Types for Grafeas API Client#
-
class
grafeas.grafeas_v1.types.
AliasContext
# An alias to a repo revision.
-
kind
# The alias kind.
-
name
# The alias name.
-
kind
Field grafeas.v1.AliasContext.kind
-
name
Field grafeas.v1.AliasContext.name
-
-
class
grafeas.grafeas_v1.types.
Any
# -
type_url
# Field google.protobuf.Any.type_url
-
value
# Field google.protobuf.Any.value
-
-
class
grafeas.grafeas_v1.types.
Artifact
# Artifact describes a build product.
-
checksum
# Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
-
id
# Artifact ID, if any; for container images, this will be a URL by digest like
gcr.io/projectID/imagename@sha256:123456
.
-
names
# Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
-
checksum
Field grafeas.v1.Artifact.checksum
-
id
Field grafeas.v1.Artifact.id
-
names
Field grafeas.v1.Artifact.names
-
-
class
grafeas.grafeas_v1.types.
AttestationNote
# Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one
Authority
for “QA” and one for “build”. This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don’t all live in the same project.-
hint
# Hint hints at the purpose of the attestation authority.
-
class
Hint
# This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
-
human_readable_name
# Required. The human readable name of this attestation authority, for example “qa”.
-
human_readable_name
Field grafeas.v1.AttestationNote.Hint.human_readable_name
-
-
hint
Field grafeas.v1.AttestationNote.hint
-
-
class
grafeas.grafeas_v1.types.
AttestationOccurrence
# Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.
-
serialized_payload
# Required. The serialized payload that is verified by one or more
signatures
.
-
signatures
# One or more signatures over
serialized_payload
. Verifier implementations should consider this attestation message verified if at least onesignature
verifiesserialized_payload
. SeeSignature
in common.proto for more details on signature structure and verification.
-
serialized_payload
Field grafeas.v1.AttestationOccurrence.serialized_payload
-
signatures
Field grafeas.v1.AttestationOccurrence.signatures
-
-
class
grafeas.grafeas_v1.types.
BatchCreateNotesRequest
# Request to create notes in batch.
-
parent
# The name of the project in the form of
projects/[PROJECT_ID]
, under which the notes are to be created.
-
notes
# The notes to create. Max allowed length is 1000.
-
class
NotesEntry
# -
key
# Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.key
-
value
# Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.value
-
-
notes
Field grafeas.v1.BatchCreateNotesRequest.notes
-
parent
Field grafeas.v1.BatchCreateNotesRequest.parent
-
-
class
grafeas.grafeas_v1.types.
BatchCreateNotesResponse
# Response for creating notes in batch.
-
notes
# The notes that were created.
-
notes
Field grafeas.v1.BatchCreateNotesResponse.notes
-
-
class
grafeas.grafeas_v1.types.
BatchCreateOccurrencesRequest
# Request to create occurrences in batch.
-
parent
# The name of the project in the form of
projects/[PROJECT_ID]
, under which the occurrences are to be created.
-
occurrences
# The occurrences to create. Max allowed length is 1000.
-
occurrences
Field grafeas.v1.BatchCreateOccurrencesRequest.occurrences
-
parent
Field grafeas.v1.BatchCreateOccurrencesRequest.parent
-
-
class
grafeas.grafeas_v1.types.
BatchCreateOccurrencesResponse
# Response for creating occurrences in batch.
-
occurrences
# The occurrences that were created.
-
occurrences
Field grafeas.v1.BatchCreateOccurrencesResponse.occurrences
-
-
class
grafeas.grafeas_v1.types.
BuildNote
# Note holding the version of the provider’s builder and the signature of the provenance message in the build details occurrence.
-
builder_version
# Required. Immutable. Version of the builder which produced this build.
-
builder_version
Field grafeas.v1.BuildNote.builder_version
-
-
class
grafeas.grafeas_v1.types.
BuildOccurrence
# Details of a build occurrence.
-
provenance
# Required. The actual provenance for the build.
-
provenance_bytes
# Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature,
provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
-
provenance
Field grafeas.v1.BuildOccurrence.provenance
-
provenance_bytes
Field grafeas.v1.BuildOccurrence.provenance_bytes
-
-
class
grafeas.grafeas_v1.types.
BuildProvenance
# Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.
