Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 3bf2781e29cb828409f3a8a21939323286524569 / . / docs / dyn / containeranalysis_v1beta1.projects.notes.html
blob: e4678d596273d93d653ed3bd5305f96033234f5b [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="containeranalysis_v1beta1.html">Container Analysis API</a> . <a href="containeranalysis_v1beta1.projects.html">projects</a> . <a href="containeranalysis_v1beta1.projects.notes.html">notes</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="containeranalysis_v1beta1.projects.notes.occurrences.html">occurrences()</a></code>
79</p>
80<p class="firstline">Returns the occurrences Resource.</p>
81
82<p class="toc_element">
83 <code><a href="#batchCreate">batchCreate(parent, body, x__xgafv=None)</a></code></p>
84<p class="firstline">Creates new notes in batch.</p>
85<p class="toc_element">
86 <code><a href="#create">create(parent, body, noteId=None, x__xgafv=None)</a></code></p>
87<p class="firstline">Creates a new note.</p>
88<p class="toc_element">
89 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
90<p class="firstline">Deletes the specified note.</p>
91<p class="toc_element">
92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
93<p class="firstline">Gets the specified note.</p>
94<p class="toc_element">
95 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
96<p class="firstline">Gets the access control policy for a note or an occurrence resource.</p>
97<p class="toc_element">
98 <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p>
99<p class="firstline">Lists notes for the specified project.</p>
100<p class="toc_element">
101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
102<p class="firstline">Retrieves the next page of results.</p>
103<p class="toc_element">
104 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
105<p class="firstline">Updates the specified note.</p>
106<p class="toc_element">
107 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
108<p class="firstline">Sets the access control policy on the specified note or occurrence.</p>
109<p class="toc_element">
110 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
111<p class="firstline">Returns the permissions that a caller has on the specified note or</p>
112<h3>Method Details</h3>
113<div class="method">
114 <code class="details" id="batchCreate">batchCreate(parent, body, x__xgafv=None)</code>
115 <pre>Creates new notes in batch.
116
117Args:
118 parent: string, The name of the project in the form of `projects/[PROJECT_ID]`, under which
119the notes are to be created. (required)
120 body: object, The request body. (required)
121 The object takes the form of:
122
123{ # Request to create notes in batch.
124 "notes": { # The notes to create. Max allowed length is 1000.
125 "a_key": { # A type of analysis that can be done for a resource.
126 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
127 # a filter in list requests.
128 "relatedNoteNames": [ # Other notes related to this note.
129 "A String",
130 ],
131 "name": "A String", # Output only. The name of the note in the form of
132 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
133 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
134 # channels. E.g., glibc (aka libc6) is distributed by many, at various
135 # versions.
136 "distribution": [ # The various channels by which a package is distributed.
137 { # This represents a particular channel of distribution for a given package.
138 # E.g., Debian's jessie-backports dpkg mirror.
139 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
140 # denoting the package manager version distributing a package.
141 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
142 "description": "A String", # The distribution channel-specific description of this package.
143 "url": "A String", # The distribution channel-specific homepage for this package.
144 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
145 # built.
146 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
147 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
148 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
149 # versions.
150 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
151 # name.
152 "revision": "A String", # The iteration of the package build from the above version.
153 },
154 },
155 ],
156 "name": "A String", # Required. Immutable. The name of the package.
157 },
158 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
159 "windowsDetails": [ # Windows details get their own format because the information format and
160 # model don't match a normal detail. Specifically Windows updates are done as
161 # patches, thus Windows vulnerabilities really are a missing package, rather
162 # than a package being at an incorrect version.
163 {
164 "cpeUri": "A String", # Required. The CPE URI in
165 # [cpe format](https://cpe.mitre.org/specification/) in which the
166 # vulnerability manifests. Examples include distro or storage location for
167 # vulnerable jar.
168 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
169 # vulnerability. Note that there may be multiple hotfixes (and thus
170 # multiple KBs) that mitigate a given vulnerability. Currently any listed
171 # kb's presence is considered a fix.
172 {
173 "url": "A String", # A link to the KB in the Windows update catalog -
174 # https://www.catalog.update.microsoft.com/
175 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
176 },
177 ],
178 "name": "A String", # Required. The name of the vulnerability.
179 "description": "A String", # The description of the vulnerability.
180 },
181 ],
182 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
183 # For details, see https://www.first.org/cvss/specification-document
184 "attackComplexity": "A String",
185 "attackVector": "A String", # Base Metrics
186 # Represents the intrinsic characteristics of a vulnerability that are
187 # constant over time and across user environments.
188 "availabilityImpact": "A String",
189 "userInteraction": "A String",
190 "baseScore": 3.14, # The base score is a function of the base metric scores.
191 "privilegesRequired": "A String",
192 "impactScore": 3.14,
193 "exploitabilityScore": 3.14,
194 "confidentialityImpact": "A String",
195 "integrityImpact": "A String",
196 "scope": "A String",
197 },
198 "cvssScore": 3.14, # The CVSS score for this vulnerability.
199 "severity": "A String", # Note provider assigned impact of the vulnerability.
200 "details": [ # All information about the package to specifically identify this
201 # vulnerability. One entry per (version range and cpe_uri) the package
202 # vulnerability has manifested in.
203 { # Identifies all appearances of this vulnerability in the package for a
204 # specific distro/location. For example: glibc in
205 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
206 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
207 "cpeUri": "A String", # Required. The CPE URI in
208 # [cpe format](https://cpe.mitre.org/specification/) in which the
209 # vulnerability manifests. Examples include distro or storage location for
210 # vulnerable jar.
211 "description": "A String", # A vendor-specific description of this note.
212 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
213 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
214 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
215 # versions.
216 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
217 # name.
218 "revision": "A String", # The iteration of the package build from the above version.
219 },
220 "package": "A String", # Required. The name of the package where the vulnerability was found.
221 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
222 # packages etc).
223 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
224 # obsolete details.
225 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
226 #
227 # The max version of the package in which the vulnerability exists.
228 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
229 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
230 # versions.
231 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
232 # name.
233 "revision": "A String", # The iteration of the package build from the above version.
234 },
235 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
236 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
237 # format. Examples include distro or storage location for vulnerable jar.
238 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
239 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
240 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
241 # versions.
242 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
243 # name.
244 "revision": "A String", # The iteration of the package build from the above version.
245 },
246 "package": "A String", # Required. The package being described.
247 },
248 },
249 ],
250 },
251 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
252 # list requests.
253 "relatedUrl": [ # URLs associated with this note.
254 { # Metadata for any related URL information.
255 "url": "A String", # Specific URL associated with the resource.
256 "label": "A String", # Label to describe usage of the URL.
257 },
258 ],
259 "longDescription": "A String", # A detailed description of this note.
260 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
261 # example, an organization might have one `Authority` for "QA" and one for
262 # "build". This note is intended to act strictly as a grouping mechanism for
263 # the attached occurrences (Attestations). This grouping mechanism also
264 # provides a security boundary, since IAM ACLs gate the ability for a principle
265 # to attach an occurrence to a given note. It also provides a single point of
266 # lookup to find all attached attestation occurrences, even if they don't all
267 # live in the same project.
268 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
269 # authority. Because the name of a note acts as its resource reference, it is
270 # important to disambiguate the canonical name of the Note (which might be a
271 # UUID for security purposes) from "readable" names more suitable for debug
272 # output. Note that these hints should not be used to look up authorities in
273 # security sensitive contexts, such as when looking up attestations to
274 # verify.
275 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
276 # example "qa".
277 },
278 },
279 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
280 # provenance message in the build details occurrence.
281 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
282 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
283 # containing build details.
284 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
285 # findings are valid and unchanged. If `key_type` is empty, this defaults
286 # to PEM encoded public keys.
287 #
288 # This field may be empty if `key_id` references an external key.
289 #
290 # For Cloud Build based signatures, this is a PEM encoded public
291 # key. To verify the Cloud Build signature, place the contents of
292 # this field into a file (public.pem). The signature field is base64-decoded
293 # into its binary representation in signature.bin, and the provenance bytes
294 # from `BuildDetails` are base64-decoded into a binary representation in
295 # signed.bin. OpenSSL can then verify the signature:
296 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
297 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
298 # `key_id`.
299 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
300 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
301 # CN for a cert), or a reference to an external key (such as a reference to a
302 # key in Cloud Key Management Service).
303 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
304 # base-64 encoded.
305 },
306 },
307 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
308 # relationship. Linked occurrences are derived from this or an
309 # equivalent image via:
310 # FROM <Basis.resource_url>
311 # Or an equivalent reference, e.g. a tag of the resource_url.
312 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
313 # basis of associated occurrence images.
314 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
315 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
316 # representation.
317 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
318 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
319 # Only the name of the final blob is kept.
320 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
321 "A String",
322 ],
323 },
324 },
325 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
326 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
327 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
328 "A String",
329 ],
330 },
331 "shortDescription": "A String", # A one sentence description of this note.
332 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
333 # filter in list requests.
334 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
335 # exists in a provider's project. A `Discovery` occurrence is created in a
336 # consumer's project at the start of analysis.
337 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
338 # discovery.
339 },
340 },
341 },
342 }
343
344 x__xgafv: string, V1 error format.
345 Allowed values
346 1 - v1 error format
347 2 - v2 error format
348
349Returns:
350 An object of the form:
351
352 { # Response for creating notes in batch.
353 "notes": [ # The notes that were created.
354 { # A type of analysis that can be done for a resource.
355 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
356 # a filter in list requests.
357 "relatedNoteNames": [ # Other notes related to this note.
358 "A String",
359 ],
360 "name": "A String", # Output only. The name of the note in the form of
361 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
362 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
363 # channels. E.g., glibc (aka libc6) is distributed by many, at various
364 # versions.
365 "distribution": [ # The various channels by which a package is distributed.
366 { # This represents a particular channel of distribution for a given package.
367 # E.g., Debian's jessie-backports dpkg mirror.
368 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
369 # denoting the package manager version distributing a package.
370 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
371 "description": "A String", # The distribution channel-specific description of this package.
372 "url": "A String", # The distribution channel-specific homepage for this package.
373 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
374 # built.
375 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
376 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
377 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
378 # versions.
379 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
380 # name.
381 "revision": "A String", # The iteration of the package build from the above version.
382 },
383 },
384 ],
385 "name": "A String", # Required. Immutable. The name of the package.
