Types for Grafeas API Client#

class grafeas.grafeas_v1.types.AliasContext#

An alias to a repo revision.

kind#

The alias kind.

name#

The alias name.

kind

Field grafeas.v1.AliasContext.kind

name

Field grafeas.v1.AliasContext.name

class grafeas.grafeas_v1.types.Any#
type_url#

Field google.protobuf.Any.type_url

value#

Field google.protobuf.Any.value

class grafeas.grafeas_v1.types.Artifact#

Artifact describes a build product.

checksum#

Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.

id#

Artifact ID, if any; for container images, this will be a URL by digest like gcr.io/projectID/imagename@sha256:123456.

names#

Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to docker push. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.

checksum

Field grafeas.v1.Artifact.checksum

id

Field grafeas.v1.Artifact.id

names

Field grafeas.v1.Artifact.names

class grafeas.grafeas_v1.types.AttestationNote#

Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one Authority for “QA” and one for “build”. This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don’t all live in the same project.

hint#

Hint hints at the purpose of the attestation authority.

class Hint#

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

human_readable_name#

Required. The human readable name of this attestation authority, for example “qa”.

human_readable_name

Field grafeas.v1.AttestationNote.Hint.human_readable_name

hint

Field grafeas.v1.AttestationNote.hint

class grafeas.grafeas_v1.types.AttestationOccurrence#

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

serialized_payload#

Required. The serialized payload that is verified by one or more signatures.

signatures#

One or more signatures over serialized_payload. Verifier implementations should consider this attestation message verified if at least one signature verifies serialized_payload. See Signature in common.proto for more details on signature structure and verification.

serialized_payload

Field grafeas.v1.AttestationOccurrence.serialized_payload

signatures

Field grafeas.v1.AttestationOccurrence.signatures

class grafeas.grafeas_v1.types.BatchCreateNotesRequest#

Request to create notes in batch.

parent#

The name of the project in the form of projects/[PROJECT_ID], under which the notes are to be created.

notes#

The notes to create. Max allowed length is 1000.

class NotesEntry#
key#

Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.key

value#

Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.value

notes

Field grafeas.v1.BatchCreateNotesRequest.notes

parent

Field grafeas.v1.BatchCreateNotesRequest.parent

class grafeas.grafeas_v1.types.BatchCreateNotesResponse#

Response for creating notes in batch.

notes#

The notes that were created.

notes

Field grafeas.v1.BatchCreateNotesResponse.notes

class grafeas.grafeas_v1.types.BatchCreateOccurrencesRequest#

Request to create occurrences in batch.

parent#

The name of the project in the form of projects/[PROJECT_ID], under which the occurrences are to be created.

occurrences#

The occurrences to create. Max allowed length is 1000.

occurrences

Field grafeas.v1.BatchCreateOccurrencesRequest.occurrences

parent

Field grafeas.v1.BatchCreateOccurrencesRequest.parent

class grafeas.grafeas_v1.types.BatchCreateOccurrencesResponse#

Response for creating occurrences in batch.

occurrences#

The occurrences that were created.

occurrences

Field grafeas.v1.BatchCreateOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.BuildNote#

Note holding the version of the provider’s builder and the signature of the provenance message in the build details occurrence.

builder_version#

Required. Immutable. Version of the builder which produced this build.

builder_version

Field grafeas.v1.BuildNote.builder_version

class grafeas.grafeas_v1.types.BuildOccurrence#

Details of a build occurrence.

provenance#

Required. The actual provenance for the build.

provenance_bytes#

Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.

provenance

Field grafeas.v1.BuildOccurrence.provenance

provenance_bytes

Field grafeas.v1.BuildOccurrence.provenance_bytes

class grafeas.grafeas_v1.types.BuildProvenance#

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

id#

Required. Unique identifier of the build.

project_id#

ID of the project.

commands#

Commands requested by the build.

built_artifacts#

Output of the build.

create_time#

Time at which the build was created.

start_time#

Time at which execution of the build was started.

end_time#

Time at which execution of the build was finished.

creator#

E-mail address of the user who initiated this build. Note that this was the user’s e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.

logs_uri#

URI where any logs for this provenance were written.