-
id
# Required. Unique identifier of the build.
-
project_id
# ID of the project.
-
commands
# Commands requested by the build.
-
built_artifacts
# Output of the build.
-
create_time
# Time at which the build was created.
-
start_time
# Time at which execution of the build was started.
-
end_time
# Time at which execution of the build was finished.
-
creator
# E-mail address of the user who initiated this build. Note that this was the user’s e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
-
logs_uri
# URI where any logs for this provenance were written.
-
source_provenance
# Details of the Source input to the build.
-
trigger_id
# Trigger identifier if the build was triggered automatically; empty if not.
-
build_options
# Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
-
builder_version
# Version string of the builder at the time this build was executed.
-
class
BuildOptionsEntry
# -
key
# Field grafeas.v1.BuildProvenance.BuildOptionsEntry.key
-
value
# Field grafeas.v1.BuildProvenance.BuildOptionsEntry.value
-
-
build_options
Field grafeas.v1.BuildProvenance.build_options
-
builder_version
Field grafeas.v1.BuildProvenance.builder_version
-
built_artifacts
Field grafeas.v1.BuildProvenance.built_artifacts
-
commands
Field grafeas.v1.BuildProvenance.commands
-
create_time
Field grafeas.v1.BuildProvenance.create_time
-
creator
Field grafeas.v1.BuildProvenance.creator
-
end_time
Field grafeas.v1.BuildProvenance.end_time
-
id
Field grafeas.v1.BuildProvenance.id
-
logs_uri
Field grafeas.v1.BuildProvenance.logs_uri
-
project_id
Field grafeas.v1.BuildProvenance.project_id
-
source_provenance
Field grafeas.v1.BuildProvenance.source_provenance
-
start_time
Field grafeas.v1.BuildProvenance.start_time
-
trigger_id
Field grafeas.v1.BuildProvenance.trigger_id
-
-
class
grafeas.grafeas_v1.types.
CVSSv3
# Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document
-
base_score
# The base score is a function of the base metric scores.
-
attack_vector
# Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
-
attack_complexity
# Field grafeas.v1.CVSSv3.attack_complexity
-
attack_vector
Field grafeas.v1.CVSSv3.attack_vector
-
availability_impact
# Field grafeas.v1.CVSSv3.availability_impact
-
base_score
Field grafeas.v1.CVSSv3.base_score
-
confidentiality_impact
# Field grafeas.v1.CVSSv3.confidentiality_impact
-
exploitability_score
# Field grafeas.v1.CVSSv3.exploitability_score
-
impact_score
# Field grafeas.v1.CVSSv3.impact_score
-
integrity_impact
# Field grafeas.v1.CVSSv3.integrity_impact
-
privileges_required
# Field grafeas.v1.CVSSv3.privileges_required
-
scope
# Field grafeas.v1.CVSSv3.scope
-
user_interaction
# Field grafeas.v1.CVSSv3.user_interaction
-
-
class
grafeas.grafeas_v1.types.
CloudRepoSourceContext
# A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
-
repo_id
# The ID of the repo.
-
revision
# A revision in a Cloud Repo can be identified by either its revision ID or its alias.
-
revision_id
# A revision ID.
-
alias_context
# An alias, which may be a branch or tag.
-
alias_context
Field grafeas.v1.CloudRepoSourceContext.alias_context
-
repo_id
Field grafeas.v1.CloudRepoSourceContext.repo_id
-
revision_id
Field grafeas.v1.CloudRepoSourceContext.revision_id
-
-
class
grafeas.grafeas_v1.types.
Command
# Command describes a step performed as part of the build pipeline.
-
name
# Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.
-
env
# Environment variables set before running this command.
-
args
# Command-line arguments used when executing this command.
-
dir
# Working directory (relative to project source root) used when running this command.
-
id
# Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
-
wait_for
# The ID(s) of the command(s) that this command depends on.
-
args
Field grafeas.v1.Command.args
-
dir
Field grafeas.v1.Command.dir
-
env
Field grafeas.v1.Command.env
-
id
Field grafeas.v1.Command.id
-
name
Field grafeas.v1.Command.name
-
wait_for
Field grafeas.v1.Command.wait_for
-
-
class
grafeas.grafeas_v1.types.
CreateNoteRequest
# Request to create a new note.
-
parent
# The name of the project in the form of
projects/[PROJECT_ID]
, under which the note is to be created.
-
note_id
# The ID to use for this note.
-
note
# The note to create.
-
note
Field grafeas.v1.CreateNoteRequest.note
-
note_id
Field grafeas.v1.CreateNoteRequest.note_id
-
parent
Field grafeas.v1.CreateNoteRequest.parent
-
-
class
grafeas.grafeas_v1.types.
CreateOccurrenceRequest
# Request to create a new occurrence.
-
parent
# The name of the project in the form of
projects/[PROJECT_ID]
, under which the occurrence is to be created.