386 },
387 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
388 "windowsDetails": [ # Windows details get their own format because the information format and
389 # model don't match a normal detail. Specifically Windows updates are done as
390 # patches, thus Windows vulnerabilities really are a missing package, rather
391 # than a package being at an incorrect version.
392 {
393 "cpeUri": "A String", # Required. The CPE URI in
394 # [cpe format](https://cpe.mitre.org/specification/) in which the
395 # vulnerability manifests. Examples include distro or storage location for
396 # vulnerable jar.
397 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
398 # vulnerability. Note that there may be multiple hotfixes (and thus
399 # multiple KBs) that mitigate a given vulnerability. Currently any listed
400 # kb's presence is considered a fix.
401 {
402 "url": "A String", # A link to the KB in the Windows update catalog -
403 # https://www.catalog.update.microsoft.com/
404 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
405 },
406 ],
407 "name": "A String", # Required. The name of the vulnerability.
408 "description": "A String", # The description of the vulnerability.
409 },
410 ],
411 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
412 # For details, see https://www.first.org/cvss/specification-document
413 "attackComplexity": "A String",
414 "attackVector": "A String", # Base Metrics
415 # Represents the intrinsic characteristics of a vulnerability that are
416 # constant over time and across user environments.
417 "availabilityImpact": "A String",
418 "userInteraction": "A String",
419 "baseScore": 3.14, # The base score is a function of the base metric scores.
420 "privilegesRequired": "A String",
421 "impactScore": 3.14,
422 "exploitabilityScore": 3.14,
423 "confidentialityImpact": "A String",
424 "integrityImpact": "A String",
425 "scope": "A String",
426 },
427 "cvssScore": 3.14, # The CVSS score for this vulnerability.
428 "severity": "A String", # Note provider assigned impact of the vulnerability.
429 "details": [ # All information about the package to specifically identify this
430 # vulnerability. One entry per (version range and cpe_uri) the package
431 # vulnerability has manifested in.
432 { # Identifies all appearances of this vulnerability in the package for a
433 # specific distro/location. For example: glibc in
434 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
435 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
436 "cpeUri": "A String", # Required. The CPE URI in
437 # [cpe format](https://cpe.mitre.org/specification/) in which the
438 # vulnerability manifests. Examples include distro or storage location for
439 # vulnerable jar.
440 "description": "A String", # A vendor-specific description of this note.
441 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
442 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
443 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
444 # versions.
445 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
446 # name.
447 "revision": "A String", # The iteration of the package build from the above version.
448 },
449 "package": "A String", # Required. The name of the package where the vulnerability was found.
450 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
451 # packages etc).
452 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
453 # obsolete details.
454 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
455 #
456 # The max version of the package in which the vulnerability exists.
457 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
458 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
459 # versions.
460 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
461 # name.
462 "revision": "A String", # The iteration of the package build from the above version.
463 },
464 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
465 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
466 # format. Examples include distro or storage location for vulnerable jar.
467 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
468 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
469 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
470 # versions.
471 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
472 # name.
473 "revision": "A String", # The iteration of the package build from the above version.
474 },
475 "package": "A String", # Required. The package being described.
476 },
477 },
478 ],
479 },
480 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
481 # list requests.
482 "relatedUrl": [ # URLs associated with this note.
483 { # Metadata for any related URL information.
484 "url": "A String", # Specific URL associated with the resource.
485 "label": "A String", # Label to describe usage of the URL.
486 },
487 ],
488 "longDescription": "A String", # A detailed description of this note.
489 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
490 # example, an organization might have one `Authority` for "QA" and one for
491 # "build". This note is intended to act strictly as a grouping mechanism for
492 # the attached occurrences (Attestations). This grouping mechanism also
493 # provides a security boundary, since IAM ACLs gate the ability for a principle
494 # to attach an occurrence to a given note. It also provides a single point of
495 # lookup to find all attached attestation occurrences, even if they don't all
496 # live in the same project.
497 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
498 # authority. Because the name of a note acts as its resource reference, it is
499 # important to disambiguate the canonical name of the Note (which might be a
500 # UUID for security purposes) from "readable" names more suitable for debug
501 # output. Note that these hints should not be used to look up authorities in
502 # security sensitive contexts, such as when looking up attestations to
503 # verify.
504 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
505 # example "qa".
506 },
507 },
508 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
509 # provenance message in the build details occurrence.
510 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
511 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
512 # containing build details.
513 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
514 # findings are valid and unchanged. If `key_type` is empty, this defaults
515 # to PEM encoded public keys.
516 #
517 # This field may be empty if `key_id` references an external key.
518 #
519 # For Cloud Build based signatures, this is a PEM encoded public
520 # key. To verify the Cloud Build signature, place the contents of
521 # this field into a file (public.pem). The signature field is base64-decoded
522 # into its binary representation in signature.bin, and the provenance bytes
523 # from `BuildDetails` are base64-decoded into a binary representation in
524 # signed.bin. OpenSSL can then verify the signature:
525 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
526 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
527 # `key_id`.
528 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
529 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
530 # CN for a cert), or a reference to an external key (such as a reference to a
531 # key in Cloud Key Management Service).
532 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
533 # base-64 encoded.
534 },
535 },
536 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
537 # relationship. Linked occurrences are derived from this or an
538 # equivalent image via:
539 # FROM <Basis.resource_url>
540 # Or an equivalent reference, e.g. a tag of the resource_url.
541 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
542 # basis of associated occurrence images.
543 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
544 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
545 # representation.
546 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
547 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
548 # Only the name of the final blob is kept.
549 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
550 "A String",
551 ],
552 },
553 },
554 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
555 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
556 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
557 "A String",
558 ],
559 },
560 "shortDescription": "A String", # A one sentence description of this note.
561 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
562 # filter in list requests.
563 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
564 # exists in a provider's project. A `Discovery` occurrence is created in a
565 # consumer's project at the start of analysis.
566 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
567 # discovery.
568 },
569 },
570 ],
571 }</pre>
572</div>
573
574<div class="method">
575 <code class="details" id="create">create(parent, body, noteId=None, x__xgafv=None)</code>
576 <pre>Creates a new note.
577
578Args:
579 parent: string, The name of the project in the form of `projects/[PROJECT_ID]`, under which
580the note is to be created. (required)
581 body: object, The request body. (required)
582 The object takes the form of:
583
584{ # A type of analysis that can be done for a resource.
585 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
586 # a filter in list requests.
587 "relatedNoteNames": [ # Other notes related to this note.
588 "A String",
589 ],
590 "name": "A String", # Output only. The name of the note in the form of
591 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
592 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
593 # channels. E.g., glibc (aka libc6) is distributed by many, at various
594 # versions.
595 "distribution": [ # The various channels by which a package is distributed.
596 { # This represents a particular channel of distribution for a given package.
597 # E.g., Debian's jessie-backports dpkg mirror.
598 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
599 # denoting the package manager version distributing a package.
600 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
601 "description": "A String", # The distribution channel-specific description of this package.
602 "url": "A String", # The distribution channel-specific homepage for this package.
603 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
604 # built.
605 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
606 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
607 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
608 # versions.
609 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
610 # name.
611 "revision": "A String", # The iteration of the package build from the above version.
612 },
613 },
614 ],
615 "name": "A String", # Required. Immutable. The name of the package.
616 },
617 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
618 "windowsDetails": [ # Windows details get their own format because the information format and
619 # model don't match a normal detail. Specifically Windows updates are done as
620 # patches, thus Windows vulnerabilities really are a missing package, rather
621 # than a package being at an incorrect version.
622 {
623 "cpeUri": "A String", # Required. The CPE URI in
624 # [cpe format](https://cpe.mitre.org/specification/) in which the
625 # vulnerability manifests. Examples include distro or storage location for
626 # vulnerable jar.
627 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
628 # vulnerability. Note that there may be multiple hotfixes (and thus
629 # multiple KBs) that mitigate a given vulnerability. Currently any listed
630 # kb's presence is considered a fix.
631 {
632 "url": "A String", # A link to the KB in the Windows update catalog -
633 # https://www.catalog.update.microsoft.com/
634 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
635 },
636 ],
637 "name": "A String", # Required. The name of the vulnerability.
638 "description": "A String", # The description of the vulnerability.
639 },
640 ],
641 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
642 # For details, see https://www.first.org/cvss/specification-document
643 "attackComplexity": "A String",
644 "attackVector": "A String", # Base Metrics
645 # Represents the intrinsic characteristics of a vulnerability that are
646 # constant over time and across user environments.
647 "availabilityImpact": "A String",
648 "userInteraction": "A String",
649 "baseScore": 3.14, # The base score is a function of the base metric scores.
650 "privilegesRequired": "A String",
651 "impactScore": 3.14,
652 "exploitabilityScore": 3.14,
653 "confidentialityImpact": "A String",
654 "integrityImpact": "A String",
655 "scope": "A String",
656 },
657 "cvssScore": 3.14, # The CVSS score for this vulnerability.
658 "severity": "A String", # Note provider assigned impact of the vulnerability.
659 "details": [ # All information about the package to specifically identify this
660 # vulnerability. One entry per (version range and cpe_uri) the package
661 # vulnerability has manifested in.
662 { # Identifies all appearances of this vulnerability in the package for a
663 # specific distro/location. For example: glibc in
664 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
665 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
666 "cpeUri": "A String", # Required. The CPE URI in
667 # [cpe format](https://cpe.mitre.org/specification/) in which the
668 # vulnerability manifests. Examples include distro or storage location for
669 # vulnerable jar.
670 "description": "A String", # A vendor-specific description of this note.
671 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
672 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
673 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
674 # versions.
675 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
676 # name.
677 "revision": "A String", # The iteration of the package build from the above version.
678 },
679 "package": "A String", # Required. The name of the package where the vulnerability was found.
680 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
681 # packages etc).
682 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
683 # obsolete details.
684 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
685 #
686 # The max version of the package in which the vulnerability exists.
687 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
688 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
689 # versions.
690 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
691 # name.
692 "revision": "A String", # The iteration of the package build from the above version.
693 },
694 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
695 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
696 # format. Examples include distro or storage location for vulnerable jar.
697 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
698 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
699 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
700 # versions.
701 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
702 # name.
703 "revision": "A String", # The iteration of the package build from the above version.
704 },
705 "package": "A String", # Required. The package being described.
706 },
707 },
708 ],
709 },
710 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
711 # list requests.
712 "relatedUrl": [ # URLs associated with this note.
713 { # Metadata for any related URL information.
714 "url": "A String", # Specific URL associated with the resource.
715 "label": "A String", # Label to describe usage of the URL.
