chore: Update discovery artifacts (#1472)
## Deleted keys were detected in the following stable discovery artifacts:
monitoring v1 https://github.com/googleapis/google-api-python-client/commit/75a5ced2b372723c21d45b172dd69e0bb91c5509
## Deleted keys were detected in the following pre-stable discovery artifacts:
ideahub v1alpha https://github.com/googleapis/google-api-python-client/commit/24483a4f512922f809fc8352b9407e606856b0e2
speech v1p1beta1 https://github.com/googleapis/google-api-python-client/commit/689fff21696add03b8c3ab843374b6bd2dd3cc16
## Discovery Artifact Change Summary:
feat(androidpublisher): update the api https://github.com/googleapis/google-api-python-client/commit/cf67afc22e94f856773895a4e603e7a9a6bfa20b
feat(apigee): update the api https://github.com/googleapis/google-api-python-client/commit/995336984e11fb9f91308d14a68faf8f3091d1fa
feat(appengine): update the api https://github.com/googleapis/google-api-python-client/commit/eb7a571470cef08641224558a7bd8eaa07a41bad
feat(chromepolicy): update the api https://github.com/googleapis/google-api-python-client/commit/5654776fdc8361aa0703a7dca8069b576a1b2f73
feat(cloudbuild): update the api https://github.com/googleapis/google-api-python-client/commit/437e37f1c36268464f90e075ffeaef61580de237
feat(cloudkms): update the api https://github.com/googleapis/google-api-python-client/commit/ebd3f49f78738792032e431b73233ae0c458bae3
feat(containeranalysis): update the api https://github.com/googleapis/google-api-python-client/commit/d446928f941d858022f0e1a1911bbf185920159d
feat(dialogflow): update the api https://github.com/googleapis/google-api-python-client/commit/0feb05616eb28db7c35e128ebbf338b63446b8cf
fix(fcm): update the api https://github.com/googleapis/google-api-python-client/commit/f1dd412cad2a2cdd1863bb2942cf07fc6a42b649
feat(ideahub): update the api https://github.com/googleapis/google-api-python-client/commit/24483a4f512922f809fc8352b9407e606856b0e2
feat(metastore): update the api https://github.com/googleapis/google-api-python-client/commit/897beb3754da50e117292f5954265076804acb7f
feat(monitoring): update the api https://github.com/googleapis/google-api-python-client/commit/75a5ced2b372723c21d45b172dd69e0bb91c5509
feat(osconfig): update the api https://github.com/googleapis/google-api-python-client/commit/c8b511a21f7fc7f2471d5f7a3b2d3760e4f8a629
feat(speech): update the api https://github.com/googleapis/google-api-python-client/commit/689fff21696add03b8c3ab843374b6bd2dd3cc16
feat(storagetransfer): update the api https://github.com/googleapis/google-api-python-client/commit/24564836842f792e9373ea505d97e775f64a5960
diff --git a/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html b/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
index f42be63..82f6fe0 100644
--- a/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
+++ b/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
@@ -384,6 +384,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -699,6 +745,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -1019,6 +1111,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -1330,6 +1468,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -1666,6 +1850,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -1863,7 +2093,47 @@
"url": "A String", # Specific URL associated with the resource.
},
],
+ "sbom": { # DocumentNote represents an SPDX Document Creation Infromation section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # A note describing SPDX Document which represents SBOM.
+ "dataLicence": "A String", # Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
+ "spdxVersion": "A String", # Provide a reference number that can be used to understand how to parse and interpret the rest of the file
+ },
"shortDescription": "A String", # A one sentence description of this note.
+ "spdxFile": { # FileNote represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # A note describing SPDX File.
+ "checksum": [ # Provide a unique identifier to match analysis information on each specific file in a package
+ "A String",
+ ],
+ "fileType": "A String", # This field provides information about the type of file identified
+ "title": "A String", # Identify the full path and filename that corresponds to the file information in this section
+ },
+ "spdxPackage": { # PackageNote represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # A note describing SPDX Package.
