list)
+>> updatedAt -> (timestamp)
@@ -275 +251,13 @@ findings -> (list)
->>> One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.
+>>> The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.
+>> 
+>> type -> (string)
+>>
+>>> The type of finding.
+>> 
+>> status -> (string)
+>>
+>>> The status of the finding. A finding status can be open or closed.
+>> 
+>> resource -> (structure)
+>>
+>>> The resource where Amazon CodeGuru Security detected a finding.
@@ -277 +265,7 @@ findings -> (list)
->>> (string)
+>>> id -> (string)
+>>>
+>>>> The `scanName` of the scan that was run on the resource.
+>>> 
+>>> subResourceId -> (string)
+>>>
+>>>> The identifier for a section of the resource.
@@ -279 +273 @@ findings -> (list)
->> generatorId -> (string)
+>> vulnerability -> (structure)
@@ -281 +275,57 @@ findings -> (list)
->>> The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.
+>>> An object that describes the detected security vulnerability.
+>>> 
+>>> referenceUrls -> (list)
+>>>
+>>>> One or more URL addresses that contain details about a vulnerability.
+>>>> 
+>>>> (string)
+>>> 
+>>> relatedVulnerabilities -> (list)
+>>>
+>>>> One or more vulnerabilities that are related to the vulnerability being described.
+>>>> 
+>>>> (string)
+>>> 
+>>> id -> (string)
+>>>
+>>>> The identifier for the vulnerability.
+>>> 
+>>> filePath -> (structure)
+>>>
+>>>> An object that describes the location of the detected security vulnerability in your code.
+>>>> 
+>>>> name -> (string)
+>>>>
+>>>>> The name of the file.
+>>>> 
+>>>> path -> (string)
+>>>>
+>>>>> The path to the resource with the security vulnerability.
+>>>> 
+>>>> startLine -> (integer)
+>>>>
+>>>>> The first line number of the code snippet where the security vulnerability appears in your code.
+>>>> 
+>>>> endLine -> (integer)
+>>>>
+>>>>> The last line number of the code snippet where the security vulnerability appears in your code.
+>>>> 
+>>>> codeSnippet -> (list)
+>>>>
+>>>>> A list of `CodeLine` objects that describe where the security vulnerability appears in your code.
+>>>>> 
+>>>>> (structure)
+>>>>>
+>>>>>> The line of code where a finding was detected.
+>>>>>> 
+>>>>>> number -> (integer)
+>>>>>>
+>>>>>>> The code line number.
+>>>>>> 
+>>>>>> content -> (string)
+>>>>>>
+>>>>>>> The code that contains a vulnerability.
+>>> 
+>>> itemCount -> (integer)
+>>>
+>>>> The number of times the vulnerability appears in your code.
@@ -283 +333 @@ findings -> (list)
->> id -> (string)
+>> severity -> (string)
@@ -285 +335 @@ findings -> (list)
->>> The identifier for a finding.
+>>> The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see [Finding severity](https://docs.aws.amazon.com/codeguru/latest/security-ug/findings-overview.html#severity-distribution) in the _Amazon CodeGuru Security User Guide_ .
@@ -311,4 +360,0 @@ findings -> (list)
->>>>> code -> (string)
->>>>>
->>>>>> The suggested code fix. If applicable, includes code patch to replace your source code.
->>>>> 
@@ -317,0 +364,4 @@ findings -> (list)
+>>>>> 
+>>>>> code -> (string)
+>>>>>
+>>>>>> The suggested code fix. If applicable, includes code patch to replace your source code.
@@ -319 +369 @@ findings -> (list)
->> resource -> (structure)
+>> title -> (string)
@@ -321,7 +371,5 @@ findings -> (list)
->>> The resource where Amazon CodeGuru Security detected a finding.
->>> 
->>> id -> (string)
->>>
->>>> The `scanName` of the scan that was run on the resource.
->>> 
->>> subResourceId -> (string)
+>>> The title of the finding.
+>> 
+>> detectorTags -> (list)
+>>
+>>> One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.
@@ -329 +377 @@ findings -> (list)
->>>> The identifier for a section of the resource.
+>>> (string)
@@ -331 +379 @@ findings -> (list)
->> ruleId -> (string)
+>> detectorId -> (string)
@@ -333 +381 @@ findings -> (list)
->>> The identifier for the rule that generated the finding.
+>>> The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.
@@ -335 +383 @@ findings -> (list)
->> severity -> (string)
+>> detectorName -> (string)
@@ -337 +385 @@ findings -> (list)
->>> The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see [Finding severity](https://docs.aws.amazon.com/codeguru/latest/security-ug/findings-overview.html#severity-distribution) in the _Amazon CodeGuru Security User Guide_ .
+>>> The name of the detector that identified the security vulnerability in your code.
@@ -339 +387 @@ findings -> (list)
->> status -> (string)