blob: 3788722d02a6d7dfaf1014758c1c4f1f7ce62b42 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.projects.html">projects</a> . <a href="containeranalysis_v1alpha1.projects.occurrences.html">occurrences</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070078 <code><a href="#create">create(parent, body=None, name=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070079<p class="firstline">Creates a new `Occurrence`. Use this method to create `Occurrences`</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes the given `Occurrence` from the system. Use this when</p>
83<p class="toc_element">
84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns the requested `Occurrence`.</p>
86<p class="toc_element">
87 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
88<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p>
89<p class="toc_element">
90 <code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p>
91<p class="firstline">Gets the `Note` attached to the given `Occurrence`.</p>
92<p class="toc_element">
Bu Sun Kim65020912020-05-20 12:08:20 -070093 <code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070094<p class="firstline">Gets a summary of the number and severity of occurrences.</p>
95<p class="toc_element">
Bu Sun Kimd059ad82020-07-22 17:02:09 -070096 <code><a href="#list">list(parent, pageSize=None, kind=None, name=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070097<p class="firstline">Lists active `Occurrences` for a given project matching the filters.</p>
98<p class="toc_element">
99 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
100<p class="firstline">Retrieves the next page of results.</p>
101<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700102 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700103<p class="firstline">Updates an existing occurrence.</p>
104<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700105 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700106<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p>
107<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700108 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700109<p class="firstline">Returns the permissions that a caller has on the specified note or</p>
110<h3>Method Details</h3>
111<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700112 <code class="details" id="create">create(parent, body=None, name=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700113 <pre>Creates a new `Occurrence`. Use this method to create `Occurrences`
114for a resource.
115
116Args:
Bu Sun Kim65020912020-05-20 12:08:20 -0700117 parent: string, This field contains the project Id for example: &quot;projects/{project_id}&quot; (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700118 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700119 The object takes the form of:
120
121{ # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700122 &quot;resource&quot;: { # #
123 # The resource for which the `Occurrence` applies.
124 # Resource is an entity that can have metadata. E.g., a Docker image.
125 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
126 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
127 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
128 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
129 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
130 &quot;value&quot;: &quot;A String&quot;, # The hash value.
131 },
132 },
133 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
134 # to fix it.
135 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
136 # the associated resource.
137 { # This message wraps a location affected by a vulnerability and its
138 # associated fix (if one is available).
139 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
140 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
141 # filter in list requests.
142 # For a discussion of this in Debian/Ubuntu:
143 # http://serverfault.com/questions/604541/debian-packages-version-convention
144 # For a discussion of this in Redhat/Fedora/Centos:
145 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
146 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
147 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
148 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
149 # If kind is not NORMAL, then the other fields are ignored.
150 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
151 },
152 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
153 # format. Examples include distro or storage location for vulnerable jar.
154 # This field can be used as a filter in list requests.
155 &quot;package&quot;: &quot;A String&quot;, # The package being described.
156 },
157 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
158 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
159 # filter in list requests.
160 # For a discussion of this in Debian/Ubuntu:
161 # http://serverfault.com/questions/604541/debian-packages-version-convention
162 # For a discussion of this in Redhat/Fedora/Centos:
163 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
164 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
165 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
166 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
167 # If kind is not NORMAL, then the other fields are ignored.
168 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
169 },
170 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
171 # format. Examples include distro or storage location for vulnerable jar.
172 # This field can be used as a filter in list requests.
173 &quot;package&quot;: &quot;A String&quot;, # The package being described.
174 },
175 &quot;severityName&quot;: &quot;A String&quot;,
176 },
177 ],
178 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
179 # available and note provider assigned severity when distro has not yet
180 # assigned a severity for this vulnerability.
181 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
182 # node.js packages etc)
183 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
184 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
185 # scale of 0-10 where 0 indicates low severity and 10 indicates high
186 # severity.
187 },
188 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
189 # Attestation can be verified using the attached signature. If the verifier
190 # trusts the public key of the signer, then verifying the signature is
191 # sufficient to establish trust. In this circumstance, the
192 # AttestationAuthority to which this Attestation is attached is primarily
193 # useful for look-up (how to find this Attestation if you already know the
194 # Authority and artifact to be verified) and intent (which authority was this
195 # attestation intended to sign for).
196 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
197 # This message only supports `ATTACHED` signatures, where the payload that is
198 # signed is included alongside the signature itself in the same file.
199 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
200 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
201 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
202 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
203 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
204 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
205 # In gpg, the full fingerprint can be retrieved from the `fpr` field
206 # returned when calling --list-keys with --with-colons. For example:
207 # ```
208 # gpg --with-colons --with-fingerprint --force-v4-certs \
209 # --list-keys attester@example.com
210 # tru::1:1513631572:0:3:1:5
211 # pub:...&lt;SNIP&gt;...
212 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
213 # ```
214 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
215 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
216 # equivalent. Since this message only supports attached signatures, the
217 # payload that was signed must be attached. While the signature format
218 # supported is dependent on the verification implementation, currently only
219 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
220 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
221 # --output=signature.gpg payload.json` will create the signature content
222 # expected in this field in `signature.gpg` for the `payload.json`
223 # attestation payload.
224 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
225 # The verifier must ensure that the provided type is one that the verifier
226 # supports, and that the attestation payload is a valid instantiation of that
227 # type (for example by validating a JSON schema).
228 },
229 },
230 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
231 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700232 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -0700233 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
234 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -0700235 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700236 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
237 # with a path point to a unique revision of a single file or directory.
238 &quot;labels&quot;: { # Labels with user defined metadata.
239 &quot;a_key&quot;: &quot;A String&quot;,
240 },
241 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
242 # repository (e.g., GitHub).
243 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
244 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
245 },
246 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
247 # Source Repo.
248 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
249 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
250 &quot;name&quot;: &quot;A String&quot;, # The alias name.
251 },
252 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
253 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
254 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
255 # winged-cargo-31) and a repo name within that project.
256 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
257 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
258 },
259 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
260 },
261 },
262 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
263 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
264 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
265 # the hostURI/project.
266 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
267 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
268 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
269 &quot;name&quot;: &quot;A String&quot;, # The alias name.
270 },
271 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
272 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700273 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700274 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
275 # these locations, in the case where the source repository had multiple
276 # remotes or submodules. This list will not include the context specified in
277 # the context field.
278 { # A SourceContext is a reference to a tree of files. A SourceContext together
279 # with a path point to a unique revision of a single file or directory.
280 &quot;labels&quot;: { # Labels with user defined metadata.
281 &quot;a_key&quot;: &quot;A String&quot;,
282 },
283 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
284 # repository (e.g., GitHub).
285 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
286 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
287 },
288 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
289 # Source Repo.
290 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
291 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
292 &quot;name&quot;: &quot;A String&quot;, # The alias name.
293 },
294 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
295 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
296 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
297 # winged-cargo-31) and a repo name within that project.
298 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
299 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
300 },
301 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
302 },
303 },
304 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
305 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
306 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
307 # the hostURI/project.
308 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
309 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
310 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
311 &quot;name&quot;: &quot;A String&quot;, # The alias name.
312 },
313 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
314 },
315 },
316 ],
317 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
318 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -0700319 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700320 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700321 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -0700322 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
323 # Requirements]
324 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700325 },
326 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
327 # Repository.
328 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
329 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
330 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
331 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
332 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -0700333 },
334 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
335 # source integrity was maintained in the build.
336 #
337 # The keys to this map are file paths used as build source and the values
338 # contain the hash values for those files.
339 #
340 # If the build source came in a single package such as a gzipped tarfile
341 # (.tar.gz), the FileHash will be for the single path to that file.
342 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
343 # messages to verify integrity of source input to the build.
344 &quot;fileHash&quot;: [ # Collection of file hashes.
345 { # Container message for hash values.
346 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
347 &quot;value&quot;: &quot;A String&quot;, # The hash value.
348 },
349 ],
350 },
351 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700352 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
353 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -0700354 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700355 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700356 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -0700357 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
358 # Requirements]
359 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -0700360 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700361 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700362 &quot;builtArtifacts&quot;: [ # Output of the build.
363 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -0700364 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
365 # the case of a container build, the name used to push the container image to
366 # Google Container Registry, as presented to `docker push`.
367 #
368 # This field is deprecated in favor of the plural `names` field; it continues
369 # to exist here to allow existing BuildProvenance serialized to json in
370 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
371 # deserialize back into proto.
372 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
373 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700374 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
375 # the case of a container build, the name used to push the container image to
376 # Google Container Registry, as presented to `docker push`. Note that a
377 # single Artifact ID can have multiple names, for example if two tags are
378 # applied to one image.
379 &quot;A String&quot;,
380 ],
381 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
382 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -0700383 },
384 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700385 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
386 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
387 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
388 # build providers can enter any desired additional details.
389 &quot;a_key&quot;: &quot;A String&quot;,
390 },
391 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
392 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
393 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
394 # user&#x27;s e-mail address at the time the build was initiated; this address may
395 # not represent the same end-user for all time.
396 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
397 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
398 &quot;commands&quot;: [ # Commands requested by the build.
399 { # Command describes a step performed as part of the build pipeline.
400 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
401 # this Command.
402 &quot;env&quot;: [ # Environment variables set before running this Command.
403 &quot;A String&quot;,
404 ],
405 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
406 &quot;A String&quot;,
407 ],
408 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
409 # this Command as a dependency.
410 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
411 # packaged as a Docker container, as presented to `docker pull`.
412 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
413 &quot;A String&quot;,
414 ],
415 },
416 ],
417 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
418 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700419 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700420 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
421 # `BuildSignature` in the corresponding Result. After verifying the
422 # signature, `provenance_bytes` can be unmarshalled and compared to the
423 # provenance to confirm that it is unchanged. A base64-encoded string
424 # representation of the provenance bytes is used for the signature in order
425 # to interoperate with openssl which expects this format for signature
426 # verification.
427 #
428 # The serialized form is captured both to avoid ambiguity in how the
429 # provenance is marshalled to json as well to prevent incompatibilities with
430 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700431 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700432 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
433 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
434 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
435 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
436 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
437 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
438 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
439 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
440 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
441 # deployable field with the same name.
442 &quot;A String&quot;,
443 ],
444 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
445 },
446 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
447 # specific upgrade. This presence is supplied via local sources (i.e. it is
448 # present in the mirror and the running system has noticed its availability).
449 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
450 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
451 # for the resource_url. This allows efficient filtering, as well as
452 # making it easier to use the occurrence.
453 # operating system (CPE). Some distributions have additional metadata around
454 # updates, classifying them into various categories and severities.
455 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
456 # upstream operating system upgrade feed.
457 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
458 # https://cpe.mitre.org/specification/.
459 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
460 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
461 &quot;A String&quot;,
462 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700463 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700464 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
465 # For a discussion of this in Debian/Ubuntu:
466 # http://serverfault.com/questions/604541/debian-packages-version-convention
467 # For a discussion of this in Redhat/Fedora/Centos:
468 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
469 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
470 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
471 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
472 # If kind is not NORMAL, then the other fields are ignored.
473 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
474 },
475 },
476 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
477 # in the associated note.
478 # DockerImage relationship. This image would be produced from a Dockerfile
479 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
480 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
481 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
482 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
483 # Only the name of the final blob is kept.
484 # This field can be used as a filter in list requests.
485 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
486 &quot;A String&quot;,
487 ],
488 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
489 # representation.
490 # This field can be used as a filter in list requests.
491 },
492 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
493 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
494 # following the base image and [1] being the final layer.
495 { # Layer holds metadata specific to a layer of a Docker image.
496 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
497 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
498 },
499 ],
500 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
501 # occurrence.
502 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
503 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -0700504 },
505 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
506 # applies. For example, https://gcr.io/project/image@sha256:foo This field
507 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700508 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -0700509 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
510 # a system.
511 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
512 # have been found.
513 { # An occurrence of a particular package installation found within a
514 # system&#x27;s filesystem.
515 # e.g. glibc was found in /var/lib/dpkg/status
516 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
517 # denoting the package manager version distributing a package.
518 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
519 # For a discussion of this in Debian/Ubuntu:
520 # http://serverfault.com/questions/604541/debian-packages-version-convention
521 # For a discussion of this in Redhat/Fedora/Centos:
522 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
523 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700524 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -0700525 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
526 # If kind is not NORMAL, then the other fields are ignored.
527 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -0700528 },
529 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700530 },
531 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700532 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -0700533 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700534 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
535 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
536 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700537 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700538 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
539 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
540 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
541 # details to show to the user. The LocalizedMessage output only and
542 # populated by the API.
543 # different programming environments, including REST APIs and RPC APIs. It is
544 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
545 # three pieces of data: error code, error message, and error details.
546 #
547 # You can find out more about this error model and how to work with it in the
548 # [API Design Guide](https://cloud.google.com/apis/design/errors).
549 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
550 # user-facing error message should be localized and sent in the
551 # google.rpc.Status.details field, or localized by the client.
552 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
553 # message types for APIs to use.
554 {
555 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
556 },
557 ],
558 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
559 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700560 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
561 # This field is deprecated, do not use.
562 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700563 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
564 # method returns no data on success, such as `Delete`, the response is
565 # `google.protobuf.Empty`. If the original method is standard
566 # `Get`/`Create`/`Update`, the response should be the resource. For other
567 # methods, the response should have the type `XxxResponse`, where `Xxx`
568 # is the original method name. For example, if the original method name
569 # is `TakeSnapshot()`, the inferred response type is
570 # `TakeSnapshotResponse`.
571 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
572 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700573 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
574 # originally returns it. If you use the default HTTP mapping, the
575 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700576 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
577 # contains progress information and common metadata such as create time.
578 # Some services might not provide such metadata. Any method that returns a
579 # long-running operation should document the metadata type, if any.
580 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
581 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700582 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
583 # different programming environments, including REST APIs and RPC APIs. It is
584 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
585 # three pieces of data: error code, error message, and error details.
586 #
587 # You can find out more about this error model and how to work with it in the
588 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700589 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
590 # user-facing error message should be localized and sent in the
591 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700592 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
593 # message types for APIs to use.
594 {
595 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
596 },
597 ],
598 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700599 },
600 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
601 # If `true`, the operation is completed, and either `error` or `response` is
602 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -0700603 },
604 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -0700605 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700606 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700607 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700608}
609
Bu Sun Kim65020912020-05-20 12:08:20 -0700610 name: string, The name of the project. Should be of the form &quot;projects/{project_id}&quot;.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700611@Deprecated
612 x__xgafv: string, V1 error format.
613 Allowed values
614 1 - v1 error format
615 2 - v2 error format
616
617Returns:
618 An object of the form:
619
620 { # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700621 &quot;resource&quot;: { # #
622 # The resource for which the `Occurrence` applies.
623 # Resource is an entity that can have metadata. E.g., a Docker image.
624 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
625 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
626 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
627 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
628 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
629 &quot;value&quot;: &quot;A String&quot;, # The hash value.
630 },
631 },
632 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
633 # to fix it.
634 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
635 # the associated resource.
636 { # This message wraps a location affected by a vulnerability and its
637 # associated fix (if one is available).
638 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
639 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
640 # filter in list requests.
641 # For a discussion of this in Debian/Ubuntu:
642 # http://serverfault.com/questions/604541/debian-packages-version-convention
643 # For a discussion of this in Redhat/Fedora/Centos:
644 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
645 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
646 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
647 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
648 # If kind is not NORMAL, then the other fields are ignored.
