Job triggers

A job trigger is an event that automates the creation of DLP jobs to scan Google Cloud Platform storage repositories. The Cloud Data Loss Prevention (DLP) API supports scheduled triggers to run storage inspection jobs at regular intervals. These triggers can also be configured to look for new findings since the last scan run. They can be useful for monitoring changes or additions to content, or generating up-to-date findings reports.

  • Scheduled trigger: Triggers a job to run periodically, every n seconds. The minimum period is 1 day (86400s), and the maximum period is 60 days (5184000s).

The JobTrigger object

A job trigger is represented in the DLP API by the JobTrigger object.

Job trigger configuration fields

Each JobTrigger contains several configuration fields, including:

  • The trigger’s name and display name, and a description.
  • A collection of Trigger objects, each of which contains a Schedule object, which defines the scan recurrence in seconds.
  • An InspectJobConfig object, which contains the configuration information for the triggered job.
  • A Status enumeration, which indicates whether the trigger is currently active.
  • Timestamp fields representing creation, update, and last run times.
  • A collection of Error objects, if any were encountered when the trigger was activated.

Job trigger methods

Each JobTrigger object also includes several built-in methods. Using these methods you can:

Using Job triggers

This section describes how to use job triggers to only scan new content, and how to trigger jobs every time a file is uploaded to Cloud Storage using Cloud Functions.

Limit scans to only new content

You can also set an option to automatically set the timespan date for files stored in either Cloud Storage or BigQuery. Once you’ve set the TimespanConfig object to auto-populate, the DLP API will only scan data that has been added or modified since the last trigger ran:

...
  timespan_config {
        enable_auto_population_of_timespan_config: true
      }
...

Trigger jobs at file upload

In addition to the support for job triggers that is built into the DLP API, the GCP also has a variety of other components that can be used to integrate or trigger DLP jobs. For example, you can use Cloud Functions to trigger a DLP scan every time a file is uploaded to Cloud Storage.

For step-by-step instructions about how to do this, see Automating the Classification of Data Uploaded to Cloud Storage.

Was this page helpful? Let us know how we did:

Send feedback about...

Data Loss Prevention API