-
occurrence
# The occurrence to create.
-
occurrence
Field grafeas.v1.CreateOccurrenceRequest.occurrence
-
parent
Field grafeas.v1.CreateOccurrenceRequest.parent
-
-
class
grafeas.grafeas_v1.types.
DeleteNoteRequest
# Request to delete a note.
-
name
# The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
.
-
name
Field grafeas.v1.DeleteNoteRequest.name
-
-
class
grafeas.grafeas_v1.types.
DeleteOccurrenceRequest
# Request to delete a occurrence.
-
name
# The name of the occurrence in the form of
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
.
-
name
Field grafeas.v1.DeleteOccurrenceRequest.name
-
-
class
grafeas.grafeas_v1.types.
DeploymentNote
# An artifact that can be deployed in some runtime.
-
resource_uri
# Required. Resource URI for the artifact being deployed.
-
resource_uri
Field grafeas.v1.DeploymentNote.resource_uri
-
-
class
grafeas.grafeas_v1.types.
DeploymentOccurrence
# The period during which some deployable was active in a runtime.
-
user_email
# Identity of the user that triggered this deployment.
-
deploy_time
# Required. Beginning of the lifetime of this deployment.
-
undeploy_time
# End of the lifetime of this deployment.
-
config
# Configuration used to create this deployment.
-
address
# Address of the runtime element hosting this deployment.
-
resource_uri
# Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
-
platform
# Platform hosting this deployment.
-
address
Field grafeas.v1.DeploymentOccurrence.address
-
config
Field grafeas.v1.DeploymentOccurrence.config
-
deploy_time
Field grafeas.v1.DeploymentOccurrence.deploy_time
-
platform
Field grafeas.v1.DeploymentOccurrence.platform
-
resource_uri
Field grafeas.v1.DeploymentOccurrence.resource_uri
-
undeploy_time
Field grafeas.v1.DeploymentOccurrence.undeploy_time
-
user_email
Field grafeas.v1.DeploymentOccurrence.user_email
-
-
class
grafeas.grafeas_v1.types.
DiscoveryNote
# A note that indicates a type of analysis a provider would perform. This note exists in a provider’s project. A
Discovery
occurrence is created in a consumer’s project at the start of analysis.-
analysis_kind
# Required. Immutable. The kind of analysis that is handled by this discovery.
-
analysis_kind
Field grafeas.v1.DiscoveryNote.analysis_kind
-
-
class
grafeas.grafeas_v1.types.
DiscoveryOccurrence
# Provides information about the analysis status of a discovered resource.
-
continuous_analysis
# Whether the resource is continuously analyzed.
-
analysis_status
# The status of discovery for the resource.
-
analysis_status_error
# When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
-
analysis_status
Field grafeas.v1.DiscoveryOccurrence.analysis_status
-
analysis_status_error
Field grafeas.v1.DiscoveryOccurrence.analysis_status_error
-
continuous_analysis
Field grafeas.v1.DiscoveryOccurrence.continuous_analysis
-
-
class
grafeas.grafeas_v1.types.
Distribution
# This represents a particular channel of distribution for a given package. E.g., Debian’s jessie-backports dpkg mirror.
-
cpe_uri
# Required. The cpe_uri in CPE format denoting the package manager version distributing a package.
-
architecture
# The CPU architecture for which packages in this distribution channel were built.
-
latest_version
# The latest available version of this package in this distribution channel.
-
maintainer
# A freeform string denoting the maintainer of this package.
-
url
# The distribution channel-specific homepage for this package.
-
description
# The distribution channel-specific description of this package.
-
architecture
Field grafeas.v1.Distribution.architecture
-
cpe_uri
Field grafeas.v1.Distribution.cpe_uri
-
description
Field grafeas.v1.Distribution.description
-
latest_version
Field grafeas.v1.Distribution.latest_version
-
maintainer
Field grafeas.v1.Distribution.maintainer
-
url
Field grafeas.v1.Distribution.url
-
-
class
grafeas.grafeas_v1.types.
Empty
#
-
class
grafeas.grafeas_v1.types.
FileHashes
# Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
-
file_hash
# Required. Collection of file hashes.
-
file_hash
Field grafeas.v1.FileHashes.file_hash
-
-
class
grafeas.grafeas_v1.types.
Fingerprint
# A set of properties that uniquely identify a given Docker image.
-
v1_name
# Required. The layer ID of the final layer in the Docker image’s v1 representation.
-
v2_blob
# Required. The ordered list of v2 blobs that represent a given image.
-
v2_name
# Output only. The name of the image’s v2 blobs computed via: [bottom] := v2_blob[bottom][N] := sha256(v2_blob[N] + ” ” + v2_name[N+1]) Only the name of the final blob is kept.