+ "analyzed": True or False, # Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
+ "attribution": "A String", # A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
+ "checksum": "A String", # Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
+ "copyright": "A String", # Identify the copyright holders of the package, as well as any dates present
+ "detailedDescription": "A String", # A more detailed description of the package
+ "downloadLocation": "A String", # This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
+ "externalRefs": [ # ExternalRef
+ { # An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
+ "category": "A String", # An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
+ "comment": "A String", # Human-readable information about the purpose and target of the reference
+ "locator": "A String", # The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
+ "type": "A String", # Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
+ },
+ ],
+ "filesLicenseInfo": [ # Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
+ "A String",
+ ],
+ "homePage": "A String", # Provide a place for the SPDX file creator to record a web site that serves as the package's home page
+ "licenseDeclared": "A String", # List the licenses that have been declared by the authors of the package
+ "originator": "A String", # If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
+ "summaryDescription": "A String", # A short description of the package
+ "supplier": "A String", # Identify the actual distribution source for the package/directory identified in the SPDX file
+ "title": "A String", # Identify the full name of the package as given by the Package Originator
+ "verificationCode": "A String", # This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
+ "version": "A String", # Identify the version of the package
+ },
+ "spdxRelationship": { # RelationshipNote represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # A note describing SPDX Relationship.
+ },
"updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
"vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
"cvssScore": 3.14, # The CVSS score for this vulnerability.
@@ -2250,6 +2520,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -2579,6 +2895,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
@@ -2891,6 +3253,52 @@
"name": "A String", # Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - "Debian".
"uri": "A String", # Required. The unique URI of the resource. For example, `https://gcr.io/project/image@sha256:foo` for a Docker image.
},
+ "sbom": { # DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/ # Describes a specific SPDX Document.
+ "createTime": "A String", # Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
+ "creatorComment": "A String", # A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
+ "creators": [ # Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
+ "A String",
+ ],
+ "documentComment": "A String", # A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
+ "externalDocumentRefs": [ # Identify any external SPDX documents referenced within this SPDX document
+ "A String",
+ ],
+ "id": "A String", # Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally
+ "licenseListVersion": "A String", # A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
+ "namespace": "A String", # Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
+ "title": "A String", # Identify name of this document as designated by creator
+ },
+ "spdxFile": { # FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/ # Describes a specific SPDX File.
+ "attributions": [ # This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
+ "A String",
+ ],
+ "comment": "A String", # This field provides a place for the SPDX file creator to record any general comments about the file
+ "contributors": [ # This field provides a place for the SPDX file creator to record file contributors
+ "A String",
+ ],
+ "copyright": "A String", # Identify the copyright holder of the file, as well as any dates present
+ "filesLicenseInfo": [ # This field contains the license information actually found in the file, if any
+ "A String",
+ ],
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background references or analysis that went in to arriving at the Concluded License for a file
+ "licenseConcluded": "A String", # This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
+ "notice": "A String", # This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
+ },
+ "spdxPackage": { # PackageOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/ # Describes a specific SPDX Package.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the package being described
+ "filename": "A String", # Provide the actual file name of the package, or path of the directory being treated as a package
+ "id": "A String", # Uniquely identify any element in an SPDX document which may be referenced by other elements
+ "licenseComments": "A String", # This field provides a place for the SPDX file creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package
+ "licenseConcluded": "A String", # package or alternative values, if the governing license cannot be determined
+ "sourceInfo": "A String", # Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
+ },
+ "spdxRelationship": { # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ # Describes a specific SPDX Relationship.
+ "comment": "A String", # A place for the SPDX file creator to record any general comments about the relationship
+ "source": "A String", # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+ "target": "A String", # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
+ "type": "A String", # The type of relationship between the source and target SPDX elements
+ },
"updateTime": "A String", # Output only. The time this occurrence was last updated.
"vulnerability": { # Details of a vulnerability Occurrence. # Describes a security vulnerability.
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.