source_provenance#

Details of the Source input to the build.

trigger_id#

Trigger identifier if the build was triggered automatically; empty if not.

build_options#

Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.

builder_version#

Version string of the builder at the time this build was executed.

class BuildOptionsEntry#
key#

Field grafeas.v1.BuildProvenance.BuildOptionsEntry.key

value#

Field grafeas.v1.BuildProvenance.BuildOptionsEntry.value

build_options

Field grafeas.v1.BuildProvenance.build_options

builder_version

Field grafeas.v1.BuildProvenance.builder_version

built_artifacts

Field grafeas.v1.BuildProvenance.built_artifacts

commands

Field grafeas.v1.BuildProvenance.commands

create_time

Field grafeas.v1.BuildProvenance.create_time

creator

Field grafeas.v1.BuildProvenance.creator

end_time

Field grafeas.v1.BuildProvenance.end_time

id

Field grafeas.v1.BuildProvenance.id

logs_uri

Field grafeas.v1.BuildProvenance.logs_uri

project_id

Field grafeas.v1.BuildProvenance.project_id

source_provenance

Field grafeas.v1.BuildProvenance.source_provenance

start_time

Field grafeas.v1.BuildProvenance.start_time

trigger_id

Field grafeas.v1.BuildProvenance.trigger_id

class grafeas.grafeas_v1.types.CVSSv3#

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

base_score#

The base score is a function of the base metric scores.

attack_vector#

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

attack_complexity#

Field grafeas.v1.CVSSv3.attack_complexity

attack_vector

Field grafeas.v1.CVSSv3.attack_vector

availability_impact#

Field grafeas.v1.CVSSv3.availability_impact

base_score

Field grafeas.v1.CVSSv3.base_score

confidentiality_impact#

Field grafeas.v1.CVSSv3.confidentiality_impact

exploitability_score#

Field grafeas.v1.CVSSv3.exploitability_score

impact_score#

Field grafeas.v1.CVSSv3.impact_score

integrity_impact#

Field grafeas.v1.CVSSv3.integrity_impact

privileges_required#

Field grafeas.v1.CVSSv3.privileges_required

scope#

Field grafeas.v1.CVSSv3.scope

user_interaction#

Field grafeas.v1.CVSSv3.user_interaction

class grafeas.grafeas_v1.types.CloudRepoSourceContext#

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

repo_id#

The ID of the repo.

revision#

A revision in a Cloud Repo can be identified by either its revision ID or its alias.

revision_id#

A revision ID.

alias_context#

An alias, which may be a branch or tag.

alias_context

Field grafeas.v1.CloudRepoSourceContext.alias_context

repo_id

Field grafeas.v1.CloudRepoSourceContext.repo_id

revision_id

Field grafeas.v1.CloudRepoSourceContext.revision_id

class grafeas.grafeas_v1.types.Command#

Command describes a step performed as part of the build pipeline.

name#

Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to docker pull.

env#

Environment variables set before running this command.

args#

Command-line arguments used when executing this command.

dir#

Working directory (relative to project source root) used when running this command.

id#

Optional unique identifier for this command, used in wait_for to reference this command as a dependency.

wait_for#

The ID(s) of the command(s) that this command depends on.

args

Field grafeas.v1.Command.args

dir

Field grafeas.v1.Command.dir

env

Field grafeas.v1.Command.env

id

Field grafeas.v1.Command.id

name

Field grafeas.v1.Command.name

wait_for

Field grafeas.v1.Command.wait_for

class grafeas.grafeas_v1.types.CreateNoteRequest#

Request to create a new note.

parent#

The name of the project in the form of projects/[PROJECT_ID], under which the note is to be created.

note_id#

The ID to use for this note.

note#

The note to create.

note

Field grafeas.v1.CreateNoteRequest.note

note_id

Field grafeas.v1.CreateNoteRequest.note_id

parent

Field grafeas.v1.CreateNoteRequest.parent

class grafeas.grafeas_v1.types.CreateOccurrenceRequest#

Request to create a new occurrence.

parent#

The name of the project in the form of projects/[PROJECT_ID], under which the occurrence is to be created.

