Enable asset discovery

Demonstrates how to enable or disable asset discovery

Documentation pages that include this code sample

To view the code sample used in context, see the following documentation:

Code sample


import (

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"

// Turns on asset discovery for orgID and prints out updated settings to w.
// settings. orgID is the numeric Organization ID.
func enableAssetDiscovery(w io.Writer, orgID string) error {
	// orgID := "12321311"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %v", err)
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateOrganizationSettingsRequest{
		OrganizationSettings: &securitycenterpb.OrganizationSettings{
			Name:                 fmt.Sprintf("organizations/%s/organizationSettings", orgID),
			EnableAssetDiscovery: true,
		// Only update the asset discovery setting.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"enable_asset_discovery"},
	settings, err := client.UpdateOrganizationSettings(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateOrganizationSettings: %v", err)
	fmt.Fprintf(w, "Updated Settings for: %s\n", settings.Name)
	fmt.Fprintf(w, "Asset discovery on? %v\n", settings.EnableAssetDiscovery)
	return nil


static OrganizationSettings updateOrganizationSettings(OrganizationName organizationName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to update OrganizationSettings for.
    // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
    OrganizationSettings organizationSettings =
            .setName(organizationName.toString() + "/organizationSettings")
    FieldMask updateMask = FieldMask.newBuilder().addPaths("enable_asset_discovery").build();

    UpdateOrganizationSettingsRequest.Builder request =

    // Call the API.
    OrganizationSettings response = client.updateOrganizationSettings(request.build());

    System.out.println("Organization Settings have been updated:");
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);


// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function updateOrgSettings() {
  //  organizationId is the numeric ID of the organization.
   * TODO(developer): Uncomment the following lines
  // const organizationId = "111122222444";
  const orgName = client.organizationPath(organizationId);
  const [newSettings] = await client.updateOrganizationSettings({
    organizationSettings: {
      name: `${orgName}/organizationSettings`,
      enableAssetDiscovery: true,
    // Only update the enableAssetDiscovery field.
    updateMask: {paths: ['enable_asset_discovery']},

  console.log('New settings: %j', newSettings);


from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

# Create the client
client = securitycenter.SecurityCenterClient()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name = "organizations/{org_id}/organizationSettings".format(
# Only update the enable_asset_discovery_value (leave others untouched).
field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"])
# Call the service.
updated = client.update_organization_settings(
        "organization_settings": {
            "name": org_settings_name,
            "enable_asset_discovery": True,
        "update_mask": field_mask,
print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery))

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser