全部产品
Search
文档中心

AI 云治理中心:ListEvaluationMetadata - 获取治理检测项信息

更新时间:Jun 24, 2026

获取所有可用的治理检测评估项的信息,包括名称、ID、描述、阶段、资源明细元数据和修复指引。

调试

您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。

调试

授权信息

下表是API对应的授权信息,可以在RAM权限策略语句的Action元素中使用,用来给RAM用户或RAM角色授予调用此API的权限。具体说明如下:

  • 操作:是指具体的权限点。

  • 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。

  • 资源类型:是指操作中支持授权的资源类型。具体说明如下:

    • 对于必选的资源类型,用前面加 * 表示。

    • 对于不支持资源级授权的操作,用全部资源表示。

  • 条件关键字:是指云产品自身定义的条件关键字。

  • 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。

操作

访问级别

资源类型

条件关键字

关联操作

governance:ListEvaluationMetadata

get

*全部资源

*

请求参数

名称

类型

必填

描述

示例值

RegionId

string

地域 ID。

cn-hangzhou

Language

string

语言类型。治理检测定义将以此语言返回。取值:

  • en:英文。

  • zh:中文。

zh

LensCode

string

专项检测代码。取值:

  • basic(默认):基础模型(治理成熟度)检测。

  • ack:容器构建专项检测。

  • ai:机器学习专项检测。

  • nis:网络服务专项检测。

ack

TopicCode

string

治理专题 code

ResourceUtilization

EvaluationDomain

string

返回参数

名称

类型

描述

示例值

object

返回结果。

EvaluationMetadata

array<object>

治理检测定义元数据。

array<object>

治理检测定义元数据。

Metadata

array<object>

特定元数据类型下的元数据对象列表。

array<object>

特定元数据类型下的元数据对象列表。

Category

string

检测项所属的支柱。

Security

Description

string

检测项描述。

If you use an AccessKey pair of an Alibaba Cloud account, you have full permissions that cannot be restricted by conditions such as source IP address or access time. Once leaked, the risk is extremely high. If an AccessKey pair exists for the Alibaba Cloud account, it is considered non-compliant.

DisplayName

string

显示名称。

An AccessKey pair is enabled for the Alibaba Cloud account.

Id

string

元数据随机 ID。

pxgtda****

RecommendationLevel

string

检测项推荐治理等级。

High

RemediationMetadata

object

修复元数据。

Remediation

array<object>

修复项。

array<object>

修复项。

Actions

array<object>

修复动作。

array<object>

修复动作。

Classification

string

修复方式类别。

说明

仅当RemediationTypeAnalysis时返回该参数。

UnusedAccessKeyInRamUser

CostDescription

string

修复花费。

You are not charged for this operation.

Description

string

修复描述。

说明

仅当RemediationTypeAnalysis时返回该参数。

A RAM user has both console logon and an AccessKey pair enabled, but the AccessKey pair has never been used.

Guidance

array<object>

修复内容。

object

修复内容。

ButtonName

string

修复步骤按钮显示名称。

Manual fix

ButtonRef

string

修复步骤按钮跳转链接。

https://ram.console.alibabacloud.com/users

Content

string

修复步骤内容。

You must replace the AccessKey pair of your Alibaba Cloud account. To do so, perform the following steps:1. Log on to the RAM console. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.2. On the Create User page, enter a logon name and select OpenAPI Access for the Access Mode parameter.3. After the RAM user is created, save the AccessKey pair. Then, find the user that you created on the Users page and click Add Permissions in the Actions column. In the Grant Permission panel, find the AdministratorAccess policy and attach it to the RAM user.4. In a program, replace the AccessKey pair of the Alibaba Cloud account with the AccessKey pair of the RAM user created in the previous step and check whether the program runs as expected in the test environment.5. If the program runs as expected, publish the program to the production environment and disable the previous AccessKey pair of your Alibaba Cloud account. Then, check whether the program runs as expected.6. If the program runs as expected, delete the disabled AccessKey pair after the specified period of time, such as 90 days.

Title

string

修复步骤标题。

Scenario 3: AccessKey pair that is used within the last 90 days

Notice

string

修复注意事项。

This governance item enables the Best Practices for AccessKey and Permission Governance compliance package in Cloud Config to check the settings and usage of AccessKey pairs, Alibaba Cloud accounts, and RAM users.

Suggestion

string

修复建议。

说明

仅当RemediationTypeAnalysis时返回该参数。

Console logon is enabled for the RAM user and the RAM user owns an AccessKey pair, while the AccessKey pair has never been used by the RAM user. We recommend that you disable the AccessKey pair for 90 days. If no related issue occurs during this period, you can delete the AccessKey pair.