occurrence#

The occurrence to create.

occurrence

Field grafeas.v1.CreateOccurrenceRequest.occurrence

parent

Field grafeas.v1.CreateOccurrenceRequest.parent

class grafeas.grafeas_v1.types.DeleteNoteRequest#

Request to delete a note.

name#

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

name

Field grafeas.v1.DeleteNoteRequest.name

class grafeas.grafeas_v1.types.DeleteOccurrenceRequest#

Request to delete a occurrence.

name#

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name

Field grafeas.v1.DeleteOccurrenceRequest.name

class grafeas.grafeas_v1.types.DeploymentNote#

An artifact that can be deployed in some runtime.

resource_uri#

Required. Resource URI for the artifact being deployed.

resource_uri

Field grafeas.v1.DeploymentNote.resource_uri

class grafeas.grafeas_v1.types.DeploymentOccurrence#

The period during which some deployable was active in a runtime.

user_email#

Identity of the user that triggered this deployment.

deploy_time#

Required. Beginning of the lifetime of this deployment.

undeploy_time#

End of the lifetime of this deployment.

config#

Configuration used to create this deployment.

address#

Address of the runtime element hosting this deployment.

resource_uri#

Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.

platform#

Platform hosting this deployment.

address

Field grafeas.v1.DeploymentOccurrence.address

config

Field grafeas.v1.DeploymentOccurrence.config

deploy_time

Field grafeas.v1.DeploymentOccurrence.deploy_time

platform

Field grafeas.v1.DeploymentOccurrence.platform

resource_uri

Field grafeas.v1.DeploymentOccurrence.resource_uri

undeploy_time

Field grafeas.v1.DeploymentOccurrence.undeploy_time

user_email

Field grafeas.v1.DeploymentOccurrence.user_email

class grafeas.grafeas_v1.types.DiscoveryNote#

A note that indicates a type of analysis a provider would perform. This note exists in a provider’s project. A Discovery occurrence is created in a consumer’s project at the start of analysis.

analysis_kind#

Required. Immutable. The kind of analysis that is handled by this discovery.

analysis_kind

Field grafeas.v1.DiscoveryNote.analysis_kind

class grafeas.grafeas_v1.types.DiscoveryOccurrence#

Provides information about the analysis status of a discovered resource.

continuous_analysis#

Whether the resource is continuously analyzed.

analysis_status#

The status of discovery for the resource.

analysis_status_error#

When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.

analysis_status

Field grafeas.v1.DiscoveryOccurrence.analysis_status

analysis_status_error

Field grafeas.v1.DiscoveryOccurrence.analysis_status_error

continuous_analysis

Field grafeas.v1.DiscoveryOccurrence.continuous_analysis

class grafeas.grafeas_v1.types.Distribution#

This represents a particular channel of distribution for a given package. E.g., Debian’s jessie-backports dpkg mirror.

cpe_uri#

Required. The cpe_uri in CPE format denoting the package manager version distributing a package.

architecture#

The CPU architecture for which packages in this distribution channel were built.

latest_version#

The latest available version of this package in this distribution channel.

maintainer#

A freeform string denoting the maintainer of this package.

url#

The distribution channel-specific homepage for this package.

description#

The distribution channel-specific description of this package.

architecture

Field grafeas.v1.Distribution.architecture

cpe_uri

Field grafeas.v1.Distribution.cpe_uri

description

Field grafeas.v1.Distribution.description

latest_version

Field grafeas.v1.Distribution.latest_version

maintainer

Field grafeas.v1.Distribution.maintainer

url

Field grafeas.v1.Distribution.url

class grafeas.grafeas_v1.types.Empty#
class grafeas.grafeas_v1.types.FieldMask#
paths#

Field google.protobuf.FieldMask.paths

class grafeas.grafeas_v1.types.FileHashes#

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

file_hash#

Required. Collection of file hashes.

file_hash

Field grafeas.v1.FileHashes.file_hash

class grafeas.grafeas_v1.types.Fingerprint#

A set of properties that uniquely identify a given Docker image.

v1_name#

Required. The layer ID of the final layer in the Docker image’s v1 representation.

