// Copyright 2019 Google LLC. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // syntax = "proto3"; package google.cloud.websecurityscanner.v1beta; import "google/api/annotations.proto"; import "google/cloud/websecurityscanner/v1beta/scan_run.proto"; import "google/protobuf/timestamp.proto"; option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1beta;websecurityscanner"; option java_multiple_files = true; option java_outer_classname = "ScanConfigProto"; option java_package = "com.google.cloud.websecurityscanner.v1beta"; // A ScanConfig resource contains the configurations to launch a scan. message ScanConfig { // Scan authentication configuration. message Authentication { // Describes authentication configuration that uses a Google account. message GoogleAccount { // Required. // The user name of the Google account. string username = 1; // Input only. // Required. // The password of the Google account. The credential is stored encrypted // and not returned in any response nor included in audit logs. string password = 2; } // Describes authentication configuration that uses a custom account. message CustomAccount { // Required. // The user name of the custom account. string username = 1; // Input only. // Required. // The password of the custom account. The credential is stored encrypted // and not returned in any response nor included in audit logs. string password = 2; // Required. // The login form URL of the website. string login_url = 3; } // Required. // Authentication configuration oneof authentication { // Authentication using a Google account. GoogleAccount google_account = 1; // Authentication using a custom account. CustomAccount custom_account = 2; } } // Scan schedule configuration. message Schedule { // A timestamp indicates when the next run will be scheduled. The value is // refreshed by the server after each run. If unspecified, it will default // to current server time, which means the scan will be scheduled to start // immediately. google.protobuf.Timestamp schedule_time = 1; // Required. // The duration of time between executions in days. int32 interval_duration_days = 2; } // Type of user agents used for scanning. enum UserAgent { // The user agent is unknown. Service will default to CHROME_LINUX. USER_AGENT_UNSPECIFIED = 0; // Chrome on Linux. This is the service default if unspecified. CHROME_LINUX = 1; // Chrome on Android. CHROME_ANDROID = 2; // Safari on IPhone. SAFARI_IPHONE = 3; } // Cloud platforms supported by Cloud Web Security Scanner. enum TargetPlatform { // The target platform is unknown. Requests with this enum value will be // rejected with INVALID_ARGUMENT error. TARGET_PLATFORM_UNSPECIFIED = 0; // Google App Engine service. APP_ENGINE = 1; // Google Compute Engine service. COMPUTE = 2; } // Scan risk levels supported by Cloud Web Security Scanner. LOW impact // scanning will minimize requests with the potential to modify data. To // achieve the maximum scan coverage, NORMAL risk level is recommended. enum RiskLevel { // Use default, which is NORMAL. RISK_LEVEL_UNSPECIFIED = 0; // Normal scanning (Recommended) NORMAL = 1; // Lower impact scanning LOW = 2; } // Controls export of scan configurations and results to Cloud Security // Command Center. enum ExportToSecurityCommandCenter { // Use default, which is ENABLED. EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0; // Export results of this scan to Cloud Security Command Center. ENABLED = 1; // Do not export results of this scan to Cloud Security Command Center. DISABLED = 2; } // The resource name of the ScanConfig. The name follows the format of // 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are // generated by the system. string name = 1; // Required. // The user provided display name of the ScanConfig. string display_name = 2; // The maximum QPS during scanning. A valid value ranges from 5 to 20 // inclusively. If the field is unspecified or its value is set 0, server will // default to 15. Other values outside of [5, 20] range will be rejected with // INVALID_ARGUMENT error. int32 max_qps = 3; // Required. // The starting URLs from which the scanner finds site pages. repeated string starting_urls = 4; // The authentication configuration. If specified, service will use the // authentication configuration during scanning. Authentication authentication = 5; // The user agent used during scanning. UserAgent user_agent = 6; // The blacklist URL patterns as described in // https://cloud.google.com/security-scanner/docs/excluded-urls repeated string blacklist_patterns = 7; // The schedule of the ScanConfig. Schedule schedule = 8; // Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be // used as a default. repeated TargetPlatform target_platforms = 9; // Controls export of scan configurations and results to Cloud Security // Command Center. ExportToSecurityCommandCenter export_to_security_command_center = 10; // Latest ScanRun if available. ScanRun latest_run = 11; // The risk level selected for the scan RiskLevel risk_level = 12; }