java-docs-samples icon indicating copy to clipboard operation
java-docs-samples copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

security-command-center: no code samples for managing security marks on assets

Open hegemonic opened this issue 1 year ago • 2 comments

In which file did you encounter the issue?

https://github.com/GoogleCloudPlatform/java-docs-samples/tree/dd24a493/security-command-center/snippets/src/main/java/vtwo/marks

Did you change the file? If so, how?

no

Describe the issue

There are no code samples that show how to use Security Command Center v2 to manage security marks for assets. We only have code samples for security marks on findings.

We need v2 equivalents of several v1 snippets from this file: https://github.com/googleapis/google-cloud-java/blob/cff95fd0631777a9a8f077848c39d458c7e5b339/google-cloud-examples/src/main/java/com/google/cloud/examples/securitycenter/snippets/SecurityMarkSnippets.java

Specifically, we need v2 equivalents of the samples with the following region tags:

  • securitycenter_add_security_marks
  • securitycenter_delete_security_marks
  • securitycenter_add_delete_security_marks

cc: @owenhuyn

hegemonic avatar Oct 18 '24 21:10 hegemonic

Asset APIs are not carried over to the V2 API as they are deprecated. Hence security marks are only for findings in the V2 API. This is by design and we don't need V2 equivalents of asset samples that are currently in V1.

owenhuyn avatar Oct 18 '24 21:10 owenhuyn

I discussed this offline with @owenhuyn, and he agreed that security marks for assets are supported in the v2 API. Other methods related to assets are not supported in v2.

For example, see the organizations.assets.updateSecurityMarks method in the SCC v2 API.

hegemonic avatar Oct 18 '24 23:10 hegemonic