716 },
717 ],
718 "longDescription": "A String", # A detailed description of this note.
719 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
720 # example, an organization might have one `Authority` for "QA" and one for
721 # "build". This note is intended to act strictly as a grouping mechanism for
722 # the attached occurrences (Attestations). This grouping mechanism also
723 # provides a security boundary, since IAM ACLs gate the ability for a principle
724 # to attach an occurrence to a given note. It also provides a single point of
725 # lookup to find all attached attestation occurrences, even if they don't all
726 # live in the same project.
727 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
728 # authority. Because the name of a note acts as its resource reference, it is
729 # important to disambiguate the canonical name of the Note (which might be a
730 # UUID for security purposes) from "readable" names more suitable for debug
731 # output. Note that these hints should not be used to look up authorities in
732 # security sensitive contexts, such as when looking up attestations to
733 # verify.
734 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
735 # example "qa".
736 },
737 },
738 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
739 # provenance message in the build details occurrence.
740 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
741 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
742 # containing build details.
743 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
744 # findings are valid and unchanged. If `key_type` is empty, this defaults
745 # to PEM encoded public keys.
746 #
747 # This field may be empty if `key_id` references an external key.
748 #
749 # For Cloud Build based signatures, this is a PEM encoded public
750 # key. To verify the Cloud Build signature, place the contents of
751 # this field into a file (public.pem). The signature field is base64-decoded
752 # into its binary representation in signature.bin, and the provenance bytes
753 # from `BuildDetails` are base64-decoded into a binary representation in
754 # signed.bin. OpenSSL can then verify the signature:
755 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
756 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
757 # `key_id`.
758 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
759 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
760 # CN for a cert), or a reference to an external key (such as a reference to a
761 # key in Cloud Key Management Service).
762 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
763 # base-64 encoded.
764 },
765 },
766 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
767 # relationship. Linked occurrences are derived from this or an
768 # equivalent image via:
769 # FROM <Basis.resource_url>
770 # Or an equivalent reference, e.g. a tag of the resource_url.
771 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
772 # basis of associated occurrence images.
773 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
774 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
775 # representation.
776 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
777 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
778 # Only the name of the final blob is kept.
779 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
780 "A String",
781 ],
782 },
783 },
784 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
785 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
786 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
787 "A String",
788 ],
789 },
790 "shortDescription": "A String", # A one sentence description of this note.
791 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
792 # filter in list requests.
793 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
794 # exists in a provider's project. A `Discovery` occurrence is created in a
795 # consumer's project at the start of analysis.
796 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
797 # discovery.
798 },
799}
800
801 noteId: string, The ID to use for this note.
802 x__xgafv: string, V1 error format.
803 Allowed values
804 1 - v1 error format
805 2 - v2 error format
806
807Returns:
808 An object of the form:
809
810 { # A type of analysis that can be done for a resource.
811 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
812 # a filter in list requests.
813 "relatedNoteNames": [ # Other notes related to this note.
814 "A String",
815 ],
816 "name": "A String", # Output only. The name of the note in the form of
817 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
818 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
819 # channels. E.g., glibc (aka libc6) is distributed by many, at various
820 # versions.
821 "distribution": [ # The various channels by which a package is distributed.
822 { # This represents a particular channel of distribution for a given package.
823 # E.g., Debian's jessie-backports dpkg mirror.
824 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
825 # denoting the package manager version distributing a package.
826 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
827 "description": "A String", # The distribution channel-specific description of this package.
828 "url": "A String", # The distribution channel-specific homepage for this package.
829 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
830 # built.
831 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
832 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
833 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
834 # versions.
835 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
836 # name.
837 "revision": "A String", # The iteration of the package build from the above version.
838 },
839 },
840 ],
841 "name": "A String", # Required. Immutable. The name of the package.
842 },
843 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
844 "windowsDetails": [ # Windows details get their own format because the information format and
845 # model don't match a normal detail. Specifically Windows updates are done as
846 # patches, thus Windows vulnerabilities really are a missing package, rather
847 # than a package being at an incorrect version.
848 {
849 "cpeUri": "A String", # Required. The CPE URI in
850 # [cpe format](https://cpe.mitre.org/specification/) in which the
851 # vulnerability manifests. Examples include distro or storage location for
852 # vulnerable jar.
853 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
854 # vulnerability. Note that there may be multiple hotfixes (and thus
855 # multiple KBs) that mitigate a given vulnerability. Currently any listed
856 # kb's presence is considered a fix.
857 {
858 "url": "A String", # A link to the KB in the Windows update catalog -
859 # https://www.catalog.update.microsoft.com/
860 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
861 },
862 ],
863 "name": "A String", # Required. The name of the vulnerability.
864 "description": "A String", # The description of the vulnerability.
865 },
866 ],
867 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
868 # For details, see https://www.first.org/cvss/specification-document
869 "attackComplexity": "A String",
870 "attackVector": "A String", # Base Metrics
871 # Represents the intrinsic characteristics of a vulnerability that are
872 # constant over time and across user environments.
873 "availabilityImpact": "A String",
874 "userInteraction": "A String",
875 "baseScore": 3.14, # The base score is a function of the base metric scores.
876 "privilegesRequired": "A String",
877 "impactScore": 3.14,
878 "exploitabilityScore": 3.14,
879 "confidentialityImpact": "A String",
880 "integrityImpact": "A String",
881 "scope": "A String",
882 },
883 "cvssScore": 3.14, # The CVSS score for this vulnerability.
884 "severity": "A String", # Note provider assigned impact of the vulnerability.
885 "details": [ # All information about the package to specifically identify this
886 # vulnerability. One entry per (version range and cpe_uri) the package
887 # vulnerability has manifested in.
888 { # Identifies all appearances of this vulnerability in the package for a
889 # specific distro/location. For example: glibc in
890 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
891 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
892 "cpeUri": "A String", # Required. The CPE URI in
893 # [cpe format](https://cpe.mitre.org/specification/) in which the
894 # vulnerability manifests. Examples include distro or storage location for
895 # vulnerable jar.
896 "description": "A String", # A vendor-specific description of this note.
897 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
898 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
899 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
900 # versions.
901 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
902 # name.
903 "revision": "A String", # The iteration of the package build from the above version.
904 },
905 "package": "A String", # Required. The name of the package where the vulnerability was found.
906 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
907 # packages etc).
908 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
909 # obsolete details.
910 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
911 #
912 # The max version of the package in which the vulnerability exists.
913 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
914 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
915 # versions.
916 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
917 # name.
918 "revision": "A String", # The iteration of the package build from the above version.
919 },
920 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
921 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
922 # format. Examples include distro or storage location for vulnerable jar.
923 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
924 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
925 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
926 # versions.
927 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
928 # name.
929 "revision": "A String", # The iteration of the package build from the above version.
930 },
931 "package": "A String", # Required. The package being described.
932 },
933 },
934 ],
935 },
936 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
937 # list requests.
938 "relatedUrl": [ # URLs associated with this note.
939 { # Metadata for any related URL information.
940 "url": "A String", # Specific URL associated with the resource.
941 "label": "A String", # Label to describe usage of the URL.
942 },
943 ],
944 "longDescription": "A String", # A detailed description of this note.
945 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
946 # example, an organization might have one `Authority` for "QA" and one for
947 # "build". This note is intended to act strictly as a grouping mechanism for
948 # the attached occurrences (Attestations). This grouping mechanism also
949 # provides a security boundary, since IAM ACLs gate the ability for a principle
950 # to attach an occurrence to a given note. It also provides a single point of
951 # lookup to find all attached attestation occurrences, even if they don't all
952 # live in the same project.
953 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
954 # authority. Because the name of a note acts as its resource reference, it is
955 # important to disambiguate the canonical name of the Note (which might be a
956 # UUID for security purposes) from "readable" names more suitable for debug
957 # output. Note that these hints should not be used to look up authorities in
958 # security sensitive contexts, such as when looking up attestations to
959 # verify.
960 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
961 # example "qa".
962 },
963 },
964 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
965 # provenance message in the build details occurrence.
966 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
967 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
968 # containing build details.
969 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
970 # findings are valid and unchanged. If `key_type` is empty, this defaults
971 # to PEM encoded public keys.
972 #
973 # This field may be empty if `key_id` references an external key.
974 #
975 # For Cloud Build based signatures, this is a PEM encoded public
976 # key. To verify the Cloud Build signature, place the contents of
977 # this field into a file (public.pem). The signature field is base64-decoded
978 # into its binary representation in signature.bin, and the provenance bytes
979 # from `BuildDetails` are base64-decoded into a binary representation in
980 # signed.bin. OpenSSL can then verify the signature:
981 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
982 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
983 # `key_id`.
984 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
985 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
986 # CN for a cert), or a reference to an external key (such as a reference to a
987 # key in Cloud Key Management Service).
988 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
989 # base-64 encoded.
990 },
991 },
992 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
993 # relationship. Linked occurrences are derived from this or an
994 # equivalent image via:
995 # FROM <Basis.resource_url>
996 # Or an equivalent reference, e.g. a tag of the resource_url.
997 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
998 # basis of associated occurrence images.
999 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1000 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1001 # representation.
1002 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1003 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1004 # Only the name of the final blob is kept.
1005 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1006 "A String",
1007 ],
1008 },
1009 },
1010 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1011 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1012 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1013 "A String",
1014 ],
1015 },
1016 "shortDescription": "A String", # A one sentence description of this note.
1017 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1018 # filter in list requests.
1019 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1020 # exists in a provider's project. A `Discovery` occurrence is created in a
1021 # consumer's project at the start of analysis.
1022 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1023 # discovery.
1024 },
1025 }</pre>
1026</div>
1027
1028<div class="method">
1029 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
1030 <pre>Deletes the specified note.
1031
1032Args:
1033 name: string, The name of the note in the form of
1034`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
1035 x__xgafv: string, V1 error format.
1036 Allowed values
1037 1 - v1 error format
1038 2 - v2 error format
1039
1040Returns:
1041 An object of the form:
1042
1043 { # A generic empty message that you can re-use to avoid defining duplicated
1044 # empty messages in your APIs. A typical example is to use it as the request
1045 # or the response type of an API method. For instance:
1046 #
1047 # service Foo {
1048 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
1049 # }
1050 #
1051 # The JSON representation for `Empty` is empty JSON object `{}`.
1052 }</pre>
1053</div>
1054
1055<div class="method">
1056 <code class="details" id="get">get(name, x__xgafv=None)</code>
1057 <pre>Gets the specified note.
