aws-samples · davidhessler · Feb 2, 2026 · Feb 5, 2026 · Feb 5, 2026 · Feb 5, 2026
diff --git a/.github/workflows/security-and-tests.yml b/.github/workflows/security-and-tests.yml
@@ -38,10 +38,10 @@ jobs:
           uv pip install -r requirements-dev.txt
 
       - name: Run Bandit
-        run: bandit -r . -x ./tests,./venv --skip B113,B108,B404
+        run: bandit -r . -x ./tests,./venv,./scripts --skip B113,B108,B404
 
       - name: Run detect-secrets
-        run: detect-secrets scan --baseline .secrets.baseline
+        run: detect-secrets scan
 
       - name: Install Syft & Grype
         uses: anchore/sbom-action@v0
@@ -119,8 +119,8 @@ jobs:
 
       - name: Run pytest with coverage
         run: |
-          # Run all tests with coverage (tests that need to be skipped use @pytest.mark.skip)
-          pytest tests/ -v --cov=. --cov-report=xml --cov-report=term
+          # Run unit tests with coverage (excluding acceptance tests which require external services)
+          pytest tests/ -v --ignore=tests/acceptance --cov=. --cov-report=xml --cov-report=term
 
       - name: Code Coverage Report
         uses: irongut/CodeCoverageSummary@v1.3.0

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
+.kiro/aside/
+.kiro/hooks/aside_start.kiro.hook
+
 .idea
 node_modules
 package.json
@@ -55,4 +58,5 @@ venv.bak/
 # Following file is added in gitignore till we start adding service_now_client event processing implementation
 tests/assets/service_now_client/test_service_now_client.py
 cdk.out/*
+cdk.out*/*
 .kiro/specs
diff --git a/.kiro/settings/mcp.json b/.kiro/settings/mcp.json
@@ -0,0 +1,4 @@
+{
+  "mcpServers": {
+  }
+}
diff --git a/.secrets.baseline b/.secrets.baseline
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,5 +1,5 @@
 {
-    "kiroAgent.configureMCP": "Disabled",
+    "kiroAgent.configureMCP": "Enabled",
     "workbench.colorCustomizations": {
         "terminal.integrated.shellIntegration.decorationsEnabled": "true",
         "terminal.selectionForeground": "#ff0000",

diff --git a/app_service_now.py b/app_service_now.py
@@ -21,7 +21,7 @@
 service_now_params = {
     "instance_id_param_name": "/SecurityIncidentResponse/serviceNowInstanceId",
     "client_id_param_name": "/SecurityIncidentResponse/serviceNowClientId",
-    "user_id_param_name": "/SecurityIncidentResponse/serviceNowUserId",
+    "user_sys_id_param_name": "/SecurityIncidentResponse/serviceNowUserId",
     "private_key_asset_bucket_param_name": "/SecurityIncidentResponse/privateKeyAssetBucket",
     "private_key_asset_key_param_name": "/SecurityIncidentResponse/privateKeyAssetKey",
 }

diff --git a/assets/security_ir_client/index.py b/assets/security_ir_client/index.py
@@ -735,7 +735,7 @@ def __init__(self, instance_id, **kwargs):
             **kwargs: OAuth configuration parameters including:
                 - client_id_param_name (str): SSM parameter name containing OAuth client ID
                 - client_secret_arn (str): Secret ARN containing OAuth client secret
-                - user_id_param_name (str): SSM parameter name containing ServiceNow user ID
+                - user_sys_id_param_name (str): SSM parameter name containing ServiceNow user sys_id
                 - private_key_asset_bucket_param_name (str): SSM parameter name containing S3 bucket for private key asset
                 - private_key_asset_key_param_name (str): SSM parameter name containing S3 object key for private key asset
         """
@@ -1061,19 +1061,19 @@ def add_incident_attachment_in_sir(
                 logger.info(f"instance: {instance_id}")
                 client_id_param_name = os.environ.get("SERVICE_NOW_CLIENT_ID")
                 client_secret_arn = os.environ.get("SERVICE_NOW_CLIENT_SECRET_ARN")
-                user_id_param_name = os.environ.get("SERVICE_NOW_USER_ID")
+                user_sys_id_param_name = os.environ.get("SERVICE_NOW_USER_ID")
                 private_key_asset_bucket_param_name = os.environ.get("PRIVATE_KEY_ASSET_BUCKET")
                 private_key_asset_key_param_name = os.environ.get("PRIVATE_KEY_ASSET_KEY")
 
-                if not all([client_id_param_name, client_secret_arn, user_id_param_name, private_key_asset_bucket_param_name, private_key_asset_key_param_name]):
+                if not all([client_id_param_name, client_secret_arn, user_sys_id_param_name, private_key_asset_bucket_param_name, private_key_asset_key_param_name]):
                     logger.error("Missing required ServiceNow environment variables")
                     return False
 
                 service_now_service = ServiceNowService(
                     instance_id,
                     client_id_param_name=client_id_param_name,
                     client_secret_arn=client_secret_arn,
-                    user_id_param_name=user_id_param_name,
+                    user_sys_id_param_name=user_sys_id_param_name,
                     private_key_asset_bucket_param_name=private_key_asset_bucket_param_name,
                     private_key_asset_key_param_name=private_key_asset_key_param_name
                 )

diff --git a/assets/service_now_client/index.py b/assets/service_now_client/index.py
@@ -196,7 +196,7 @@ def __init__(self, instance_id, **kwargs):
             **kwargs: OAuth configuration parameters including:
                 - client_id_param_name (str): SSM parameter name containing OAuth client ID
                 - client_secret_arn (str): Secret ARN containing OAuth client secret
-                - user_id_param_name (str): SSM parameter name containing ServiceNow user ID
+                - user_sys_id_param_name (str): SSM parameter name containing ServiceNow user sys_id
                 - private_key_asset_bucket_param_name (str): SSM parameter name containing S3 bucket for private key asset
                 - private_key_asset_key_param_name (str): SSM parameter name containing S3 object key for private key asset
         """
@@ -852,7 +852,7 @@ def handler(event: Dict[str, Any], context: Any) -> Dict[str, Any]:
             )
             client_id_param_name = os.environ.get("SERVICE_NOW_CLIENT_ID")
             client_secret_arn = os.environ.get("SERVICE_NOW_CLIENT_SECRET_ARN")
-            user_id_param_name = os.environ.get("SERVICE_NOW_USER_ID")
+            user_sys_id_param_name = os.environ.get("SERVICE_NOW_USER_ID")
             private_key_asset_bucket_param_name = os.environ.get("PRIVATE_KEY_ASSET_BUCKET")
             private_key_asset_key_param_name = os.environ.get("PRIVATE_KEY_ASSET_KEY")
             table_name = os.environ["INCIDENTS_TABLE_NAME"]
@@ -862,7 +862,7 @@ def handler(event: Dict[str, Any], context: Any) -> Dict[str, Any]:
                 table_name,
                 client_id_param_name=client_id_param_name,
                 client_secret_arn=client_secret_arn,
-                user_id_param_name=user_id_param_name,
+                user_sys_id_param_name=user_sys_id_param_name,
                 private_key_asset_bucket_param_name=private_key_asset_bucket_param_name,
                 private_key_asset_key_param_name=private_key_asset_key_param_name
             )