v2_blob#

Required. The ordered list of v2 blobs that represent a given image.

v2_name#

Output only. The name of the image’s v2 blobs computed via: [bottom] := v2_blob[bottom][N] := sha256(v2_blob[N] + ” ” + v2_name[N+1]) Only the name of the final blob is kept.

v1_name

Field grafeas.v1.Fingerprint.v1_name

v2_blob

Field grafeas.v1.Fingerprint.v2_blob

v2_name

Field grafeas.v1.Fingerprint.v2_name

class grafeas.grafeas_v1.types.GerritSourceContext#

A SourceContext referring to a Gerrit project.

host_uri#

The URI of a running Gerrit instance.

gerrit_project#

The full project name within the host. Projects may be nested, so “project/subproject” is a valid project name. The “repo name” is the hostURI/project.

revision#

A revision in a Gerrit project can be identified by either its revision ID or its alias.

revision_id#

A revision (commit) ID.

alias_context#

An alias, which may be a branch or tag.

alias_context

Field grafeas.v1.GerritSourceContext.alias_context

gerrit_project

Field grafeas.v1.GerritSourceContext.gerrit_project

host_uri

Field grafeas.v1.GerritSourceContext.host_uri

revision_id

Field grafeas.v1.GerritSourceContext.revision_id

class grafeas.grafeas_v1.types.GetNoteRequest#

Request to get a note.

name#

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

name

Field grafeas.v1.GetNoteRequest.name

class grafeas.grafeas_v1.types.GetOccurrenceNoteRequest#

Request to get the note to which the specified occurrence is attached.

name#

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name

Field grafeas.v1.GetOccurrenceNoteRequest.name

class grafeas.grafeas_v1.types.GetOccurrenceRequest#

Request to get an occurrence.

name#

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name

Field grafeas.v1.GetOccurrenceRequest.name

class grafeas.grafeas_v1.types.GitSourceContext#

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

url#

Git repository URL.

revision_id#

Git commit hash.

revision_id

Field grafeas.v1.GitSourceContext.revision_id

url

Field grafeas.v1.GitSourceContext.url

class grafeas.grafeas_v1.types.Hash#

Container message for hash values.

type#

Required. The type of hash that was performed, e.g. “SHA-256”.

value#

Required. The hash value.

type

Field grafeas.v1.Hash.type

value

Field grafeas.v1.Hash.value

class grafeas.grafeas_v1.types.ImageNote#

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url.

resource_url#

Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint#

Required. Immutable. The fingerprint of the base image.

fingerprint

Field grafeas.v1.ImageNote.fingerprint

resource_url

Field grafeas.v1.ImageNote.resource_url

class grafeas.grafeas_v1.types.ImageOccurrence#

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM .

fingerprint#

Required. The fingerprint of the derived image.

distance#

Output only. The number of layers by which this image differs from the associated image basis.

layer_info#

This contains layer-specific metadata, if populated it has length “distance” and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.

base_resource_url#

Output only. This contains the base image URL for the derived image occurrence.

base_resource_url

Field grafeas.v1.ImageOccurrence.base_resource_url

distance

Field grafeas.v1.ImageOccurrence.distance

fingerprint

Field grafeas.v1.ImageOccurrence.fingerprint

layer_info

Field grafeas.v1.ImageOccurrence.layer_info

class grafeas.grafeas_v1.types.Layer#

Layer holds metadata specific to a layer of a Docker image.

directive#

Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.

arguments#

The recovered arguments to the Dockerfile directive.

arguments

Field grafeas.v1.Layer.arguments

directive

Field grafeas.v1.Layer.directive

class grafeas.grafeas_v1.types.ListNoteOccurrencesRequest#

Request to list occurrences for a note.

name#

The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

filter#

The filter expression.

page_size#

Number of occurrences to return in the list.

page_token#

Token to provide to skip to a particular spot in the list.

filter

Field grafeas.v1.ListNoteOccurrencesRequest.filter

name

Field grafeas.v1.ListNoteOccurrencesRequest.name

page_size

Field grafeas.v1.ListNoteOccurrencesRequest.page_size

page_token

Field grafeas.v1.ListNoteOccurrencesRequest.page_token

class grafeas.grafeas_v1.types.ListNoteOccurrencesResponse#

Response for listing occurrences for a note.