1058
1059Args:
1060 name: string, The name of the note in the form of
1061`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
1062 x__xgafv: string, V1 error format.
1063 Allowed values
1064 1 - v1 error format
1065 2 - v2 error format
1066
1067Returns:
1068 An object of the form:
1069
1070 { # A type of analysis that can be done for a resource.
1071 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1072 # a filter in list requests.
1073 "relatedNoteNames": [ # Other notes related to this note.
1074 "A String",
1075 ],
1076 "name": "A String", # Output only. The name of the note in the form of
1077 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
1078 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
1079 # channels. E.g., glibc (aka libc6) is distributed by many, at various
1080 # versions.
1081 "distribution": [ # The various channels by which a package is distributed.
1082 { # This represents a particular channel of distribution for a given package.
1083 # E.g., Debian's jessie-backports dpkg mirror.
1084 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1085 # denoting the package manager version distributing a package.
1086 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1087 "description": "A String", # The distribution channel-specific description of this package.
1088 "url": "A String", # The distribution channel-specific homepage for this package.
1089 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
1090 # built.
1091 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
1092 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1093 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1094 # versions.
1095 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1096 # name.
1097 "revision": "A String", # The iteration of the package build from the above version.
1098 },
1099 },
1100 ],
1101 "name": "A String", # Required. Immutable. The name of the package.
1102 },
1103 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
1104 "windowsDetails": [ # Windows details get their own format because the information format and
1105 # model don't match a normal detail. Specifically Windows updates are done as
1106 # patches, thus Windows vulnerabilities really are a missing package, rather
1107 # than a package being at an incorrect version.
1108 {
1109 "cpeUri": "A String", # Required. The CPE URI in
1110 # [cpe format](https://cpe.mitre.org/specification/) in which the
1111 # vulnerability manifests. Examples include distro or storage location for
1112 # vulnerable jar.
1113 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1114 # vulnerability. Note that there may be multiple hotfixes (and thus
1115 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1116 # kb's presence is considered a fix.
1117 {
1118 "url": "A String", # A link to the KB in the Windows update catalog -
1119 # https://www.catalog.update.microsoft.com/
1120 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1121 },
1122 ],
1123 "name": "A String", # Required. The name of the vulnerability.
1124 "description": "A String", # The description of the vulnerability.
1125 },
1126 ],
1127 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1128 # For details, see https://www.first.org/cvss/specification-document
1129 "attackComplexity": "A String",
1130 "attackVector": "A String", # Base Metrics
1131 # Represents the intrinsic characteristics of a vulnerability that are
1132 # constant over time and across user environments.
1133 "availabilityImpact": "A String",
1134 "userInteraction": "A String",
1135 "baseScore": 3.14, # The base score is a function of the base metric scores.
1136 "privilegesRequired": "A String",
1137 "impactScore": 3.14,
1138 "exploitabilityScore": 3.14,
1139 "confidentialityImpact": "A String",
1140 "integrityImpact": "A String",
1141 "scope": "A String",
1142 },
1143 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1144 "severity": "A String", # Note provider assigned impact of the vulnerability.
1145 "details": [ # All information about the package to specifically identify this
1146 # vulnerability. One entry per (version range and cpe_uri) the package
1147 # vulnerability has manifested in.
1148 { # Identifies all appearances of this vulnerability in the package for a
1149 # specific distro/location. For example: glibc in
1150 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1151 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1152 "cpeUri": "A String", # Required. The CPE URI in
1153 # [cpe format](https://cpe.mitre.org/specification/) in which the
1154 # vulnerability manifests. Examples include distro or storage location for
1155 # vulnerable jar.
1156 "description": "A String", # A vendor-specific description of this note.
1157 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1158 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1159 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1160 # versions.
1161 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1162 # name.
1163 "revision": "A String", # The iteration of the package build from the above version.
1164 },
1165 "package": "A String", # Required. The name of the package where the vulnerability was found.
1166 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1167 # packages etc).
1168 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1169 # obsolete details.
1170 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
1171 #
1172 # The max version of the package in which the vulnerability exists.
1173 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1174 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1175 # versions.
1176 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1177 # name.
1178 "revision": "A String", # The iteration of the package build from the above version.
1179 },
1180 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1181 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1182 # format. Examples include distro or storage location for vulnerable jar.
1183 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1184 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1185 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1186 # versions.
1187 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1188 # name.
1189 "revision": "A String", # The iteration of the package build from the above version.
1190 },
1191 "package": "A String", # Required. The package being described.
1192 },
1193 },
1194 ],
1195 },
1196 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1197 # list requests.
1198 "relatedUrl": [ # URLs associated with this note.
1199 { # Metadata for any related URL information.
1200 "url": "A String", # Specific URL associated with the resource.
1201 "label": "A String", # Label to describe usage of the URL.
1202 },
1203 ],
1204 "longDescription": "A String", # A detailed description of this note.
1205 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1206 # example, an organization might have one `Authority` for "QA" and one for
1207 # "build". This note is intended to act strictly as a grouping mechanism for
1208 # the attached occurrences (Attestations). This grouping mechanism also
1209 # provides a security boundary, since IAM ACLs gate the ability for a principle
1210 # to attach an occurrence to a given note. It also provides a single point of
1211 # lookup to find all attached attestation occurrences, even if they don't all
1212 # live in the same project.
1213 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1214 # authority. Because the name of a note acts as its resource reference, it is
1215 # important to disambiguate the canonical name of the Note (which might be a
1216 # UUID for security purposes) from "readable" names more suitable for debug
1217 # output. Note that these hints should not be used to look up authorities in
1218 # security sensitive contexts, such as when looking up attestations to
1219 # verify.
1220 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1221 # example "qa".
1222 },
1223 },
1224 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
1225 # provenance message in the build details occurrence.
1226 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
1227 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
1228 # containing build details.
1229 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1230 # findings are valid and unchanged. If `key_type` is empty, this defaults
1231 # to PEM encoded public keys.
1232 #
1233 # This field may be empty if `key_id` references an external key.
1234 #
1235 # For Cloud Build based signatures, this is a PEM encoded public
1236 # key. To verify the Cloud Build signature, place the contents of
1237 # this field into a file (public.pem). The signature field is base64-decoded
1238 # into its binary representation in signature.bin, and the provenance bytes
1239 # from `BuildDetails` are base64-decoded into a binary representation in
1240 # signed.bin. OpenSSL can then verify the signature:
1241 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1242 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1243 # `key_id`.
1244 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
1245 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
1246 # CN for a cert), or a reference to an external key (such as a reference to a
1247 # key in Cloud Key Management Service).
1248 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
1249 # base-64 encoded.
1250 },
1251 },
1252 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1253 # relationship. Linked occurrences are derived from this or an
1254 # equivalent image via:
1255 # FROM <Basis.resource_url>
1256 # Or an equivalent reference, e.g. a tag of the resource_url.
1257 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
1258 # basis of associated occurrence images.
1259 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1260 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1261 # representation.
1262 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1263 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1264 # Only the name of the final blob is kept.
1265 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1266 "A String",
1267 ],
1268 },
1269 },
1270 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1271 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1272 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1273 "A String",
1274 ],
1275 },
1276 "shortDescription": "A String", # A one sentence description of this note.
1277 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1278 # filter in list requests.
1279 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1280 # exists in a provider's project. A `Discovery` occurrence is created in a
1281 # consumer's project at the start of analysis.
1282 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1283 # discovery.
1284 },
1285 }</pre>
1286</div>
1287
1288<div class="method">
1289 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
1290 <pre>Gets the access control policy for a note or an occurrence resource.
1291Requires `containeranalysis.notes.setIamPolicy` or
1292`containeranalysis.occurrences.setIamPolicy` permission if the resource is
1293a note or occurrence, respectively.
1294
1295The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
1296notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
1297occurrences.
1298
1299Args:
1300 resource: string, REQUIRED: The resource for which the policy is being requested.
1301See the operation documentation for the appropriate value for this field. (required)
1302 body: object, The request body.
1303 The object takes the form of:
1304
1305{ # Request message for `GetIamPolicy` method.
1306 }
1307
1308 x__xgafv: string, V1 error format.
1309 Allowed values
1310 1 - v1 error format
1311 2 - v2 error format
1312
1313Returns:
1314 An object of the form:
1315
1316 { # Defines an Identity and Access Management (IAM) policy. It is used to
1317 # specify access control policies for Cloud Platform resources.
1318 #
1319 #
1320 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
1321 # `members` to a `role`, where the members can be user accounts, Google groups,
1322 # Google domains, and service accounts. A `role` is a named list of permissions
1323 # defined by IAM.
1324 #
1325 # **JSON Example**
1326 #
1327 # {
1328 # "bindings": [
1329 # {
1330 # "role": "roles/owner",
1331 # "members": [
1332 # "user:mike@example.com",
1333 # "group:admins@example.com",
1334 # "domain:google.com",
1335 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
1336 # ]
1337 # },
1338 # {
1339 # "role": "roles/viewer",
1340 # "members": ["user:sean@example.com"]
1341 # }
1342 # ]
1343 # }
1344 #
1345 # **YAML Example**
1346 #
1347 # bindings:
1348 # - members:
1349 # - user:mike@example.com
1350 # - group:admins@example.com
1351 # - domain:google.com
1352 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
1353 # role: roles/owner
1354 # - members:
1355 # - user:sean@example.com
1356 # role: roles/viewer
1357 #
1358 #
1359 # For a description of IAM and its features, see the
1360 # [IAM developer's guide](https://cloud.google.com/iam/docs).
1361 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1362 { # Specifies the audit configuration for a service.
1363 # The configuration determines which permission types are logged, and what
1364 # identities, if any, are exempted from logging.
1365 # An AuditConfig must have one or more AuditLogConfigs.
1366 #
1367 # If there are AuditConfigs for both `allServices` and a specific service,
1368 # the union of the two AuditConfigs is used for that service: the log_types
1369 # specified in each AuditConfig are enabled, and the exempted_members in each
1370 # AuditLogConfig are exempted.
