1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.devtools.containeranalysis.v1beta1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/annotations.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/api/client.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/iam/v1/iam_policy.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/iam/v1/policy.proto"; 24*d5c09012SAndroid Build Coastguard Worker 25*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/containeranalysis/apiv1beta1/containeranalysispb;containeranalysispb"; 26*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 27*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.containeranalysis.v1beta1"; 28*d5c09012SAndroid Build Coastguard Workeroption objc_class_prefix = "GCA"; 29*d5c09012SAndroid Build Coastguard Worker 30*d5c09012SAndroid Build Coastguard Worker// Retrieves analysis results of Cloud components such as Docker container 31*d5c09012SAndroid Build Coastguard Worker// images. The Container Analysis API is an implementation of the 32*d5c09012SAndroid Build Coastguard Worker// [Grafeas](https://grafeas.io) API. 33*d5c09012SAndroid Build Coastguard Worker// 34*d5c09012SAndroid Build Coastguard Worker// Analysis results are stored as a series of occurrences. An `Occurrence` 35*d5c09012SAndroid Build Coastguard Worker// contains information about a specific analysis instance on a resource. An 36*d5c09012SAndroid Build Coastguard Worker// occurrence refers to a `Note`. A note contains details describing the 37*d5c09012SAndroid Build Coastguard Worker// analysis and is generally stored in a separate project, called a `Provider`. 38*d5c09012SAndroid Build Coastguard Worker// Multiple occurrences can refer to the same note. 39*d5c09012SAndroid Build Coastguard Worker// 40*d5c09012SAndroid Build Coastguard Worker// For example, an SSL vulnerability could affect multiple images. In this case, 41*d5c09012SAndroid Build Coastguard Worker// there would be one note for the vulnerability and an occurrence for each 42*d5c09012SAndroid Build Coastguard Worker// image with the vulnerability referring to that note. 43*d5c09012SAndroid Build Coastguard Workerservice ContainerAnalysisV1Beta1 { 44*d5c09012SAndroid Build Coastguard Worker option (google.api.default_host) = "containeranalysis.googleapis.com"; 45*d5c09012SAndroid Build Coastguard Worker option (google.api.oauth_scopes) = 46*d5c09012SAndroid Build Coastguard Worker "https://www.googleapis.com/auth/cloud-platform"; 47*d5c09012SAndroid Build Coastguard Worker 48*d5c09012SAndroid Build Coastguard Worker // Sets the access control policy on the specified note or occurrence. 49*d5c09012SAndroid Build Coastguard Worker // Requires `containeranalysis.notes.setIamPolicy` or 50*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.occurrences.setIamPolicy` permission if the resource is 51*d5c09012SAndroid Build Coastguard Worker // a note or an occurrence, respectively. 52*d5c09012SAndroid Build Coastguard Worker // 53*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 54*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 55*d5c09012SAndroid Build Coastguard Worker // occurrences. 56*d5c09012SAndroid Build Coastguard Worker rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) 57*d5c09012SAndroid Build Coastguard Worker returns (google.iam.v1.Policy) { 58*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 59*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/notes/*}:setIamPolicy" 60*d5c09012SAndroid Build Coastguard Worker body: "*" 61*d5c09012SAndroid Build Coastguard Worker additional_bindings { 62*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/occurrences/*}:setIamPolicy" 63*d5c09012SAndroid Build Coastguard Worker body: "*" 64*d5c09012SAndroid Build Coastguard Worker } 65*d5c09012SAndroid Build Coastguard Worker }; 66*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource,policy"; 67*d5c09012SAndroid Build Coastguard Worker } 68*d5c09012SAndroid Build Coastguard Worker 69*d5c09012SAndroid Build Coastguard Worker // Gets the access control policy for a note or an occurrence resource. 70*d5c09012SAndroid Build Coastguard Worker // Requires `containeranalysis.notes.setIamPolicy` or 71*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.occurrences.setIamPolicy` permission if the resource is 72*d5c09012SAndroid Build Coastguard Worker // a note or occurrence, respectively. 73*d5c09012SAndroid Build Coastguard Worker // 74*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 75*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 76*d5c09012SAndroid Build Coastguard Worker // occurrences. 77*d5c09012SAndroid Build Coastguard Worker rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) 78*d5c09012SAndroid Build Coastguard Worker returns (google.iam.v1.Policy) { 79*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 80*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/notes/*}:getIamPolicy" 81*d5c09012SAndroid Build Coastguard Worker body: "*" 82*d5c09012SAndroid Build Coastguard Worker additional_bindings { 83*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/occurrences/*}:getIamPolicy" 84*d5c09012SAndroid Build Coastguard Worker body: "*" 85*d5c09012SAndroid Build Coastguard Worker } 86*d5c09012SAndroid Build Coastguard Worker }; 87*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource"; 88*d5c09012SAndroid Build Coastguard Worker } 89*d5c09012SAndroid Build Coastguard Worker 90*d5c09012SAndroid Build Coastguard Worker // Returns the permissions that a caller has on the specified note or 91*d5c09012SAndroid Build Coastguard Worker // occurrence. Requires list permission on the project (for example, 92*d5c09012SAndroid Build Coastguard Worker // `containeranalysis.notes.list`). 