occurrences#

The occurrences attached to the specified note.

next_page_token#

Token to provide to skip to a particular spot in the list.

next_page_token

Field grafeas.v1.ListNoteOccurrencesResponse.next_page_token

occurrences

Field grafeas.v1.ListNoteOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.ListNotesRequest#

Request to list notes.

parent#

The name of the project to list notes for in the form of projects/[PROJECT_ID].

filter#

The filter expression.

page_size#

Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

page_token#

Token to provide to skip to a particular spot in the list.

filter

Field grafeas.v1.ListNotesRequest.filter

page_size

Field grafeas.v1.ListNotesRequest.page_size

page_token

Field grafeas.v1.ListNotesRequest.page_token

parent

Field grafeas.v1.ListNotesRequest.parent

class grafeas.grafeas_v1.types.ListNotesResponse#

Response for listing notes.

notes#

The notes requested.

next_page_token#

The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

next_page_token

Field grafeas.v1.ListNotesResponse.next_page_token

notes

Field grafeas.v1.ListNotesResponse.notes

class grafeas.grafeas_v1.types.ListOccurrencesRequest#

Request to list occurrences.

parent#

The name of the project to list occurrences for in the form of projects/[PROJECT_ID].

filter#

The filter expression.

page_size#

Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

page_token#

Token to provide to skip to a particular spot in the list.

filter

Field grafeas.v1.ListOccurrencesRequest.filter

page_size

Field grafeas.v1.ListOccurrencesRequest.page_size

page_token

Field grafeas.v1.ListOccurrencesRequest.page_token

parent

Field grafeas.v1.ListOccurrencesRequest.parent

class grafeas.grafeas_v1.types.ListOccurrencesResponse#

Response for listing occurrences.

occurrences#

The occurrences requested.

next_page_token#

The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

next_page_token

Field grafeas.v1.ListOccurrencesResponse.next_page_token

occurrences

Field grafeas.v1.ListOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.Location#

An occurrence of a particular package installation found within a system’s filesystem. E.g., glibc was found in /var/lib/dpkg/status.

cpe_uri#

Required. The CPE URI in CPE format denoting the package manager version distributing a package.

version#

The version installed at this location.

path#

The path from which we gathered that this package/version is installed.

cpe_uri

Field grafeas.v1.Location.cpe_uri

path

Field grafeas.v1.Location.path

version

Field grafeas.v1.Location.version

class grafeas.grafeas_v1.types.Note#

A type of analysis that can be done for a resource.

name#

Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

short_description#

A one sentence description of this note.

long_description#

A detailed description of this note.

kind#

Output only. The type of analysis. This field can be used as a filter in list requests.

related_url#

URLs associated with this note.

expiration_time#

Time of expiration for this note. Empty if note does not expire.

create_time#

Output only. The time this note was created. This field can be used as a filter in list requests.

update_time#

Output only. The time this note was last updated. This field can be used as a filter in list requests.

related_note_names#

Other notes related to this note.

type#

Required. Immutable. The type of analysis this note represents.

vulnerability#

A note describing a package vulnerability.

build#

A note describing build provenance for a verifiable build.

image#

A note describing a base image.

package#

A note describing a package hosted by various package managers.

deployment#

A note describing something that can be deployed.

discovery#

A note describing the initial analysis of a resource.

attestation#

A note describing an attestation role.

attestation

Field grafeas.v1.Note.attestation

build

Field grafeas.v1.Note.build

create_time

Field grafeas.v1.Note.create_time

deployment

Field grafeas.v1.Note.deployment

discovery

Field grafeas.v1.Note.discovery

expiration_time

Field grafeas.v1.Note.expiration_time

image

Field grafeas.v1.Note.image

kind

Field grafeas.v1.Note.kind

long_description

Field grafeas.v1.Note.long_description

name

Field grafeas.v1.Note.name

package

Field grafeas.v1.Note.package

related_note_names

Field grafeas.v1.Note.related_note_names

related_url

Field grafeas.v1.Note.related_url

short_description

Field grafeas.v1.Note.short_description

update_time

Field grafeas.v1.Note.update_time

vulnerability

Field grafeas.v1.Note.vulnerability

class grafeas.grafeas_v1.types.Occurrence#

An instance of an analysis type that has been found on a resource.

