:doc:`ECR <../../ecr>` / Client / describe_image_scan_findings

****************************
describe_image_scan_findings
****************************



.. py:method:: ECR.Client.describe_image_scan_findings(**kwargs)

  

  Returns the scan findings for the specified image.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageScanFindings>`_  


  **Request Syntax**
  ::

    response = client.describe_image_scan_findings(
        registryId='string',
        repositoryName='string',
        imageId={
            'imageDigest': 'string',
            'imageTag': 'string'
        },
        nextToken='string',
        maxResults=123
    )
    
  :type registryId: string
  :param registryId: 

    The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

    

  
  :type repositoryName: string
  :param repositoryName: **[REQUIRED]** 

    The repository for the image for which to describe the scan findings.

    

  
  :type imageId: dict
  :param imageId: **[REQUIRED]** 

    An object with identifying information for an image in an Amazon ECR repository.

    

  
    - **imageDigest** *(string) --* 

      The ``sha256`` digest of the image manifest.

      

    
    - **imageTag** *(string) --* 

      The tag used for the image.

      

    
  
  :type nextToken: string
  :param nextToken: 

    The ``nextToken`` value returned from a previous paginated ``DescribeImageScanFindings`` request where ``maxResults`` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the ``nextToken`` value. This value is null when there are no more results to return.

    

  
  :type maxResults: integer
  :param maxResults: 

    The maximum number of image scan results returned by ``DescribeImageScanFindings`` in paginated output. When this parameter is used, ``DescribeImageScanFindings`` only returns ``maxResults`` results in a single page along with a ``nextToken`` response element. The remaining results of the initial request can be seen by sending another ``DescribeImageScanFindings`` request with the returned ``nextToken`` value. This value can be between 1 and 1000. If this parameter is not used, then ``DescribeImageScanFindings`` returns up to 100 results and a ``nextToken`` value, if applicable.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'registryId': 'string',
          'repositoryName': 'string',
          'imageId': {
              'imageDigest': 'string',
              'imageTag': 'string'
          },
          'imageScanStatus': {
              'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE'|'LIMIT_EXCEEDED'|'IMAGE_ARCHIVED',
              'description': 'string'
          },
          'imageScanFindings': {
              'imageScanCompletedAt': datetime(2015, 1, 1),
              'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
              'findingSeverityCounts': {
                  'string': 123
              },
              'findings': [
                  {
                      'name': 'string',
                      'description': 'string',
                      'uri': 'string',
                      'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
                      'attributes': [
                          {
                              'key': 'string',
                              'value': 'string'
                          },
                      ]
                  },
              ],
              'enhancedFindings': [
                  {
                      'awsAccountId': 'string',
                      'description': 'string',
                      'findingArn': 'string',
                      'firstObservedAt': datetime(2015, 1, 1),
                      'lastObservedAt': datetime(2015, 1, 1),
                      'packageVulnerabilityDetails': {
                          'cvss': [
                              {
                                  'baseScore': 123.0,
                                  'scoringVector': 'string',
                                  'source': 'string',
                                  'version': 'string'
                              },
                          ],
                          'referenceUrls': [
                              'string',
                          ],
                          'relatedVulnerabilities': [
                              'string',
                          ],
                          'source': 'string',
                          'sourceUrl': 'string',
                          'vendorCreatedAt': datetime(2015, 1, 1),
                          'vendorSeverity': 'string',
                          'vendorUpdatedAt': datetime(2015, 1, 1),
                          'vulnerabilityId': 'string',
                          'vulnerablePackages': [
                              {
                                  'arch': 'string',
                                  'epoch': 123,
                                  'filePath': 'string',
                                  'name': 'string',
                                  'packageManager': 'string',
                                  'release': 'string',
                                  'sourceLayerHash': 'string',
                                  'version': 'string',
                                  'fixedInVersion': 'string'
                              },
                          ]
                      },
                      'remediation': {
                          'recommendation': {
                              'url': 'string',
                              'text': 'string'
                          }
                      },
                      'resources': [
                          {
                              'details': {
                                  'awsEcrContainerImage': {
                                      'architecture': 'string',
                                      'author': 'string',
                                      'imageHash': 'string',
                                      'imageTags': [
                                          'string',
                                      ],
                                      'platform': 'string',
                                      'pushedAt': datetime(2015, 1, 1),
                                      'lastInUseAt': datetime(2015, 1, 1),
                                      'inUseCount': 123,
                                      'registry': 'string',
                                      'repositoryName': 'string'
                                  }
                              },
                              'id': 'string',
                              'tags': {
                                  'string': 'string'
                              },
                              'type': 'string'
                          },
                      ],
                      'score': 123.0,
                      'scoreDetails': {
                          'cvss': {
                              'adjustments': [
                                  {
                                      'metric': 'string',
                                      'reason': 'string'
                                  },
                              ],
                              'score': 123.0,
                              'scoreSource': 'string',
                              'scoringVector': 'string',
                              'version': 'string'
                          }
                      },
                      'severity': 'string',
                      'status': 'string',
                      'title': 'string',
                      'type': 'string',
                      'updatedAt': datetime(2015, 1, 1),
                      'fixAvailable': 'string',
                      'exploitAvailable': 'string'
                  },
              ]
          },
          'nextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **registryId** *(string) --* 

        The registry ID associated with the request.