1371 #
1372 # Example Policy with multiple AuditConfigs:
1373 #
1374 # {
1375 # "audit_configs": [
1376 # {
1377 # "service": "allServices"
1378 # "audit_log_configs": [
1379 # {
1380 # "log_type": "DATA_READ",
1381 # "exempted_members": [
1382 # "user:foo@gmail.com"
1383 # ]
1384 # },
1385 # {
1386 # "log_type": "DATA_WRITE",
1387 # },
1388 # {
1389 # "log_type": "ADMIN_READ",
1390 # }
1391 # ]
1392 # },
1393 # {
1394 # "service": "fooservice.googleapis.com"
1395 # "audit_log_configs": [
1396 # {
1397 # "log_type": "DATA_READ",
1398 # },
1399 # {
1400 # "log_type": "DATA_WRITE",
1401 # "exempted_members": [
1402 # "user:bar@gmail.com"
1403 # ]
1404 # }
1405 # ]
1406 # }
1407 # ]
1408 # }
1409 #
1410 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1411 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1412 # bar@gmail.com from DATA_WRITE logging.
1413 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1414 { # Provides the configuration for logging a type of permissions.
1415 # Example:
1416 #
1417 # {
1418 # "audit_log_configs": [
1419 # {
1420 # "log_type": "DATA_READ",
1421 # "exempted_members": [
1422 # "user:foo@gmail.com"
1423 # ]
1424 # },
1425 # {
1426 # "log_type": "DATA_WRITE",
1427 # }
1428 # ]
1429 # }
1430 #
1431 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1432 # foo@gmail.com from DATA_READ logging.
1433 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1434 # permission.
1435 # Follows the same format of Binding.members.
1436 "A String",
1437 ],
1438 "logType": "A String", # The log type that this config enables.
1439 },
1440 ],
1441 "service": "A String", # Specifies a service that will be enabled for audit logging.
1442 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1443 # `allServices` is a special value that covers all services.
1444 },
1445 ],
1446 "version": 42, # Deprecated.
1447 "bindings": [ # Associates a list of `members` to a `role`.
1448 # `bindings` with no members will result in an error.
1449 { # Associates `members` with a `role`.
1450 "role": "A String", # Role that is assigned to `members`.
1451 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1452 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1453 # `members` can have the following values:
1454 #
1455 # * `allUsers`: A special identifier that represents anyone who is
1456 # on the internet; with or without a Google account.
1457 #
1458 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1459 # who is authenticated with a Google account or a service account.
1460 #
1461 # * `user:{emailid}`: An email address that represents a specific Google
1462 # account. For example, `alice@gmail.com` .
1463 #
1464 #
1465 # * `serviceAccount:{emailid}`: An email address that represents a service
1466 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1467 #
1468 # * `group:{emailid}`: An email address that represents a Google group.
1469 # For example, `admins@example.com`.
1470 #
1471 #
1472 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1473 # users of that domain. For example, `google.com` or `example.com`.
1474 #
1475 "A String",
1476 ],
1477 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1478 # NOTE: An unsatisfied condition will not allow user access via current
1479 # binding. Different bindings, including their conditions, are examined
1480 # independently.
1481 #
1482 # title: "User account presence"
1483 # description: "Determines whether the request has a user account"
1484 # expression: "size(request.user) > 0"
1485 "location": "A String", # An optional string indicating the location of the expression for error
1486 # reporting, e.g. a file name and a position in the file.
1487 "expression": "A String", # Textual representation of an expression in
1488 # Common Expression Language syntax.
1489 #
1490 # The application context of the containing message determines which
1491 # well-known feature set of CEL is supported.
1492 "description": "A String", # An optional description of the expression. This is a longer text which
1493 # describes the expression, e.g. when hovered over it in a UI.
1494 "title": "A String", # An optional title for the expression, i.e. a short string describing
1495 # its purpose. This can be used e.g. in UIs which allow to enter the
1496 # expression.
1497 },
1498 },
1499 ],
1500 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1501 # prevent simultaneous updates of a policy from overwriting each other.
1502 # It is strongly suggested that systems make use of the `etag` in the
1503 # read-modify-write cycle to perform policy updates in order to avoid race
1504 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1505 # systems are expected to put that etag in the request to `setIamPolicy` to
1506 # ensure that their change will be applied to the same version of the policy.
1507 #
1508 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1509 # policy is overwritten blindly.
1510 }</pre>
1511</div>
1512
1513<div class="method">
1514 <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code>
1515 <pre>Lists notes for the specified project.
1516
1517Args:
1518 parent: string, The name of the project to list notes for in the form of
1519`projects/[PROJECT_ID]`. (required)
1520 pageSize: integer, Number of notes to return in the list. Must be positive. Max allowed page
1521size is 1000. If not specified, page size defaults to 20.
1522 pageToken: string, Token to provide to skip to a particular spot in the list.
1523 x__xgafv: string, V1 error format.
1524 Allowed values
1525 1 - v1 error format
1526 2 - v2 error format
1527 filter: string, The filter expression.
1528
1529Returns:
1530 An object of the form:
1531
1532 { # Response for listing notes.
1533 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as
1534 # `page_token` for the following request. An empty value means no more
1535 # results.
1536 "notes": [ # The notes requested.
1537 { # A type of analysis that can be done for a resource.
1538 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1539 # a filter in list requests.
1540 "relatedNoteNames": [ # Other notes related to this note.
1541 "A String",
1542 ],
1543 "name": "A String", # Output only. The name of the note in the form of
1544 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
1545 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
1546 # channels. E.g., glibc (aka libc6) is distributed by many, at various
1547 # versions.
1548 "distribution": [ # The various channels by which a package is distributed.
1549 { # This represents a particular channel of distribution for a given package.
1550 # E.g., Debian's jessie-backports dpkg mirror.
1551 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1552 # denoting the package manager version distributing a package.
1553 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1554 "description": "A String", # The distribution channel-specific description of this package.
1555 "url": "A String", # The distribution channel-specific homepage for this package.
1556 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
1557 # built.
1558 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
1559 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1560 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1561 # versions.
1562 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1563 # name.
1564 "revision": "A String", # The iteration of the package build from the above version.
1565 },
1566 },
1567 ],
1568 "name": "A String", # Required. Immutable. The name of the package.
1569 },
1570 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
1571 "windowsDetails": [ # Windows details get their own format because the information format and
1572 # model don't match a normal detail. Specifically Windows updates are done as
1573 # patches, thus Windows vulnerabilities really are a missing package, rather
1574 # than a package being at an incorrect version.
1575 {
1576 "cpeUri": "A String", # Required. The CPE URI in
1577 # [cpe format](https://cpe.mitre.org/specification/) in which the
1578 # vulnerability manifests. Examples include distro or storage location for
1579 # vulnerable jar.
1580 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1581 # vulnerability. Note that there may be multiple hotfixes (and thus
1582 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1583 # kb's presence is considered a fix.
1584 {
1585 "url": "A String", # A link to the KB in the Windows update catalog -
1586 # https://www.catalog.update.microsoft.com/
1587 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1588 },
1589 ],
1590 "name": "A String", # Required. The name of the vulnerability.
1591 "description": "A String", # The description of the vulnerability.
1592 },
1593 ],
1594 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1595 # For details, see https://www.first.org/cvss/specification-document
1596 "attackComplexity": "A String",
1597 "attackVector": "A String", # Base Metrics
1598 # Represents the intrinsic characteristics of a vulnerability that are
1599 # constant over time and across user environments.
1600 "availabilityImpact": "A String",
1601 "userInteraction": "A String",
1602 "baseScore": 3.14, # The base score is a function of the base metric scores.
1603 "privilegesRequired": "A String",
1604 "impactScore": 3.14,
1605 "exploitabilityScore": 3.14,
1606 "confidentialityImpact": "A String",
1607 "integrityImpact": "A String",
1608 "scope": "A String",
1609 },
1610 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1611 "severity": "A String", # Note provider assigned impact of the vulnerability.
1612 "details": [ # All information about the package to specifically identify this
1613 # vulnerability. One entry per (version range and cpe_uri) the package
1614 # vulnerability has manifested in.
1615 { # Identifies all appearances of this vulnerability in the package for a
1616 # specific distro/location. For example: glibc in
1617 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1618 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1619 "cpeUri": "A String", # Required. The CPE URI in
1620 # [cpe format](https://cpe.mitre.org/specification/) in which the
1621 # vulnerability manifests. Examples include distro or storage location for
1622 # vulnerable jar.
1623 "description": "A String", # A vendor-specific description of this note.
1624 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1625 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1626 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1627 # versions.
1628 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1629 # name.
1630 "revision": "A String", # The iteration of the package build from the above version.
1631 },
1632 "package": "A String", # Required. The name of the package where the vulnerability was found.
1633 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1634 # packages etc).
1635 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1636 # obsolete details.
1637 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
1638 #
1639 # The max version of the package in which the vulnerability exists.
1640 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1641 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1642 # versions.
1643 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1644 # name.
1645 "revision": "A String", # The iteration of the package build from the above version.
1646 },
1647 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1648 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1649 # format. Examples include distro or storage location for vulnerable jar.
1650 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1651 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1652 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1653 # versions.
1654 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1655 # name.
1656 "revision": "A String", # The iteration of the package build from the above version.
1657 },
1658 "package": "A String", # Required. The package being described.
1659 },
1660 },
1661 ],
1662 },
1663 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1664 # list requests.
1665 "relatedUrl": [ # URLs associated with this note.
1666 { # Metadata for any related URL information.
1667 "url": "A String", # Specific URL associated with the resource.
1668 "label": "A String", # Label to describe usage of the URL.
1669 },
1670 ],
1671 "longDescription": "A String", # A detailed description of this note.
1672 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1673 # example, an organization might have one `Authority` for "QA" and one for
1674 # "build". This note is intended to act strictly as a grouping mechanism for
1675 # the attached occurrences (Attestations). This grouping mechanism also
1676 # provides a security boundary, since IAM ACLs gate the ability for a principle
1677 # to attach an occurrence to a given note. It also provides a single point of
1678 # lookup to find all attached attestation occurrences, even if they don't all
1679 # live in the same project.
1680 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1681 # authority. Because the name of a note acts as its resource reference, it is
1682 # important to disambiguate the canonical name of the Note (which might be a
1683 # UUID for security purposes) from "readable" names more suitable for debug
1684 # output. Note that these hints should not be used to look up authorities in
1685 # security sensitive contexts, such as when looking up attestations to
1686 # verify.
1687 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1688 # example "qa".
1689 },
1690 },
1691 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
1692 # provenance message in the build details occurrence.
1693 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
1694 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
1695 # containing build details.
1696 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1697 # findings are valid and unchanged. If `key_type` is empty, this defaults
1698 # to PEM encoded public keys.
1699 #
1700 # This field may be empty if `key_id` references an external key.