649 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
650 },
651 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
652 # format. Examples include distro or storage location for vulnerable jar.
653 # This field can be used as a filter in list requests.
654 &quot;package&quot;: &quot;A String&quot;, # The package being described.
655 },
656 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
657 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
658 # filter in list requests.
659 # For a discussion of this in Debian/Ubuntu:
660 # http://serverfault.com/questions/604541/debian-packages-version-convention
661 # For a discussion of this in Redhat/Fedora/Centos:
662 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
663 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
664 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
665 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
666 # If kind is not NORMAL, then the other fields are ignored.
667 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
668 },
669 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
670 # format. Examples include distro or storage location for vulnerable jar.
671 # This field can be used as a filter in list requests.
672 &quot;package&quot;: &quot;A String&quot;, # The package being described.
673 },
674 &quot;severityName&quot;: &quot;A String&quot;,
675 },
676 ],
677 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
678 # available and note provider assigned severity when distro has not yet
679 # assigned a severity for this vulnerability.
680 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
681 # node.js packages etc)
682 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
683 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
684 # scale of 0-10 where 0 indicates low severity and 10 indicates high
685 # severity.
686 },
687 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
688 # Attestation can be verified using the attached signature. If the verifier
689 # trusts the public key of the signer, then verifying the signature is
690 # sufficient to establish trust. In this circumstance, the
691 # AttestationAuthority to which this Attestation is attached is primarily
692 # useful for look-up (how to find this Attestation if you already know the
693 # Authority and artifact to be verified) and intent (which authority was this
694 # attestation intended to sign for).
695 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
696 # This message only supports `ATTACHED` signatures, where the payload that is
697 # signed is included alongside the signature itself in the same file.
698 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
699 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
700 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
701 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
702 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
703 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
704 # In gpg, the full fingerprint can be retrieved from the `fpr` field
705 # returned when calling --list-keys with --with-colons. For example:
706 # ```
707 # gpg --with-colons --with-fingerprint --force-v4-certs \
708 # --list-keys attester@example.com
709 # tru::1:1513631572:0:3:1:5
710 # pub:...&lt;SNIP&gt;...
711 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
712 # ```
713 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
714 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
715 # equivalent. Since this message only supports attached signatures, the
716 # payload that was signed must be attached. While the signature format
717 # supported is dependent on the verification implementation, currently only
718 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
719 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
720 # --output=signature.gpg payload.json` will create the signature content
721 # expected in this field in `signature.gpg` for the `payload.json`
722 # attestation payload.
723 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
724 # The verifier must ensure that the provided type is one that the verifier
725 # supports, and that the attestation payload is a valid instantiation of that
726 # type (for example by validating a JSON schema).
727 },
728 },
729 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
730 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700731 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -0700732 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
733 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -0700734 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700735 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
736 # with a path point to a unique revision of a single file or directory.
737 &quot;labels&quot;: { # Labels with user defined metadata.
738 &quot;a_key&quot;: &quot;A String&quot;,
739 },
740 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
741 # repository (e.g., GitHub).
742 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
743 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
744 },
745 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
746 # Source Repo.
747 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
748 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
749 &quot;name&quot;: &quot;A String&quot;, # The alias name.
750 },
751 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
752 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
753 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
754 # winged-cargo-31) and a repo name within that project.
755 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
756 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
757 },
758 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
759 },
760 },
761 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
762 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
763 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
764 # the hostURI/project.
765 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
766 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
767 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
768 &quot;name&quot;: &quot;A String&quot;, # The alias name.
769 },
770 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
771 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700772 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700773 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
774 # these locations, in the case where the source repository had multiple
775 # remotes or submodules. This list will not include the context specified in
776 # the context field.
777 { # A SourceContext is a reference to a tree of files. A SourceContext together
778 # with a path point to a unique revision of a single file or directory.
779 &quot;labels&quot;: { # Labels with user defined metadata.
780 &quot;a_key&quot;: &quot;A String&quot;,
781 },
782 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
783 # repository (e.g., GitHub).
784 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
785 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
786 },
787 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
788 # Source Repo.
789 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
790 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
791 &quot;name&quot;: &quot;A String&quot;, # The alias name.
792 },
793 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
794 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
795 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
796 # winged-cargo-31) and a repo name within that project.
797 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
798 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
799 },
800 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
801 },
802 },
803 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
804 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
805 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
806 # the hostURI/project.
807 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
808 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
809 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
810 &quot;name&quot;: &quot;A String&quot;, # The alias name.
811 },
812 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
813 },
814 },
815 ],
816 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
817 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -0700818 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700819 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700820 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -0700821 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
822 # Requirements]
823 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700824 },
825 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
826 # Repository.
827 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
828 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
829 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
830 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
831 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -0700832 },
833 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
834 # source integrity was maintained in the build.
835 #
836 # The keys to this map are file paths used as build source and the values
837 # contain the hash values for those files.
838 #
839 # If the build source came in a single package such as a gzipped tarfile
840 # (.tar.gz), the FileHash will be for the single path to that file.
841 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
842 # messages to verify integrity of source input to the build.
843 &quot;fileHash&quot;: [ # Collection of file hashes.
844 { # Container message for hash values.
845 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
846 &quot;value&quot;: &quot;A String&quot;, # The hash value.
847 },
848 ],
849 },
850 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700851 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
852 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -0700853 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700854 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700855 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -0700856 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
857 # Requirements]
858 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -0700859 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700860 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700861 &quot;builtArtifacts&quot;: [ # Output of the build.
862 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -0700863 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
864 # the case of a container build, the name used to push the container image to
865 # Google Container Registry, as presented to `docker push`.
866 #
867 # This field is deprecated in favor of the plural `names` field; it continues
868 # to exist here to allow existing BuildProvenance serialized to json in
869 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
870 # deserialize back into proto.
871 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
872 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700873 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
874 # the case of a container build, the name used to push the container image to
875 # Google Container Registry, as presented to `docker push`. Note that a
876 # single Artifact ID can have multiple names, for example if two tags are
877 # applied to one image.
878 &quot;A String&quot;,
879 ],
880 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
881 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -0700882 },
883 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700884 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
885 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
886 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
887 # build providers can enter any desired additional details.
888 &quot;a_key&quot;: &quot;A String&quot;,
889 },
890 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
891 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
892 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
893 # user&#x27;s e-mail address at the time the build was initiated; this address may
894 # not represent the same end-user for all time.
895 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
896 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
897 &quot;commands&quot;: [ # Commands requested by the build.
898 { # Command describes a step performed as part of the build pipeline.
899 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
900 # this Command.
901 &quot;env&quot;: [ # Environment variables set before running this Command.
902 &quot;A String&quot;,
903 ],
904 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
905 &quot;A String&quot;,
906 ],
907 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
908 # this Command as a dependency.
909 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
910 # packaged as a Docker container, as presented to `docker pull`.
911 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
912 &quot;A String&quot;,
913 ],
914 },
915 ],
916 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
917 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700918 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700919 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
920 # `BuildSignature` in the corresponding Result. After verifying the
921 # signature, `provenance_bytes` can be unmarshalled and compared to the
922 # provenance to confirm that it is unchanged. A base64-encoded string
923 # representation of the provenance bytes is used for the signature in order
924 # to interoperate with openssl which expects this format for signature
925 # verification.
926 #
927 # The serialized form is captured both to avoid ambiguity in how the
928 # provenance is marshalled to json as well to prevent incompatibilities with
929 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700930 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700931 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
932 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
933 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
934 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
935 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
936 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
937 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
938 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
939 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
940 # deployable field with the same name.
941 &quot;A String&quot;,
942 ],
943 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
944 },
945 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
946 # specific upgrade. This presence is supplied via local sources (i.e. it is
947 # present in the mirror and the running system has noticed its availability).
948 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
949 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
950 # for the resource_url. This allows efficient filtering, as well as
951 # making it easier to use the occurrence.
952 # operating system (CPE). Some distributions have additional metadata around
953 # updates, classifying them into various categories and severities.
954 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
955 # upstream operating system upgrade feed.
956 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
957 # https://cpe.mitre.org/specification/.
958 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
959 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
960 &quot;A String&quot;,
961 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700962 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700963 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
964 # For a discussion of this in Debian/Ubuntu:
965 # http://serverfault.com/questions/604541/debian-packages-version-convention
966 # For a discussion of this in Redhat/Fedora/Centos:
967 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
968 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
969 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
970 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
971 # If kind is not NORMAL, then the other fields are ignored.
972 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
973 },
974 },
975 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
976 # in the associated note.
977 # DockerImage relationship. This image would be produced from a Dockerfile
978 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
979 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
980 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
981 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
982 # Only the name of the final blob is kept.
983 # This field can be used as a filter in list requests.
984 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
985 &quot;A String&quot;,
986 ],
987 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
988 # representation.
989 # This field can be used as a filter in list requests.
990 },
991 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
992 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
993 # following the base image and [1] being the final layer.
994 { # Layer holds metadata specific to a layer of a Docker image.
995 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
996 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
997 },
998 ],
999 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
1000 # occurrence.
1001 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
1002 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -07001003 },
1004 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
1005 # applies. For example, https://gcr.io/project/image@sha256:foo This field
1006 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001007 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -07001008 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
1009 # a system.
1010 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
1011 # have been found.
1012 { # An occurrence of a particular package installation found within a
1013 # system&#x27;s filesystem.
1014 # e.g. glibc was found in /var/lib/dpkg/status
1015 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1016 # denoting the package manager version distributing a package.
1017 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
1018 # For a discussion of this in Debian/Ubuntu:
1019 # http://serverfault.com/questions/604541/debian-packages-version-convention
1020 # For a discussion of this in Redhat/Fedora/Centos:
1021 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1022 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001023 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07001024 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1025 # If kind is not NORMAL, then the other fields are ignored.
1026 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -07001027 },
1028 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001029 },
1030 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001031 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -07001032 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001033 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
1034 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
1035 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07001036 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001037 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
1038 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
1039 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
1040 # details to show to the user. The LocalizedMessage output only and
1041 # populated by the API.
1042 # different programming environments, including REST APIs and RPC APIs. It is
1043 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1044 # three pieces of data: error code, error message, and error details.
1045 #
1046 # You can find out more about this error model and how to work with it in the
1047 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1048 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
1049 # user-facing error message should be localized and sent in the
1050 # google.rpc.Status.details field, or localized by the client.
1051 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
1052 # message types for APIs to use.
1053 {
1054 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1055 },
1056 ],
1057 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
1058 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001059 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
1060 # This field is deprecated, do not use.
1061 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -07001062 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
1063 # method returns no data on success, such as `Delete`, the response is
1064 # `google.protobuf.Empty`. If the original method is standard
1065 # `Get`/`Create`/`Update`, the response should be the resource. For other
1066 # methods, the response should have the type `XxxResponse`, where `Xxx`
1067 # is the original method name. For example, if the original method name
1068 # is `TakeSnapshot()`, the inferred response type is
1069 # `TakeSnapshotResponse`.
1070 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1071 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001072 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
1073 # originally returns it. If you use the default HTTP mapping, the
1074 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001075 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
1076 # contains progress information and common metadata such as create time.
1077 # Some services might not provide such metadata. Any method that returns a
1078 # long-running operation should document the metadata type, if any.
1079 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1080 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001081 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
1082 # different programming environments, including REST APIs and RPC APIs. It is
1083 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1084 # three pieces of data: error code, error message, and error details.
1085 #
1086 # You can find out more about this error model and how to work with it in the
1087 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001088 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
1089 # user-facing error message should be localized and sent in the
1090 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001091 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
1092 # message types for APIs to use.
1093 {
1094 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1095 },
1096 ],
1097 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001098 },
1099 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
1100 # If `true`, the operation is completed, and either `error` or `response` is
1101 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -07001102 },
1103 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -07001104 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001105 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001106 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001107 }</pre>
1108</div>
1109
1110<div class="method">
1111 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
1112 <pre>Deletes the given `Occurrence` from the system. Use this when
1113an `Occurrence` is no longer applicable for the given resource.
1114
1115Args:
1116 name: string, The name of the occurrence in the form of
Bu Sun Kim65020912020-05-20 12:08:20 -07001117&quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot; (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001118 x__xgafv: string, V1 error format.
1119 Allowed values
1120 1 - v1 error format
1121 2 - v2 error format
1122
1123Returns:
1124 An object of the form:
1125
1126 { # A generic empty message that you can re-use to avoid defining duplicated
1127 # empty messages in your APIs. A typical example is to use it as the request
1128 # or the response type of an API method. For instance:
1129 #
1130 # service Foo {
1131 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
1132 # }
1133 #
1134 # The JSON representation for `Empty` is empty JSON object `{}`.
1135 }</pre>
1136</div>
1137
1138<div class="method">
1139 <code class="details" id="get">get(name, x__xgafv=None)</code>
1140 <pre>Returns the requested `Occurrence`.
1141
1142Args:
1143 name: string, The name of the occurrence of the form
Bu Sun Kim65020912020-05-20 12:08:20 -07001144&quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot; (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001145 x__xgafv: string, V1 error format.
1146 Allowed values
1147 1 - v1 error format
1148 2 - v2 error format
1149
1150Returns:
1151 An object of the form:
1152
1153 { # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001154 &quot;resource&quot;: { # #
1155 # The resource for which the `Occurrence` applies.
1156 # Resource is an entity that can have metadata. E.g., a Docker image.
1157 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
1158 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
1159 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
1160 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
1161 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
1162 &quot;value&quot;: &quot;A String&quot;, # The hash value.
1163 },
1164 },
1165 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
1166 # to fix it.
1167 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
1168 # the associated resource.
1169 { # This message wraps a location affected by a vulnerability and its
1170 # associated fix (if one is available).
1171 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
1172 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1173 # filter in list requests.
1174 # For a discussion of this in Debian/Ubuntu:
1175 # http://serverfault.com/questions/604541/debian-packages-version-convention
1176 # For a discussion of this in Redhat/Fedora/Centos:
1177 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1178 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
1179 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
1180 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1181 # If kind is not NORMAL, then the other fields are ignored.
1182 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
1183 },
1184 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1185 # format. Examples include distro or storage location for vulnerable jar.
1186 # This field can be used as a filter in list requests.
1187 &quot;package&quot;: &quot;A String&quot;, # The package being described.
1188 },
1189 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
1190 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1191 # filter in list requests.
1192 # For a discussion of this in Debian/Ubuntu:
1193 # http://serverfault.com/questions/604541/debian-packages-version-convention
1194 # For a discussion of this in Redhat/Fedora/Centos:
1195 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1196 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
1197 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
1198 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1199 # If kind is not NORMAL, then the other fields are ignored.
1200 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
1201 },
1202 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1203 # format. Examples include distro or storage location for vulnerable jar.
1204 # This field can be used as a filter in list requests.
1205 &quot;package&quot;: &quot;A String&quot;, # The package being described.
1206 },
1207 &quot;severityName&quot;: &quot;A String&quot;,
1208 },
1209 ],
1210 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
1211 # available and note provider assigned severity when distro has not yet
1212 # assigned a severity for this vulnerability.
1213 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
1214 # node.js packages etc)
1215 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
1216 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
1217 # scale of 0-10 where 0 indicates low severity and 10 indicates high
1218 # severity.
