Google Cloud Security Command Center
Security Command Center API

The Security Command Center API provides programmatic access to security findings, assets, and sources within Google Cloud. Developers can use the API to list and manage security findings, create and manage notification configs, run asset discovery, and configure organization-level security settings.
Documentation GitHub OpenAPI
OpenAPI Specification

openapi: 3.1.0
info:
  title: Google Cloud Security Command Center API
  description: >-
    The Security Command Center API provides programmatic access to manage
    security findings, assets, sources, and notification configurations across
    an organization's Google Cloud resources. It enables security teams to
    detect threats, identify vulnerabilities, and manage compliance posture.
  version: v1
  contact:
    name: Google Cloud Support
    url: https://cloud.google.com/security-command-center/docs/support
  termsOfService: https://cloud.google.com/terms
externalDocs:
  description: Security Command Center API Documentation
  url: https://cloud.google.com/security-command-center/docs/reference/rest
servers:
  - url: https://securitycenter.googleapis.com/v1
    description: Production Server
tags:
  - name: Assets
    description: Operations for listing and managing cloud assets
  - name: Findings
    description: Operations for managing security findings
  - name: NotificationConfigs
    description: Operations for managing notification configurations
  - name: Sources
    description: Operations for managing security sources
security:
  - oauth2: []
paths:
  /organizations/{organizationId}/sources:
    get:
      operationId: listSources
      summary: Google Cloud Security Command Center List sources
      description: Lists all sources belonging to an organization.
      tags:
        - Sources
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - $ref: '#/components/parameters/pageSize'
        - $ref: '#/components/parameters/pageToken'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListSourcesResponse'
        '401':
          description: Unauthorized
        '403':
          description: Forbidden
    post:
      operationId: createSource
      summary: Google Cloud Security Command Center Create a source
      description: Creates a source within an organization.
      tags:
        - Sources
      parameters:
        - $ref: '#/components/parameters/organizationId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Source'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Source'
  /organizations/{organizationId}/sources/{sourceId}/findings:
    get:
      operationId: listFindings
      summary: Google Cloud Security Command Center List findings
      description: >-
        Lists an organization or source's findings. To list across all sources
        use a sourceId of -.
      tags:
        - Findings
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - $ref: '#/components/parameters/sourceId'
        - $ref: '#/components/parameters/pageSize'
        - $ref: '#/components/parameters/pageToken'
        - name: filter
          in: query
          description: Expression that defines the filter to apply across findings
          schema:
            type: string
        - name: orderBy
          in: query
          description: Expression that defines what fields and order to use for sorting
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListFindingsResponse'
    post:
      operationId: createFinding
      summary: Google Cloud Security Command Center Create a finding
      description: Creates a finding within a source.
      tags:
        - Findings
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - $ref: '#/components/parameters/sourceId'
        - name: findingId
          in: query
          required: true
          description: Unique identifier for the finding
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Finding'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Finding'
  /organizations/{organizationId}/assets:
    get:
      operationId: listAssets
      summary: Google Cloud Security Command Center List assets
      description: Lists an organization's assets.
      tags:
        - Assets
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - $ref: '#/components/parameters/pageSize'
        - $ref: '#/components/parameters/pageToken'
        - name: filter
          in: query
          description: Expression that defines the filter to apply across assets
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListAssetsResponse'
  /organizations/{organizationId}/notificationConfigs:
    get:
      operationId: listNotificationConfigs
      summary: Google Cloud Security Command Center List notification configs
      description: Lists notification configs for an organization.
      tags:
        - NotificationConfigs
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - $ref: '#/components/parameters/pageSize'
        - $ref: '#/components/parameters/pageToken'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListNotificationConfigsResponse'
    post:
      operationId: createNotificationConfig
      summary: Google Cloud Security Command Center Create a notification config
      description: Creates a notification config for an organization.
      tags:
        - NotificationConfigs
      parameters:
        - $ref: '#/components/parameters/organizationId'
        - name: configId
          in: query
          required: true
          description: Unique identifier for the notification config
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationConfig'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationConfig'
components:
  parameters:
    organizationId:
      name: organizationId
      in: path
      required: true
      description: The organization ID
      schema:
        type: string
    sourceId:
      name: sourceId
      in: path
      required: true
      description: The source ID
      schema:
        type: string
    pageSize:
      name: pageSize
      in: query
      description: The maximum number of results to return
      schema:
        type: integer
    pageToken:
      name: pageToken
      in: query
      description: Token for pagination
      schema:
        type: string
  schemas:
    Source:
      type: object
      properties:
        name:
          type: string
          description: The relative resource name of the source
        displayName:
          type: string
          description: The source's display name
        description:
          type: string
          description: The description of the source
    Finding:
      type: object
      properties:
        name:
          type: string
          description: The relative resource name of the finding
        parent:
          type: string
          description: The relative resource name of the source the finding belongs to
        state:
          type: string
          enum: [ACTIVE, INACTIVE]
          description: The state of the finding
        category:
          type: string
          description: The additional taxonomy group within findings from a given source
        resourceName:
          type: string
          description: The full resource name of the Google Cloud resource this finding is for
        severity:
          type: string
          enum: [CRITICAL, HIGH, MEDIUM, LOW]
          description: The severity of the finding
        eventTime:
          type: string
          format: date-time
          description: The time the finding was first detected
        createTime:
          type: string
          format: date-time
          description: The time at which the finding was created
    NotificationConfig:
      type: object
      properties:
        name:
          type: string
          description: The relative resource name of the notification config
        description:
          type: string
          description: The description of the notification config
        pubsubTopic:
          type: string
          description: The Pub/Sub topic to send notifications to
        streamingConfig:
          type: object
          properties:
            filter:
              type: string
              description: Expression that defines the filter to apply across findings
    ListSourcesResponse:
      type: object
      properties:
        sources:
          type: array
          items:
            $ref: '#/components/schemas/Source'
        nextPageToken:
          type: string
    ListFindingsResponse:
      type: object
      properties:
        listFindingsResults:
          type: array
          items:
            type: object
            properties:
              finding:
                $ref: '#/components/schemas/Finding'
        nextPageToken:
          type: string
        totalSize:
          type: integer
    ListAssetsResponse:
      type: object
      properties:
        listAssetsResults:
          type: array
          items:
            type: object
            properties:
              asset:
                type: object
                properties:
                  name:
                    type: string
                  securityCenterProperties:
                    type: object
                  resourceProperties:
                    type: object
        nextPageToken:
          type: string
        totalSize:
          type: integer
    ListNotificationConfigsResponse:
      type: object
      properties:
        notificationConfigs:
          type: array
          items:
            $ref: '#/components/schemas/NotificationConfig'
        nextPageToken:
          type: string
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://accounts.google.com/o/oauth2/auth
          tokenUrl: https://oauth2.googleapis.com/token
          scopes:
            https://www.googleapis.com/auth/cloud-platform: Full access to Google Cloud
Security Command Center API

Documentation

Specifications

Schemas & Data

Other Resources

OpenAPI Specification