1701 #
1702 # For Cloud Build based signatures, this is a PEM encoded public
1703 # key. To verify the Cloud Build signature, place the contents of
1704 # this field into a file (public.pem). The signature field is base64-decoded
1705 # into its binary representation in signature.bin, and the provenance bytes
1706 # from `BuildDetails` are base64-decoded into a binary representation in
1707 # signed.bin. OpenSSL can then verify the signature:
1708 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1709 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1710 # `key_id`.
1711 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
1712 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
1713 # CN for a cert), or a reference to an external key (such as a reference to a
1714 # key in Cloud Key Management Service).
1715 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
1716 # base-64 encoded.
1717 },
1718 },
1719 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1720 # relationship. Linked occurrences are derived from this or an
1721 # equivalent image via:
1722 # FROM <Basis.resource_url>
1723 # Or an equivalent reference, e.g. a tag of the resource_url.
1724 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
1725 # basis of associated occurrence images.
1726 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1727 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1728 # representation.
1729 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1730 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1731 # Only the name of the final blob is kept.
1732 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1733 "A String",
1734 ],
1735 },
1736 },
1737 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1738 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1739 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1740 "A String",
1741 ],
1742 },
1743 "shortDescription": "A String", # A one sentence description of this note.
1744 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1745 # filter in list requests.
1746 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1747 # exists in a provider's project. A `Discovery` occurrence is created in a
1748 # consumer's project at the start of analysis.
1749 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1750 # discovery.
1751 },
1752 },
1753 ],
1754 }</pre>
1755</div>
1756
1757<div class="method">
1758 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
1759 <pre>Retrieves the next page of results.
1760
1761Args:
1762 previous_request: The request for the previous page. (required)
1763 previous_response: The response from the request for the previous page. (required)
1764
1765Returns:
1766 A request object that you can call 'execute()' on to request the next
1767 page. Returns None if there are no more items in the collection.
1768 </pre>
1769</div>
1770
1771<div class="method">
1772 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
1773 <pre>Updates the specified note.
1774
1775Args:
1776 name: string, The name of the note in the form of
1777`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
1778 body: object, The request body. (required)
1779 The object takes the form of:
1780
1781{ # A type of analysis that can be done for a resource.
1782 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1783 # a filter in list requests.
1784 "relatedNoteNames": [ # Other notes related to this note.
1785 "A String",
1786 ],
1787 "name": "A String", # Output only. The name of the note in the form of
1788 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
1789 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
1790 # channels. E.g., glibc (aka libc6) is distributed by many, at various
1791 # versions.
1792 "distribution": [ # The various channels by which a package is distributed.
1793 { # This represents a particular channel of distribution for a given package.
1794 # E.g., Debian's jessie-backports dpkg mirror.
1795 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1796 # denoting the package manager version distributing a package.
1797 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1798 "description": "A String", # The distribution channel-specific description of this package.
1799 "url": "A String", # The distribution channel-specific homepage for this package.
1800 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
1801 # built.
1802 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
1803 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1804 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1805 # versions.
1806 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1807 # name.
1808 "revision": "A String", # The iteration of the package build from the above version.
1809 },
1810 },
1811 ],
1812 "name": "A String", # Required. Immutable. The name of the package.
1813 },
1814 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
1815 "windowsDetails": [ # Windows details get their own format because the information format and
1816 # model don't match a normal detail. Specifically Windows updates are done as
1817 # patches, thus Windows vulnerabilities really are a missing package, rather
1818 # than a package being at an incorrect version.
1819 {
1820 "cpeUri": "A String", # Required. The CPE URI in
1821 # [cpe format](https://cpe.mitre.org/specification/) in which the
1822 # vulnerability manifests. Examples include distro or storage location for
1823 # vulnerable jar.
1824 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1825 # vulnerability. Note that there may be multiple hotfixes (and thus
1826 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1827 # kb's presence is considered a fix.
1828 {
1829 "url": "A String", # A link to the KB in the Windows update catalog -
1830 # https://www.catalog.update.microsoft.com/
1831 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1832 },
1833 ],
1834 "name": "A String", # Required. The name of the vulnerability.
1835 "description": "A String", # The description of the vulnerability.
1836 },
1837 ],
1838 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1839 # For details, see https://www.first.org/cvss/specification-document
1840 "attackComplexity": "A String",
1841 "attackVector": "A String", # Base Metrics
1842 # Represents the intrinsic characteristics of a vulnerability that are
1843 # constant over time and across user environments.
1844 "availabilityImpact": "A String",
1845 "userInteraction": "A String",
1846 "baseScore": 3.14, # The base score is a function of the base metric scores.
1847 "privilegesRequired": "A String",
1848 "impactScore": 3.14,
1849 "exploitabilityScore": 3.14,
1850 "confidentialityImpact": "A String",
1851 "integrityImpact": "A String",
1852 "scope": "A String",
1853 },
1854 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1855 "severity": "A String", # Note provider assigned impact of the vulnerability.
1856 "details": [ # All information about the package to specifically identify this
1857 # vulnerability. One entry per (version range and cpe_uri) the package
1858 # vulnerability has manifested in.
1859 { # Identifies all appearances of this vulnerability in the package for a
1860 # specific distro/location. For example: glibc in
1861 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1862 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1863 "cpeUri": "A String", # Required. The CPE URI in
1864 # [cpe format](https://cpe.mitre.org/specification/) in which the
1865 # vulnerability manifests. Examples include distro or storage location for
1866 # vulnerable jar.
1867 "description": "A String", # A vendor-specific description of this note.
1868 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1869 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1870 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1871 # versions.
1872 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1873 # name.
1874 "revision": "A String", # The iteration of the package build from the above version.
1875 },
1876 "package": "A String", # Required. The name of the package where the vulnerability was found.
1877 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1878 # packages etc).
1879 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1880 # obsolete details.
1881 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
1882 #
1883 # The max version of the package in which the vulnerability exists.
1884 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1885 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1886 # versions.
1887 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1888 # name.
1889 "revision": "A String", # The iteration of the package build from the above version.
1890 },
1891 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1892 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1893 # format. Examples include distro or storage location for vulnerable jar.
1894 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1895 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1896 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1897 # versions.
1898 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1899 # name.
1900 "revision": "A String", # The iteration of the package build from the above version.
1901 },
1902 "package": "A String", # Required. The package being described.
1903 },
1904 },
1905 ],
1906 },
1907 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1908 # list requests.
1909 "relatedUrl": [ # URLs associated with this note.
1910 { # Metadata for any related URL information.
1911 "url": "A String", # Specific URL associated with the resource.
1912 "label": "A String", # Label to describe usage of the URL.
1913 },
1914 ],
1915 "longDescription": "A String", # A detailed description of this note.
1916 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1917 # example, an organization might have one `Authority` for "QA" and one for
1918 # "build". This note is intended to act strictly as a grouping mechanism for
1919 # the attached occurrences (Attestations). This grouping mechanism also
1920 # provides a security boundary, since IAM ACLs gate the ability for a principle
1921 # to attach an occurrence to a given note. It also provides a single point of
1922 # lookup to find all attached attestation occurrences, even if they don't all
1923 # live in the same project.
1924 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1925 # authority. Because the name of a note acts as its resource reference, it is
1926 # important to disambiguate the canonical name of the Note (which might be a
1927 # UUID for security purposes) from "readable" names more suitable for debug
1928 # output. Note that these hints should not be used to look up authorities in
1929 # security sensitive contexts, such as when looking up attestations to
1930 # verify.
1931 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1932 # example "qa".
1933 },
1934 },
1935 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
1936 # provenance message in the build details occurrence.
1937 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
1938 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
1939 # containing build details.
1940 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1941 # findings are valid and unchanged. If `key_type` is empty, this defaults
1942 # to PEM encoded public keys.
1943 #
1944 # This field may be empty if `key_id` references an external key.
1945 #
1946 # For Cloud Build based signatures, this is a PEM encoded public
1947 # key. To verify the Cloud Build signature, place the contents of
1948 # this field into a file (public.pem). The signature field is base64-decoded
1949 # into its binary representation in signature.bin, and the provenance bytes
1950 # from `BuildDetails` are base64-decoded into a binary representation in
1951 # signed.bin. OpenSSL can then verify the signature:
1952 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1953 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1954 # `key_id`.
1955 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
1956 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
1957 # CN for a cert), or a reference to an external key (such as a reference to a
1958 # key in Cloud Key Management Service).
1959 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
1960 # base-64 encoded.
1961 },
1962 },
1963 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1964 # relationship. Linked occurrences are derived from this or an
1965 # equivalent image via:
1966 # FROM <Basis.resource_url>
1967 # Or an equivalent reference, e.g. a tag of the resource_url.
1968 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
1969 # basis of associated occurrence images.
1970 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1971 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1972 # representation.
1973 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1974 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1975 # Only the name of the final blob is kept.
1976 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1977 "A String",
1978 ],
1979 },
1980 },
1981 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1982 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1983 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1984 "A String",
1985 ],
1986 },
1987 "shortDescription": "A String", # A one sentence description of this note.
1988 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1989 # filter in list requests.
1990 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1991 # exists in a provider's project. A `Discovery` occurrence is created in a
1992 # consumer's project at the start of analysis.
1993 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1994 # discovery.
1995 },
1996}
1997
1998 updateMask: string, The fields to update.
1999 x__xgafv: string, V1 error format.
2000 Allowed values
2001 1 - v1 error format
2002 2 - v2 error format
2003
2004Returns:
2005 An object of the form:
2006
2007 { # A type of analysis that can be done for a resource.
2008 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
2009 # a filter in list requests.
2010 "relatedNoteNames": [ # Other notes related to this note.
2011 "A String",
2012 ],
2013 "name": "A String", # Output only. The name of the note in the form of
2014 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
2015 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
2016 # channels. E.g., glibc (aka libc6) is distributed by many, at various
2017 # versions.
2018 "distribution": [ # The various channels by which a package is distributed.
2019 { # This represents a particular channel of distribution for a given package.
2020 # E.g., Debian's jessie-backports dpkg mirror.
2021 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
2022 # denoting the package manager version distributing a package.
2023 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
2024 "description": "A String", # The distribution channel-specific description of this package.
2025 "url": "A String", # The distribution channel-specific homepage for this package.
2026 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
2027 # built.
2028 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
2029 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2030 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2031 # versions.
2032 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2033 # name.
2034 "revision": "A String", # The iteration of the package build from the above version.
2035 },
2036 },
2037 ],
2038 "name": "A String", # Required. Immutable. The name of the package.
