1*d5c09012SAndroid Build Coastguard Worker// Copyright 2021 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.devtools.containeranalysis.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/annotations.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/api/client.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/iam/v1/iam_policy.proto"; 24*d5c09012SAndroid Build Coastguard Workerimport "google/iam/v1/policy.proto"; 25*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/severity.proto"; 26*d5c09012SAndroid Build Coastguard Worker 27*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.DevTools.ContainerAnalysis.V1"; 28*d5c09012SAndroid Build Coastguard Workeroption go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1;containeranalysis"; 29*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 30*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.containeranalysis.v1"; 31*d5c09012SAndroid Build Coastguard Workeroption objc_class_prefix = "GCA"; 32*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::ContainerAnalysis::V1"; 33*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1"; 34*d5c09012SAndroid Build Coastguard Worker 35*d5c09012SAndroid Build Coastguard Worker// Retrieves analysis results of Cloud components such as Docker container 36*d5c09012SAndroid Build Coastguard Worker// images. The Container Analysis API is an implementation of the 37*d5c09012SAndroid Build Coastguard Worker// [Grafeas](https://grafeas.io) API. 38*d5c09012SAndroid Build Coastguard Worker// 39*d5c09012SAndroid Build Coastguard Worker// Analysis results are stored as a series of occurrences. An `Occurrence` 40*d5c09012SAndroid Build Coastguard Worker// contains information about a specific analysis instance on a resource. An 41*d5c09012SAndroid Build Coastguard Worker// occurrence refers to a `Note`. A note contains details describing the 42*d5c09012SAndroid Build Coastguard Worker// analysis and is generally stored in a separate project, called a `Provider`. 43*d5c09012SAndroid Build Coastguard Worker// Multiple occurrences can refer to the same note. 44*d5c09012SAndroid Build Coastguard Worker// 45*d5c09012SAndroid Build Coastguard Worker// For example, an SSL vulnerability could affect multiple images. In this case, 46*d5c09012SAndroid Build Coastguard Worker// there would be one note for the vulnerability and an occurrence for each 47*d5c09012SAndroid Build Coastguard Worker// image with the vulnerability referring to that note. 48*d5c09012SAndroid Build Coastguard Workerservice ContainerAnalysis { 49*d5c09012SAndroid Build Coastguard Worker option (google.api.default_host) = "containeranalysis.googleapis.com"; 50*d5c09012SAndroid Build Coastguard Worker option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 51*d5c09012SAndroid Build Coastguard Worker 52*d5c09012SAndroid Build Coastguard Worker // Sets the access control policy on the specified note or occurrence. 53*d5c09012SAndroid Build Coastguard Worker // Requires `containeranalysis.notes.setIamPolicy` or 54*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.occurrences.setIamPolicy` permission if the resource is 55*d5c09012SAndroid Build Coastguard Worker // a note or an occurrence, respectively. 56*d5c09012SAndroid Build Coastguard Worker // 57*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 58*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 59*d5c09012SAndroid Build Coastguard Worker // occurrences. 60*d5c09012SAndroid Build Coastguard Worker rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { 61*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 62*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/notes/*}:setIamPolicy" 63*d5c09012SAndroid Build Coastguard Worker body: "*" 64*d5c09012SAndroid Build Coastguard Worker additional_bindings { 65*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/occurrences/*}:setIamPolicy" 66*d5c09012SAndroid Build Coastguard Worker body: "*" 67*d5c09012SAndroid Build Coastguard Worker } 68*d5c09012SAndroid Build Coastguard Worker }; 69*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource,policy"; 70*d5c09012SAndroid Build Coastguard Worker } 71*d5c09012SAndroid Build Coastguard Worker 72*d5c09012SAndroid Build Coastguard Worker // Gets the access control policy for a note or an occurrence resource. 73*d5c09012SAndroid Build Coastguard Worker // Requires `containeranalysis.notes.setIamPolicy` or 74*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.occurrences.setIamPolicy` permission if the resource is 75*d5c09012SAndroid Build Coastguard Worker // a note or occurrence, respectively. 76*d5c09012SAndroid Build Coastguard Worker // 77*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 78*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 79*d5c09012SAndroid Build Coastguard Worker // occurrences. 