name#

Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

resource_uri#

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

note_name#

Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

kind#

Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

remediation#

A description of actions that can be taken to remedy the note.

create_time#

Output only. The time this occurrence was created.

update_time#

Output only. The time this occurrence was last updated.

details#

Required. Immutable. Describes the details of the note kind found on this resource.

vulnerability#

Describes a security vulnerability.

build#

Describes a verifiable build.

image#

Describes how this resource derives from the basis in the associated note.

package#

Describes the installation of a package on the linked resource.

deployment#

Describes the deployment of an artifact on a runtime.

discovery#

Describes when a resource was discovered.

attestation#

Describes an attestation of an artifact.

attestation

Field grafeas.v1.Occurrence.attestation

build

Field grafeas.v1.Occurrence.build

create_time

Field grafeas.v1.Occurrence.create_time

deployment

Field grafeas.v1.Occurrence.deployment

discovery

Field grafeas.v1.Occurrence.discovery

image

Field grafeas.v1.Occurrence.image

kind

Field grafeas.v1.Occurrence.kind

name

Field grafeas.v1.Occurrence.name

note_name

Field grafeas.v1.Occurrence.note_name

package

Field grafeas.v1.Occurrence.package

remediation

Field grafeas.v1.Occurrence.remediation

resource_uri

Field grafeas.v1.Occurrence.resource_uri

update_time

Field grafeas.v1.Occurrence.update_time

vulnerability

Field grafeas.v1.Occurrence.vulnerability

class grafeas.grafeas_v1.types.PackageNote#

This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.

name#

Required. Immutable. The name of the package.

distribution#

The various channels by which a package is distributed.

distribution

Field grafeas.v1.PackageNote.distribution

name

Field grafeas.v1.PackageNote.name

class grafeas.grafeas_v1.types.PackageOccurrence#

Details on how a particular software package was installed on a system.

name#

Output only. The name of the installed package.

location#

Required. All of the places within the filesystem versions of this package have been found.

location

Field grafeas.v1.PackageOccurrence.location

name

Field grafeas.v1.PackageOccurrence.name

class grafeas.grafeas_v1.types.ProjectRepoId#

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

project_id#

The ID of the project.

repo_name#

The name of the repo. Leave empty for the default repo.

project_id

Field grafeas.v1.ProjectRepoId.project_id

repo_name

Field grafeas.v1.ProjectRepoId.repo_name

class grafeas.grafeas_v1.types.RelatedUrl#

Metadata for any related URL information.

url#

Specific URL associated with the resource.

label#

Label to describe usage of the URL.

label

Field grafeas.v1.RelatedUrl.label

url

Field grafeas.v1.RelatedUrl.url

class grafeas.grafeas_v1.types.RepoId#

A unique identifier for a Cloud Repo.

id#

A cloud repo can be identified by either its project ID and repository name combination, or its globally unique identifier.

project_repo_id#

A combination of a project ID and a repo name.

uid#

A server-assigned, globally unique identifier.

project_repo_id

Field grafeas.v1.RepoId.project_repo_id

uid

Field grafeas.v1.RepoId.uid

class grafeas.grafeas_v1.types.Signature#

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm).

In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The public_key_id is not recognized by the verifier. * The public key that public_key_id refers to does not verify the signature with respect to the payload.