-
v1_name
Field grafeas.v1.Fingerprint.v1_name
-
v2_blob
Field grafeas.v1.Fingerprint.v2_blob
-
v2_name
Field grafeas.v1.Fingerprint.v2_name
-
-
class
grafeas.grafeas_v1.types.
GerritSourceContext
# A SourceContext referring to a Gerrit project.
-
host_uri
# The URI of a running Gerrit instance.
-
gerrit_project
# The full project name within the host. Projects may be nested, so “project/subproject” is a valid project name. The “repo name” is the hostURI/project.
-
revision
# A revision in a Gerrit project can be identified by either its revision ID or its alias.
-
revision_id
# A revision (commit) ID.
-
alias_context
# An alias, which may be a branch or tag.
-
alias_context
Field grafeas.v1.GerritSourceContext.alias_context
-
gerrit_project
Field grafeas.v1.GerritSourceContext.gerrit_project
-
host_uri
Field grafeas.v1.GerritSourceContext.host_uri
-
revision_id
Field grafeas.v1.GerritSourceContext.revision_id
-
-
class
grafeas.grafeas_v1.types.
GetNoteRequest
# Request to get a note.
-
name
# The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
.
-
name
Field grafeas.v1.GetNoteRequest.name
-
-
class
grafeas.grafeas_v1.types.
GetOccurrenceNoteRequest
# Request to get the note to which the specified occurrence is attached.
-
name
# The name of the occurrence in the form of
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
.
-
name
Field grafeas.v1.GetOccurrenceNoteRequest.name
-
-
class
grafeas.grafeas_v1.types.
GetOccurrenceRequest
# Request to get an occurrence.
-
name
# The name of the occurrence in the form of
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
.
-
name
Field grafeas.v1.GetOccurrenceRequest.name
-
-
class
grafeas.grafeas_v1.types.
GitSourceContext
# A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
-
url
# Git repository URL.
-
revision_id
# Git commit hash.
-
revision_id
Field grafeas.v1.GitSourceContext.revision_id
-
url
Field grafeas.v1.GitSourceContext.url
-
-
class
grafeas.grafeas_v1.types.
Hash
# Container message for hash values.
-
type
# Required. The type of hash that was performed, e.g. “SHA-256”.
-
value
# Required. The hash value.
-
type
Field grafeas.v1.Hash.type
-
value
Field grafeas.v1.Hash.value
-
-
class
grafeas.grafeas_v1.types.
ImageNote
# Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url.
-
resource_url
# Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
-
fingerprint
# Required. Immutable. The fingerprint of the base image.
-
fingerprint
Field grafeas.v1.ImageNote.fingerprint
-
resource_url
Field grafeas.v1.ImageNote.resource_url
-
-
class
grafeas.grafeas_v1.types.
ImageOccurrence
# Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM .
-
fingerprint
# Required. The fingerprint of the derived image.
-
distance
# Output only. The number of layers by which this image differs from the associated image basis.
-
layer_info
# This contains layer-specific metadata, if populated it has length “distance” and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
-
base_resource_url
# Output only. This contains the base image URL for the derived image occurrence.
-
base_resource_url
Field grafeas.v1.ImageOccurrence.base_resource_url
-
distance
Field grafeas.v1.ImageOccurrence.distance
-
fingerprint
Field grafeas.v1.ImageOccurrence.fingerprint
-
layer_info
Field grafeas.v1.ImageOccurrence.layer_info
-
-
class
grafeas.grafeas_v1.types.
Layer
# Layer holds metadata specific to a layer of a Docker image.
-
directive
# Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
-
arguments
# The recovered arguments to the Dockerfile directive.
-
arguments
Field grafeas.v1.Layer.arguments
-
directive
Field grafeas.v1.Layer.directive
-
-
class
grafeas.grafeas_v1.types.
ListNoteOccurrencesRequest
# Request to list occurrences for a note.
-
name
# The name of the note to list occurrences for in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
.
-
filter
# The filter expression.
-
page_size
# Number of occurrences to return in the list.
-
page_token
# Token to provide to skip to a particular spot in the list.
-
filter
Field grafeas.v1.ListNoteOccurrencesRequest.filter
-
name
Field grafeas.v1.ListNoteOccurrencesRequest.name
-
page_size
Field grafeas.v1.ListNoteOccurrencesRequest.page_size
-
page_token
Field grafeas.v1.ListNoteOccurrencesRequest.page_token
-
-
class
grafeas.grafeas_v1.types.
