google-cloud-containeranalysis overview (2.41.0)

Key Reference Links

Cloud Container Analysis Description: Is a service that provides vulnerability scanning and metadata storage for software artifacts. The service performs vulnerability scans on built software artifacts, such as the images in Container Registry, then stores the resulting metadata and makes it available for consumption through an API. The metadata may come from several sources, including vulnerability scanning, other Cloud services, and third-party providers.

Getting Started

In order to use this library, you first need to go through the following steps:

• Install a JDK (Java Development Kit)
• Select or create a Cloud Platform project
• Enable billing for your project
• Enable the API
• Set up authentication

Use the Cloud Container Analysis for Java

To ensure that your project uses compatible versions of the libraries and their component artifacts, import com.google.cloud:libraries-bom and use the BOM to specify dependency versions. Be sure to remove any versions that you set previously. For more information about BOMs, see Google Cloud Platform Libraries BOM.

Maven

Import the BOM in the dependencyManagement section of your pom.xml file. Include specific artifacts you depend on in the dependencies section, but don't specify the artifacts' versions in the dependencies section.

The example below demonstrates how you would import the BOM and include the google-cloud-containeranalysis artifact.

<dependencyManagement>
 <dependencies>
   <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>libraries-bom</artifactId>
      <version>  26.36.0</version>
      <type>pom</type>
      <scope>import</scope>
   </dependency>
 </dependencies>
</dependencyManagement>

<dependencies>
 <dependency>
   <groupId>com.google.cloud</groupId>
   <artifactId>google-cloud-containeranalysis</artifactId>
 </dependency>
</dependencies>

Gradle

BOMs are supported by default in Gradle 5.x or later. Add a platform dependency on com.google.cloud:libraries-bom and remove the version from the dependency declarations in the artifact's build.gradle file.

The example below demonstrates how you would import the BOM and include the google-cloud-containeranalysis artifact.

implementation platform('com.google.cloud:libraries-bom:  26.36.0')
implementation 'com.google.cloud:google-cloud-containeranalysis'

The platform and enforcedPlatform keywords supply dependency versions declared in a BOM. The enforcedPlatform keyword enforces the dependency versions declared in the BOM and thus overrides what you specified.

For more details of the platform and enforcedPlatform keywords Gradle 5.x or higher, see Gradle: Importing Maven BOMs.

If you're using Gradle 4.6 or later, add enableFeaturePreview('IMPROVED_POM_SUPPORT') to your settings.gradle file. For details, see Gradle 4.6 Release Notes: BOM import. Versions of Gradle earlier than 4.6 don't support BOMs.

SBT

SBT doesn't support BOMs. You can find recommended versions of libraries from a particular BOM version on the dashboard and set the versions manually. To use the latest version of this library, add this to your dependencies:

libraryDependencies += "com.google.cloud" % "google-cloud-containeranalysis" % "2.41.0"

Which version should I use?

For this library, we recommend using API version v1 for new applications.

Each Cloud Java client library may contain multiple packages. Each package containing a version number in its name corresponds to a published version of the service. We recommend using the latest stable version for new production applications, which can be identified by the largest numeric version that does not contain a suffix. For example, if a client library has two packages: v1 and v2alpha, then the latest stable version is v1. If you use an unstable release, breaking changes may be introduced when upgrading. You can read more about Cloud API versioning strategy here.