The signature contents SHOULD NOT be “attached” (where the payload is included with the serialized signature bytes). Verifiers MUST ignore any “attached” payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

signature#

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

public_key_id#

The identifier for the public key that verifies this signature. * The public_key_id is required. * The public_key_id MUST be an RFC3986 conformant URI. * When possible, the public_key_id SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid public_key_ids: OpenPGP V4 public key fingerprint: * “openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA” See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU” * “nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9 bf89791ba95a1271589a5”

public_key_id

Field grafeas.v1.Signature.public_key_id

signature

Field grafeas.v1.Signature.signature

class grafeas.grafeas_v1.types.Source#

Source describes the location of the source used for the build.

artifact_storage_source_uri#

If provided, the input binary artifacts for the build came from this location.

file_hashes#

Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.

context#

If provided, the source code used for the build came from this location.

additional_contexts#

If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.

class FileHashesEntry#
key#

Field grafeas.v1.Source.FileHashesEntry.key

value#

Field grafeas.v1.Source.FileHashesEntry.value

additional_contexts

Field grafeas.v1.Source.additional_contexts

artifact_storage_source_uri

Field grafeas.v1.Source.artifact_storage_source_uri

context

Field grafeas.v1.Source.context

file_hashes

Field grafeas.v1.Source.file_hashes

class grafeas.grafeas_v1.types.SourceContext#

A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.

context#

A SourceContext can refer any one of the following types of repositories.

cloud_repo#

A SourceContext referring to a revision in a Google Cloud Source Repo.

gerrit#

A SourceContext referring to a Gerrit project.

git#

A SourceContext referring to any third party Git repo (e.g., GitHub).

labels#

Labels with user defined metadata.

class LabelsEntry#
key#

Field grafeas.v1.SourceContext.LabelsEntry.key

value#

Field grafeas.v1.SourceContext.LabelsEntry.value

cloud_repo

Field grafeas.v1.SourceContext.cloud_repo

gerrit

Field grafeas.v1.SourceContext.gerrit

git

Field grafeas.v1.SourceContext.git

labels

Field grafeas.v1.SourceContext.labels

class grafeas.grafeas_v1.types.Status#
code#

Field google.rpc.Status.code

details#

Field google.rpc.Status.details

message#

Field google.rpc.Status.message

class grafeas.grafeas_v1.types.Timestamp#
nanos#

Field google.protobuf.Timestamp.nanos

seconds#

Field google.protobuf.Timestamp.seconds

class grafeas.grafeas_v1.types.UpdateNoteRequest#

Request to update a note.

name#

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

note#

The updated note.

update_mask#

The fields to update.

name

Field grafeas.v1.UpdateNoteRequest.name

note

Field grafeas.v1.UpdateNoteRequest.note

update_mask

Field grafeas.v1.UpdateNoteRequest.update_mask

class grafeas.grafeas_v1.types.UpdateOccurrenceRequest#

Request to update an occurrence.

name#

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

occurrence#

The updated occurrence.

update_mask#

The fields to update.

name

Field grafeas.v1.UpdateOccurrenceRequest.name

occurrence

Field grafeas.v1.UpdateOccurrenceRequest.occurrence

update_mask

Field grafeas.v1.UpdateOccurrenceRequest.update_mask

class grafeas.grafeas_v1.types.Version#

Version contains structured information about the version of a package.

epoch#

Used to correct mistakes in the version numbering scheme.

name#

Required only when version kind is NORMAL. The main part of the version name.

revision#

The iteration of the package build from the above version.

kind#

Required. Distinguishes between sentinel MIN/MAX versions and normal versions.

full_name#

Human readable version string. This string is of the form :- and is only set when kind is NORMAL.

epoch

Field grafeas.v1.Version.epoch

full_name

Field grafeas.v1.Version.full_name

kind

Field grafeas.v1.Version.kind

name

Field grafeas.v1.Version.name

revision

Field grafeas.v1.Version.revision

class grafeas.grafeas_v1.types.VulnerabilityNote#

A security vulnerability that can be found in resources.

cvss_score#

The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

severity#

The note provider assigned severity of this vulnerability.

details#

Details of all known distros and packages affected by this vulnerability.

cvss_v3#

The full description of the CVSSv3 for this vulnerability.

windows_details#

Windows details get their own format because the information format and model don’t match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

class Detail#

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

severity_name#

The distro assigned severity of this vulnerability.

description#

A vendor-specific description of this vulnerability.

package_type#

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

affected_cpe_uri#

Required. The CPE URI this vulnerability affects.

affected_package#

Required. The package this vulnerability affects.

affected_version_start#

The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

affected_version_end#

The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

fixed_cpe_uri#

The distro recommended CPE URI to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.