ListNoteOccurrencesResponse
# Response for listing occurrences for a note.
-
occurrences
# The occurrences attached to the specified note.
-
next_page_token
# Token to provide to skip to a particular spot in the list.
-
next_page_token
Field grafeas.v1.ListNoteOccurrencesResponse.next_page_token
-
occurrences
Field grafeas.v1.ListNoteOccurrencesResponse.occurrences
-
-
class
grafeas.grafeas_v1.types.
ListNotesRequest
# Request to list notes.
-
parent
# The name of the project to list notes for in the form of
projects/[PROJECT_ID]
.
-
filter
# The filter expression.
-
page_size
# Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.
-
page_token
# Token to provide to skip to a particular spot in the list.
-
filter
Field grafeas.v1.ListNotesRequest.filter
-
page_size
Field grafeas.v1.ListNotesRequest.page_size
-
page_token
Field grafeas.v1.ListNotesRequest.page_token
-
parent
Field grafeas.v1.ListNotesRequest.parent
-
-
class
grafeas.grafeas_v1.types.
ListNotesResponse
# Response for listing notes.
-
notes
# The notes requested.
-
next_page_token
# The next pagination token in the list response. It should be used as
page_token
for the following request. An empty value means no more results.
-
next_page_token
Field grafeas.v1.ListNotesResponse.next_page_token
-
notes
Field grafeas.v1.ListNotesResponse.notes
-
-
class
grafeas.grafeas_v1.types.
ListOccurrencesRequest
# Request to list occurrences.
-
parent
# The name of the project to list occurrences for in the form of
projects/[PROJECT_ID]
.
-
filter
# The filter expression.
-
page_size
# Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.
-
page_token
# Token to provide to skip to a particular spot in the list.
-
filter
Field grafeas.v1.ListOccurrencesRequest.filter
-
page_size
Field grafeas.v1.ListOccurrencesRequest.page_size
-
page_token
Field grafeas.v1.ListOccurrencesRequest.page_token
-
parent
Field grafeas.v1.ListOccurrencesRequest.parent
-
-
class
grafeas.grafeas_v1.types.
ListOccurrencesResponse
# Response for listing occurrences.
-
occurrences
# The occurrences requested.
-
next_page_token
# The next pagination token in the list response. It should be used as
page_token
for the following request. An empty value means no more results.
-
next_page_token
Field grafeas.v1.ListOccurrencesResponse.next_page_token
-
occurrences
Field grafeas.v1.ListOccurrencesResponse.occurrences
-
-
class
grafeas.grafeas_v1.types.
Location
# An occurrence of a particular package installation found within a system’s filesystem. E.g., glibc was found in
/var/lib/dpkg/status
.-
cpe_uri
# Required. The CPE URI in CPE format denoting the package manager version distributing a package.
-
version
# The version installed at this location.
-
path
# The path from which we gathered that this package/version is installed.
-
cpe_uri
Field grafeas.v1.Location.cpe_uri
-
path
Field grafeas.v1.Location.path
-
version
Field grafeas.v1.Location.version
-
-
class
grafeas.grafeas_v1.types.
Note
# A type of analysis that can be done for a resource.
-
name
# Output only. The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
.
-
short_description
# A one sentence description of this note.
-
long_description
# A detailed description of this note.
-
kind
# Output only. The type of analysis. This field can be used as a filter in list requests.
URLs associated with this note.
-
expiration_time
# Time of expiration for this note. Empty if note does not expire.
-
create_time
# Output only. The time this note was created. This field can be used as a filter in list requests.
-
update_time
# Output only. The time this note was last updated. This field can be used as a filter in list requests.
Other notes related to this note.
-
type
# Required. Immutable. The type of analysis this note represents.
-
vulnerability
# A note describing a package vulnerability.
-
build
# A note describing build provenance for a verifiable build.
-
image
# A note describing a base image.
-
package
# A note describing a package hosted by various package managers.
-
deployment
# A note describing something that can be deployed.
-
discovery
# A note describing the initial analysis of a resource.
-
attestation
# A note describing an attestation role.
-
attestation
Field grafeas.v1.Note.attestation
-
build
Field grafeas.v1.Note.build
-
create_time
Field grafeas.v1.Note.create_time
-
deployment
Field grafeas.v1.Note.deployment
-
discovery
Field grafeas.v1.Note.discovery
-
expiration_time
Field grafeas.v1.Note.expiration_time
-
image
Field grafeas.v1.Note.image
-
kind
Field grafeas.v1.Note.kind
-
long_description
Field grafeas.v1.Note.long_description
-
name
Field grafeas.v1.Note.name
-
package
Field grafeas.v1.Note.package
-
related_note_names
Field grafeas.v1.Note.related_note_names
-
related_url
Field grafeas.v1.Note.related_url
-
short_description
Field grafeas.v1.Note.short_description
-
update_time
Field grafeas.v1.Note.update_time
-
vulnerability
Field grafeas.v1.Note.vulnerability
-
-
class
grafeas.grafeas_v1.types.