93*d5c09012SAndroid Build Coastguard Worker // 94*d5c09012SAndroid Build Coastguard Worker // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 95*d5c09012SAndroid Build Coastguard Worker // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 96*d5c09012SAndroid Build Coastguard Worker // occurrences. 97*d5c09012SAndroid Build Coastguard Worker rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) 98*d5c09012SAndroid Build Coastguard Worker returns (google.iam.v1.TestIamPermissionsResponse) { 99*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 100*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/notes/*}:testIamPermissions" 101*d5c09012SAndroid Build Coastguard Worker body: "*" 102*d5c09012SAndroid Build Coastguard Worker additional_bindings { 103*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{resource=projects/*/occurrences/*}:testIamPermissions" 104*d5c09012SAndroid Build Coastguard Worker body: "*" 105*d5c09012SAndroid Build Coastguard Worker } 106*d5c09012SAndroid Build Coastguard Worker }; 107*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "resource,permissions"; 108*d5c09012SAndroid Build Coastguard Worker } 109*d5c09012SAndroid Build Coastguard Worker 110*d5c09012SAndroid Build Coastguard Worker // Gets a summary of the packages within a given resource. 111*d5c09012SAndroid Build Coastguard Worker rpc GeneratePackagesSummary(GeneratePackagesSummaryRequest) 112*d5c09012SAndroid Build Coastguard Worker returns (PackagesSummaryResponse) { 113*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 114*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{name=projects/*/resources/**}:generatePackagesSummary" 115*d5c09012SAndroid Build Coastguard Worker body: "*" 116*d5c09012SAndroid Build Coastguard Worker }; 117*d5c09012SAndroid Build Coastguard Worker } 118*d5c09012SAndroid Build Coastguard Worker 119*d5c09012SAndroid Build Coastguard Worker // Generates an SBOM and other dependency information for the given resource. 120*d5c09012SAndroid Build Coastguard Worker rpc ExportSBOM(ExportSBOMRequest) returns (ExportSBOMResponse) { 121*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 122*d5c09012SAndroid Build Coastguard Worker post: "/v1beta1/{name=projects/*/resources/**}:exportSBOM" 123*d5c09012SAndroid Build Coastguard Worker body: "*" 124*d5c09012SAndroid Build Coastguard Worker }; 125*d5c09012SAndroid Build Coastguard Worker } 126*d5c09012SAndroid Build Coastguard Worker} 127*d5c09012SAndroid Build Coastguard Worker 128*d5c09012SAndroid Build Coastguard Worker// GeneratePackagesSummaryRequest is the request body for the 129*d5c09012SAndroid Build Coastguard Worker// GeneratePackagesSummary API method. It just takes a single name argument, 130*d5c09012SAndroid Build Coastguard Worker// referring to the resource. 131*d5c09012SAndroid Build Coastguard Workermessage GeneratePackagesSummaryRequest { 132*d5c09012SAndroid Build Coastguard Worker // Required. The name of the resource to get a packages summary for in the 133*d5c09012SAndroid Build Coastguard Worker // form of `projects/[PROJECT_ID]/resources/[RESOURCE_URL]`. 134*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = REQUIRED]; 135*d5c09012SAndroid Build Coastguard Worker} 136*d5c09012SAndroid Build Coastguard Worker 137*d5c09012SAndroid Build Coastguard Worker// A summary of the packages found within the given resource. 138*d5c09012SAndroid Build Coastguard Workermessage PackagesSummaryResponse { 139*d5c09012SAndroid Build Coastguard Worker // Per license count 140*d5c09012SAndroid Build Coastguard Worker message LicensesSummary { 141*d5c09012SAndroid Build Coastguard Worker // The license of the package. Note that the format of this value is not 142*d5c09012SAndroid Build Coastguard Worker // guaranteed. It may be nil, an empty string, a boolean value (A | B), a 143*d5c09012SAndroid Build Coastguard Worker // differently formed boolean value (A OR B), etc... 144*d5c09012SAndroid Build Coastguard Worker string license = 1; 145*d5c09012SAndroid Build Coastguard Worker 146*d5c09012SAndroid Build Coastguard Worker // The number of fixable vulnerabilities associated with this resource. 147*d5c09012SAndroid Build Coastguard Worker int64 count = 2; 148*d5c09012SAndroid Build Coastguard Worker } 149*d5c09012SAndroid Build Coastguard Worker 150*d5c09012SAndroid Build Coastguard Worker // The unique URL of the image or the container for which this summary 151*d5c09012SAndroid Build Coastguard Worker // applies. 152*d5c09012SAndroid Build Coastguard Worker string resource_url = 1; 153*d5c09012SAndroid Build Coastguard Worker 154*d5c09012SAndroid Build Coastguard Worker // A listing by license name of each of the licenses and their counts. 155*d5c09012SAndroid Build Coastguard Worker repeated LicensesSummary licenses_summary = 2; 156*d5c09012SAndroid Build Coastguard Worker} 157*d5c09012SAndroid Build Coastguard Worker 158*d5c09012SAndroid Build Coastguard Worker// The request to a call of ExportSBOM 159*d5c09012SAndroid Build Coastguard Workermessage ExportSBOMRequest { 160*d5c09012SAndroid Build Coastguard Worker // Required. The name of the resource in the form of 161*d5c09012SAndroid Build Coastguard Worker // `projects/[PROJECT_ID]/resources/[RESOURCE_URL]`. 162*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = REQUIRED]; 163*d5c09012SAndroid Build Coastguard Worker} 164*d5c09012SAndroid Build Coastguard Worker 165*d5c09012SAndroid Build Coastguard Worker// The response from a call to ExportSBOM 166*d5c09012SAndroid Build Coastguard Workermessage ExportSBOMResponse { 167*d5c09012SAndroid Build Coastguard Worker // The name of the discovery occurrence in the form 168*d5c09012SAndroid Build Coastguard Worker // "projects/{project_id}/occurrences/{OCCURRENCE_ID} 169*d5c09012SAndroid Build Coastguard Worker // It can be used to track the progression of the SBOM export. 170*d5c09012SAndroid Build Coastguard Worker string discovery_occurrence_id = 1; 171*d5c09012SAndroid Build Coastguard Worker} 172