2039 },
2040 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
2041 "windowsDetails": [ # Windows details get their own format because the information format and
2042 # model don't match a normal detail. Specifically Windows updates are done as
2043 # patches, thus Windows vulnerabilities really are a missing package, rather
2044 # than a package being at an incorrect version.
2045 {
2046 "cpeUri": "A String", # Required. The CPE URI in
2047 # [cpe format](https://cpe.mitre.org/specification/) in which the
2048 # vulnerability manifests. Examples include distro or storage location for
2049 # vulnerable jar.
2050 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
2051 # vulnerability. Note that there may be multiple hotfixes (and thus
2052 # multiple KBs) that mitigate a given vulnerability. Currently any listed
2053 # kb's presence is considered a fix.
2054 {
2055 "url": "A String", # A link to the KB in the Windows update catalog -
2056 # https://www.catalog.update.microsoft.com/
2057 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
2058 },
2059 ],
2060 "name": "A String", # Required. The name of the vulnerability.
2061 "description": "A String", # The description of the vulnerability.
2062 },
2063 ],
2064 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
2065 # For details, see https://www.first.org/cvss/specification-document
2066 "attackComplexity": "A String",
2067 "attackVector": "A String", # Base Metrics
2068 # Represents the intrinsic characteristics of a vulnerability that are
2069 # constant over time and across user environments.
2070 "availabilityImpact": "A String",
2071 "userInteraction": "A String",
2072 "baseScore": 3.14, # The base score is a function of the base metric scores.
2073 "privilegesRequired": "A String",
2074 "impactScore": 3.14,
2075 "exploitabilityScore": 3.14,
2076 "confidentialityImpact": "A String",
2077 "integrityImpact": "A String",
2078 "scope": "A String",
2079 },
2080 "cvssScore": 3.14, # The CVSS score for this vulnerability.
2081 "severity": "A String", # Note provider assigned impact of the vulnerability.
2082 "details": [ # All information about the package to specifically identify this
2083 # vulnerability. One entry per (version range and cpe_uri) the package
2084 # vulnerability has manifested in.
2085 { # Identifies all appearances of this vulnerability in the package for a
2086 # specific distro/location. For example: glibc in
2087 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
2088 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
2089 "cpeUri": "A String", # Required. The CPE URI in
2090 # [cpe format](https://cpe.mitre.org/specification/) in which the
2091 # vulnerability manifests. Examples include distro or storage location for
2092 # vulnerable jar.
2093 "description": "A String", # A vendor-specific description of this note.
2094 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
2095 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2096 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2097 # versions.
2098 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2099 # name.
2100 "revision": "A String", # The iteration of the package build from the above version.
2101 },
2102 "package": "A String", # Required. The name of the package where the vulnerability was found.
2103 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
2104 # packages etc).
2105 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
2106 # obsolete details.
2107 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead.
2108 #
2109 # The max version of the package in which the vulnerability exists.
2110 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2111 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2112 # versions.
2113 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2114 # name.
2115 "revision": "A String", # The iteration of the package build from the above version.
2116 },
2117 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
2118 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
2119 # format. Examples include distro or storage location for vulnerable jar.
2120 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
2121 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2122 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2123 # versions.
2124 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2125 # name.
2126 "revision": "A String", # The iteration of the package build from the above version.
2127 },
2128 "package": "A String", # Required. The package being described.
2129 },
2130 },
2131 ],
2132 },
2133 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
2134 # list requests.
2135 "relatedUrl": [ # URLs associated with this note.
2136 { # Metadata for any related URL information.
2137 "url": "A String", # Specific URL associated with the resource.
2138 "label": "A String", # Label to describe usage of the URL.
2139 },
2140 ],
2141 "longDescription": "A String", # A detailed description of this note.
2142 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
2143 # example, an organization might have one `Authority` for "QA" and one for
2144 # "build". This note is intended to act strictly as a grouping mechanism for
2145 # the attached occurrences (Attestations). This grouping mechanism also
2146 # provides a security boundary, since IAM ACLs gate the ability for a principle
2147 # to attach an occurrence to a given note. It also provides a single point of
2148 # lookup to find all attached attestation occurrences, even if they don't all
2149 # live in the same project.
2150 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
2151 # authority. Because the name of a note acts as its resource reference, it is
2152 # important to disambiguate the canonical name of the Note (which might be a
2153 # UUID for security purposes) from "readable" names more suitable for debug
2154 # output. Note that these hints should not be used to look up authorities in
2155 # security sensitive contexts, such as when looking up attestations to
2156 # verify.
2157 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
2158 # example "qa".
2159 },
2160 },
2161 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
2162 # provenance message in the build details occurrence.
2163 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
2164 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
2165 # containing build details.
2166 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
2167 # findings are valid and unchanged. If `key_type` is empty, this defaults
2168 # to PEM encoded public keys.
2169 #
2170 # This field may be empty if `key_id` references an external key.
2171 #
2172 # For Cloud Build based signatures, this is a PEM encoded public
2173 # key. To verify the Cloud Build signature, place the contents of
2174 # this field into a file (public.pem). The signature field is base64-decoded
2175 # into its binary representation in signature.bin, and the provenance bytes
2176 # from `BuildDetails` are base64-decoded into a binary representation in
2177 # signed.bin. OpenSSL can then verify the signature:
2178 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
2179 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
2180 # `key_id`.
2181 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
2182 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
2183 # CN for a cert), or a reference to an external key (such as a reference to a
2184 # key in Cloud Key Management Service).
2185 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
2186 # base-64 encoded.
2187 },
2188 },
2189 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
2190 # relationship. Linked occurrences are derived from this or an
2191 # equivalent image via:
2192 # FROM <Basis.resource_url>
2193 # Or an equivalent reference, e.g. a tag of the resource_url.
2194 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
2195 # basis of associated occurrence images.
2196 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
2197 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
2198 # representation.
2199 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2200 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2201 # Only the name of the final blob is kept.
2202 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
2203 "A String",
2204 ],
2205 },
2206 },
2207 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
2208 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
2209 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
2210 "A String",
2211 ],
2212 },
2213 "shortDescription": "A String", # A one sentence description of this note.
2214 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
2215 # filter in list requests.
2216 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
2217 # exists in a provider's project. A `Discovery` occurrence is created in a
2218 # consumer's project at the start of analysis.
2219 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
2220 # discovery.
2221 },
2222 }</pre>
2223</div>
2224
2225<div class="method">
2226 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
2227 <pre>Sets the access control policy on the specified note or occurrence.
2228Requires `containeranalysis.notes.setIamPolicy` or
2229`containeranalysis.occurrences.setIamPolicy` permission if the resource is
2230a note or an occurrence, respectively.
2231
2232The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
2233notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
2234occurrences.
2235
2236Args:
2237 resource: string, REQUIRED: The resource for which the policy is being specified.
2238See the operation documentation for the appropriate value for this field. (required)
2239 body: object, The request body. (required)
2240 The object takes the form of:
2241
2242{ # Request message for `SetIamPolicy` method.
2243 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
2244 # the policy is limited to a few 10s of KB. An empty policy is a
2245 # valid policy but certain Cloud Platform services (such as Projects)
2246 # might reject them.
2247 # specify access control policies for Cloud Platform resources.
2248 #
2249 #
2250 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
2251 # `members` to a `role`, where the members can be user accounts, Google groups,
2252 # Google domains, and service accounts. A `role` is a named list of permissions
2253 # defined by IAM.
2254 #
2255 # **JSON Example**
2256 #
2257 # {
2258 # "bindings": [
2259 # {
2260 # "role": "roles/owner",
2261 # "members": [
2262 # "user:mike@example.com",
2263 # "group:admins@example.com",
2264 # "domain:google.com",
2265 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
2266 # ]
2267 # },
2268 # {
2269 # "role": "roles/viewer",
2270 # "members": ["user:sean@example.com"]
2271 # }
2272 # ]
2273 # }
2274 #
2275 # **YAML Example**
2276 #
2277 # bindings:
2278 # - members:
2279 # - user:mike@example.com
2280 # - group:admins@example.com
2281 # - domain:google.com
2282 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
2283 # role: roles/owner
2284 # - members:
2285 # - user:sean@example.com
2286 # role: roles/viewer
2287 #
2288 #
2289 # For a description of IAM and its features, see the
2290 # [IAM developer's guide](https://cloud.google.com/iam/docs).
2291 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
2292 { # Specifies the audit configuration for a service.
2293 # The configuration determines which permission types are logged, and what
2294 # identities, if any, are exempted from logging.
2295 # An AuditConfig must have one or more AuditLogConfigs.
2296 #
2297 # If there are AuditConfigs for both `allServices` and a specific service,
2298 # the union of the two AuditConfigs is used for that service: the log_types
2299 # specified in each AuditConfig are enabled, and the exempted_members in each
2300 # AuditLogConfig are exempted.
2301 #
2302 # Example Policy with multiple AuditConfigs:
2303 #
2304 # {
2305 # "audit_configs": [
2306 # {
2307 # "service": "allServices"
2308 # "audit_log_configs": [
2309 # {
2310 # "log_type": "DATA_READ",
2311 # "exempted_members": [
2312 # "user:foo@gmail.com"
2313 # ]
2314 # },
2315 # {
2316 # "log_type": "DATA_WRITE",
2317 # },
2318 # {
2319 # "log_type": "ADMIN_READ",
2320 # }
2321 # ]
2322 # },
2323 # {
2324 # "service": "fooservice.googleapis.com"
2325 # "audit_log_configs": [
2326 # {
2327 # "log_type": "DATA_READ",
2328 # },
2329 # {
2330 # "log_type": "DATA_WRITE",
2331 # "exempted_members": [
2332 # "user:bar@gmail.com"
2333 # ]
2334 # }
2335 # ]
2336 # }
2337 # ]
2338 # }
2339 #
2340 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
2341 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
2342 # bar@gmail.com from DATA_WRITE logging.
2343 "auditLogConfigs": [ # The configuration for logging of each type of permission.
2344 { # Provides the configuration for logging a type of permissions.
2345 # Example:
2346 #
2347 # {
2348 # "audit_log_configs": [
2349 # {
2350 # "log_type": "DATA_READ",
2351 # "exempted_members": [
2352 # "user:foo@gmail.com"
2353 # ]
2354 # },
2355 # {
2356 # "log_type": "DATA_WRITE",
2357 # }
2358 # ]
2359 # }
2360 #
2361 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
2362 # foo@gmail.com from DATA_READ logging.
2363 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
2364 # permission.
2365 # Follows the same format of Binding.members.