Occurrence
# An instance of an analysis type that has been found on a resource.
-
name
# Output only. The name of the occurrence in the form of
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
.
-
resource_uri
# Required. Immutable. A URI that represents the resource for which the occurrence applies. For example,
https://gcr.io/project/image@sha256:123abc
for a Docker image.
-
note_name
# Required. Immutable. The analysis note associated with this occurrence, in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. This field can be used as a filter in list requests.
-
kind
# Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
-
remediation
# A description of actions that can be taken to remedy the note.
-
create_time
# Output only. The time this occurrence was created.
-
update_time
# Output only. The time this occurrence was last updated.
-
details
# Required. Immutable. Describes the details of the note kind found on this resource.
-
vulnerability
# Describes a security vulnerability.
-
build
# Describes a verifiable build.
-
image
# Describes how this resource derives from the basis in the associated note.
-
package
# Describes the installation of a package on the linked resource.
-
deployment
# Describes the deployment of an artifact on a runtime.
-
discovery
# Describes when a resource was discovered.
-
attestation
# Describes an attestation of an artifact.
-
attestation
Field grafeas.v1.Occurrence.attestation
-
build
Field grafeas.v1.Occurrence.build
-
create_time
Field grafeas.v1.Occurrence.create_time
-
deployment
Field grafeas.v1.Occurrence.deployment
-
discovery
Field grafeas.v1.Occurrence.discovery
-
image
Field grafeas.v1.Occurrence.image
-
kind
Field grafeas.v1.Occurrence.kind
-
name
Field grafeas.v1.Occurrence.name
-
note_name
Field grafeas.v1.Occurrence.note_name
-
package
Field grafeas.v1.Occurrence.package
-
remediation
Field grafeas.v1.Occurrence.remediation
-
resource_uri
Field grafeas.v1.Occurrence.resource_uri
-
update_time
Field grafeas.v1.Occurrence.update_time
-
vulnerability
Field grafeas.v1.Occurrence.vulnerability
-
-
class
grafeas.grafeas_v1.types.
PackageNote
# This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.
-
name
# Required. Immutable. The name of the package.
-
distribution
# The various channels by which a package is distributed.
-
distribution
Field grafeas.v1.PackageNote.distribution
-
name
Field grafeas.v1.PackageNote.name
-
-
class
grafeas.grafeas_v1.types.
PackageOccurrence
# Details on how a particular software package was installed on a system.
-
name
# Output only. The name of the installed package.
-
location
# Required. All of the places within the filesystem versions of this package have been found.
-
location
Field grafeas.v1.PackageOccurrence.location
-
name
Field grafeas.v1.PackageOccurrence.name
-
-
class
grafeas.grafeas_v1.types.
ProjectRepoId
# Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
-
project_id
# The ID of the project.
-
repo_name
# The name of the repo. Leave empty for the default repo.
-
project_id
Field grafeas.v1.ProjectRepoId.project_id
-
repo_name
Field grafeas.v1.ProjectRepoId.repo_name
-
-
class
grafeas.grafeas_v1.types.
RelatedUrl
# Metadata for any related URL information.
-
url
# Specific URL associated with the resource.
-
label
# Label to describe usage of the URL.
-
label
Field grafeas.v1.RelatedUrl.label
-
url
Field grafeas.v1.RelatedUrl.url
-
-
class
grafeas.grafeas_v1.types.
RepoId
# A unique identifier for a Cloud Repo.
-
id
# A cloud repo can be identified by either its project ID and repository name combination, or its globally unique identifier.
-
project_repo_id
# A combination of a project ID and a repo name.
-
uid
# A server-assigned, globally unique identifier.
-
project_repo_id
Field grafeas.v1.RepoId.project_repo_id
-
uid
Field grafeas.v1.RepoId.uid
-
-
class
grafeas.grafeas_v1.types.
