feat: add ExportSBOM API method for v1

Google APIs · copybara-github · commit 7a92b96c2a98 · 2025-03-24T13:45:02.000-07:00
docs: Minor formatting changes to proto headers

PiperOrigin-RevId: 740056523
diff --git a/google/devtools/containeranalysis/v1/containeranalysis.proto b/google/devtools/containeranalysis/v1/containeranalysis.proto
@@ -29,8 +29,8 @@ option go_package = "cloud.google.com/go/containeranalysis/apiv1/containeranalys
 option java_multiple_files = true;
 option java_package = "com.google.containeranalysis.v1";
 option objc_class_prefix = "GCA";
-option ruby_package = "Google::Cloud::ContainerAnalysis::V1";
 option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1";
+option ruby_package = "Google::Cloud::ContainerAnalysis::V1";
 
 // Retrieves analysis results of Cloud components such as Docker container
 // images. The Container Analysis API is an implementation of the
@@ -47,7 +47,8 @@ option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1";
 // image with the vulnerability referring to that note.
 service ContainerAnalysis {
   option (google.api.default_host) = "containeranalysis.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
 
   // Sets the access control policy on the specified note or occurrence.
   // Requires `containeranalysis.notes.setIamPolicy` or
@@ -57,14 +58,23 @@ service ContainerAnalysis {
   // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
   // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
   // occurrences.
-  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
+  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
+      returns (google.iam.v1.Policy) {
     option (google.api.http) = {
       post: "/v1/{resource=projects/*/notes/*}:setIamPolicy"
       body: "*"
       additional_bindings {
         post: "/v1/{resource=projects/*/occurrences/*}:setIamPolicy"
         body: "*"
       }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/notes/*}:setIamPolicy"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/occurrences/*}:setIamPolicy"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "resource,policy";
   }
@@ -77,14 +87,23 @@ service ContainerAnalysis {
   // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
   // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
   // occurrences.
-  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
+  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
+      returns (google.iam.v1.Policy) {
     option (google.api.http) = {
       post: "/v1/{resource=projects/*/notes/*}:getIamPolicy"
       body: "*"
       additional_bindings {
         post: "/v1/{resource=projects/*/occurrences/*}:getIamPolicy"
         body: "*"
       }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/notes/*}:getIamPolicy"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/occurrences/*}:getIamPolicy"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "resource";
   }
@@ -96,31 +115,85 @@ service ContainerAnalysis {
   // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
   // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
   // occurrences.
-  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
+  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
+      returns (google.iam.v1.TestIamPermissionsResponse) {
     option (google.api.http) = {
       post: "/v1/{resource=projects/*/notes/*}:testIamPermissions"
       body: "*"
       additional_bindings {
         post: "/v1/{resource=projects/*/occurrences/*}:testIamPermissions"
         body: "*"
       }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/notes/*}:testIamPermissions"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/locations/*/occurrences/*}:testIamPermissions"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "resource,permissions";
   }
 
   // Gets a summary of the number and severity of occurrences.
-  rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) {
+  rpc GetVulnerabilityOccurrencesSummary(
+      GetVulnerabilityOccurrencesSummaryRequest)
+      returns (VulnerabilityOccurrencesSummary) {
     option (google.api.http) = {
       get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary"
+      additional_bindings {
+        get: "/v1/{parent=projects/*/locations/*}/occurrences:vulnerabilitySummary"
+      }
     };
     option (google.api.method_signature) = "parent,filter";
   }
+
+  // Generates an SBOM for the given resource.
+  rpc ExportSBOM(ExportSBOMRequest) returns (ExportSBOMResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/resources/**}:exportSBOM"
+      body: "*"
+      additional_bindings {
+        post: "/v1/{name=projects/*/locations/*/resources/**}:exportSBOM"
+        body: "*"
+      }
+    };
+  }
+}
+
+// The request to generate and export SBOM. Target must be specified for the
+// request.
+message ExportSBOMRequest {
+  // Empty placeholder to denote that this is a Google Cloud Storage
+  // export request.
+  message CloudStorageLocation {}
+
+  // Required. The name of the resource in the form of
+  // `projects/[PROJECT_ID]/resources/[RESOURCE_URL]`.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // The location of the SBOM export.
+  oneof target {
+    // Optional. Empty placeholder to denote that this is a Google Cloud Storage
+    // export request.
+    CloudStorageLocation cloud_storage_location = 2
+        [(google.api.field_behavior) = OPTIONAL];
+  }
+}
+
+// The response from a call to ExportSBOM.
+message ExportSBOMResponse {
+  // The name of the discovery occurrence in the form
+  // "projects/{project_id}/occurrences/{OCCURRENCE_ID}
+  // It can be used to track the progress of the SBOM export.
+  string discovery_occurrence = 1;
 }
 
 // Request to get a vulnerability summary for some set of occurrences.
 message GetVulnerabilityOccurrencesSummaryRequest {
-  // Required. The name of the project to get a vulnerability summary for in the form of
-  // `projects/[PROJECT_ID]`.
+  // Required. The name of the project to get a vulnerability summary for in the
+  // form of `projects/[PROJECT_ID]`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
diff --git a/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml b/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml
@@ -8,17 +8,18 @@ apis:
 
 documentation:
   summary: |-
-    An implementation of the Grafeas API, which stores, and enables querying
-    and retrieval of critical metadata about all of your software artifacts.
+    This API is a prerequisite for leveraging Artifact Analysis
+    scanning capabilities in both Artifact Registry and with Advanced
+    Vulnerability Insights (runtime scanning) in GKE.
+
+    In addition, the Container Analysis API is an implementation of the
+    Grafeas API, which enables storing, querying, and retrieval of critical
+    metadata
+    about all of your software artifacts.
   overview: |-
     The Container Analysis API allows you to store and retrieve metadata for a
     container resource.
 
-backend:
-  rules:
-  - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*'
-    deadline: 30.0
-
 authentication:
   rules:
   - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*'