1219 },
1220 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
1221 # Attestation can be verified using the attached signature. If the verifier
1222 # trusts the public key of the signer, then verifying the signature is
1223 # sufficient to establish trust. In this circumstance, the
1224 # AttestationAuthority to which this Attestation is attached is primarily
1225 # useful for look-up (how to find this Attestation if you already know the
1226 # Authority and artifact to be verified) and intent (which authority was this
1227 # attestation intended to sign for).
1228 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
1229 # This message only supports `ATTACHED` signatures, where the payload that is
1230 # signed is included alongside the signature itself in the same file.
1231 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
1232 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
1233 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
1234 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
1235 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
1236 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
1237 # In gpg, the full fingerprint can be retrieved from the `fpr` field
1238 # returned when calling --list-keys with --with-colons. For example:
1239 # ```
1240 # gpg --with-colons --with-fingerprint --force-v4-certs \
1241 # --list-keys attester@example.com
1242 # tru::1:1513631572:0:3:1:5
1243 # pub:...&lt;SNIP&gt;...
1244 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
1245 # ```
1246 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
1247 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
1248 # equivalent. Since this message only supports attached signatures, the
1249 # payload that was signed must be attached. While the signature format
1250 # supported is dependent on the verification implementation, currently only
1251 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
1252 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
1253 # --output=signature.gpg payload.json` will create the signature content
1254 # expected in this field in `signature.gpg` for the `payload.json`
1255 # attestation payload.
1256 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
1257 # The verifier must ensure that the provided type is one that the verifier
1258 # supports, and that the attestation payload is a valid instantiation of that
1259 # type (for example by validating a JSON schema).
1260 },
1261 },
1262 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
1263 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07001264 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -07001265 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
1266 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -07001267 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001268 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
1269 # with a path point to a unique revision of a single file or directory.
1270 &quot;labels&quot;: { # Labels with user defined metadata.
1271 &quot;a_key&quot;: &quot;A String&quot;,
1272 },
1273 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
1274 # repository (e.g., GitHub).
1275 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
1276 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
1277 },
1278 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
1279 # Source Repo.
1280 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
1281 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
1282 &quot;name&quot;: &quot;A String&quot;, # The alias name.
1283 },
1284 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
1285 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
1286 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
1287 # winged-cargo-31) and a repo name within that project.
1288 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
1289 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
1290 },
1291 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
1292 },
1293 },
1294 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
1295 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
1296 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
1297 # the hostURI/project.
1298 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
1299 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
1300 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
1301 &quot;name&quot;: &quot;A String&quot;, # The alias name.
1302 },
1303 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
1304 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001305 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001306 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
1307 # these locations, in the case where the source repository had multiple
1308 # remotes or submodules. This list will not include the context specified in
1309 # the context field.
1310 { # A SourceContext is a reference to a tree of files. A SourceContext together
1311 # with a path point to a unique revision of a single file or directory.
1312 &quot;labels&quot;: { # Labels with user defined metadata.
1313 &quot;a_key&quot;: &quot;A String&quot;,
1314 },
1315 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
1316 # repository (e.g., GitHub).
1317 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
1318 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
1319 },
1320 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
1321 # Source Repo.
1322 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
1323 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
1324 &quot;name&quot;: &quot;A String&quot;, # The alias name.
1325 },
1326 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
1327 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
1328 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
1329 # winged-cargo-31) and a repo name within that project.
1330 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
1331 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
1332 },
1333 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
1334 },
1335 },
1336 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
1337 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
1338 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
1339 # the hostURI/project.
1340 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
1341 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
1342 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
1343 &quot;name&quot;: &quot;A String&quot;, # The alias name.
1344 },
1345 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
1346 },
1347 },
1348 ],
1349 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
1350 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -07001351 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001352 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001353 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07001354 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
1355 # Requirements]
1356 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001357 },
1358 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
1359 # Repository.
1360 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
1361 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
1362 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
1363 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
1364 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -07001365 },
1366 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
1367 # source integrity was maintained in the build.
1368 #
1369 # The keys to this map are file paths used as build source and the values
1370 # contain the hash values for those files.
1371 #
1372 # If the build source came in a single package such as a gzipped tarfile
1373 # (.tar.gz), the FileHash will be for the single path to that file.
1374 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
1375 # messages to verify integrity of source input to the build.
1376 &quot;fileHash&quot;: [ # Collection of file hashes.
1377 { # Container message for hash values.
1378 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
1379 &quot;value&quot;: &quot;A String&quot;, # The hash value.
1380 },
1381 ],
1382 },
1383 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001384 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
1385 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -07001386 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001387 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001388 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07001389 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
1390 # Requirements]
1391 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -07001392 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001393 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001394 &quot;builtArtifacts&quot;: [ # Output of the build.
1395 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -07001396 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
1397 # the case of a container build, the name used to push the container image to
1398 # Google Container Registry, as presented to `docker push`.
1399 #
1400 # This field is deprecated in favor of the plural `names` field; it continues
1401 # to exist here to allow existing BuildProvenance serialized to json in
1402 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
1403 # deserialize back into proto.
1404 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
1405 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001406 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
1407 # the case of a container build, the name used to push the container image to
1408 # Google Container Registry, as presented to `docker push`. Note that a
1409 # single Artifact ID can have multiple names, for example if two tags are
1410 # applied to one image.
1411 &quot;A String&quot;,
1412 ],
1413 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
1414 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -07001415 },
1416 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001417 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
1418 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
1419 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
1420 # build providers can enter any desired additional details.
1421 &quot;a_key&quot;: &quot;A String&quot;,
1422 },
1423 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
1424 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
1425 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
1426 # user&#x27;s e-mail address at the time the build was initiated; this address may
1427 # not represent the same end-user for all time.
1428 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
1429 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
1430 &quot;commands&quot;: [ # Commands requested by the build.
1431 { # Command describes a step performed as part of the build pipeline.
1432 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
1433 # this Command.
1434 &quot;env&quot;: [ # Environment variables set before running this Command.
1435 &quot;A String&quot;,
1436 ],
1437 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
1438 &quot;A String&quot;,
1439 ],
1440 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
1441 # this Command as a dependency.
1442 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
1443 # packaged as a Docker container, as presented to `docker pull`.
1444 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
1445 &quot;A String&quot;,
1446 ],
1447 },
1448 ],
1449 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
1450 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001451 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001452 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
1453 # `BuildSignature` in the corresponding Result. After verifying the
1454 # signature, `provenance_bytes` can be unmarshalled and compared to the
1455 # provenance to confirm that it is unchanged. A base64-encoded string
1456 # representation of the provenance bytes is used for the signature in order
1457 # to interoperate with openssl which expects this format for signature
1458 # verification.
1459 #
1460 # The serialized form is captured both to avoid ambiguity in how the
1461 # provenance is marshalled to json as well to prevent incompatibilities with
1462 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001463 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001464 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
1465 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
1466 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
1467 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
1468 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
1469 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
1470 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
1471 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
1472 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
1473 # deployable field with the same name.
1474 &quot;A String&quot;,
1475 ],
1476 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
1477 },
1478 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
1479 # specific upgrade. This presence is supplied via local sources (i.e. it is
1480 # present in the mirror and the running system has noticed its availability).
1481 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
1482 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
1483 # for the resource_url. This allows efficient filtering, as well as
1484 # making it easier to use the occurrence.
1485 # operating system (CPE). Some distributions have additional metadata around
1486 # updates, classifying them into various categories and severities.
1487 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
1488 # upstream operating system upgrade feed.
1489 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
1490 # https://cpe.mitre.org/specification/.
1491 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
1492 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
1493 &quot;A String&quot;,
1494 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001495 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001496 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
1497 # For a discussion of this in Debian/Ubuntu:
1498 # http://serverfault.com/questions/604541/debian-packages-version-convention
1499 # For a discussion of this in Redhat/Fedora/Centos:
1500 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1501 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
1502 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
1503 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1504 # If kind is not NORMAL, then the other fields are ignored.
1505 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
1506 },
1507 },
1508 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
1509 # in the associated note.
1510 # DockerImage relationship. This image would be produced from a Dockerfile
1511 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
1512 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
1513 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
1514 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
1515 # Only the name of the final blob is kept.
1516 # This field can be used as a filter in list requests.
1517 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
1518 &quot;A String&quot;,
1519 ],
1520 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
1521 # representation.
1522 # This field can be used as a filter in list requests.
1523 },
1524 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
1525 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
1526 # following the base image and [1] being the final layer.
1527 { # Layer holds metadata specific to a layer of a Docker image.
1528 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
1529 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
1530 },
1531 ],
1532 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
1533 # occurrence.
1534 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
1535 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -07001536 },
1537 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
1538 # applies. For example, https://gcr.io/project/image@sha256:foo This field
1539 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001540 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -07001541 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
1542 # a system.
1543 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
1544 # have been found.
1545 { # An occurrence of a particular package installation found within a
1546 # system&#x27;s filesystem.
1547 # e.g. glibc was found in /var/lib/dpkg/status
1548 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1549 # denoting the package manager version distributing a package.
1550 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
1551 # For a discussion of this in Debian/Ubuntu:
1552 # http://serverfault.com/questions/604541/debian-packages-version-convention
1553 # For a discussion of this in Redhat/Fedora/Centos:
1554 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1555 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001556 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07001557 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1558 # If kind is not NORMAL, then the other fields are ignored.
1559 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -07001560 },
1561 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001562 },
1563 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001564 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -07001565 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001566 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
1567 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
1568 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07001569 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001570 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
1571 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
1572 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
1573 # details to show to the user. The LocalizedMessage output only and
1574 # populated by the API.
1575 # different programming environments, including REST APIs and RPC APIs. It is
1576 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1577 # three pieces of data: error code, error message, and error details.
1578 #
1579 # You can find out more about this error model and how to work with it in the
1580 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1581 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
1582 # user-facing error message should be localized and sent in the
1583 # google.rpc.Status.details field, or localized by the client.
1584 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
1585 # message types for APIs to use.
1586 {
1587 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1588 },
1589 ],
1590 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
1591 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001592 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
1593 # This field is deprecated, do not use.
1594 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -07001595 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
1596 # method returns no data on success, such as `Delete`, the response is
1597 # `google.protobuf.Empty`. If the original method is standard
1598 # `Get`/`Create`/`Update`, the response should be the resource. For other
1599 # methods, the response should have the type `XxxResponse`, where `Xxx`
1600 # is the original method name. For example, if the original method name
1601 # is `TakeSnapshot()`, the inferred response type is
1602 # `TakeSnapshotResponse`.
1603 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1604 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001605 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
1606 # originally returns it. If you use the default HTTP mapping, the
1607 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001608 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
1609 # contains progress information and common metadata such as create time.
1610 # Some services might not provide such metadata. Any method that returns a
1611 # long-running operation should document the metadata type, if any.
1612 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1613 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001614 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
1615 # different programming environments, including REST APIs and RPC APIs. It is
1616 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1617 # three pieces of data: error code, error message, and error details.
1618 #
1619 # You can find out more about this error model and how to work with it in the
1620 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001621 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
1622 # user-facing error message should be localized and sent in the
1623 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001624 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
1625 # message types for APIs to use.
1626 {
1627 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1628 },
1629 ],
1630 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001631 },
1632 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
1633 # If `true`, the operation is completed, and either `error` or `response` is
1634 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -07001635 },
1636 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -07001637 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001638 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001639 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001640 }</pre>
1641</div>
1642
1643<div class="method">
1644 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
1645 <pre>Gets the access control policy for a note or an `Occurrence` resource.
1646Requires `containeranalysis.notes.setIamPolicy` or
1647`containeranalysis.occurrences.setIamPolicy` permission if the resource is
1648a note or occurrence, respectively.
1649Attempting to call this method on a resource without the required
1650permission will result in a `PERMISSION_DENIED` error. Attempting to call
1651this method on a non-existent resource will result in a `NOT_FOUND` error
1652if the user has list permission on the project, or a `PERMISSION_DENIED`
1653error otherwise. The resource takes the following formats:
1654`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and
1655projects/{PROJECT_ID}/notes/{NOTE_ID} for notes
1656
1657Args:
1658 resource: string, REQUIRED: The resource for which the policy is being requested.
1659See the operation documentation for the appropriate value for this field. (required)
1660 body: object, The request body.
1661 The object takes the form of:
1662
1663{ # Request message for `GetIamPolicy` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001664 &quot;options&quot;: { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
Dan O'Mearadd494642020-05-01 07:42:23 -07001665 # `GetIamPolicy`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001666 &quot;requestedPolicyVersion&quot;: 42, # Optional. The policy format version to be returned.
Dan O'Mearadd494642020-05-01 07:42:23 -07001667 #
1668 # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
1669 # rejected.
1670 #
1671 # Requests for policies with any conditional bindings must specify version 3.
1672 # Policies without any conditional bindings may specify any valid value or
1673 # leave the field unset.
Bu Sun Kim65020912020-05-20 12:08:20 -07001674 #
1675 # To learn which resources support conditions in their IAM policies, see the
1676 # [IAM
1677 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07001678 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001679 }
1680
1681 x__xgafv: string, V1 error format.
1682 Allowed values
1683 1 - v1 error format
1684 2 - v2 error format
1685
1686Returns:
1687 An object of the form:
1688
Dan O'Mearadd494642020-05-01 07:42:23 -07001689 { # An Identity and Access Management (IAM) policy, which specifies access
1690 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001691 #
1692 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001693 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1694 # `members` to a single `role`. Members can be user accounts, service accounts,
1695 # Google groups, and domains (such as G Suite). A `role` is a named list of
1696 # permissions; each `role` can be an IAM predefined role or a user-created
1697 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001698 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001699 # For some types of Google Cloud resources, a `binding` can also specify a
1700 # `condition`, which is a logical expression that allows access to a resource
1701 # only if the expression evaluates to `true`. A condition can add constraints
1702 # based on attributes of the request, the resource, or both. To learn which
1703 # resources support conditions in their IAM policies, see the
1704 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07001705 #
1706 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001707 #
1708 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001709 # &quot;bindings&quot;: [
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001710 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001711 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1712 # &quot;members&quot;: [
1713 # &quot;user:mike@example.com&quot;,
1714 # &quot;group:admins@example.com&quot;,
1715 # &quot;domain:google.com&quot;,
1716 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001717 # ]
1718 # },
1719 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001720 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1721 # &quot;members&quot;: [
1722 # &quot;user:eve@example.com&quot;
1723 # ],
1724 # &quot;condition&quot;: {
1725 # &quot;title&quot;: &quot;expirable access&quot;,
1726 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1727 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07001728 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001729 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07001730 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001731 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1732 # &quot;version&quot;: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001733 # }
1734 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001735 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001736 #
1737 # bindings:
1738 # - members:
1739 # - user:mike@example.com
1740 # - group:admins@example.com
1741 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07001742 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1743 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001744 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07001745 # - user:eve@example.com
1746 # role: roles/resourcemanager.organizationViewer
1747 # condition:
1748 # title: expirable access
1749 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07001750 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07001751 # - etag: BwWWja0YfJA=
1752 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001753 #
1754 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07001755 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001756 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07001757 # `condition` that determines how and when the `bindings` are applied. Each
1758 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001759 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001760 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1761 #
1762 # If the condition evaluates to `true`, then this binding applies to the
1763 # current request.
1764 #
1765 # If the condition evaluates to `false`, then this binding does not apply to
1766 # the current request. However, a different role binding might grant the same
1767 # role to one or more of the members in this binding.