Signature
# Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g. signing algorithm).In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. Thepublic_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * Thepublic_key_id
is not recognized by the verifier. * The public key thatpublic_key_id
refers to does not verify the signature with respect to the payload.The
signature
contents SHOULD NOT be “attached” (where the payload is included with the serializedsignature
bytes). Verifiers MUST ignore any “attached” payload and only verify signatures with respect to explicitly provided payload (e.g. apayload
field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).-
signature
# The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
-
public_key_id
# The identifier for the public key that verifies this signature. * The
public_key_id
is required. * Thepublic_key_id
MUST be an RFC3986 conformant URI. * When possible, thepublic_key_id
SHOULD be an immutable reference, such as a cryptographic digest. Examples of validpublic_key_id
s: OpenPGP V4 public key fingerprint: * “openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA” See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU” * “nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9 bf89791ba95a1271589a5”
-
public_key_id
Field grafeas.v1.Signature.public_key_id
-
signature
Field grafeas.v1.Signature.signature
-
-
class
grafeas.grafeas_v1.types.
Source
# Source describes the location of the source used for the build.
-
artifact_storage_source_uri
# If provided, the input binary artifacts for the build came from this location.
-
file_hashes
# Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
-
context
# If provided, the source code used for the build came from this location.
-
additional_contexts
# If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
-
class
FileHashesEntry
# -
key
# Field grafeas.v1.Source.FileHashesEntry.key
-
value
# Field grafeas.v1.Source.FileHashesEntry.value
-
-
additional_contexts
Field grafeas.v1.Source.additional_contexts
-
artifact_storage_source_uri
Field grafeas.v1.Source.artifact_storage_source_uri
-
context
Field grafeas.v1.Source.context
-
file_hashes
Field grafeas.v1.Source.file_hashes
-
-
class
grafeas.grafeas_v1.types.
SourceContext
# A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
-
context
# A SourceContext can refer any one of the following types of repositories.
-
cloud_repo
# A SourceContext referring to a revision in a Google Cloud Source Repo.
-
gerrit
# A SourceContext referring to a Gerrit project.
-
git
# A SourceContext referring to any third party Git repo (e.g., GitHub).
-
labels
# Labels with user defined metadata.
-
class
LabelsEntry
# -
key
# Field grafeas.v1.SourceContext.LabelsEntry.key
-
value
# Field grafeas.v1.SourceContext.LabelsEntry.value
-
-
cloud_repo
Field grafeas.v1.SourceContext.cloud_repo
-
gerrit
Field grafeas.v1.SourceContext.gerrit
-
git
Field grafeas.v1.SourceContext.git
-
labels
Field grafeas.v1.SourceContext.labels
-
-
class
grafeas.grafeas_v1.types.
Status
# -
code
# Field google.rpc.Status.code
-
details
# Field google.rpc.Status.details
-
message
# Field google.rpc.Status.message
-
-
class
grafeas.grafeas_v1.types.
Timestamp
# -
nanos
# Field google.protobuf.Timestamp.nanos
-
seconds
# Field google.protobuf.Timestamp.seconds
-
-
class
grafeas.grafeas_v1.types.
UpdateNoteRequest
# Request to update a note.
-
name
# The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
.
-
note
# The updated note.
-
update_mask
# The fields to update.
-
name
Field grafeas.v1.UpdateNoteRequest.name
-
note
Field grafeas.v1.UpdateNoteRequest.note
-
update_mask
Field grafeas.v1.UpdateNoteRequest.update_mask
-
-
class
grafeas.grafeas_v1.types.
UpdateOccurrenceRequest
# Request to update an occurrence.
-
name
# The name of the occurrence in the form of
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
.
-
occurrence
# The updated occurrence.
-
update_mask
# The fields to update.
-
name
Field grafeas.v1.UpdateOccurrenceRequest.name
-
occurrence
Field grafeas.v1.UpdateOccurrenceRequest.occurrence
-
update_mask
Field grafeas.v1.UpdateOccurrenceRequest.update_mask
-
-
class
grafeas.grafeas_v1.types.
Version
# Version contains structured information about the version of a package.
-
epoch
# Used to correct mistakes in the version numbering scheme.
-
name
# Required only when version kind is NORMAL. The main part of the version name.
-
revision
# The iteration of the package build from the above version.
-
kind
# Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
-
full_name
# Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
-
epoch
Field grafeas.v1.Version.epoch
-
full_name
Field grafeas.v1.Version.full_name
-
kind
Field grafeas.v1.Version.kind
-
name
Field grafeas.v1.Version.name
-
revision
Field grafeas.v1.Version.revision
-
-
class
grafeas.grafeas_v1.types.
