xref: /aosp_15_r20/external/googleapis/google/devtools/containeranalysis/v1/containeranalysis.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.devtools.containeranalysis.v1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/api/resource.proto";
23import "google/iam/v1/iam_policy.proto";
24import "google/iam/v1/policy.proto";
25import "grafeas/v1/severity.proto";
26
27option csharp_namespace = "Google.Cloud.DevTools.ContainerAnalysis.V1";
28option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1;containeranalysis";
29option java_multiple_files = true;
30option java_package = "com.google.containeranalysis.v1";
31option objc_class_prefix = "GCA";
32option ruby_package = "Google::Cloud::ContainerAnalysis::V1";
33option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1";
34
35// Retrieves analysis results of Cloud components such as Docker container
36// images. The Container Analysis API is an implementation of the
37// [Grafeas](https://grafeas.io) API.
38//
39// Analysis results are stored as a series of occurrences. An `Occurrence`
40// contains information about a specific analysis instance on a resource. An
41// occurrence refers to a `Note`. A note contains details describing the
42// analysis and is generally stored in a separate project, called a `Provider`.
43// Multiple occurrences can refer to the same note.
44//
45// For example, an SSL vulnerability could affect multiple images. In this case,
46// there would be one note for the vulnerability and an occurrence for each
47// image with the vulnerability referring to that note.
48service ContainerAnalysis {
49  option (google.api.default_host) = "containeranalysis.googleapis.com";
50  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
51
52  // Sets the access control policy on the specified note or occurrence.
53  // Requires `containeranalysis.notes.setIamPolicy` or
54  // `containeranalysis.occurrences.setIamPolicy` permission if the resource is
55  // a note or an occurrence, respectively.
56  //
57  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
58  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
59  // occurrences.
60  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
61    option (google.api.http) = {
62      post: "/v1/{resource=projects/*/notes/*}:setIamPolicy"
63      body: "*"
64      additional_bindings {
65        post: "/v1/{resource=projects/*/occurrences/*}:setIamPolicy"
66        body: "*"
67      }
68    };
69    option (google.api.method_signature) = "resource,policy";
70  }
71
72  // Gets the access control policy for a note or an occurrence resource.
73  // Requires `containeranalysis.notes.setIamPolicy` or
74  // `containeranalysis.occurrences.setIamPolicy` permission if the resource is
75  // a note or occurrence, respectively.
76  //
77  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
78  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
79  // occurrences.
80  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
81    option (google.api.http) = {
82      post: "/v1/{resource=projects/*/notes/*}:getIamPolicy"
83      body: "*"
84      additional_bindings {
85        post: "/v1/{resource=projects/*/occurrences/*}:getIamPolicy"
86        body: "*"
87      }
88    };
89    option (google.api.method_signature) = "resource";
90  }
91
92  // Returns the permissions that a caller has on the specified note or
93  // occurrence. Requires list permission on the project (for example,
94  // `containeranalysis.notes.list`).
95  //
96  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
97  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
98  // occurrences.
99  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
100    option (google.api.http) = {
101      post: "/v1/{resource=projects/*/notes/*}:testIamPermissions"
102      body: "*"
103      additional_bindings {
104        post: "/v1/{resource=projects/*/occurrences/*}:testIamPermissions"
105        body: "*"
106      }
107    };
108    option (google.api.method_signature) = "resource,permissions";
109  }
110
111  // Gets a summary of the number and severity of occurrences.
112  rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) {
113    option (google.api.http) = {
114      get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary"
115    };
116    option (google.api.method_signature) = "parent,filter";
117  }
118}
119
120// Request to get a vulnerability summary for some set of occurrences.
121message GetVulnerabilityOccurrencesSummaryRequest {
122  // Required. The name of the project to get a vulnerability summary for in the form of
123  // `projects/[PROJECT_ID]`.
124  string parent = 1 [
125    (google.api.field_behavior) = REQUIRED,
126    (google.api.resource_reference) = {
127      type: "cloudresourcemanager.googleapis.com/Project"
128    }
129  ];
130
131  // The filter expression.
132  string filter = 2;
133}
134
135// A summary of how many vulnerability occurrences there are per resource and
136// severity type.
137message VulnerabilityOccurrencesSummary {
138  // Per resource and severity counts of fixable and total vulnerabilities.
139  message FixableTotalByDigest {
140    // The affected resource.
141    string resource_uri = 1;
142
143    // The severity for this count. SEVERITY_UNSPECIFIED indicates total across
144    // all severities.
145    grafeas.v1.Severity severity = 2;
146
147    // The number of fixable vulnerabilities associated with this resource.
148    int64 fixable_count = 3;
149
150    // The total number of vulnerabilities associated with this resource.
151    int64 total_count = 4;
152  }
153
154  // A listing by resource of the number of fixable and total vulnerabilities.
155  repeated FixableTotalByDigest counts = 1;
156}
157