1768 #
1769 # To learn which resources support conditions in their IAM policies, see the
1770 # [IAM
1771 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1772 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1773 # are documented at https://github.com/google/cel-spec.
1774 #
1775 # Example (Comparison):
1776 #
1777 # title: &quot;Summary size limit&quot;
1778 # description: &quot;Determines if a summary is less than 100 chars&quot;
1779 # expression: &quot;document.summary.size() &lt; 100&quot;
1780 #
1781 # Example (Equality):
1782 #
1783 # title: &quot;Requestor is owner&quot;
1784 # description: &quot;Determines if requestor is the document owner&quot;
1785 # expression: &quot;document.owner == request.auth.claims.email&quot;
1786 #
1787 # Example (Logic):
1788 #
1789 # title: &quot;Public documents&quot;
1790 # description: &quot;Determine whether the document should be publicly visible&quot;
1791 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1792 #
1793 # Example (Data Manipulation):
1794 #
1795 # title: &quot;Notification string&quot;
1796 # description: &quot;Create a notification string with a timestamp.&quot;
1797 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1798 #
1799 # The exact variables and functions that may be referenced within an expression
1800 # are determined by the service that evaluates it. See the service
1801 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -07001802 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1803 # its purpose. This can be used e.g. in UIs which allow to enter the
1804 # expression.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001805 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1806 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -07001807 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1808 # reporting, e.g. a file name and a position in the file.
1809 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1810 # describes the expression, e.g. when hovered over it in a UI.
1811 },
1812 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001813 # `members` can have the following values:
1814 #
1815 # * `allUsers`: A special identifier that represents anyone who is
1816 # on the internet; with or without a Google account.
1817 #
1818 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1819 # who is authenticated with a Google account or a service account.
1820 #
1821 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07001822 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001823 #
1824 #
1825 # * `serviceAccount:{emailid}`: An email address that represents a service
1826 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1827 #
1828 # * `group:{emailid}`: An email address that represents a Google group.
1829 # For example, `admins@example.com`.
1830 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001831 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1832 # identifier) representing a user that has been recently deleted. For
1833 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1834 # recovered, this value reverts to `user:{emailid}` and the recovered user
1835 # retains the role in the binding.
1836 #
1837 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1838 # unique identifier) representing a service account that has been recently
1839 # deleted. For example,
1840 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1841 # If the service account is undeleted, this value reverts to
1842 # `serviceAccount:{emailid}` and the undeleted service account retains the
1843 # role in the binding.
1844 #
1845 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1846 # identifier) representing a Google group that has been recently
1847 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1848 # the group is recovered, this value reverts to `group:{emailid}` and the
1849 # recovered group retains the role in the binding.
1850 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001851 #
1852 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1853 # users of that domain. For example, `google.com` or `example.com`.
1854 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001855 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001856 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001857 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1858 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001859 },
1860 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001861 &quot;version&quot;: 42, # Specifies the format of the policy.
1862 #
1863 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1864 # are rejected.
1865 #
1866 # Any operation that affects conditional role bindings must specify version
1867 # `3`. This requirement applies to the following operations:
1868 #
1869 # * Getting a policy that includes a conditional role binding
1870 # * Adding a conditional role binding to a policy
1871 # * Changing a conditional role binding in a policy
1872 # * Removing any role binding, with or without a condition, from a policy
1873 # that includes conditions
1874 #
1875 # **Important:** If you use IAM Conditions, you must include the `etag` field
1876 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1877 # you to overwrite a version `3` policy with a version `1` policy, and all of
1878 # the conditions in the version `3` policy are lost.
1879 #
1880 # If a policy does not include any conditions, operations on that policy may
1881 # specify any valid version or leave the field unset.
1882 #
1883 # To learn which resources support conditions in their IAM policies, see the
1884 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1885 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1886 # prevent simultaneous updates of a policy from overwriting each other.
1887 # It is strongly suggested that systems make use of the `etag` in the
1888 # read-modify-write cycle to perform policy updates in order to avoid race
1889 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1890 # systems are expected to put that etag in the request to `setIamPolicy` to
1891 # ensure that their change will be applied to the same version of the policy.
1892 #
1893 # **Important:** If you use IAM Conditions, you must include the `etag` field
1894 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1895 # you to overwrite a version `3` policy with a version `1` policy, and all of
1896 # the conditions in the version `3` policy are lost.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001897 }</pre>
1898</div>
1899
1900<div class="method">
1901 <code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code>
1902 <pre>Gets the `Note` attached to the given `Occurrence`.
1903
1904Args:
1905 name: string, The name of the occurrence in the form
Bu Sun Kim65020912020-05-20 12:08:20 -07001906&quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot; (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001907 x__xgafv: string, V1 error format.
1908 Allowed values
1909 1 - v1 error format
1910 2 - v2 error format
1911
1912Returns:
1913 An object of the form:
1914
1915 { # Provides a detailed description of a `Note`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001916 &quot;package&quot;: { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
1917 # various channels.
1918 # e.g. glibc (aka libc6) is distributed by many, at various versions.
1919 &quot;distribution&quot;: [ # The various channels by which a package is distributed.
1920 { # This represents a particular channel of distribution for a given package.
1921 # e.g. Debian&#x27;s jessie-backports dpkg mirror
1922 &quot;latestVersion&quot;: { # Version contains structured information about the version of the package. # The latest available version of this package in
1923 # this distribution channel.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001924 # For a discussion of this in Debian/Ubuntu:
1925 # http://serverfault.com/questions/604541/debian-packages-version-convention
1926 # For a discussion of this in Redhat/Fedora/Centos:
1927 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
Bu Sun Kim65020912020-05-20 12:08:20 -07001928 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001929 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07001930 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001931 # If kind is not NORMAL, then the other fields are ignored.
Bu Sun Kim65020912020-05-20 12:08:20 -07001932 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001933 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001934 &quot;maintainer&quot;: &quot;A String&quot;, # A freeform string denoting the maintainer of this package.
1935 &quot;architecture&quot;: &quot;A String&quot;, # The CPU architecture for which packages in this distribution
1936 # channel were built
1937 &quot;description&quot;: &quot;A String&quot;, # The distribution channel-specific description of this package.
1938 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1939 # denoting the package manager version distributing a package.
1940 &quot;url&quot;: &quot;A String&quot;, # The distribution channel-specific homepage for this package.
Bu Sun Kim65020912020-05-20 12:08:20 -07001941 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001942 ],
1943 &quot;name&quot;: &quot;A String&quot;, # The name of the package.
1944 },
1945 &quot;name&quot;: &quot;A String&quot;, # The name of the note in the form
1946 # &quot;projects/{provider_project_id}/notes/{NOTE_ID}&quot;
1947 &quot;relatedUrl&quot;: [ # URLs associated with this note
1948 { # Metadata for any related URL information
1949 &quot;label&quot;: &quot;A String&quot;, # Label to describe usage of the URL
1950 &quot;url&quot;: &quot;A String&quot;, # Specific URL to associate with the note
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001951 },
1952 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001953 &quot;expirationTime&quot;: &quot;A String&quot;, # Time of expiration for this note, null if note does not expire.
1954 &quot;baseImage&quot;: { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1955 # relationship. Linked occurrences are derived from this or an
1956 # equivalent image via:
1957 # FROM &lt;Basis.resource_url&gt;
1958 # Or an equivalent reference, e.g. a tag of the resource_url.
1959 &quot;resourceUrl&quot;: &quot;A String&quot;, # The resource_url for the resource representing the basis of
1960 # associated occurrence images.
1961 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
1962 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
1963 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
1964 # Only the name of the final blob is kept.
1965 # This field can be used as a filter in list requests.
1966 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001967 &quot;A String&quot;,
1968 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001969 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
1970 # representation.
1971 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07001972 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001973 },
1974 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this note was created. This field can be used as a
1975 # filter in list requests.
1976 &quot;vulnerabilityType&quot;: { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
1977 &quot;details&quot;: [ # All information about the package to specifically identify this
1978 # vulnerability. One entry per (version range and cpe_uri) the
1979 # package vulnerability has manifested in.
1980 { # Identifies all occurrences of this vulnerability in the package for a
1981 # specific distro/location
1982 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1983 &quot;isObsolete&quot;: True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
1984 # obsolete details.
1985 &quot;minAffectedVersion&quot;: { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
1986 # For a discussion of this in Debian/Ubuntu:
1987 # http://serverfault.com/questions/604541/debian-packages-version-convention
1988 # For a discussion of this in Redhat/Fedora/Centos:
1989 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1990 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
1991 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
1992 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
1993 # If kind is not NORMAL, then the other fields are ignored.
1994 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
1995 },
1996 &quot;maxAffectedVersion&quot;: { # Version contains structured information about the version of the package. # The max version of the package in which the vulnerability exists.
1997 # For a discussion of this in Debian/Ubuntu:
1998 # http://serverfault.com/questions/604541/debian-packages-version-convention
1999 # For a discussion of this in Redhat/Fedora/Centos:
2000 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2001 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2002 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2003 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2004 # If kind is not NORMAL, then the other fields are ignored.
2005 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2006 },
2007 &quot;packageType&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
2008 # node.js packages etc)
2009 &quot;fixedLocation&quot;: { # The location of the vulnerability # The fix for this specific package version.
2010 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2011 # filter in list requests.
2012 # For a discussion of this in Debian/Ubuntu:
2013 # http://serverfault.com/questions/604541/debian-packages-version-convention
2014 # For a discussion of this in Redhat/Fedora/Centos:
2015 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2016 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2017 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2018 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2019 # If kind is not NORMAL, then the other fields are ignored.
2020 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2021 },
2022 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2023 # format. Examples include distro or storage location for vulnerable jar.
2024 # This field can be used as a filter in list requests.
2025 &quot;package&quot;: &quot;A String&quot;, # The package being described.
2026 },
2027 &quot;description&quot;: &quot;A String&quot;, # A vendor-specific description of this note.
2028 &quot;package&quot;: &quot;A String&quot;, # The name of the package where the vulnerability was found.
2029 # This field can be used as a filter in list requests.
2030 &quot;severityName&quot;: &quot;A String&quot;, # The severity (eg: distro assigned severity) for this vulnerability.
2031 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
2032 # which the vulnerability manifests. Examples include distro or storage
2033 # location for vulnerable jar.
2034 # This field can be used as a filter in list requests.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002035 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002036 ],
2037 &quot;severity&quot;: &quot;A String&quot;, # Note provider assigned impact of the vulnerability
2038 &quot;cvssScore&quot;: 3.14, # The CVSS score for this Vulnerability.
2039 },
2040 &quot;buildType&quot;: { # Note holding the version of the provider&#x27;s builder and the signature of # Build provenance type for a verifiable build.
2041 # the provenance message in linked BuildDetails.
2042 &quot;signature&quot;: { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
2043 # `BuilderDetails`.
2044 &quot;keyId&quot;: &quot;A String&quot;, # An Id for the key used to sign. This could be either an Id for the key
2045 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
2046 # CN for a cert), or a reference to an external key (such as a reference to a
2047 # key in Cloud Key Management Service).
2048 &quot;signature&quot;: &quot;A String&quot;, # Signature of the related `BuildProvenance`, encoded in a base64 string.
2049 &quot;keyType&quot;: &quot;A String&quot;, # The type of the key, either stored in `public_key` or referenced in
2050 # `key_id`
2051 &quot;publicKey&quot;: &quot;A String&quot;, # Public key of the builder which can be used to verify that the related
2052 # findings are valid and unchanged. If `key_type` is empty, this defaults
2053 # to PEM encoded public keys.
2054 #
2055 # This field may be empty if `key_id` references an external key.
2056 #
2057 # For Cloud Build based signatures, this is a PEM encoded public
2058 # key. To verify the Cloud Build signature, place the contents of
2059 # this field into a file (public.pem). The signature field is base64-decoded
2060 # into its binary representation in signature.bin, and the provenance bytes
2061 # from `BuildDetails` are base64-decoded into a binary representation in
2062 # signed.bin. OpenSSL can then verify the signature:
2063 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002064 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002065 &quot;builderVersion&quot;: &quot;A String&quot;, # Version of the builder which produced this Note.
2066 },
2067 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which kind of note is specified. This
2068 # field can be used as a filter in list requests.
2069 &quot;longDescription&quot;: &quot;A String&quot;, # A detailed description of this `Note`.
2070 &quot;deployable&quot;: { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
2071 &quot;resourceUri&quot;: [ # Resource URI for the artifact being deployed.
2072 &quot;A String&quot;,
2073 ],
2074 },
2075 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this note was last updated. This field can be used as
2076 # a filter in list requests.
2077 &quot;shortDescription&quot;: &quot;A String&quot;, # A one sentence description of this `Note`.
2078 &quot;discovery&quot;: { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
2079 # exists in a provider&#x27;s project. A `Discovery` occurrence is created in a
2080 # consumer&#x27;s project at the start of analysis. The occurrence&#x27;s operation will
2081 # indicate the status of the analysis. Absence of an occurrence linked to this
2082 # note for a resource indicates that analysis hasn&#x27;t started.
2083 &quot;analysisKind&quot;: &quot;A String&quot;, # The kind of analysis that is handled by this discovery.
2084 },
2085 &quot;attestationAuthority&quot;: { # Note kind that represents a logical attestation &quot;role&quot; or &quot;authority&quot;. For # A note describing an attestation role.
2086 # example, an organization might have one `AttestationAuthority` for &quot;QA&quot; and
2087 # one for &quot;build&quot;. This Note is intended to act strictly as a grouping
2088 # mechanism for the attached Occurrences (Attestations). This grouping
2089 # mechanism also provides a security boundary, since IAM ACLs gate the ability
2090 # for a principle to attach an Occurrence to a given Note. It also provides a
2091 # single point of lookup to find all attached Attestation Occurrences, even if
2092 # they don&#x27;t all live in the same project.
2093 &quot;hint&quot;: { # This submessage provides human-readable hints about the purpose of the
2094 # AttestationAuthority. Because the name of a Note acts as its resource
2095 # reference, it is important to disambiguate the canonical name of the Note
2096 # (which might be a UUID for security purposes) from &quot;readable&quot; names more
2097 # suitable for debug output. Note that these hints should NOT be used to
2098 # look up AttestationAuthorities in security sensitive contexts, such as when
2099 # looking up Attestations to verify.
2100 &quot;humanReadableName&quot;: &quot;A String&quot;, # The human readable name of this Attestation Authority, for example &quot;qa&quot;.
2101 },
2102 },
2103 &quot;upgrade&quot;: { # An Upgrade Note represents a potential upgrade of a package to a given # A note describing an upgrade.
2104 # version. For each package version combination (i.e. bash 4.0, bash 4.1,
2105 # bash 4.1.2), there will be a Upgrade Note.
2106 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
2107 &quot;version&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in machine + human readable form.
2108 # For a discussion of this in Debian/Ubuntu:
2109 # http://serverfault.com/questions/604541/debian-packages-version-convention
2110 # For a discussion of this in Redhat/Fedora/Centos:
2111 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2112 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2113 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2114 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2115 # If kind is not NORMAL, then the other fields are ignored.
2116 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2117 },
2118 &quot;distributions&quot;: [ # Metadata about the upgrade for each specific operating system.
2119 { # The Upgrade Distribution represents metadata about the Upgrade for each
2120 # operating system (CPE). Some distributions have additional metadata around
2121 # updates, classifying them into various categories and severities.