VulnerabilityNote
# A security vulnerability that can be found in resources.
-
cvss_score
# The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
-
severity
# The note provider assigned severity of this vulnerability.
-
details
# Details of all known distros and packages affected by this vulnerability.
-
cvss_v3
# The full description of the CVSSv3 for this vulnerability.
-
windows_details
# Windows details get their own format because the information format and model don’t match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
-
class
Detail
# A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
-
severity_name
# The distro assigned severity of this vulnerability.
-
description
# A vendor-specific description of this vulnerability.
-
package_type
# The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
-
affected_package
# Required. The package this vulnerability affects.
-
affected_version_start
# The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
-
affected_version_end
# The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
-
fixed_cpe_uri
# The distro recommended CPE URI to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
-
fixed_package
# The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
-
fixed_version
# The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
-
is_obsolete
# Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
-
affected_cpe_uri
Field grafeas.v1.VulnerabilityNote.Detail.affected_cpe_uri
-
affected_package
Field grafeas.v1.VulnerabilityNote.Detail.affected_package
-
affected_version_end
Field grafeas.v1.VulnerabilityNote.Detail.affected_version_end
-
affected_version_start
Field grafeas.v1.VulnerabilityNote.Detail.affected_version_start
-
description
Field grafeas.v1.VulnerabilityNote.Detail.description
-
fixed_cpe_uri
Field grafeas.v1.VulnerabilityNote.Detail.fixed_cpe_uri
-
fixed_package
Field grafeas.v1.VulnerabilityNote.Detail.fixed_package
-
fixed_version
Field grafeas.v1.VulnerabilityNote.Detail.fixed_version
-
is_obsolete
Field grafeas.v1.VulnerabilityNote.Detail.is_obsolete
-
package_type
Field grafeas.v1.VulnerabilityNote.Detail.package_type
-
severity_name
Field grafeas.v1.VulnerabilityNote.Detail.severity_name
-
-
class
WindowsDetail
# -
-
name
# Required. The name of this vulnerability.
-
description
# The description of this vulnerability.
-
fixing_kbs
# Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
-
class
KnowledgeBase
# -
name
# The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
-
url
# A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
-
name
Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.name
-
url
Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.url
-
-
cpe_uri
Field grafeas.v1.VulnerabilityNote.WindowsDetail.cpe_uri
-
description
Field grafeas.v1.VulnerabilityNote.WindowsDetail.description
-
fixing_kbs
Field grafeas.v1.VulnerabilityNote.WindowsDetail.fixing_kbs
-
name
Field grafeas.v1.VulnerabilityNote.WindowsDetail.name
-
-
cvss_score
Field grafeas.v1.VulnerabilityNote.cvss_score
-
cvss_v3
Field grafeas.v1.VulnerabilityNote.cvss_v3
-
details
Field grafeas.v1.VulnerabilityNote.details
-
severity
Field grafeas.v1.VulnerabilityNote.severity
-
windows_details
Field grafeas.v1.VulnerabilityNote.windows_details
-
-
class
grafeas.grafeas_v1.types.
VulnerabilityOccurrence
# An occurrence of a severity vulnerability on a resource.
-
type
# The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
-
severity
# Output only. The note provider assigned severity of this vulnerability.
-
cvss_score
# Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
-
package_issue
# Required. The set of affected locations and their fixes (if available) within the associated resource.
-
short_description
# Output only. A one sentence description of this vulnerability.
-
long_description
# Output only. A detailed description of this vulnerability.
Output only. URLs related to this vulnerability.
-
effective_severity
# The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability.
-
fix_available
# Output only. Whether at least one of the affected packages has a fix available.
-
class
PackageIssue
# A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
-
affected_package
# Required. The package this vulnerability was found in.
-
affected_version
# Required. The version of the package that is installed on the resource affected by this vulnerability.
-
fixed_cpe_uri
# The CPE URI this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
-
fixed_package
# The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
-
fixed_version
# Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
-
fix_available
# Output only. Whether a fix is available for this package.
-
affected_cpe_uri
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_cpe_uri
-
affected_package
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_package
-
affected_version
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_version
-
fix_available
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fix_available
-
fixed_cpe_uri
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_cpe_uri
-
fixed_package
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_package
-
fixed_version
Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_version
-
-
cvss_score
Field grafeas.v1.VulnerabilityOccurrence.cvss_score
-
effective_severity
Field grafeas.v1.VulnerabilityOccurrence.effective_severity
-
fix_available
Field grafeas.v1.VulnerabilityOccurrence.fix_available
-
long_description
Field grafeas.v1.VulnerabilityOccurrence.long_description
-
package_issue
Field grafeas.v1.VulnerabilityOccurrence.package_issue
-
related_urls
Field grafeas.v1.VulnerabilityOccurrence.related_urls
-
severity
Field grafeas.v1.VulnerabilityOccurrence.severity
-
short_description
Field grafeas.v1.VulnerabilityOccurrence.short_description
-
type
Field grafeas.v1.VulnerabilityOccurrence.type
-