Method: organizations.securityAssessmentResults.batchCompute

Compute RAV2 security scores for a set of resources.

HTTP request

POST https://apigee.googleapis.com/v1/{name=organizations/*/securityAssessmentResults}:batchCompute

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. Name of the organization for which the score needs to be computed in the following format: organizations/{org}/securityAssessmentResults

Request body

The request body contains data with the following structure:

JSON representation 
{
  "profile": string,
  "scope": string,
  "pageSize": integer,
  "pageToken": string,

  // Union field resources can be only one of the following:
  "includeAllResources": {
    object (IncludeAll)
  },
  "include": {
    object (ResourceArray)
  }
  // End of list of possible types for union field resources.

  // Union field api_hub_scope can be only one of the following:
  "apiHubGateways": {
    object (ApiHubGatewayArray)
  },
  "apiHubApis": {
    object (ApiHubApiArray)
  }
  // End of list of possible types for union field api_hub_scope.
}
Fields
profile

string

Required. Name of the profile that is used for computation.
scope

string

Optional. Scope of the resources for the computation. When computing scores for Apigee proxies, the scope should be set to the environment of the resources. When computing scores for API Hub deployments, api_hub_scope should be set instead.
pageSize

integer

Optional. The maximum number of results to return. The service may return fewer than this value. If unspecified, at most 50 results will be returned.
pageToken

string

Optional. A page token, received from a previous securityAssessmentResults.batchCompute call. Provide this to retrieve the subsequent page.
Union field resources. REQUIRED resources can be only one of the following:
includeAllResources

object (IncludeAll)

Include all resources under the scope.
include

object (ResourceArray)

Include only these resources.
Union field api_hub_scope. API Hub scope to compute the security assessment results for the underlying deployments when RiskAssessmentType is API_HUB. This should not be set when RiskAssessmentType is APIGEE. api_hub_scope can be only one of the following:
apiHubGateways

object (ApiHubGatewayArray)

An array of API Hub Gateways to assess. A maximum of 3 gateways can be assessed.
apiHubApis

object (ApiHubApiArray)

An array of API Hub APIs to assess. A maximum of 1 API can be assessed.

Response body

Response for securityAssessmentResults.batchCompute.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "securityAssessmentResults": [
    {
      object (SecurityAssessmentResult)
    }
  ],
  "assessmentTime": string,
  "nextPageToken": string
}
Fields
securityAssessmentResults[]

object (SecurityAssessmentResult)

Default sort order is by resource name in alphabetic order.
assessmentTime

string (Timestamp format)

The time of the assessment api call.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
nextPageToken

string

A token that can be sent as pageToken to retrieve the next page. If this field is blank, there are no subsequent pages.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

ApiHubGatewayArray

Message for the array of API Hub Gateways.

JSON representation 
{
  "gateways": [
    string
  ]
}
Fields
gateways[]

string

Required. The array of API Hub Gateway IDs. Format: projects/{project}/locations/{location}/plugins/{plugin}/instances/{instance}

ApiHubApiArray

Message for the array of API Hub APIs.

JSON representation 
{
  "apis": [
    string
  ]
}
Fields
apis[]

string

Required. The array of API Hub API IDs. Format: projects/{project}/locations/{location}/apis/{api}

SecurityAssessmentResult

The security assessment result for one resource.

JSON representation 
{
  "resource": {
    object (Resource)
  },
  "createTime": string,

  // Union field result can be only one of the following:
  "scoringResult": {
    object (ScoringResult)
  },
  "error": {
    object (Status)
  }
  // End of list of possible types for union field result.
}
Fields
resource

object (Resource)

The assessed resource.
createTime

string (Timestamp format)

The time of the assessment of this resource. This could lag behind assessmentTime due to caching within the backend.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

Union field result.

result can be only one of the following:
scoringResult

object (ScoringResult)

The result of the assessment.
error

object (Status)

The error status if scoring fails.

Resource

Resource for which we are computing security assessment.