2122 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
2123 # upstream operating system upgrade feed.
2124 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
2125 # https://cpe.mitre.org/specification/.
2126 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
2127 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
2128 &quot;A String&quot;,
2129 ],
2130 },
2131 ],
2132 },
2133 }</pre>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002134</div>
2135
2136<div class="method">
Bu Sun Kim65020912020-05-20 12:08:20 -07002137 <code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002138 <pre>Gets a summary of the number and severity of occurrences.
2139
2140Args:
2141 parent: string, This contains the project Id for example: projects/{project_id} (required)
Bu Sun Kim65020912020-05-20 12:08:20 -07002142 filter: string, The filter expression.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002143 x__xgafv: string, V1 error format.
2144 Allowed values
2145 1 - v1 error format
2146 2 - v2 error format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002147
2148Returns:
2149 An object of the form:
2150
2151 { # A summary of how many vulnz occurrences there are per severity type.
2152 # counts by groups, or if we should have different summary messages
2153 # like this.
Bu Sun Kim65020912020-05-20 12:08:20 -07002154 &quot;counts&quot;: [ # A map of how many occurrences were found for each severity.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002155 { # The number of occurrences created for a specific severity.
Bu Sun Kim65020912020-05-20 12:08:20 -07002156 &quot;severity&quot;: &quot;A String&quot;, # The severity of the occurrences.
2157 &quot;count&quot;: &quot;A String&quot;, # The number of occurrences with the severity.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002158 },
2159 ],
2160 }</pre>
2161</div>
2162
2163<div class="method">
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002164 <code class="details" id="list">list(parent, pageSize=None, kind=None, name=None, filter=None, pageToken=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002165 <pre>Lists active `Occurrences` for a given project matching the filters.
2166
2167Args:
2168 parent: string, This contains the project Id for example: projects/{project_id}. (required)
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002169 pageSize: integer, Number of occurrences to return in the list.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002170 kind: string, The kind of occurrences to filter on.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002171 name: string, The name field contains the project Id. For example:
Bu Sun Kim65020912020-05-20 12:08:20 -07002172&quot;projects/{project_id}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002173@Deprecated
Bu Sun Kim65020912020-05-20 12:08:20 -07002174 filter: string, The filter expression.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002175 pageToken: string, Token to provide to skip to a particular spot in the list.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002176 x__xgafv: string, V1 error format.
2177 Allowed values
2178 1 - v1 error format
2179 2 - v2 error format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002180
2181Returns:
2182 An object of the form:
2183
2184 { # Response including listed active occurrences.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002185 &quot;nextPageToken&quot;: &quot;A String&quot;, # The next pagination token in the list response. It should be used as
2186 # `page_token` for the following request. An empty value means no more
2187 # results.
Bu Sun Kim65020912020-05-20 12:08:20 -07002188 &quot;occurrences&quot;: [ # The occurrences requested.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002189 { # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002190 &quot;resource&quot;: { # #
2191 # The resource for which the `Occurrence` applies.
2192 # Resource is an entity that can have metadata. E.g., a Docker image.
2193 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
2194 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
2195 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
2196 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
2197 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
2198 &quot;value&quot;: &quot;A String&quot;, # The hash value.
2199 },
2200 },
2201 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
2202 # to fix it.
2203 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
2204 # the associated resource.
2205 { # This message wraps a location affected by a vulnerability and its
2206 # associated fix (if one is available).
2207 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
2208 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2209 # filter in list requests.
2210 # For a discussion of this in Debian/Ubuntu:
2211 # http://serverfault.com/questions/604541/debian-packages-version-convention
2212 # For a discussion of this in Redhat/Fedora/Centos:
2213 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2214 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2215 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2216 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2217 # If kind is not NORMAL, then the other fields are ignored.
2218 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2219 },
2220 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2221 # format. Examples include distro or storage location for vulnerable jar.
2222 # This field can be used as a filter in list requests.
2223 &quot;package&quot;: &quot;A String&quot;, # The package being described.
2224 },
2225 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
2226 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2227 # filter in list requests.
2228 # For a discussion of this in Debian/Ubuntu:
2229 # http://serverfault.com/questions/604541/debian-packages-version-convention
2230 # For a discussion of this in Redhat/Fedora/Centos:
2231 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2232 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2233 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2234 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2235 # If kind is not NORMAL, then the other fields are ignored.
2236 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2237 },
2238 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2239 # format. Examples include distro or storage location for vulnerable jar.
2240 # This field can be used as a filter in list requests.
2241 &quot;package&quot;: &quot;A String&quot;, # The package being described.
2242 },
2243 &quot;severityName&quot;: &quot;A String&quot;,
2244 },
2245 ],
2246 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
2247 # available and note provider assigned severity when distro has not yet
2248 # assigned a severity for this vulnerability.
2249 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
2250 # node.js packages etc)
2251 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
2252 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
2253 # scale of 0-10 where 0 indicates low severity and 10 indicates high
2254 # severity.
2255 },
2256 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
2257 # Attestation can be verified using the attached signature. If the verifier
2258 # trusts the public key of the signer, then verifying the signature is
2259 # sufficient to establish trust. In this circumstance, the
2260 # AttestationAuthority to which this Attestation is attached is primarily
2261 # useful for look-up (how to find this Attestation if you already know the
2262 # Authority and artifact to be verified) and intent (which authority was this
2263 # attestation intended to sign for).
2264 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
2265 # This message only supports `ATTACHED` signatures, where the payload that is
2266 # signed is included alongside the signature itself in the same file.
2267 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
2268 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
2269 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
2270 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
2271 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
2272 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
2273 # In gpg, the full fingerprint can be retrieved from the `fpr` field
2274 # returned when calling --list-keys with --with-colons. For example:
2275 # ```
2276 # gpg --with-colons --with-fingerprint --force-v4-certs \
2277 # --list-keys attester@example.com
2278 # tru::1:1513631572:0:3:1:5
2279 # pub:...&lt;SNIP&gt;...
2280 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
2281 # ```
2282 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
2283 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
2284 # equivalent. Since this message only supports attached signatures, the
2285 # payload that was signed must be attached. While the signature format
2286 # supported is dependent on the verification implementation, currently only
2287 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
2288 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
2289 # --output=signature.gpg payload.json` will create the signature content
2290 # expected in this field in `signature.gpg` for the `payload.json`
2291 # attestation payload.
2292 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
2293 # The verifier must ensure that the provided type is one that the verifier
2294 # supports, and that the attestation payload is a valid instantiation of that
2295 # type (for example by validating a JSON schema).
2296 },
2297 },
2298 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
2299 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07002300 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -07002301 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
2302 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -07002303 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002304 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
2305 # with a path point to a unique revision of a single file or directory.
2306 &quot;labels&quot;: { # Labels with user defined metadata.
2307 &quot;a_key&quot;: &quot;A String&quot;,
2308 },
2309 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2310 # repository (e.g., GitHub).
2311 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
2312 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
2313 },
2314 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2315 # Source Repo.
2316 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2317 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2318 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2319 },
2320 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
2321 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
2322 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2323 # winged-cargo-31) and a repo name within that project.
2324 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
2325 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
2326 },
2327 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
2328 },
2329 },
2330 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2331 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
2332 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
2333 # the hostURI/project.
2334 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
2335 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2336 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2337 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2338 },
2339 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
2340 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002341 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002342 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
2343 # these locations, in the case where the source repository had multiple
2344 # remotes or submodules. This list will not include the context specified in
2345 # the context field.
2346 { # A SourceContext is a reference to a tree of files. A SourceContext together
2347 # with a path point to a unique revision of a single file or directory.
2348 &quot;labels&quot;: { # Labels with user defined metadata.
2349 &quot;a_key&quot;: &quot;A String&quot;,
2350 },
2351 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2352 # repository (e.g., GitHub).
2353 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
2354 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
2355 },
2356 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2357 # Source Repo.
2358 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2359 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2360 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2361 },
2362 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
2363 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
2364 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2365 # winged-cargo-31) and a repo name within that project.
2366 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
2367 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
2368 },
2369 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
2370 },
2371 },
2372 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2373 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
2374 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
2375 # the hostURI/project.
2376 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
2377 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2378 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2379 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2380 },
2381 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
2382 },
2383 },
2384 ],
2385 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
2386 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -07002387 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002388 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002389 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07002390 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
2391 # Requirements]
2392 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002393 },
2394 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
2395 # Repository.
2396 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
2397 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
2398 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
2399 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
2400 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -07002401 },
2402 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
2403 # source integrity was maintained in the build.
2404 #
2405 # The keys to this map are file paths used as build source and the values
2406 # contain the hash values for those files.
2407 #
2408 # If the build source came in a single package such as a gzipped tarfile
2409 # (.tar.gz), the FileHash will be for the single path to that file.
2410 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
2411 # messages to verify integrity of source input to the build.
2412 &quot;fileHash&quot;: [ # Collection of file hashes.
2413 { # Container message for hash values.
2414 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
2415 &quot;value&quot;: &quot;A String&quot;, # The hash value.
2416 },
2417 ],
2418 },
2419 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002420 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
2421 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -07002422 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002423 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002424 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07002425 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
2426 # Requirements]
2427 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -07002428 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002429 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002430 &quot;builtArtifacts&quot;: [ # Output of the build.
2431 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -07002432 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
2433 # the case of a container build, the name used to push the container image to
2434 # Google Container Registry, as presented to `docker push`.
2435 #
2436 # This field is deprecated in favor of the plural `names` field; it continues
2437 # to exist here to allow existing BuildProvenance serialized to json in
2438 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
2439 # deserialize back into proto.
2440 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
2441 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002442 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
2443 # the case of a container build, the name used to push the container image to
2444 # Google Container Registry, as presented to `docker push`. Note that a
2445 # single Artifact ID can have multiple names, for example if two tags are
2446 # applied to one image.
2447 &quot;A String&quot;,
2448 ],
2449 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
2450 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -07002451 },
2452 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002453 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
2454 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
2455 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
2456 # build providers can enter any desired additional details.
2457 &quot;a_key&quot;: &quot;A String&quot;,
2458 },
2459 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
2460 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
2461 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
2462 # user&#x27;s e-mail address at the time the build was initiated; this address may
2463 # not represent the same end-user for all time.
2464 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
2465 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
2466 &quot;commands&quot;: [ # Commands requested by the build.
2467 { # Command describes a step performed as part of the build pipeline.
2468 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
2469 # this Command.
2470 &quot;env&quot;: [ # Environment variables set before running this Command.
2471 &quot;A String&quot;,
2472 ],
2473 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
2474 &quot;A String&quot;,
2475 ],
2476 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
2477 # this Command as a dependency.
2478 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
2479 # packaged as a Docker container, as presented to `docker pull`.
2480 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
2481 &quot;A String&quot;,
2482 ],
2483 },
2484 ],
2485 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
2486 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002487 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002488 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
2489 # `BuildSignature` in the corresponding Result. After verifying the
2490 # signature, `provenance_bytes` can be unmarshalled and compared to the
2491 # provenance to confirm that it is unchanged. A base64-encoded string
2492 # representation of the provenance bytes is used for the signature in order
2493 # to interoperate with openssl which expects this format for signature
2494 # verification.
2495 #
2496 # The serialized form is captured both to avoid ambiguity in how the
2497 # provenance is marshalled to json as well to prevent incompatibilities with
2498 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002499 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002500 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
2501 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
2502 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
2503 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
2504 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
2505 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
2506 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
2507 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
2508 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
2509 # deployable field with the same name.
2510 &quot;A String&quot;,
2511 ],
2512 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
2513 },
2514 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
2515 # specific upgrade. This presence is supplied via local sources (i.e. it is
2516 # present in the mirror and the running system has noticed its availability).
2517 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
2518 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
2519 # for the resource_url. This allows efficient filtering, as well as
2520 # making it easier to use the occurrence.
2521 # operating system (CPE). Some distributions have additional metadata around
2522 # updates, classifying them into various categories and severities.
2523 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
2524 # upstream operating system upgrade feed.
2525 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
2526 # https://cpe.mitre.org/specification/.
2527 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
2528 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
2529 &quot;A String&quot;,
2530 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07002531 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002532 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
2533 # For a discussion of this in Debian/Ubuntu:
2534 # http://serverfault.com/questions/604541/debian-packages-version-convention
2535 # For a discussion of this in Redhat/Fedora/Centos:
2536 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2537 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2538 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2539 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2540 # If kind is not NORMAL, then the other fields are ignored.
2541 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2542 },
2543 },
2544 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
2545 # in the associated note.
2546 # DockerImage relationship. This image would be produced from a Dockerfile
2547 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
2548 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
2549 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
2550 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
2551 # Only the name of the final blob is kept.
2552 # This field can be used as a filter in list requests.
2553 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
2554 &quot;A String&quot;,
2555 ],
2556 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
2557 # representation.
2558 # This field can be used as a filter in list requests.
2559 },
2560 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
2561 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
2562 # following the base image and [1] being the final layer.
2563 { # Layer holds metadata specific to a layer of a Docker image.
2564 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
2565 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
2566 },
2567 ],
2568 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
2569 # occurrence.
2570 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
2571 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -07002572 },
2573 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
2574 # applies. For example, https://gcr.io/project/image@sha256:foo This field
2575 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002576 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -07002577 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
2578 # a system.
2579 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
2580 # have been found.
2581 { # An occurrence of a particular package installation found within a
2582 # system&#x27;s filesystem.
2583 # e.g. glibc was found in /var/lib/dpkg/status
2584 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
2585 # denoting the package manager version distributing a package.
2586 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
2587 # For a discussion of this in Debian/Ubuntu:
2588 # http://serverfault.com/questions/604541/debian-packages-version-convention
2589 # For a discussion of this in Redhat/Fedora/Centos:
2590 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2591 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002592 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07002593 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2594 # If kind is not NORMAL, then the other fields are ignored.
2595 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -07002596 },
2597 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002598 },
2599 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002600 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -07002601 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002602 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
2603 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
2604 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07002605 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002606 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
2607 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
2608 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
2609 # details to show to the user. The LocalizedMessage output only and
2610 # populated by the API.
2611 # different programming environments, including REST APIs and RPC APIs. It is
2612 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2613 # three pieces of data: error code, error message, and error details.
2614 #
2615 # You can find out more about this error model and how to work with it in the
2616 # [API Design Guide](https://cloud.google.com/apis/design/errors).
2617 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
2618 # user-facing error message should be localized and sent in the
2619 # google.rpc.Status.details field, or localized by the client.
2620 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
2621 # message types for APIs to use.
2622 {
2623 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
2624 },
2625 ],
2626 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
2627 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002628 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
2629 # This field is deprecated, do not use.
2630 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -07002631 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
2632 # method returns no data on success, such as `Delete`, the response is
2633 # `google.protobuf.Empty`. If the original method is standard
2634 # `Get`/`Create`/`Update`, the response should be the resource. For other
2635 # methods, the response should have the type `XxxResponse`, where `Xxx`
2636 # is the original method name. For example, if the original method name
2637 # is `TakeSnapshot()`, the inferred response type is
2638 # `TakeSnapshotResponse`.
2639 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
2640 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002641 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
2642 # originally returns it. If you use the default HTTP mapping, the
2643 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002644 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
2645 # contains progress information and common metadata such as create time.
2646 # Some services might not provide such metadata. Any method that returns a
2647 # long-running operation should document the metadata type, if any.