        
      

      - **repositoryName** *(string) --* 

        The repository name associated with the request.

        
      

      - **imageId** *(dict) --* 

        An object with identifying information for an image in an Amazon ECR repository.

        
        

        - **imageDigest** *(string) --* 

          The ``sha256`` digest of the image manifest.

          
        

        - **imageTag** *(string) --* 

          The tag used for the image.

          
    
      

      - **imageScanStatus** *(dict) --* 

        The current state of the scan.

        
        

        - **status** *(string) --* 

          The current state of an image scan.

          
        

        - **description** *(string) --* 

          The description of the image scan status.

          
    
      

      - **imageScanFindings** *(dict) --* 

        The information contained in the image scan findings.

        
        

        - **imageScanCompletedAt** *(datetime) --* 

          The time of the last completed image scan.

          
        

        - **vulnerabilitySourceUpdatedAt** *(datetime) --* 

          The time when the vulnerability data was last scanned.

          
        

        - **findingSeverityCounts** *(dict) --* 

          The image vulnerability counts, sorted by severity.

          
          

          - *(string) --* 
            

            - *(integer) --* 
      
    
        

        - **findings** *(list) --* 

          The findings from the image scan.

          
          

          - *(dict) --* 

            Contains information about an image scan finding.

            
            

            - **name** *(string) --* 

              The name associated with the finding, usually a CVE number.

              
            

            - **description** *(string) --* 

              The description of the finding.

              
            

            - **uri** *(string) --* 

              A link containing additional details about the security vulnerability.

              
            

            - **severity** *(string) --* 

              The finding severity.

              
            

            - **attributes** *(list) --* 

              A collection of attributes of the host from which the finding is generated.

              
              

              - *(dict) --* 

                This data type is used in the  ImageScanFinding data type.

                
                

                - **key** *(string) --* 

                  The attribute key.

                  
                

                - **value** *(string) --* 

                  The value assigned to the attribute key.

                  
            
          
        
      
        

        - **enhancedFindings** *(list) --* 

          Details about the enhanced scan findings from Amazon Inspector.

          
          

          - *(dict) --* 

            The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.

            
            

            - **awsAccountId** *(string) --* 

              The Amazon Web Services account ID associated with the image.

              
            

            - **description** *(string) --* 

              The description of the finding.

              
            

            - **findingArn** *(string) --* 

              The Amazon Resource Number (ARN) of the finding.

              
            

            - **firstObservedAt** *(datetime) --* 

              The date and time that the finding was first observed.

              
            

            - **lastObservedAt** *(datetime) --* 

              The date and time that the finding was last observed.

              
            

            - **packageVulnerabilityDetails** *(dict) --* 

              An object that contains the details of a package vulnerability finding.

              
              

              - **cvss** *(list) --* 

                An object that contains details about the CVSS score of a finding.

                
                

                - *(dict) --* 

                  The CVSS score for a finding.

                  
                  

                  - **baseScore** *(float) --* 

                    The base CVSS score used for the finding.

                    
                  

                  - **scoringVector** *(string) --* 

                    The vector string of the CVSS score.

                    
                  

                  - **source** *(string) --* 

                    The source of the CVSS score.

                    
                  

                  - **version** *(string) --* 

                    The version of CVSS used for the score.

                    
              
            
              

              - **referenceUrls** *(list) --* 

                One or more URLs that contain details about this vulnerability type.

                
                

                - *(string) --* 
            
              

              - **relatedVulnerabilities** *(list) --* 

                One or more vulnerabilities related to the one identified in this finding.

                
                

                - *(string) --* 
            
              

              - **source** *(string) --* 

                The source of the vulnerability information.

                
              

              - **sourceUrl** *(string) --* 

                A URL to the source of the vulnerability information.

                
              

              - **vendorCreatedAt** *(datetime) --* 

                The date and time that this vulnerability was first added to the vendor's database.

                
              

              - **vendorSeverity** *(string) --* 

                The severity the vendor has given to this vulnerability type.

                
              

              - **vendorUpdatedAt** *(datetime) --* 

                The date and time the vendor last updated this vulnerability in their database.

                
              

              - **vulnerabilityId** *(string) --* 

                The ID given to this vulnerability.

                
              

              - **vulnerablePackages** *(list) --* 

                The packages impacted by this vulnerability.

                
                

                - *(dict) --* 

                  Information on the vulnerable package identified by a finding.

                  
                  

                  - **arch** *(string) --* 

                    The architecture of the vulnerable package.

                    
                  

                  - **epoch** *(integer) --* 

                    The epoch of the vulnerable package.

                    
                  

                  - **filePath** *(string) --* 

                    The file path of the vulnerable package.

                    
                  

                  - **name** *(string) --* 

                    The name of the vulnerable package.

                    
                  

                  - **packageManager** *(string) --* 

                    The package manager of the vulnerable package.

                    
                  

                  - **release** *(string) --* 

                    The release of the vulnerable package.