JSON representation 
{
  "type": enum (ResourceType),
  "name": string,
  "resourceRevisionId": string,
  "apiHubDeploymentDetails": {
    object (ApiHubDeploymentDetails)
  }
}
Fields
type

enum (ResourceType)

Required. Type of this resource.
name

string

Required. Name of this resource. For an Apigee API Proxy, this should be the id of the API proxy. For an API Hub Deployment, this should be the id of the deployment.
resourceRevisionId

string

The revision id for the resource. In case of Apigee, this is proxy revision id.
apiHubDeploymentDetails

object (ApiHubDeploymentDetails)

Output only. Additional details for the API Hub deployment.

ResourceType

Type of the resource

Enums
RESOURCE_TYPE_UNSPECIFIED ResourceType not specified.
API_PROXY Resource is an Apigee Proxy.
API_HUB_DEPLOYMENT Resource is an API Hub deployment.

ApiHubDeploymentDetails

Additional details if the resource is an API Hub deployment.

JSON representation 
{
  "displayName": string,
  "gatewayType": enum (ApiHubGatewayType),
  "gateway": string,
  "sourceProject": string,
  "resourceUri": string
}
Fields
displayName

string

The display name of the API Hub deployment.
gatewayType

enum (ApiHubGatewayType)

The gateway type for the API Hub deployment.
gateway

string

The gateway for the API Hub deployment. Format: projects/{project}/locations/{location}/plugins/{plugin}/instances/{instance}
sourceProject

string

The source project for the API Hub deployment.
resourceUri

string

The resource uri for the API Hub deployment.

ScoringResult

The result of the assessment.

JSON representation 
{
  "score": integer,
  "severity": enum (Severity),
  "failedAssessmentPerWeight": {
    string: integer,
    ...
  },
  "assessmentRecommendations": {
    string: {
      object (AssessmentRecommendation)
    },
    ...
  },
  "dataUpdateTime": string
}
Fields
score

integer

The security score of the assessment.
severity

enum (Severity)
failedAssessmentPerWeight

map (key: string, value: integer)

The number of failed assessments grouped by its weight. Keys are one of the following: "MAJOR", "MODERATE", "MINOR".

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
assessmentRecommendations

map (key: string, value: object (AssessmentRecommendation))

The recommendations of the assessment. The key is the "name" of the assessment (not displayName), and the value are the recommendations.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
dataUpdateTime

string (Timestamp format)

The time when resource data was last fetched for this resource. This time may be different than when the resource was actually updated due to lag in data collection.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

Severity

The severity definition.

Enums
SEVERITY_UNSPECIFIED Severity is not defined.
LOW Severity is low.
MEDIUM Severity is medium.
HIGH Severity is high.
MINIMAL Severity is minimal

AssessmentRecommendation

The message format of a recommendation from the assessment.

JSON representation 
{
  "displayName": string,
  "weight": enum (Weight),
  "scoreImpact": integer,
  "verdict": enum (Verdict),
  "recommendations": [
    {
      object (Recommendation)
    }
  ]
}
Fields
displayName

string

The display name of the assessment.
weight

enum (Weight)

The weight of the assessment which was set in the profile.
scoreImpact

integer

Score impact indicates the impact on the overall score if the assessment were to pass.
verdict

enum (Verdict)

Verdict indicates the assessment result.
recommendations[]

object (Recommendation)

The recommended steps of the assessment.

Weight

The assessment weight of a assessment within the profile.

Enums
WEIGHT_UNSPECIFIED The weight is unspecified.
MINOR The weight is minor.
MODERATE The weight is moderate.
MAJOR The weight is major.

Verdict

Verdict indicates the assessment result.

Enums
VERDICT_UNSPECIFIED The verdict is unspecified.
PASS The assessment has passed.
FAIL The assessment has failed.
NOT_APPLICABLE The verdict is not applicable.

Recommendation

The format of the assessment recommendation.

JSON representation 
{
  "description": string,
  "link": {
    object (Link)
  }
}
Fields
description

string

The description of the recommendation.