List assets with security marks
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to filter and list assets by security mark
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# List assets with security marks\n\nDemonstrates how to filter and list assets by security mark\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Managing security marks using the Security Command Center API](/security-command-center/docs/how-to-api-add-manage-security-marks)\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n \t\"cloud.google.com/go/securitycenter/apiv1/securitycenterpb\"\n \t\"google.golang.org/api/iterator\"\n )\n\n // listAssetsWithMarks prints assets that have a mark of key_a equal to value_a\n // to w for orgID. orgID is the numeric Organization ID.\n func listAssetsWithMarks(w io.Writer, orgID string) error {\n \t// orgID := \"12321311\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n\n \treq := &securitycenterpb.ListAssetsRequest{\n \t\t// Parent must be in one of the following formats:\n \t\t//\t\t\"organizations/{orgId}\"\n \t\t//\t\t\"projects/{projectId}\"\n \t\t//\t\t\"folders/{folderId}\"\n \t\tParent: fmt.Sprintf(\"organizations/%s\", orgID),\n \t\tFilter: `security_marks.marks.key_a = \"value_a\"`,\n \t}\n\n \tit := client.ListAssets(ctx, req)\n \tfor {\n \t\tresult, err := it.Next()\n \t\tif err == iterator.Done {\n \t\t\tbreak\n \t\t}\n \t\tif err != nil {\n \t\t\treturn fmt.Errorf(\"ListAssets: %w\", err)\n \t\t}\n \t\tasset := result.Asset\n \t\tproperties := asset.SecurityCenterProperties\n \t\tfmt.Fprintf(w, \"Asset Name: %s, \", asset.Name)\n \t\tfmt.Fprintf(w, \"Resource Name %s, \", properties.ResourceName)\n \t\tfmt.Fprintf(w, \"Resource Type %s\\n\", properties.ResourceType)\n \t}\n \treturn nil\n }\n\n### Java\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static ImmutableList\u003cListAssetsResult\u003e listAssetsWithQueryMarks(\n OrganizationName organizationName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // Start setting up a request to list all assets filtered by a specific security mark.\n // Parent must be in one of the following formats:\n // OrganizationName organizationName = OrganizationName.of(\"organization-id\");\n // ProjectName projectName = ProjectName.of(\"project-id\");\n // FolderName folderName = FolderName.of(\"folder-id\");\n ListAssetsRequest request =\n ListAssetsRequest.newBuilder()\n .setParent(organizationName.toString())\n .setFilter(\"security_marks.marks.key_a = \\\"value_a\\\"\")\n .build();\n\n // Call the API.\n ListAssetsPagedResponse response = client.listAssets(request);\n\n // This creates one list for all assets. If your organization has a large number of assets\n // this can cause out of memory issues. You can process them batches by returning\n // the Iterable returned response.iterateAll() directly.\n ImmutableList\u003cListAssetsResult\u003e results = ImmutableList.copyOf(response.iterateAll());\n System.out.println(\"Assets with security mark - key_a=value_a:\");\n System.out.println(results);\n return results;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\n### Node.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n // organizationId is the numeric ID of the organization.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // parent: must be in one of the following formats:\n // `organizations/${organization_id}`\n // `projects/${project_id}`\n // `folders/${folder_id}`\n const parent = `organizations/${organizationId}`;\n\n // Call the API with automatic pagination.\n async function listAssetsWithSecurityMarks() {\n const [response] = await client.listAssets({\n parent: parent,\n filter: 'security_marks.marks.key_a=\"value_a\"',\n });\n let count = 0;\n Array.from(response).forEach(result =\u003e\n console.log(\n `${++count} ${result.asset.name} ${\n result.asset.securityCenterProperties.resourceName\n }`\n )\n );\n }\n\n listAssetsWithSecurityMarks();\n\n### Python\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.cloud import securitycenter\n\n client = securitycenter.SecurityCenterClient()\n\n # 'parent' must be in one of the following formats:\n # \"organizations/{organization_id}\"\n # \"projects/{project_id}\"\n # \"folders/{folder_id}\"\n parent = f\"organizations/{organization_id}\"\n\n marks_filter = 'security_marks.marks.key_a = \"value_a\"'\n # Call the API and print results.\n asset_iterator = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_list_assets(\n request={\"parent\": parent, \"filter\": marks_filter}\n )\n for i, asset_result in enumerate(asset_iterator):\n print(i, asset_result)\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
