HEX
Server: Apache/2.4.59 (Debian)
System: Linux keymana 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
User: lijunjie (1003)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /lib/google-cloud-sdk/lib/surface/scc/findings/
Upload Files
File: //lib/google-cloud-sdk/lib/surface/scc/findings/list.yaml
- release_tracks: [ALPHA, BETA, GA]

  help_text:
    brief: List an organization or source's findings.
    description:  List an organization or source's findings. To list across all sources provide a '-' as the source id.
    examples: |
      List all ACTIVE findings under organization 123456 across all sources:

        $ {command} 123456 --filter "state=\"ACTIVE\""

      List all ACTIVE findings under organization 123456 and source 5678:

        $ {command} 123456 --source 5678 --filter "state=\"ACTIVE\""

      Only list category and resource_name of all ACTIVE findings under organization 123456 and source 5678:

        $ {command} 123456 --source=5678  --filter="state=\"ACTIVE\"" --field-mask="finding.category,finding.resource_name"

      List all ACTIVE findings of XSS category/type, under organization 123456 and source 5678:

        $ {command} 123456 --source 5678 --filter "state=\"ACTIVE\" AND category=\"XSS\""

      List all findings attached to a particular resource under organization 123456:

        $ {command} 123456 --filter "resource_name=\"//container.googleapis.com/projects/pid/zones/zone-id/clusters/cluster-id\""

      List all ACTIVE findings that took place on 2019-01-01T01:00:00 GMT time, under organization 123456:

        $ {command} 123456 --filter "state=\"ACTIVE\" AND event_time > 1546304400000"

      List all findings that were ACTIVE as of 2019-01-01T01:00:00 GMT time, under organization 123456:

        $ {command} 123456 --filter "state=\"ACTIVE\"" --read-time "2019-01-01T01:00:00Z"

  request:
    collection: securitycenter.organizations.sources.findings
    api_version: v1
    modify_request_hooks:
    - googlecloudsdk.command_lib.scc.findings.request_hooks:ListFindingsReqHook

  arguments:
    additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendOrgArg

    params:
    - !REF googlecloudsdk.command_lib.scc.flags:page_token
    - !REF googlecloudsdk.command_lib.scc.flags:read_time
    - !REF googlecloudsdk.command_lib.scc.findings.flags:source
    - arg_name: compare-duration
      api_field: compareDuration
      help_text: |
        ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had
        its state changed, the finding's state remained unchanged, or if the finding was added in
        any state during the compare_duration period of time that precedes the read_time.
        This is the time between (read_time - compare_duration) and read_time.
        The state_change value is derived based on the presence and state of the finding at the two
        points in time. Intermediate state changes between the two times don't affect the result.
        For example, the results aren't affected if the finding is made inactive and then active
        again. Possible "state_change" values when compare_duration is specified:
        "CHANGED" indicates that the finding was present at the start of compare_duration, but
        changed its state at read_time.
        "UNCHANGED" indicates that the finding was present at the start of compare_duration and did
        not change state at read_time.
        "ADDED" indicates that the finding was not present at the start of compare_duration, but was
        present at read_time.
        If compare_duration is not specified, then the only possible state_change is "UNUSED", which
        will be the state_change set for all findings present at read_time.
        Example duration: "100000s"
    - arg_name: field-mask
      api_field: fieldMask
      help_text: |
        Field mask to specify the finding fields listed in the response. An empty field
        mask will list all fields. For example: --field-mask="finding.category,finding.resource_name" will only
        output category and resource_name for the findings in addition to default attributes. Notice
        the difference between hyphens (-) used with flags v/s camel case used in field masks.
        An empty or missing field mask will list all fields.
      # Cloud SCC doesn't use gcloud's sort-by flag since that sorts at the client level while
      # Cloud SCC's  ordering needs to be passed to the server.
    - arg_name: order-by
      api_field: orderBy
      help_text: |
        Expression that defines what fields and order to use for sorting. String value
        should follow SQL syntax: comma separated list of fields. For example:
        "name,resource_properties.a_property". The default sorting order is ascending.
        To specify descending order for a field, a suffix " desc" should be appended to
        the field name. For example: --order-by "name desc,source_properties.a_property" will
        order by name in descending order while source_properties.a_property in ascending order.
@ Telegram