2366 "A String",
2367 ],
2368 "logType": "A String", # The log type that this config enables.
2369 },
2370 ],
2371 "service": "A String", # Specifies a service that will be enabled for audit logging.
2372 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
2373 # `allServices` is a special value that covers all services.
2374 },
2375 ],
2376 "version": 42, # Deprecated.
2377 "bindings": [ # Associates a list of `members` to a `role`.
2378 # `bindings` with no members will result in an error.
2379 { # Associates `members` with a `role`.
2380 "role": "A String", # Role that is assigned to `members`.
2381 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
2382 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
2383 # `members` can have the following values:
2384 #
2385 # * `allUsers`: A special identifier that represents anyone who is
2386 # on the internet; with or without a Google account.
2387 #
2388 # * `allAuthenticatedUsers`: A special identifier that represents anyone
2389 # who is authenticated with a Google account or a service account.
2390 #
2391 # * `user:{emailid}`: An email address that represents a specific Google
2392 # account. For example, `alice@gmail.com` .
2393 #
2394 #
2395 # * `serviceAccount:{emailid}`: An email address that represents a service
2396 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
2397 #
2398 # * `group:{emailid}`: An email address that represents a Google group.
2399 # For example, `admins@example.com`.
2400 #
2401 #
2402 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
2403 # users of that domain. For example, `google.com` or `example.com`.
2404 #
2405 "A String",
2406 ],
2407 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
2408 # NOTE: An unsatisfied condition will not allow user access via current
2409 # binding. Different bindings, including their conditions, are examined
2410 # independently.
2411 #
2412 # title: "User account presence"
2413 # description: "Determines whether the request has a user account"
2414 # expression: "size(request.user) > 0"
2415 "location": "A String", # An optional string indicating the location of the expression for error
2416 # reporting, e.g. a file name and a position in the file.
2417 "expression": "A String", # Textual representation of an expression in
2418 # Common Expression Language syntax.
2419 #
2420 # The application context of the containing message determines which
2421 # well-known feature set of CEL is supported.
2422 "description": "A String", # An optional description of the expression. This is a longer text which
2423 # describes the expression, e.g. when hovered over it in a UI.
2424 "title": "A String", # An optional title for the expression, i.e. a short string describing
2425 # its purpose. This can be used e.g. in UIs which allow to enter the
2426 # expression.
2427 },
2428 },
2429 ],
2430 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
2431 # prevent simultaneous updates of a policy from overwriting each other.
2432 # It is strongly suggested that systems make use of the `etag` in the
2433 # read-modify-write cycle to perform policy updates in order to avoid race
2434 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
2435 # systems are expected to put that etag in the request to `setIamPolicy` to
2436 # ensure that their change will be applied to the same version of the policy.
2437 #
2438 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
2439 # policy is overwritten blindly.
2440 },
2441 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
2442 # the fields in the mask will be modified. If no mask is provided, the
2443 # following default mask is used:
2444 # paths: "bindings, etag"
2445 # This field is only used by Cloud IAM.
2446 }
2447
2448 x__xgafv: string, V1 error format.
2449 Allowed values
2450 1 - v1 error format
2451 2 - v2 error format
2452
2453Returns:
2454 An object of the form:
2455
2456 { # Defines an Identity and Access Management (IAM) policy. It is used to
2457 # specify access control policies for Cloud Platform resources.
2458 #
2459 #
2460 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
2461 # `members` to a `role`, where the members can be user accounts, Google groups,
2462 # Google domains, and service accounts. A `role` is a named list of permissions
2463 # defined by IAM.
2464 #
2465 # **JSON Example**
2466 #
2467 # {
2468 # "bindings": [
2469 # {
2470 # "role": "roles/owner",
2471 # "members": [
2472 # "user:mike@example.com",
2473 # "group:admins@example.com",
2474 # "domain:google.com",
2475 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
2476 # ]
2477 # },
2478 # {
2479 # "role": "roles/viewer",
2480 # "members": ["user:sean@example.com"]
2481 # }
2482 # ]
2483 # }
2484 #
2485 # **YAML Example**
2486 #
2487 # bindings:
2488 # - members:
2489 # - user:mike@example.com
2490 # - group:admins@example.com
2491 # - domain:google.com
2492 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
2493 # role: roles/owner
2494 # - members:
2495 # - user:sean@example.com
2496 # role: roles/viewer
2497 #
2498 #
2499 # For a description of IAM and its features, see the
2500 # [IAM developer's guide](https://cloud.google.com/iam/docs).
2501 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
2502 { # Specifies the audit configuration for a service.
2503 # The configuration determines which permission types are logged, and what
2504 # identities, if any, are exempted from logging.
2505 # An AuditConfig must have one or more AuditLogConfigs.
2506 #
2507 # If there are AuditConfigs for both `allServices` and a specific service,
2508 # the union of the two AuditConfigs is used for that service: the log_types
2509 # specified in each AuditConfig are enabled, and the exempted_members in each
2510 # AuditLogConfig are exempted.
2511 #
2512 # Example Policy with multiple AuditConfigs:
2513 #
2514 # {
2515 # "audit_configs": [
2516 # {
2517 # "service": "allServices"
2518 # "audit_log_configs": [
2519 # {
2520 # "log_type": "DATA_READ",
2521 # "exempted_members": [
2522 # "user:foo@gmail.com"
2523 # ]
2524 # },
2525 # {
2526 # "log_type": "DATA_WRITE",
2527 # },
2528 # {
2529 # "log_type": "ADMIN_READ",
2530 # }
2531 # ]
2532 # },
2533 # {
2534 # "service": "fooservice.googleapis.com"
2535 # "audit_log_configs": [
2536 # {
2537 # "log_type": "DATA_READ",
2538 # },
2539 # {
2540 # "log_type": "DATA_WRITE",
2541 # "exempted_members": [
2542 # "user:bar@gmail.com"
2543 # ]
2544 # }
2545 # ]
2546 # }
2547 # ]
2548 # }
2549 #
2550 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
2551 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
2552 # bar@gmail.com from DATA_WRITE logging.
2553 "auditLogConfigs": [ # The configuration for logging of each type of permission.
2554 { # Provides the configuration for logging a type of permissions.
2555 # Example:
2556 #
2557 # {
2558 # "audit_log_configs": [
2559 # {
2560 # "log_type": "DATA_READ",
2561 # "exempted_members": [
2562 # "user:foo@gmail.com"
2563 # ]
2564 # },
2565 # {
2566 # "log_type": "DATA_WRITE",
2567 # }
2568 # ]
2569 # }
2570 #
2571 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
2572 # foo@gmail.com from DATA_READ logging.
2573 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
2574 # permission.
2575 # Follows the same format of Binding.members.
2576 "A String",
2577 ],
2578 "logType": "A String", # The log type that this config enables.
2579 },
2580 ],
2581 "service": "A String", # Specifies a service that will be enabled for audit logging.
2582 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
2583 # `allServices` is a special value that covers all services.
2584 },
2585 ],
2586 "version": 42, # Deprecated.
2587 "bindings": [ # Associates a list of `members` to a `role`.
2588 # `bindings` with no members will result in an error.
2589 { # Associates `members` with a `role`.
2590 "role": "A String", # Role that is assigned to `members`.
2591 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
2592 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
2593 # `members` can have the following values:
2594 #
2595 # * `allUsers`: A special identifier that represents anyone who is
2596 # on the internet; with or without a Google account.
2597 #
2598 # * `allAuthenticatedUsers`: A special identifier that represents anyone
2599 # who is authenticated with a Google account or a service account.
2600 #
2601 # * `user:{emailid}`: An email address that represents a specific Google
2602 # account. For example, `alice@gmail.com` .
2603 #
2604 #
2605 # * `serviceAccount:{emailid}`: An email address that represents a service
2606 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
2607 #
2608 # * `group:{emailid}`: An email address that represents a Google group.
2609 # For example, `admins@example.com`.
2610 #
2611 #
2612 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
2613 # users of that domain. For example, `google.com` or `example.com`.
2614 #
2615 "A String",
2616 ],
2617 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
2618 # NOTE: An unsatisfied condition will not allow user access via current
2619 # binding. Different bindings, including their conditions, are examined
2620 # independently.
2621 #
2622 # title: "User account presence"
2623 # description: "Determines whether the request has a user account"
2624 # expression: "size(request.user) > 0"
2625 "location": "A String", # An optional string indicating the location of the expression for error
2626 # reporting, e.g. a file name and a position in the file.
2627 "expression": "A String", # Textual representation of an expression in
2628 # Common Expression Language syntax.
2629 #
2630 # The application context of the containing message determines which
2631 # well-known feature set of CEL is supported.
2632 "description": "A String", # An optional description of the expression. This is a longer text which
2633 # describes the expression, e.g. when hovered over it in a UI.
2634 "title": "A String", # An optional title for the expression, i.e. a short string describing
2635 # its purpose. This can be used e.g. in UIs which allow to enter the
2636 # expression.
2637 },
2638 },
2639 ],
2640 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
2641 # prevent simultaneous updates of a policy from overwriting each other.
2642 # It is strongly suggested that systems make use of the `etag` in the
2643 # read-modify-write cycle to perform policy updates in order to avoid race
2644 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
2645 # systems are expected to put that etag in the request to `setIamPolicy` to
2646 # ensure that their change will be applied to the same version of the policy.
2647 #
2648 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
2649 # policy is overwritten blindly.
2650 }</pre>
2651</div>
2652
2653<div class="method">
2654 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
2655 <pre>Returns the permissions that a caller has on the specified note or
2656occurrence. Requires list permission on the project (for example,
2657`containeranalysis.notes.list`).
2658
2659The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
2660notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
2661occurrences.
2662
2663Args:
2664 resource: string, REQUIRED: The resource for which the policy detail is being requested.
2665See the operation documentation for the appropriate value for this field. (required)
2666 body: object, The request body. (required)
2667 The object takes the form of:
2668
2669{ # Request message for `TestIamPermissions` method.
2670 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
2671 # wildcards (such as '*' or 'storage.*') are not allowed. For more
2672 # information see
2673 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
2674 "A String",
2675 ],
2676 }
2677
2678 x__xgafv: string, V1 error format.
2679 Allowed values
2680 1 - v1 error format
2681 2 - v2 error format
2682
2683Returns:
2684 An object of the form:
2685
2686 { # Response message for `TestIamPermissions` method.
2687 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
2688 # allowed.
2689 "A String",
2690 ],
2691 }</pre>
2692</div>
2693
2694</body></html>