80*d5c09012SAndroid Build Coastguard Worker rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { 81*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 82*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/notes/*}:getIamPolicy" 83*d5c09012SAndroid Build Coastguard Worker body: "*" 84*d5c09012SAndroid Build Coastguard Worker additional_bindings { 85*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/occurrences/*}:getIamPolicy" 86*d5c09012SAndroid Build Coastguard Worker body: "*" 87*d5c09012SAndroid Build Coastguard Worker } 88*d5c09012SAndroid Build Coastguard Worker }; 89*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource"; 90*d5c09012SAndroid Build Coastguard Worker } 91*d5c09012SAndroid Build Coastguard Worker 92*d5c09012SAndroid Build Coastguard Worker // Returns the permissions that a caller has on the specified note or 93*d5c09012SAndroid Build Coastguard Worker // occurrence. Requires list permission on the project (for example, 94*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.notes.list`). 95*d5c09012SAndroid Build Coastguard Worker // 96*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 97*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 98*d5c09012SAndroid Build Coastguard Worker // occurrences. 99*d5c09012SAndroid Build Coastguard Worker rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { 100*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 101*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/notes/*}:testIamPermissions" 102*d5c09012SAndroid Build Coastguard Worker body: "*" 103*d5c09012SAndroid Build Coastguard Worker additional_bindings { 104*d5c09012SAndroid Build Coastguard Worker post: "/v1/{resource=projects/*/occurrences/*}:testIamPermissions" 105*d5c09012SAndroid Build Coastguard Worker body: "*" 106*d5c09012SAndroid Build Coastguard Worker } 107*d5c09012SAndroid Build Coastguard Worker }; 108*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource,permissions"; 109*d5c09012SAndroid Build Coastguard Worker } 110*d5c09012SAndroid Build Coastguard Worker 111*d5c09012SAndroid Build Coastguard Worker // Gets a summary of the number and severity of occurrences. 112*d5c09012SAndroid Build Coastguard Worker rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) { 113*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 114*d5c09012SAndroid Build Coastguard Worker get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary" 115*d5c09012SAndroid Build Coastguard Worker }; 116*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,filter"; 117*d5c09012SAndroid Build Coastguard Worker } 118*d5c09012SAndroid Build Coastguard Worker} 119*d5c09012SAndroid Build Coastguard Worker 120*d5c09012SAndroid Build Coastguard Worker// Request to get a vulnerability summary for some set of occurrences. 121*d5c09012SAndroid Build Coastguard Workermessage GetVulnerabilityOccurrencesSummaryRequest { 122*d5c09012SAndroid Build Coastguard Worker // Required. The name of the project to get a vulnerability summary for in the form of 123*d5c09012SAndroid Build Coastguard Worker // `projects/[PROJECT_ID]`. 124*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 125*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 126*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 127*d5c09012SAndroid Build Coastguard Worker type: "cloudresourcemanager.googleapis.com/Project" 128*d5c09012SAndroid Build Coastguard Worker } 129*d5c09012SAndroid Build Coastguard Worker ]; 130*d5c09012SAndroid Build Coastguard Worker 131*d5c09012SAndroid Build Coastguard Worker // The filter expression. 132*d5c09012SAndroid Build Coastguard Worker string filter = 2; 133*d5c09012SAndroid Build Coastguard Worker} 134*d5c09012SAndroid Build Coastguard Worker 135*d5c09012SAndroid Build Coastguard Worker// A summary of how many vulnerability occurrences there are per resource and 136*d5c09012SAndroid Build Coastguard Worker// severity type. 137*d5c09012SAndroid Build Coastguard Workermessage VulnerabilityOccurrencesSummary { 138*d5c09012SAndroid Build Coastguard Worker // Per resource and severity counts of fixable and total vulnerabilities. 139*d5c09012SAndroid Build Coastguard Worker message FixableTotalByDigest { 140*d5c09012SAndroid Build Coastguard Worker // The affected resource. 141*d5c09012SAndroid Build Coastguard Worker string resource_uri = 1; 142*d5c09012SAndroid Build Coastguard Worker 143*d5c09012SAndroid Build Coastguard Worker // The severity for this count. SEVERITY_UNSPECIFIED indicates total across 144*d5c09012SAndroid Build Coastguard Worker // all severities. 145*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Severity severity = 2; 146*d5c09012SAndroid Build Coastguard Worker 147*d5c09012SAndroid Build Coastguard Worker // The number of fixable vulnerabilities associated with this resource. 148*d5c09012SAndroid Build Coastguard Worker int64 fixable_count = 3; 149*d5c09012SAndroid Build Coastguard Worker 150*d5c09012SAndroid Build Coastguard Worker // The total number of vulnerabilities associated with this resource. 151*d5c09012SAndroid Build Coastguard Worker int64 total_count = 4; 152*d5c09012SAndroid Build Coastguard Worker } 153*d5c09012SAndroid Build Coastguard Worker 154*d5c09012SAndroid Build Coastguard Worker // A listing by resource of the number of fixable and total vulnerabilities. 155*d5c09012SAndroid Build Coastguard Worker repeated FixableTotalByDigest counts = 1; 156*d5c09012SAndroid Build Coastguard Worker} 157