xref: /aosp_15_r20/external/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.devtools.containeranalysis.v1beta1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/iam/v1/iam_policy.proto";
23import "google/iam/v1/policy.proto";
24
25option go_package = "cloud.google.com/go/containeranalysis/apiv1beta1/containeranalysispb;containeranalysispb";
26option java_multiple_files = true;
27option java_package = "com.google.containeranalysis.v1beta1";
28option objc_class_prefix = "GCA";
29
30// Retrieves analysis results of Cloud components such as Docker container
31// images. The Container Analysis API is an implementation of the
32// [Grafeas](https://grafeas.io) API.
33//
34// Analysis results are stored as a series of occurrences. An `Occurrence`
35// contains information about a specific analysis instance on a resource. An
36// occurrence refers to a `Note`. A note contains details describing the
37// analysis and is generally stored in a separate project, called a `Provider`.
38// Multiple occurrences can refer to the same note.
39//
40// For example, an SSL vulnerability could affect multiple images. In this case,
41// there would be one note for the vulnerability and an occurrence for each
42// image with the vulnerability referring to that note.
43service ContainerAnalysisV1Beta1 {
44  option (google.api.default_host) = "containeranalysis.googleapis.com";
45  option (google.api.oauth_scopes) =
46      "https://www.googleapis.com/auth/cloud-platform";
47
48  // Sets the access control policy on the specified note or occurrence.
49  // Requires `containeranalysis.notes.setIamPolicy` or
50  // `containeranalysis.occurrences.setIamPolicy` permission if the resource is
51  // a note or an occurrence, respectively.
52  //
53  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
54  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
55  // occurrences.
56  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
57      returns (google.iam.v1.Policy) {
58    option (google.api.http) = {
59      post: "/v1beta1/{resource=projects/*/notes/*}:setIamPolicy"
60      body: "*"
61      additional_bindings {
62        post: "/v1beta1/{resource=projects/*/occurrences/*}:setIamPolicy"
63        body: "*"
64      }
65    };
66    option (google.api.method_signature) = "resource,policy";
67  }
68
69  // Gets the access control policy for a note or an occurrence resource.
70  // Requires `containeranalysis.notes.setIamPolicy` or
71  // `containeranalysis.occurrences.setIamPolicy` permission if the resource is
72  // a note or occurrence, respectively.
73  //
74  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
75  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
76  // occurrences.
77  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
78      returns (google.iam.v1.Policy) {
79    option (google.api.http) = {
80      post: "/v1beta1/{resource=projects/*/notes/*}:getIamPolicy"
81      body: "*"
82      additional_bindings {
83        post: "/v1beta1/{resource=projects/*/occurrences/*}:getIamPolicy"
84        body: "*"
85      }
86    };
87    option (google.api.method_signature) = "resource";
88  }
89
90  // Returns the permissions that a caller has on the specified note or
91  // occurrence. Requires list permission on the project (for example,
92  // `containeranalysis.notes.list`).
93  //
94  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
95  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
96  // occurrences.
97  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
98      returns (google.iam.v1.TestIamPermissionsResponse) {
99    option (google.api.http) = {
100      post: "/v1beta1/{resource=projects/*/notes/*}:testIamPermissions"
101      body: "*"
102      additional_bindings {
103        post: "/v1beta1/{resource=projects/*/occurrences/*}:testIamPermissions"
104        body: "*"
105      }
106    };
107    option (google.api.method_signature) = "resource,permissions";
108  }
109
110  // Gets a summary of the packages within a given resource.
111  rpc GeneratePackagesSummary(GeneratePackagesSummaryRequest)
112      returns (PackagesSummaryResponse) {
113    option (google.api.http) = {
114      post: "/v1beta1/{name=projects/*/resources/**}:generatePackagesSummary"
115      body: "*"
116    };
117  }
118
119  // Generates an SBOM and other dependency information for the given resource.
120  rpc ExportSBOM(ExportSBOMRequest) returns (ExportSBOMResponse) {
121    option (google.api.http) = {
122      post: "/v1beta1/{name=projects/*/resources/**}:exportSBOM"
123      body: "*"
124    };
125  }
126}
127
128// GeneratePackagesSummaryRequest is the request body for the
129// GeneratePackagesSummary API method. It just takes a single name argument,
130// referring to the resource.
131message GeneratePackagesSummaryRequest {
132  // Required. The name of the resource to get a packages summary for in the
133  // form of `projects/[PROJECT_ID]/resources/[RESOURCE_URL]`.
134  string name = 1 [(google.api.field_behavior) = REQUIRED];
135}
136
137// A summary of the packages found within the given resource.
138message PackagesSummaryResponse {
139  // Per license count
140  message LicensesSummary {
141    // The license of the package. Note that the format of this value is not
142    // guaranteed. It may be nil, an empty string, a boolean value (A | B), a
143    // differently formed boolean value (A OR B), etc...
144    string license = 1;
145
146    // The number of fixable vulnerabilities associated with this resource.
147    int64 count = 2;
148  }
149
150  // The unique URL of the image or the container for which this summary
151  // applies.
152  string resource_url = 1;
153
154  // A listing by license name of each of the licenses and their counts.
155  repeated LicensesSummary licenses_summary = 2;
156}
157
158// The request to a call of ExportSBOM
159message ExportSBOMRequest {
160  // Required. The name of the resource in the form of
161  // `projects/[PROJECT_ID]/resources/[RESOURCE_URL]`.
162  string name = 1 [(google.api.field_behavior) = REQUIRED];
163}
164
165// The response from a call to ExportSBOM
166message ExportSBOMResponse {
167  // The name of the discovery occurrence in the form
168  // "projects/{project_id}/occurrences/{OCCURRENCE_ID}
169  // It can be used to track the progression of the SBOM export.
170  string discovery_occurrence_id = 1;
171}
172