RemediationType

string

修复类型。取值:

  • Manual:手动修复。

  • QuickFix:快速修复。

  • Analysis:辅助决策。

Manual

ResourceMetadata

object

检测项的资源元数据。

ResourcePropertyMetadata

array<object>

资源属性元数据。

object

资源属性元数据。

DisplayName

string

属性显示名称。

Last time the AccessKey pair was used

PropertyName

string

资源属性名称。

AkLastUsedTime

PropertyType

string

资源属性类型。

String

Scope

string

检测项所属范围。取值:

  • Account:单账号检测项。

  • ResourceDirectory:多账号检测项。

Account

Stage

string

检测项所处状态。取值:

  • Released:正式。

  • Beta:预上线。

Released

TopicCode

string

所属治理专题 code

ResourceUtilization

Type

string

元数据类型。取值:

  • Metric:检测项。

Metric

RequestId

string

请求 ID。

16B208DD-86BD-5E7D-AC93-FFD44B6FBDF1

示例

正常返回示例

JSON格式

{
  "EvaluationMetadata": [
    {
      "Metadata": [
        {
          "Category": "Security",
          "Description": "If you use an AccessKey pair of an Alibaba Cloud account, you have full permissions that cannot be restricted by conditions such as source IP address or access time. Once leaked, the risk is extremely high. If an AccessKey pair exists for the Alibaba Cloud account, it is considered non-compliant.",
          "DisplayName": "An AccessKey pair is enabled for the Alibaba Cloud account.",
          "Id": "pxgtda****",
          "RecommendationLevel": "High",
          "RemediationMetadata": {
            "Remediation": [
              {
                "Actions": [
                  {
                    "Classification": "UnusedAccessKeyInRamUser",
                    "CostDescription": "You are not charged for this operation.",
                    "Description": "A RAM user has both console logon and an AccessKey pair enabled, but the AccessKey pair has never been used.",
                    "Guidance": [
                      {
                        "ButtonName": "Manual fix",
                        "ButtonRef": "https://ram.console.alibabacloud.com/users",
                        "Content": "You must replace the AccessKey pair of your Alibaba Cloud account. To do so, perform the following steps:1. Log on to the RAM console. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.2. On the Create User page, enter a logon name and select OpenAPI Access for the Access Mode parameter.3. After the RAM user is created, save the AccessKey pair. Then, find the user that you created on the Users page and click Add Permissions in the Actions column. In the Grant Permission panel, find the AdministratorAccess policy and attach it to the RAM user.4. In a program, replace the AccessKey pair of the Alibaba Cloud account with the AccessKey pair of the RAM user created in the previous step and check whether the program runs as expected in the test environment.5. If the program runs as expected, publish the program to the production environment and disable the previous AccessKey pair of your Alibaba Cloud account. Then, check whether the program runs as expected.6. If the program runs as expected, delete the disabled AccessKey pair after the specified period of time, such as 90 days.",
                        "Title": "Scenario 3: AccessKey pair that is used within the last 90 days"
                      }
                    ],
                    "Notice": "This governance item enables the Best Practices for AccessKey and Permission Governance compliance package in Cloud Config to check the settings and usage of AccessKey pairs, Alibaba Cloud accounts, and RAM users.",
                    "Suggestion": "Console logon is enabled for the RAM user and the RAM user owns an AccessKey pair, while the AccessKey pair has never been used by the RAM user. We recommend that you disable the AccessKey pair for 90 days. If no related issue occurs during this period, you can delete the AccessKey pair."
                  }
                ],
                "RemediationType": "Manual"
              }
            ]
          },
          "ResourceMetadata": {
            "ResourcePropertyMetadata": [
              {
                "DisplayName": "Last time the AccessKey pair was used",
                "PropertyName": "AkLastUsedTime",
                "PropertyType": "String"
              }
            ]
          },
          "Scope": "Account",
          "Stage": "Released",
          "TopicCode": "ResourceUtilization"
        }
      ],
      "Type": "Metric"
    }
  ],
  "RequestId": "16B208DD-86BD-5E7D-AC93-FFD44B6FBDF1"
}

错误码

HTTP status code

错误码

错误信息

描述

500 InternalError A system error occurred. 系统错误。
404 InvalidEnterpriseRealName.NotFound The specified account has not passed enterprise real name verification. Please complete the verification for the account first. 当前账号未进行企业实名认证,请您先完成企业实名认证。

访问错误中心查看更多错误码。

变更历史

更多信息,参考变更详情