2648 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
2649 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002650 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
2651 # different programming environments, including REST APIs and RPC APIs. It is
2652 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2653 # three pieces of data: error code, error message, and error details.
2654 #
2655 # You can find out more about this error model and how to work with it in the
2656 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002657 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
2658 # user-facing error message should be localized and sent in the
2659 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002660 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
2661 # message types for APIs to use.
2662 {
2663 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
2664 },
2665 ],
2666 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002667 },
2668 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
2669 # If `true`, the operation is completed, and either `error` or `response` is
2670 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -07002671 },
2672 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -07002673 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002674 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002675 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002676 },
2677 ],
2678 }</pre>
2679</div>
2680
2681<div class="method">
2682 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
2683 <pre>Retrieves the next page of results.
2684
2685Args:
2686 previous_request: The request for the previous page. (required)
2687 previous_response: The response from the request for the previous page. (required)
2688
2689Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -07002690 A request object that you can call &#x27;execute()&#x27; on to request the next
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002691 page. Returns None if there are no more items in the collection.
2692 </pre>
2693</div>
2694
2695<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07002696 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002697 <pre>Updates an existing occurrence.
2698
2699Args:
2700 name: string, The name of the occurrence.
Bu Sun Kim65020912020-05-20 12:08:20 -07002701Should be of the form &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07002702 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002703 The object takes the form of:
2704
2705{ # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002706 &quot;resource&quot;: { # #
2707 # The resource for which the `Occurrence` applies.
2708 # Resource is an entity that can have metadata. E.g., a Docker image.
2709 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
2710 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
2711 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
2712 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
2713 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
2714 &quot;value&quot;: &quot;A String&quot;, # The hash value.
2715 },
2716 },
2717 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
2718 # to fix it.
2719 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
2720 # the associated resource.
2721 { # This message wraps a location affected by a vulnerability and its
2722 # associated fix (if one is available).
2723 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
2724 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2725 # filter in list requests.
2726 # For a discussion of this in Debian/Ubuntu:
2727 # http://serverfault.com/questions/604541/debian-packages-version-convention
2728 # For a discussion of this in Redhat/Fedora/Centos:
2729 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2730 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2731 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2732 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2733 # If kind is not NORMAL, then the other fields are ignored.
2734 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2735 },
2736 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2737 # format. Examples include distro or storage location for vulnerable jar.
2738 # This field can be used as a filter in list requests.
2739 &quot;package&quot;: &quot;A String&quot;, # The package being described.
2740 },
2741 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
2742 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2743 # filter in list requests.
2744 # For a discussion of this in Debian/Ubuntu:
2745 # http://serverfault.com/questions/604541/debian-packages-version-convention
2746 # For a discussion of this in Redhat/Fedora/Centos:
2747 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2748 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
2749 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
2750 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
2751 # If kind is not NORMAL, then the other fields are ignored.
2752 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
2753 },
2754 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2755 # format. Examples include distro or storage location for vulnerable jar.
2756 # This field can be used as a filter in list requests.
2757 &quot;package&quot;: &quot;A String&quot;, # The package being described.
2758 },
2759 &quot;severityName&quot;: &quot;A String&quot;,
2760 },
2761 ],
2762 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
2763 # available and note provider assigned severity when distro has not yet
2764 # assigned a severity for this vulnerability.
2765 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
2766 # node.js packages etc)
2767 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
2768 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
2769 # scale of 0-10 where 0 indicates low severity and 10 indicates high
2770 # severity.
2771 },
2772 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
2773 # Attestation can be verified using the attached signature. If the verifier
2774 # trusts the public key of the signer, then verifying the signature is
2775 # sufficient to establish trust. In this circumstance, the
2776 # AttestationAuthority to which this Attestation is attached is primarily
2777 # useful for look-up (how to find this Attestation if you already know the
2778 # Authority and artifact to be verified) and intent (which authority was this
2779 # attestation intended to sign for).
2780 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
2781 # This message only supports `ATTACHED` signatures, where the payload that is
2782 # signed is included alongside the signature itself in the same file.
2783 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
2784 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
2785 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
2786 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
2787 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
2788 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
2789 # In gpg, the full fingerprint can be retrieved from the `fpr` field
2790 # returned when calling --list-keys with --with-colons. For example:
2791 # ```
2792 # gpg --with-colons --with-fingerprint --force-v4-certs \
2793 # --list-keys attester@example.com
2794 # tru::1:1513631572:0:3:1:5
2795 # pub:...&lt;SNIP&gt;...
2796 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
2797 # ```
2798 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
2799 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
2800 # equivalent. Since this message only supports attached signatures, the
2801 # payload that was signed must be attached. While the signature format
2802 # supported is dependent on the verification implementation, currently only
2803 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
2804 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
2805 # --output=signature.gpg payload.json` will create the signature content
2806 # expected in this field in `signature.gpg` for the `payload.json`
2807 # attestation payload.
2808 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
2809 # The verifier must ensure that the provided type is one that the verifier
2810 # supports, and that the attestation payload is a valid instantiation of that
2811 # type (for example by validating a JSON schema).
2812 },
2813 },
2814 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
2815 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07002816 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -07002817 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
2818 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -07002819 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002820 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
2821 # with a path point to a unique revision of a single file or directory.
2822 &quot;labels&quot;: { # Labels with user defined metadata.
2823 &quot;a_key&quot;: &quot;A String&quot;,
2824 },
2825 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2826 # repository (e.g., GitHub).
2827 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
2828 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
2829 },
2830 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2831 # Source Repo.
2832 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2833 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2834 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2835 },
2836 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
2837 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
2838 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2839 # winged-cargo-31) and a repo name within that project.
2840 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
2841 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
2842 },
2843 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
2844 },
2845 },
2846 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2847 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
2848 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
2849 # the hostURI/project.
2850 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
2851 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2852 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2853 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2854 },
2855 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
2856 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002857 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002858 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
2859 # these locations, in the case where the source repository had multiple
2860 # remotes or submodules. This list will not include the context specified in
2861 # the context field.
2862 { # A SourceContext is a reference to a tree of files. A SourceContext together
2863 # with a path point to a unique revision of a single file or directory.
2864 &quot;labels&quot;: { # Labels with user defined metadata.
2865 &quot;a_key&quot;: &quot;A String&quot;,
2866 },
2867 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2868 # repository (e.g., GitHub).
2869 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
2870 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
2871 },
2872 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2873 # Source Repo.
2874 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2875 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2876 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2877 },
2878 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
2879 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
2880 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2881 # winged-cargo-31) and a repo name within that project.
2882 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
2883 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
2884 },
2885 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
2886 },
2887 },
2888 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2889 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
2890 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
2891 # the hostURI/project.
2892 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
2893 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
2894 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
2895 &quot;name&quot;: &quot;A String&quot;, # The alias name.
2896 },
2897 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
2898 },
2899 },
2900 ],
2901 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
2902 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -07002903 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002904 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002905 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07002906 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
2907 # Requirements]
2908 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002909 },
2910 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
2911 # Repository.
2912 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
2913 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
2914 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
2915 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
2916 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -07002917 },
2918 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
2919 # source integrity was maintained in the build.
2920 #
2921 # The keys to this map are file paths used as build source and the values
2922 # contain the hash values for those files.
2923 #
2924 # If the build source came in a single package such as a gzipped tarfile
2925 # (.tar.gz), the FileHash will be for the single path to that file.
2926 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
2927 # messages to verify integrity of source input to the build.
2928 &quot;fileHash&quot;: [ # Collection of file hashes.
2929 { # Container message for hash values.
2930 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
2931 &quot;value&quot;: &quot;A String&quot;, # The hash value.
2932 },
2933 ],
2934 },
2935 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002936 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
2937 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -07002938 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002939 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002940 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07002941 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
2942 # Requirements]
2943 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -07002944 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002945 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002946 &quot;builtArtifacts&quot;: [ # Output of the build.
2947 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -07002948 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
2949 # the case of a container build, the name used to push the container image to
2950 # Google Container Registry, as presented to `docker push`.
2951 #
2952 # This field is deprecated in favor of the plural `names` field; it continues
2953 # to exist here to allow existing BuildProvenance serialized to json in
2954 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
2955 # deserialize back into proto.
2956 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
2957 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002958 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
2959 # the case of a container build, the name used to push the container image to
2960 # Google Container Registry, as presented to `docker push`. Note that a
2961 # single Artifact ID can have multiple names, for example if two tags are
2962 # applied to one image.
2963 &quot;A String&quot;,
2964 ],
2965 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
2966 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -07002967 },
2968 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002969 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
2970 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
2971 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
2972 # build providers can enter any desired additional details.
2973 &quot;a_key&quot;: &quot;A String&quot;,
2974 },
2975 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
2976 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
2977 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
2978 # user&#x27;s e-mail address at the time the build was initiated; this address may
2979 # not represent the same end-user for all time.
2980 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
2981 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
2982 &quot;commands&quot;: [ # Commands requested by the build.
2983 { # Command describes a step performed as part of the build pipeline.
2984 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
2985 # this Command.
2986 &quot;env&quot;: [ # Environment variables set before running this Command.
2987 &quot;A String&quot;,
2988 ],
2989 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
2990 &quot;A String&quot;,
2991 ],
2992 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
2993 # this Command as a dependency.
2994 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
2995 # packaged as a Docker container, as presented to `docker pull`.
2996 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
2997 &quot;A String&quot;,
2998 ],
2999 },
3000 ],
3001 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
3002 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003003 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003004 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
3005 # `BuildSignature` in the corresponding Result. After verifying the
3006 # signature, `provenance_bytes` can be unmarshalled and compared to the
3007 # provenance to confirm that it is unchanged. A base64-encoded string
3008 # representation of the provenance bytes is used for the signature in order
3009 # to interoperate with openssl which expects this format for signature
3010 # verification.
3011 #
3012 # The serialized form is captured both to avoid ambiguity in how the
3013 # provenance is marshalled to json as well to prevent incompatibilities with
3014 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003015 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003016 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
3017 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
3018 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
3019 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
3020 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
3021 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
3022 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
3023 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
3024 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
3025 # deployable field with the same name.
3026 &quot;A String&quot;,
3027 ],
3028 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
3029 },
3030 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
3031 # specific upgrade. This presence is supplied via local sources (i.e. it is
3032 # present in the mirror and the running system has noticed its availability).
3033 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
3034 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
3035 # for the resource_url. This allows efficient filtering, as well as
3036 # making it easier to use the occurrence.
3037 # operating system (CPE). Some distributions have additional metadata around
3038 # updates, classifying them into various categories and severities.
3039 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
3040 # upstream operating system upgrade feed.
3041 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
3042 # https://cpe.mitre.org/specification/.
3043 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
3044 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
3045 &quot;A String&quot;,
3046 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07003047 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003048 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
3049 # For a discussion of this in Debian/Ubuntu:
3050 # http://serverfault.com/questions/604541/debian-packages-version-convention
3051 # For a discussion of this in Redhat/Fedora/Centos:
3052 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3053 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
3054 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
3055 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3056 # If kind is not NORMAL, then the other fields are ignored.
3057 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
3058 },
3059 },
3060 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
3061 # in the associated note.
3062 # DockerImage relationship. This image would be produced from a Dockerfile
3063 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
3064 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
3065 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
3066 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
3067 # Only the name of the final blob is kept.
3068 # This field can be used as a filter in list requests.
3069 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
3070 &quot;A String&quot;,
3071 ],
3072 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
3073 # representation.
3074 # This field can be used as a filter in list requests.
3075 },
3076 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
3077 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
3078 # following the base image and [1] being the final layer.
3079 { # Layer holds metadata specific to a layer of a Docker image.
3080 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
3081 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
3082 },
3083 ],
3084 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
3085 # occurrence.
3086 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
3087 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -07003088 },
3089 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
3090 # applies. For example, https://gcr.io/project/image@sha256:foo This field
3091 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003092 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -07003093 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
3094 # a system.
3095 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
3096 # have been found.
3097 { # An occurrence of a particular package installation found within a
3098 # system&#x27;s filesystem.
3099 # e.g. glibc was found in /var/lib/dpkg/status
3100 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
3101 # denoting the package manager version distributing a package.
3102 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
3103 # For a discussion of this in Debian/Ubuntu:
3104 # http://serverfault.com/questions/604541/debian-packages-version-convention
3105 # For a discussion of this in Redhat/Fedora/Centos:
3106 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3107 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003108 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07003109 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3110 # If kind is not NORMAL, then the other fields are ignored.
3111 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -07003112 },
3113 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003114 },
3115 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003116 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -07003117 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003118 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
3119 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
3120 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07003121 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003122 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
3123 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
3124 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
3125 # details to show to the user. The LocalizedMessage output only and
3126 # populated by the API.
3127 # different programming environments, including REST APIs and RPC APIs. It is
3128 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3129 # three pieces of data: error code, error message, and error details.
3130 #
3131 # You can find out more about this error model and how to work with it in the
3132 # [API Design Guide](https://cloud.google.com/apis/design/errors).
3133 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
3134 # user-facing error message should be localized and sent in the
3135 # google.rpc.Status.details field, or localized by the client.
3136 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
3137 # message types for APIs to use.
3138 {
3139 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3140 },
3141 ],
3142 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
3143 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003144 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
3145 # This field is deprecated, do not use.
3146 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -07003147 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
3148 # method returns no data on success, such as `Delete`, the response is
3149 # `google.protobuf.Empty`. If the original method is standard
3150 # `Get`/`Create`/`Update`, the response should be the resource. For other
3151 # methods, the response should have the type `XxxResponse`, where `Xxx`
3152 # is the original method name. For example, if the original method name
3153 # is `TakeSnapshot()`, the inferred response type is
3154 # `TakeSnapshotResponse`.
3155 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3156 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003157 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
3158 # originally returns it. If you use the default HTTP mapping, the
3159 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003160 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
3161 # contains progress information and common metadata such as create time.
3162 # Some services might not provide such metadata. Any method that returns a
3163 # long-running operation should document the metadata type, if any.
3164 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3165 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003166 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
3167 # different programming environments, including REST APIs and RPC APIs. It is
3168 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3169 # three pieces of data: error code, error message, and error details.
3170 #
3171 # You can find out more about this error model and how to work with it in the
3172 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003173 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
3174 # user-facing error message should be localized and sent in the
3175 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003176 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
3177 # message types for APIs to use.
3178 {
3179 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3180 },
3181 ],
3182 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003183 },
3184 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
3185 # If `true`, the operation is completed, and either `error` or `response` is
3186 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -07003187 },
3188 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -07003189 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003190 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003191 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003192}
3193
3194 updateMask: string, The fields to update.
3195 x__xgafv: string, V1 error format.
3196 Allowed values
3197 1 - v1 error format
3198 2 - v2 error format
3199
3200Returns:
3201 An object of the form:
3202
3203 { # `Occurrence` includes information about analysis occurrences for an image.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003204 &quot;resource&quot;: { # #
3205 # The resource for which the `Occurrence` applies.
3206 # Resource is an entity that can have metadata. E.g., a Docker image.
3207 &quot;uri&quot;: &quot;A String&quot;, # The unique URI of the resource. E.g.,
3208 # &quot;https://gcr.io/project/image@sha256:foo&quot; for a Docker image.
3209 &quot;name&quot;: &quot;A String&quot;, # The name of the resource. E.g., the name of a Docker image - &quot;Debian&quot;.