fixed_package#

The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.

fixed_version#

The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.

is_obsolete#

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

affected_cpe_uri

Field grafeas.v1.VulnerabilityNote.Detail.affected_cpe_uri

affected_package

Field grafeas.v1.VulnerabilityNote.Detail.affected_package

affected_version_end

Field grafeas.v1.VulnerabilityNote.Detail.affected_version_end

affected_version_start

Field grafeas.v1.VulnerabilityNote.Detail.affected_version_start

description

Field grafeas.v1.VulnerabilityNote.Detail.description

fixed_cpe_uri

Field grafeas.v1.VulnerabilityNote.Detail.fixed_cpe_uri

fixed_package

Field grafeas.v1.VulnerabilityNote.Detail.fixed_package

fixed_version

Field grafeas.v1.VulnerabilityNote.Detail.fixed_version

is_obsolete

Field grafeas.v1.VulnerabilityNote.Detail.is_obsolete

package_type

Field grafeas.v1.VulnerabilityNote.Detail.package_type

severity_name

Field grafeas.v1.VulnerabilityNote.Detail.severity_name

class WindowsDetail#
cpe_uri#

Required. The CPE URI this vulnerability affects.

name#

Required. The name of this vulnerability.

description#

The description of this vulnerability.

fixing_kbs#

Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.

class KnowledgeBase#
name#

The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).

url#

A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).

name

Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.name

url

Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.url

cpe_uri

Field grafeas.v1.VulnerabilityNote.WindowsDetail.cpe_uri

description

Field grafeas.v1.VulnerabilityNote.WindowsDetail.description

fixing_kbs

Field grafeas.v1.VulnerabilityNote.WindowsDetail.fixing_kbs

name

Field grafeas.v1.VulnerabilityNote.WindowsDetail.name

cvss_score

Field grafeas.v1.VulnerabilityNote.cvss_score

cvss_v3

Field grafeas.v1.VulnerabilityNote.cvss_v3

details

Field grafeas.v1.VulnerabilityNote.details

severity

Field grafeas.v1.VulnerabilityNote.severity

windows_details

Field grafeas.v1.VulnerabilityNote.windows_details

class grafeas.grafeas_v1.types.VulnerabilityOccurrence#

An occurrence of a severity vulnerability on a resource.

type#

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

severity#

Output only. The note provider assigned severity of this vulnerability.

cvss_score#

Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

package_issue#

Required. The set of affected locations and their fixes (if available) within the associated resource.

short_description#

Output only. A one sentence description of this vulnerability.

long_description#

Output only. A detailed description of this vulnerability.

related_urls#

Output only. URLs related to this vulnerability.

effective_severity#

The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability.

fix_available#

Output only. Whether at least one of the affected packages has a fix available.

class PackageIssue#

A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).

affected_cpe_uri#

Required. The CPE URI this vulnerability was found in.

affected_package#

Required. The package this vulnerability was found in.

affected_version#

Required. The version of the package that is installed on the resource affected by this vulnerability.

fixed_cpe_uri#

The CPE URI this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.

fixed_package#

The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.

fixed_version#

Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.

fix_available#

Output only. Whether a fix is available for this package.

affected_cpe_uri

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_cpe_uri

affected_package

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_package

affected_version

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_version

fix_available

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fix_available

fixed_cpe_uri

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_cpe_uri

fixed_package

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_package

fixed_version

Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_version

cvss_score

Field grafeas.v1.VulnerabilityOccurrence.cvss_score

effective_severity

Field grafeas.v1.VulnerabilityOccurrence.effective_severity

fix_available

Field grafeas.v1.VulnerabilityOccurrence.fix_available

long_description

Field grafeas.v1.VulnerabilityOccurrence.long_description

package_issue

Field grafeas.v1.VulnerabilityOccurrence.package_issue

related_urls

Field grafeas.v1.VulnerabilityOccurrence.related_urls

severity

Field grafeas.v1.VulnerabilityOccurrence.severity

short_description

Field grafeas.v1.VulnerabilityOccurrence.short_description

type

Field grafeas.v1.VulnerabilityOccurrence.type