On-Demand Scanning API . projects . locations . scans

Instance Methods

vulnerabilities()

Returns the vulnerabilities Resource.

analyzePackages(parent, body=None, x__xgafv=None)

Initiates an analysis of the provided packages.

close()

Close httplib2 connections.

Method Details

analyzePackages(parent, body=None, x__xgafv=None)
Initiates an analysis of the provided packages.

Args:
  parent: string, Required. The parent of the resource for which analysis is requested. Format: projects/[project_name]/locations/[location] (required)
  body: object, The request body.
    The object takes the form of:

{ # AnalyzePackagesRequest is the request to analyze a list of packages and create Vulnerability Occurrences for it.
  "packages": [ # The packages to analyze.
    {
      "architecture": "A String", # The architecture of the package.
      "binarySourceInfo": [ # A bundle containing the binary and source information.
        {
          "binaryVersion": { # The binary package. This is significant when the source is different than the binary itself. Historically if they've differed, we've stored the name of the source and its version in the package/version fields, but we should also store the binary package info, as that's what's actually installed. See b/175908657#comment15.
            "licenses": [ # The licenses associated with this package. Note that this has to go on the PackageVersion level, because we can have cases with images with the same source having different licences. E.g. in Alpine, musl and musl-utils both have the same origin musl, but have different sets of licenses.
              "A String",
            ],
            "name": "A String",
            "version": "A String",
          },
          "sourceVersion": { # The source package. Similar to the above, this is significant when the source is different than the binary itself. Since the top-level package/version fields are based on an if/else, we need a separate field for both binary and source if we want to know definitively where the data is coming from.
            "licenses": [ # The licenses associated with this package. Note that this has to go on the PackageVersion level, because we can have cases with images with the same source having different licences. E.g. in Alpine, musl and musl-utils both have the same origin musl, but have different sets of licenses.
              "A String",
            ],
            "name": "A String",
            "version": "A String",
          },
        },
      ],
      "binaryVersion": { # DEPRECATED
        "licenses": [ # The licenses associated with this package. Note that this has to go on the PackageVersion level, because we can have cases with images with the same source having different licences. E.g. in Alpine, musl and musl-utils both have the same origin musl, but have different sets of licenses.
          "A String",
        ],
        "name": "A String",
        "version": "A String",
      },
      "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability may manifest. Examples include distro or storage location for vulnerable jar.
      "dependencyChain": [ # The dependency chain between this package and the user's artifact. List in order from the customer's package under review first, to the current package last. Inclusive of the original package and the current package.
        { # Indicates a language package available between this package and the customer's resource artifact.
          "package": "A String",
          "version": "A String",
        },
      ],
      "fileLocation": [ # The path to the jar file / go binary file.
        { # Indicates the location at which a package was found.
          "filePath": "A String", # For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
        },
      ],
      "hashDigest": "A String", # HashDigest stores the SHA512 hash digest of the jar file if the package is of type Maven. This field will be unset for non Maven packages.
      "licenses": [ # The list of licenses found that are related to a given package. Note that licenses may also be stored on the BinarySourceInfo. If there is no BinarySourceInfo (because there's no concept of source vs binary), then it will be stored here, while if there are BinarySourceInfos, it will be stored there, as one source can have multiple binaries with different licenses.
        "A String",
      ],
      "maintainer": { # The maintainer of the package.
        "email": "A String",
        "kind": "A String",
        "name": "A String",
        "url": "A String",
      },
      "os": "A String", # The OS affected by a vulnerability Used to generate the cpe_uri for OS packages
      "osVersion": "A String", # The version of the OS Used to generate the cpe_uri for OS packages
      "package": "A String", # The package being analysed for vulnerabilities
      "packageType": "A String", # The type of package: os, maven, go, etc.
      "patchedCve": [ # CVEs that this package is no longer vulnerable to go/drydock-dd-custom-binary-scanning
        "A String",
      ],
      "sourceVersion": { # DEPRECATED
        "licenses": [ # The licenses associated with this package. Note that this has to go on the PackageVersion level, because we can have cases with images with the same source having different licences. E.g. in Alpine, musl and musl-utils both have the same origin musl, but have different sets of licenses.
          "A String",
        ],
        "name": "A String",
        "version": "A String",
      },
      "unused": "A String",
      "version": "A String", # The version of the package being analysed
    },
  ],
  "resourceUri": "A String", # Required. The resource URI of the container image being scanned.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
close()
Close httplib2 connections.