3210 &quot;contentHash&quot;: { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
3211 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
3212 &quot;value&quot;: &quot;A String&quot;, # The hash value.
3213 },
3214 },
3215 &quot;vulnerabilityDetails&quot;: { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
3216 # to fix it.
3217 &quot;packageIssue&quot;: [ # The set of affected locations and their fixes (if available) within
3218 # the associated resource.
3219 { # This message wraps a location affected by a vulnerability and its
3220 # associated fix (if one is available).
3221 &quot;affectedLocation&quot;: { # The location of the vulnerability # The location of the vulnerability.
3222 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
3223 # filter in list requests.
3224 # For a discussion of this in Debian/Ubuntu:
3225 # http://serverfault.com/questions/604541/debian-packages-version-convention
3226 # For a discussion of this in Redhat/Fedora/Centos:
3227 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3228 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
3229 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
3230 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3231 # If kind is not NORMAL, then the other fields are ignored.
3232 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
3233 },
3234 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
3235 # format. Examples include distro or storage location for vulnerable jar.
3236 # This field can be used as a filter in list requests.
3237 &quot;package&quot;: &quot;A String&quot;, # The package being described.
3238 },
3239 &quot;fixedLocation&quot;: { # The location of the vulnerability # The location of the available fix for vulnerability.
3240 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
3241 # filter in list requests.
3242 # For a discussion of this in Debian/Ubuntu:
3243 # http://serverfault.com/questions/604541/debian-packages-version-convention
3244 # For a discussion of this in Redhat/Fedora/Centos:
3245 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3246 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
3247 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
3248 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3249 # If kind is not NORMAL, then the other fields are ignored.
3250 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
3251 },
3252 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
3253 # format. Examples include distro or storage location for vulnerable jar.
3254 # This field can be used as a filter in list requests.
3255 &quot;package&quot;: &quot;A String&quot;, # The package being described.
3256 },
3257 &quot;severityName&quot;: &quot;A String&quot;,
3258 },
3259 ],
3260 &quot;effectiveSeverity&quot;: &quot;A String&quot;, # The distro assigned severity for this vulnerability when that is
3261 # available and note provider assigned severity when distro has not yet
3262 # assigned a severity for this vulnerability.
3263 &quot;type&quot;: &quot;A String&quot;, # The type of package; whether native or non native(ruby gems,
3264 # node.js packages etc)
3265 &quot;severity&quot;: &quot;A String&quot;, # Output only. The note provider assigned Severity of the vulnerability.
3266 &quot;cvssScore&quot;: 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
3267 # scale of 0-10 where 0 indicates low severity and 10 indicates high
3268 # severity.
3269 },
3270 &quot;attestation&quot;: { # Occurrence that represents a single &quot;attestation&quot;. The authenticity of an # Describes an attestation of an artifact.
3271 # Attestation can be verified using the attached signature. If the verifier
3272 # trusts the public key of the signer, then verifying the signature is
3273 # sufficient to establish trust. In this circumstance, the
3274 # AttestationAuthority to which this Attestation is attached is primarily
3275 # useful for look-up (how to find this Attestation if you already know the
3276 # Authority and artifact to be verified) and intent (which authority was this
3277 # attestation intended to sign for).
3278 &quot;pgpSignedAttestation&quot;: { # An attestation wrapper with a PGP-compatible signature.
3279 # This message only supports `ATTACHED` signatures, where the payload that is
3280 # signed is included alongside the signature itself in the same file.
3281 &quot;pgpKeyId&quot;: &quot;A String&quot;, # The cryptographic fingerprint of the key used to generate the signature,
3282 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
3283 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
3284 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
3285 # Implementations may choose to acknowledge &quot;LONG&quot;, &quot;SHORT&quot;, or other
3286 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
3287 # In gpg, the full fingerprint can be retrieved from the `fpr` field
3288 # returned when calling --list-keys with --with-colons. For example:
3289 # ```
3290 # gpg --with-colons --with-fingerprint --force-v4-certs \
3291 # --list-keys attester@example.com
3292 # tru::1:1513631572:0:3:1:5
3293 # pub:...&lt;SNIP&gt;...
3294 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
3295 # ```
3296 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
3297 &quot;signature&quot;: &quot;A String&quot;, # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
3298 # equivalent. Since this message only supports attached signatures, the
3299 # payload that was signed must be attached. While the signature format
3300 # supported is dependent on the verification implementation, currently only
3301 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
3302 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
3303 # --output=signature.gpg payload.json` will create the signature content
3304 # expected in this field in `signature.gpg` for the `payload.json`
3305 # attestation payload.
3306 &quot;contentType&quot;: &quot;A String&quot;, # Type (for example schema) of the attestation payload that was signed.
3307 # The verifier must ensure that the provided type is one that the verifier
3308 # supports, and that the attestation payload is a valid instantiation of that
3309 # type (for example by validating a JSON schema).
3310 },
3311 },
3312 &quot;kind&quot;: &quot;A String&quot;, # Output only. This explicitly denotes which of the `Occurrence` details are
3313 # specified. This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07003314 &quot;buildDetails&quot;: { # Message encapsulating build provenance details. # Build details for a verifiable build.
Bu Sun Kim65020912020-05-20 12:08:20 -07003315 &quot;provenance&quot;: { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
3316 # details about the build from source to completion.
Bu Sun Kim65020912020-05-20 12:08:20 -07003317 &quot;sourceProvenance&quot;: { # Source describes the location of the source used for the build. # Details of the Source input to the build.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003318 &quot;context&quot;: { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
3319 # with a path point to a unique revision of a single file or directory.
3320 &quot;labels&quot;: { # Labels with user defined metadata.
3321 &quot;a_key&quot;: &quot;A String&quot;,
3322 },
3323 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
3324 # repository (e.g., GitHub).
3325 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
3326 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
3327 },
3328 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
3329 # Source Repo.
3330 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
3331 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
3332 &quot;name&quot;: &quot;A String&quot;, # The alias name.
3333 },
3334 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
3335 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
3336 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
3337 # winged-cargo-31) and a repo name within that project.
3338 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
3339 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
3340 },
3341 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
3342 },
3343 },
3344 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
3345 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
3346 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
3347 # the hostURI/project.
3348 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
3349 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
3350 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
3351 &quot;name&quot;: &quot;A String&quot;, # The alias name.
3352 },
3353 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
3354 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003355 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003356 &quot;additionalContexts&quot;: [ # If provided, some of the source code used for the build may be found in
3357 # these locations, in the case where the source repository had multiple
3358 # remotes or submodules. This list will not include the context specified in
3359 # the context field.
3360 { # A SourceContext is a reference to a tree of files. A SourceContext together
3361 # with a path point to a unique revision of a single file or directory.
3362 &quot;labels&quot;: { # Labels with user defined metadata.
3363 &quot;a_key&quot;: &quot;A String&quot;,
3364 },
3365 &quot;git&quot;: { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
3366 # repository (e.g., GitHub).
3367 &quot;url&quot;: &quot;A String&quot;, # Git repository URL.
3368 &quot;revisionId&quot;: &quot;A String&quot;, # Required. Git commit hash.
3369 },
3370 &quot;cloudRepo&quot;: { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
3371 # Source Repo.
3372 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
3373 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
3374 &quot;name&quot;: &quot;A String&quot;, # The alias name.
3375 },
3376 &quot;revisionId&quot;: &quot;A String&quot;, # A revision ID.
3377 &quot;repoId&quot;: { # A unique identifier for a Cloud Repo. # The ID of the repo.
3378 &quot;projectRepoId&quot;: { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
3379 # winged-cargo-31) and a repo name within that project.
3380 &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project.
3381 &quot;repoName&quot;: &quot;A String&quot;, # The name of the repo. Leave empty for the default repo.
3382 },
3383 &quot;uid&quot;: &quot;A String&quot;, # A server-assigned, globally unique identifier.
3384 },
3385 },
3386 &quot;gerrit&quot;: { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
3387 &quot;gerritProject&quot;: &quot;A String&quot;, # The full project name within the host. Projects may be nested, so
3388 # &quot;project/subproject&quot; is a valid project name. The &quot;repo name&quot; is
3389 # the hostURI/project.
3390 &quot;hostUri&quot;: &quot;A String&quot;, # The URI of a running Gerrit instance.
3391 &quot;aliasContext&quot;: { # An alias to a repo revision. # An alias, which may be a branch or tag.
3392 &quot;kind&quot;: &quot;A String&quot;, # The alias kind.
3393 &quot;name&quot;: &quot;A String&quot;, # The alias name.
3394 },
3395 &quot;revisionId&quot;: &quot;A String&quot;, # A revision (commit) ID.
3396 },
3397 },
3398 ],
3399 &quot;artifactStorageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
3400 # location.
Bu Sun Kim65020912020-05-20 12:08:20 -07003401 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003402 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003403 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07003404 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
3405 # Requirements]
3406 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003407 },
3408 &quot;repoSource&quot;: { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
3409 # Repository.
3410 &quot;tagName&quot;: &quot;A String&quot;, # Name of the tag to build.
3411 &quot;branchName&quot;: &quot;A String&quot;, # Name of the branch to build.
3412 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project that owns the repo.
3413 &quot;repoName&quot;: &quot;A String&quot;, # Name of the repo.
3414 &quot;commitSha&quot;: &quot;A String&quot;, # Explicit commit SHA to build.
Bu Sun Kim65020912020-05-20 12:08:20 -07003415 },
3416 &quot;fileHashes&quot;: { # Hash(es) of the build source, which can be used to verify that the original
3417 # source integrity was maintained in the build.
3418 #
3419 # The keys to this map are file paths used as build source and the values
3420 # contain the hash values for those files.
3421 #
3422 # If the build source came in a single package such as a gzipped tarfile
3423 # (.tar.gz), the FileHash will be for the single path to that file.
3424 &quot;a_key&quot;: { # Container message for hashes of byte content of files, used in Source
3425 # messages to verify integrity of source input to the build.
3426 &quot;fileHash&quot;: [ # Collection of file hashes.
3427 { # Container message for hash values.
3428 &quot;type&quot;: &quot;A String&quot;, # The type of hash that was performed.
3429 &quot;value&quot;: &quot;A String&quot;, # The hash value.
3430 },
3431 ],
3432 },
3433 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003434 &quot;storageSource&quot;: { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
3435 # Storage.
Bu Sun Kim65020912020-05-20 12:08:20 -07003436 # Google Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003437 &quot;generation&quot;: &quot;A String&quot;, # Google Cloud Storage generation for the object.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003438 &quot;object&quot;: &quot;A String&quot;, # Google Cloud Storage object containing source.
Bu Sun Kim65020912020-05-20 12:08:20 -07003439 &quot;bucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket containing source (see [Bucket Name
3440 # Requirements]
3441 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
Bu Sun Kim65020912020-05-20 12:08:20 -07003442 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003443 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003444 &quot;builtArtifacts&quot;: [ # Output of the build.
3445 { # Artifact describes a build product.
Bu Sun Kim65020912020-05-20 12:08:20 -07003446 &quot;name&quot;: &quot;A String&quot;, # Name of the artifact. This may be the path to a binary or jar file, or in
3447 # the case of a container build, the name used to push the container image to
3448 # Google Container Registry, as presented to `docker push`.
3449 #
3450 # This field is deprecated in favor of the plural `names` field; it continues
3451 # to exist here to allow existing BuildProvenance serialized to json in
3452 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
3453 # deserialize back into proto.
3454 &quot;checksum&quot;: &quot;A String&quot;, # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
3455 # container.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003456 &quot;names&quot;: [ # Related artifact names. This may be the path to a binary or jar file, or in
3457 # the case of a container build, the name used to push the container image to
3458 # Google Container Registry, as presented to `docker push`. Note that a
3459 # single Artifact ID can have multiple names, for example if two tags are
3460 # applied to one image.
3461 &quot;A String&quot;,
3462 ],
3463 &quot;id&quot;: &quot;A String&quot;, # Artifact ID, if any; for container images, this will be a URL by digest
3464 # like gcr.io/projectID/imagename@sha256:123456
Bu Sun Kim65020912020-05-20 12:08:20 -07003465 },
3466 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003467 &quot;id&quot;: &quot;A String&quot;, # Unique identifier of the build.
3468 &quot;createTime&quot;: &quot;A String&quot;, # Time at which the build was created.
3469 &quot;buildOptions&quot;: { # Special options applied to this build. This is a catch-all field where
3470 # build providers can enter any desired additional details.
3471 &quot;a_key&quot;: &quot;A String&quot;,
3472 },
3473 &quot;logsBucket&quot;: &quot;A String&quot;, # Google Cloud Storage bucket where logs were written.
3474 &quot;finishTime&quot;: &quot;A String&quot;, # Time at which execution of the build was finished.
3475 &quot;creator&quot;: &quot;A String&quot;, # E-mail address of the user who initiated this build. Note that this was the
3476 # user&#x27;s e-mail address at the time the build was initiated; this address may
3477 # not represent the same end-user for all time.
3478 &quot;projectId&quot;: &quot;A String&quot;, # ID of the project.
3479 &quot;startTime&quot;: &quot;A String&quot;, # Time at which execution of the build was started.
3480 &quot;commands&quot;: [ # Commands requested by the build.
3481 { # Command describes a step performed as part of the build pipeline.
3482 &quot;dir&quot;: &quot;A String&quot;, # Working directory (relative to project source root) used when running
3483 # this Command.
3484 &quot;env&quot;: [ # Environment variables set before running this Command.
3485 &quot;A String&quot;,
3486 ],
3487 &quot;args&quot;: [ # Command-line arguments used when executing this Command.
3488 &quot;A String&quot;,
3489 ],
3490 &quot;id&quot;: &quot;A String&quot;, # Optional unique identifier for this Command, used in wait_for to reference
3491 # this Command as a dependency.
3492 &quot;name&quot;: &quot;A String&quot;, # Name of the command, as presented on the command line, or if the command is
3493 # packaged as a Docker container, as presented to `docker pull`.
3494 &quot;waitFor&quot;: [ # The ID(s) of the Command(s) that this Command depends on.
3495 &quot;A String&quot;,
3496 ],
3497 },
3498 ],
3499 &quot;triggerId&quot;: &quot;A String&quot;, # Trigger identifier if the build was triggered automatically; empty if not.
3500 &quot;builderVersion&quot;: &quot;A String&quot;, # Version string of the builder at the time this build was executed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003501 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003502 &quot;provenanceBytes&quot;: &quot;A String&quot;, # Serialized JSON representation of the provenance, used in generating the
3503 # `BuildSignature` in the corresponding Result. After verifying the
3504 # signature, `provenance_bytes` can be unmarshalled and compared to the
3505 # provenance to confirm that it is unchanged. A base64-encoded string
3506 # representation of the provenance bytes is used for the signature in order
3507 # to interoperate with openssl which expects this format for signature
3508 # verification.
3509 #
3510 # The serialized form is captured both to avoid ambiguity in how the
3511 # provenance is marshalled to json as well to prevent incompatibilities with
3512 # future changes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003513 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003514 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the `Occurrence` in the form
3515 # &quot;projects/{project_id}/occurrences/{OCCURRENCE_ID}&quot;
3516 &quot;deployment&quot;: { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
3517 &quot;undeployTime&quot;: &quot;A String&quot;, # End of the lifetime of this deployment.
3518 &quot;address&quot;: &quot;A String&quot;, # Address of the runtime element hosting this deployment.
