ContainerAnalysisClient

ContainerAnalysisClient

Retrieves analysis results of Cloud components such as Docker container images. The Container Analysis API is an implementation of the Grafeas API.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Constructor

new ContainerAnalysisClient(optionsopt)

Construct an instance of ContainerAnalysisClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. The options accepted by the constructor are described in detail in this document. The common options are:

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.
keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.
port number <optional>

The port on which to connect to the remote host.
projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.
apiEndpoint string <optional>

The domain name of the API remote host.
clientConfig gax.ClientConfig <optional>

Client configuration override. Follows the structure of gapicConfig.
fallback boolean <optional>

Use HTTP fallback mode. In fallback mode, a special browser-compatible transport implementation is used instead of gRPC transport. In browser context (if the window object is defined) the fallback mode is enabled automatically; set options.fallback to false if you need to override this behavior.

Members

apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

port

The port for this API service.

scopes

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

The DNS address for this API service.

Methods

close() → {Promise}

Terminate the gRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Returns:
Type Description
Promise

A promise that resolves when the client is closed.

getGrafeasClient() → {GrafeasClient}

Returns an instance of a @google-cloud/grafeas client, configured to connect to Google Cloud's Container Analysis API. For documentation on this client, see: https://googleapis.dev/nodejs/grafeas/latest/index.html

Returns:
Type Description
GrafeasClient
  • An instance of a Grafeas client.

getIamPolicy(request, optionsopt) → {Promise}

Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
options google.iam.v1.GetPolicyOptions

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Promise
  • The promise which resolves to an array. The first element of the array is an object representing Policy. Please see the documentation for more details and examples.
Example
const [response] = await client.getIamPolicy(request);

getProjectId() → {Promise}

Return the project ID used by this class.

Returns:
Type Description
Promise

A promise that resolves to string containing the project ID.

getVulnerabilityOccurrencesSummary(request, optionsopt) → {Promise}

Gets a summary of the number and severity of occurrences.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID].
filter string

The filter expression.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Promise
Example
const [response] = await client.getVulnerabilityOccurrencesSummary(request);

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

Returns:
Type Description
Promise

A promise that resolves to an authenticated service stub.

matchNoteFromNoteName(noteName) → {string}

Parse the note from Note resource.

Parameters:
Name Type Description
noteName string

A fully-qualified path representing Note resource.
Returns:
Type Description
string

A string representing the note.

matchOccurrenceFromOccurrenceName(occurrenceName) → {string}

Parse the occurrence from Occurrence resource.

Parameters:
Name Type Description
occurrenceName string

A fully-qualified path representing Occurrence resource.
Returns:
Type Description
string

A string representing the occurrence.

matchProjectFromNoteName(noteName) → {string}

Parse the project from Note resource.

Parameters:
Name Type Description
noteName string

A fully-qualified path representing Note resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromOccurrenceName(occurrenceName) → {string}

Parse the project from Occurrence resource.

Parameters:
Name Type Description
occurrenceName string

A fully-qualified path representing Occurrence resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectName(projectName) → {string}

Parse the project from Project resource.

Parameters:
Name Type Description
projectName string

A fully-qualified path representing Project resource.
Returns:
Type Description
string

A string representing the project.

notePath(project, note) → {string}

Return a fully-qualified note resource name string.

Parameters:
Name Type Description
project string
note string
Returns:
Type Description
string

Resource name string.

occurrencePath(project, occurrence) → {string}

Return a fully-qualified occurrence resource name string.

Parameters:
Name Type Description
project string
occurrence string
Returns:
Type Description
string

Resource name string.

projectPath(project) → {string}

Return a fully-qualified project resource name string.

Parameters:
Name Type Description
project string
Returns:
Type Description
string

Resource name string.

setIamPolicy(request, optionsopt) → {Promise}

Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
policy google.iam.v1.Policy

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Promise
  • The promise which resolves to an array. The first element of the array is an object representing Policy. Please see the documentation for more details and examples.
Example
const [response] = await client.setIamPolicy(request);

testIamPermissions(request, optionsopt) → {Promise}

Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list).

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
permissions Array.<string>

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Promise
Example
const [response] = await client.testIamPermissions(request);