                    
                  

                  - **sourceLayerHash** *(string) --* 

                    The source layer hash of the vulnerable package.

                    
                  

                  - **version** *(string) --* 

                    The version of the vulnerable package.

                    
                  

                  - **fixedInVersion** *(string) --* 

                    The version of the package that contains the vulnerability fix.

                    
              
            
          
            

            - **remediation** *(dict) --* 

              An object that contains the details about how to remediate a finding.

              
              

              - **recommendation** *(dict) --* 

                An object that contains information about the recommended course of action to remediate the finding.

                
                

                - **url** *(string) --* 

                  The URL address to the CVE remediation recommendations.

                  
                

                - **text** *(string) --* 

                  The recommended course of action to remediate the finding.

                  
            
          
            

            - **resources** *(list) --* 

              Contains information on the resources involved in a finding.

              
              

              - *(dict) --* 

                Details about the resource involved in a finding.

                
                

                - **details** *(dict) --* 

                  An object that contains details about the resource involved in a finding.

                  
                  

                  - **awsEcrContainerImage** *(dict) --* 

                    An object that contains details about the Amazon ECR container image involved in the finding.

                    
                    

                    - **architecture** *(string) --* 

                      The architecture of the Amazon ECR container image.

                      
                    

                    - **author** *(string) --* 

                      The image author of the Amazon ECR container image.

                      
                    

                    - **imageHash** *(string) --* 

                      The image hash of the Amazon ECR container image.

                      
                    

                    - **imageTags** *(list) --* 

                      The image tags attached to the Amazon ECR container image.

                      
                      

                      - *(string) --* 
                  
                    

                    - **platform** *(string) --* 

                      The platform of the Amazon ECR container image.

                      
                    

                    - **pushedAt** *(datetime) --* 

                      The date and time the Amazon ECR container image was pushed.

                      
                    

                    - **lastInUseAt** *(datetime) --* 

                      The most recent date and time a cluster was running the image.

                      
                    

                    - **inUseCount** *(integer) --* 

                      The number of Amazon ECS or Amazon EKS clusters currently running the image.

                      
                    

                    - **registry** *(string) --* 

                      The registry the Amazon ECR container image belongs to.

                      
                    

                    - **repositoryName** *(string) --* 

                      The name of the repository the Amazon ECR container image resides in.

                      
                
              
                

                - **id** *(string) --* 

                  The ID of the resource.

                  
                

                - **tags** *(dict) --* 

                  The tags attached to the resource.

                  
                  

                  - *(string) --* 
                    

                    - *(string) --* 
              
            
                

                - **type** *(string) --* 

                  The type of resource.

                  
            
          
            

            - **score** *(float) --* 

              The Amazon Inspector score given to the finding.

              
            

            - **scoreDetails** *(dict) --* 

              An object that contains details of the Amazon Inspector score.

              
              

              - **cvss** *(dict) --* 

                An object that contains details about the CVSS score given to a finding.

                
                

                - **adjustments** *(list) --* 

                  An object that contains details about adjustment Amazon Inspector made to the CVSS score.

                  
                  

                  - *(dict) --* 

                    Details on adjustments Amazon Inspector made to the CVSS score for a finding.

                    
                    

                    - **metric** *(string) --* 

                      The metric used to adjust the CVSS score.

                      
                    

                    - **reason** *(string) --* 

                      The reason the CVSS score has been adjustment.

                      
                
              
                

                - **score** *(float) --* 

                  The CVSS score.

                  
                

                - **scoreSource** *(string) --* 

                  The source for the CVSS score.

                  
                

                - **scoringVector** *(string) --* 

                  The vector for the CVSS score.

                  
                

                - **version** *(string) --* 

                  The CVSS version used in scoring.

                  
            
          
            

            - **severity** *(string) --* 

              The severity of the finding.

              
            

            - **status** *(string) --* 

              The status of the finding.

              
            

            - **title** *(string) --* 

              The title of the finding.

              
            

            - **type** *(string) --* 

              The type of the finding.

              
            

            - **updatedAt** *(datetime) --* 

              The date and time the finding was last updated at.

              
            

            - **fixAvailable** *(string) --* 

              Details on whether a fix is available through a version update. This value can be ``YES``, ``NO``, or ``PARTIAL``. A ``PARTIAL`` fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

              
            

            - **exploitAvailable** *(string) --* 

              If a finding discovered in your environment has an exploit available.

              
        
      
    
      

      - **nextToken** *(string) --* 

        The ``nextToken`` value to include in a future ``DescribeImageScanFindings`` request. When the results of a ``DescribeImageScanFindings`` request exceed ``maxResults``, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

        
  
  **Exceptions**
  
  *   :py:class:`ECR.Client.exceptions.ServerException`

  
  *   :py:class:`ECR.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`ECR.Client.exceptions.RepositoryNotFoundException`

  
  *   :py:class:`ECR.Client.exceptions.ImageNotFoundException`

  
  *   :py:class:`ECR.Client.exceptions.ScanNotFoundException`

  
  *   :py:class:`ECR.Client.exceptions.ValidationException`

  