3519 &quot;platform&quot;: &quot;A String&quot;, # Platform hosting this deployment.
3520 &quot;config&quot;: &quot;A String&quot;, # Configuration used to create this deployment.
3521 &quot;deployTime&quot;: &quot;A String&quot;, # Beginning of the lifetime of this deployment.
3522 &quot;resourceUri&quot;: [ # Output only. Resource URI for the artifact being deployed taken from the
3523 # deployable field with the same name.
3524 &quot;A String&quot;,
3525 ],
3526 &quot;userEmail&quot;: &quot;A String&quot;, # Identity of the user that triggered this deployment.
3527 },
3528 &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.
3529 # specific upgrade. This presence is supplied via local sources (i.e. it is
3530 # present in the mirror and the running system has noticed its availability).
3531 &quot;package&quot;: &quot;A String&quot;, # Required - The package this Upgrade is for.
3532 &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system
3533 # for the resource_url. This allows efficient filtering, as well as
3534 # making it easier to use the occurrence.
3535 # operating system (CPE). Some distributions have additional metadata around
3536 # updates, classifying them into various categories and severities.
3537 &quot;classification&quot;: &quot;A String&quot;, # The operating system classification of this Upgrade, as specified by the
3538 # upstream operating system upgrade feed.
3539 &quot;cpeUri&quot;: &quot;A String&quot;, # Required - The specific operating system this metadata applies to. See
3540 # https://cpe.mitre.org/specification/.
3541 &quot;severity&quot;: &quot;A String&quot;, # The severity as specified by the upstream operating system.
3542 &quot;cve&quot;: [ # The cve that would be resolved by this upgrade.
3543 &quot;A String&quot;,
3544 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07003545 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003546 &quot;parsedVersion&quot;: { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.
3547 # For a discussion of this in Debian/Ubuntu:
3548 # http://serverfault.com/questions/604541/debian-packages-version-convention
3549 # For a discussion of this in Redhat/Fedora/Centos:
3550 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3551 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
3552 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
3553 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3554 # If kind is not NORMAL, then the other fields are ignored.
3555 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
3556 },
3557 },
3558 &quot;derivedImage&quot;: { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
3559 # in the associated note.
3560 # DockerImage relationship. This image would be produced from a Dockerfile
3561 # with FROM &lt;DockerImage.Basis in attached Note&gt;.
3562 &quot;fingerprint&quot;: { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
3563 &quot;v2Name&quot;: &quot;A String&quot;, # Output only. The name of the image&#x27;s v2 blobs computed via:
3564 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + &quot; &quot; + v2_name[N+1])
3565 # Only the name of the final blob is kept.
3566 # This field can be used as a filter in list requests.
3567 &quot;v2Blob&quot;: [ # The ordered list of v2 blobs that represent a given image.
3568 &quot;A String&quot;,
3569 ],
3570 &quot;v1Name&quot;: &quot;A String&quot;, # The layer-id of the final layer in the Docker image&#x27;s v1
3571 # representation.
3572 # This field can be used as a filter in list requests.
3573 },
3574 &quot;layerInfo&quot;: [ # This contains layer-specific metadata, if populated it has length
3575 # &quot;distance&quot; and is ordered with [distance] being the layer immediately
3576 # following the base image and [1] being the final layer.
3577 { # Layer holds metadata specific to a layer of a Docker image.
3578 &quot;arguments&quot;: &quot;A String&quot;, # The recovered arguments to the Dockerfile directive.
3579 &quot;directive&quot;: &quot;A String&quot;, # The recovered Dockerfile directive used to construct this layer.
3580 },
3581 ],
3582 &quot;baseResourceUrl&quot;: &quot;A String&quot;, # Output only. This contains the base image URL for the derived image
3583 # occurrence.
3584 &quot;distance&quot;: 42, # Output only. The number of layers by which this image differs from the
3585 # associated image basis.
Bu Sun Kim65020912020-05-20 12:08:20 -07003586 },
3587 &quot;resourceUrl&quot;: &quot;A String&quot;, # The unique URL of the image or the container for which the `Occurrence`
3588 # applies. For example, https://gcr.io/project/image@sha256:foo This field
3589 # can be used as a filter in list requests.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003590 &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the `Note`
Bu Sun Kim65020912020-05-20 12:08:20 -07003591 &quot;installation&quot;: { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
3592 # a system.
3593 &quot;location&quot;: [ # All of the places within the filesystem versions of this package
3594 # have been found.
3595 { # An occurrence of a particular package installation found within a
3596 # system&#x27;s filesystem.
3597 # e.g. glibc was found in /var/lib/dpkg/status
3598 &quot;cpeUri&quot;: &quot;A String&quot;, # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
3599 # denoting the package manager version distributing a package.
3600 &quot;version&quot;: { # Version contains structured information about the version of the package. # The version installed at this location.
3601 # For a discussion of this in Debian/Ubuntu:
3602 # http://serverfault.com/questions/604541/debian-packages-version-convention
3603 # For a discussion of this in Redhat/Fedora/Centos:
3604 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3605 &quot;name&quot;: &quot;A String&quot;, # The main part of the version name.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003606 &quot;revision&quot;: &quot;A String&quot;, # The iteration of the package build from the above version.
Bu Sun Kim65020912020-05-20 12:08:20 -07003607 &quot;kind&quot;: &quot;A String&quot;, # Distinguish between sentinel MIN/MAX versions and normal versions.
3608 # If kind is not NORMAL, then the other fields are ignored.
3609 &quot;epoch&quot;: 42, # Used to correct mistakes in the version numbering scheme.
Bu Sun Kim65020912020-05-20 12:08:20 -07003610 },
3611 &quot;path&quot;: &quot;A String&quot;, # The path from which we gathered that this package/version is installed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003612 },
3613 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003614 &quot;name&quot;: &quot;A String&quot;, # Output only. The name of the installed package.
Bu Sun Kim65020912020-05-20 12:08:20 -07003615 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003616 &quot;noteName&quot;: &quot;A String&quot;, # An analysis note associated with this image, in the form
3617 # &quot;providers/{provider_id}/notes/{NOTE_ID}&quot;
3618 # This field can be used as a filter in list requests.
Bu Sun Kim65020912020-05-20 12:08:20 -07003619 &quot;discovered&quot;: { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003620 &quot;continuousAnalysis&quot;: &quot;A String&quot;, # Whether the resource is continuously analyzed.
3621 &quot;cpe&quot;: &quot;A String&quot;, # The CPE of the resource being scanned.
3622 &quot;analysisStatusError&quot;: { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
3623 # details to show to the user. The LocalizedMessage output only and
3624 # populated by the API.
3625 # different programming environments, including REST APIs and RPC APIs. It is
3626 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3627 # three pieces of data: error code, error message, and error details.
3628 #
3629 # You can find out more about this error model and how to work with it in the
3630 # [API Design Guide](https://cloud.google.com/apis/design/errors).
3631 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
3632 # user-facing error message should be localized and sent in the
3633 # google.rpc.Status.details field, or localized by the client.
3634 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
3635 # message types for APIs to use.
3636 {
3637 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3638 },
3639 ],
3640 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
3641 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003642 &quot;operation&quot;: { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
3643 # This field is deprecated, do not use.
3644 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -07003645 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
3646 # method returns no data on success, such as `Delete`, the response is
3647 # `google.protobuf.Empty`. If the original method is standard
3648 # `Get`/`Create`/`Update`, the response should be the resource. For other
3649 # methods, the response should have the type `XxxResponse`, where `Xxx`
3650 # is the original method name. For example, if the original method name
3651 # is `TakeSnapshot()`, the inferred response type is
3652 # `TakeSnapshotResponse`.
3653 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3654 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003655 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
3656 # originally returns it. If you use the default HTTP mapping, the
3657 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003658 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
3659 # contains progress information and common metadata such as create time.
3660 # Some services might not provide such metadata. Any method that returns a
3661 # long-running operation should document the metadata type, if any.
3662 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3663 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003664 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
3665 # different programming environments, including REST APIs and RPC APIs. It is
3666 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3667 # three pieces of data: error code, error message, and error details.
3668 #
3669 # You can find out more about this error model and how to work with it in the
3670 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003671 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
3672 # user-facing error message should be localized and sent in the
3673 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003674 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
3675 # message types for APIs to use.
3676 {
3677 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
3678 },
3679 ],
3680 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003681 },
3682 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
3683 # If `true`, the operation is completed, and either `error` or `response` is
3684 # available.
Bu Sun Kim65020912020-05-20 12:08:20 -07003685 },
3686 &quot;analysisStatus&quot;: &quot;A String&quot;, # The status of discovery for the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -07003687 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003688 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was created.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003689 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this `Occurrence` was last updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003690 }</pre>
3691</div>
3692
3693<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07003694 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003695 <pre>Sets the access control policy on the specified `Note` or `Occurrence`.
3696Requires `containeranalysis.notes.setIamPolicy` or
3697`containeranalysis.occurrences.setIamPolicy` permission if the resource is
3698a `Note` or an `Occurrence`, respectively.
3699Attempting to call this method without these permissions will result in a `
3700`PERMISSION_DENIED` error.
3701Attempting to call this method on a non-existent resource will result in a
3702`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission
3703on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or
3704a `PERMISSION_DENIED` error otherwise. The resource takes the following
3705formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences
3706and projects/{projectid}/notes/{noteid} for notes
3707
3708Args:
3709 resource: string, REQUIRED: The resource for which the policy is being specified.
3710See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07003711 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003712 The object takes the form of:
3713
3714{ # Request message for `SetIamPolicy` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07003715 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003716 # the policy is limited to a few 10s of KB. An empty policy is a
3717 # valid policy but certain Cloud Platform services (such as Projects)
3718 # might reject them.
Dan O'Mearadd494642020-05-01 07:42:23 -07003719 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003720 #
3721 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003722 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
3723 # `members` to a single `role`. Members can be user accounts, service accounts,
3724 # Google groups, and domains (such as G Suite). A `role` is a named list of
3725 # permissions; each `role` can be an IAM predefined role or a user-created
3726 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003727 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003728 # For some types of Google Cloud resources, a `binding` can also specify a
3729 # `condition`, which is a logical expression that allows access to a resource
3730 # only if the expression evaluates to `true`. A condition can add constraints
3731 # based on attributes of the request, the resource, or both. To learn which
3732 # resources support conditions in their IAM policies, see the
3733 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07003734 #
3735 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003736 #
3737 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003738 # &quot;bindings&quot;: [
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003739 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003740 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
3741 # &quot;members&quot;: [
3742 # &quot;user:mike@example.com&quot;,
3743 # &quot;group:admins@example.com&quot;,
3744 # &quot;domain:google.com&quot;,
3745 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003746 # ]
3747 # },
3748 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003749 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
3750 # &quot;members&quot;: [
3751 # &quot;user:eve@example.com&quot;
3752 # ],
3753 # &quot;condition&quot;: {
3754 # &quot;title&quot;: &quot;expirable access&quot;,
3755 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
3756 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07003757 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003758 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07003759 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07003760 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
3761 # &quot;version&quot;: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003762 # }
3763 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003764 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003765 #
3766 # bindings:
3767 # - members:
3768 # - user:mike@example.com
3769 # - group:admins@example.com
3770 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07003771 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
3772 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003773 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07003774 # - user:eve@example.com
3775 # role: roles/resourcemanager.organizationViewer
3776 # condition:
3777 # title: expirable access
3778 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07003779 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07003780 # - etag: BwWWja0YfJA=
3781 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003782 #
3783 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07003784 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07003785 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07003786 # `condition` that determines how and when the `bindings` are applied. Each
3787 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003788 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003789 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
3790 #
3791 # If the condition evaluates to `true`, then this binding applies to the
3792 # current request.
3793 #
3794 # If the condition evaluates to `false`, then this binding does not apply to
3795 # the current request. However, a different role binding might grant the same
3796 # role to one or more of the members in this binding.
3797 #
3798 # To learn which resources support conditions in their IAM policies, see the
3799 # [IAM
3800 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
3801 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
3802 # are documented at https://github.com/google/cel-spec.
3803 #
3804 # Example (Comparison):
3805 #
3806 # title: &quot;Summary size limit&quot;
3807 # description: &quot;Determines if a summary is less than 100 chars&quot;
3808 # expression: &quot;document.summary.size() &lt; 100&quot;
3809 #
3810 # Example (Equality):
3811 #
3812 # title: &quot;Requestor is owner&quot;
3813 # description: &quot;Determines if requestor is the document owner&quot;
3814 # expression: &quot;document.owner == request.auth.claims.email&quot;
3815 #
3816 # Example (Logic):
3817 #
3818 # title: &quot;Public documents&quot;
3819 # description: &quot;Determine whether the document should be publicly visible&quot;
3820 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
3821 #
3822 # Example (Data Manipulation):
3823 #
3824 # title: &quot;Notification string&quot;
3825 # description: &quot;Create a notification string with a timestamp.&quot;
3826 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
3827 #
3828 # The exact variables and functions that may be referenced within an expression
3829 # are determined by the service that evaluates it. See the service
3830 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -07003831 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
3832 # its purpose. This can be used e.g. in UIs which allow to enter the
3833 # expression.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003834 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
3835 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -07003836 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
3837 # reporting, e.g. a file name and a position in the file.
3838 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
3839 # describes the expression, e.g. when hovered over it in a UI.
3840 },
3841 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003842 # `members` can have the following values:
3843 #
3844 # * `allUsers`: A special identifier that represents anyone who is
3845 # on the internet; with or without a Google account.
3846 #
3847 # * `allAuthenticatedUsers`: A special identifier that represents anyone
3848 # who is authenticated with a Google account or a service account.
3849 #
3850 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07003851 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003852 #
3853 #
3854 # * `serviceAccount:{emailid}`: An email address that represents a service
3855 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
3856 #
3857 # * `group:{emailid}`: An email address that represents a Google group.
3858 # For example, `admins@example.com`.
3859 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003860 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
3861 # identifier) representing a user that has been recently deleted. For
3862 # example, `alice@example.com?uid=123456789012345678901`. If the user is
3863 # recovered, this value reverts to `user:{emailid}` and the recovered user
3864 # retains the role in the binding.
3865 #
3866 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
3867 # unique identifier) representing a service account that has been recently
3868 # deleted. For example,
3869 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
3870 # If the service account is undeleted, this value reverts to
3871 # `serviceAccount:{emailid}` and the undeleted service account retains the
3872 # role in the binding.
3873 #
3874 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
3875 # identifier) representing a Google group that has been recently
3876 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
3877 # the group is recovered, this value reverts to `group:{emailid}` and the
3878 # recovered group retains the role in the binding.
3879 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003880 #
3881 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
3882 # users of that domain. For example, `google.com` or `example.com`.
3883 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003884 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003885 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003886 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
3887 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003888 },
3889 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003890 &quot;version&quot;: 42, # Specifies the format of the policy.
3891 #
3892 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
3893 # are rejected.
3894 #
3895 # Any operation that affects conditional role bindings must specify version
3896 # `3`. This requirement applies to the following operations:
3897 #
3898 # * Getting a policy that includes a conditional role binding
3899 # * Adding a conditional role binding to a policy
3900 # * Changing a conditional role binding in a policy
3901 # * Removing any role binding, with or without a condition, from a policy
3902 # that includes conditions
3903 #
3904 # **Important:** If you use IAM Conditions, you must include the `etag` field
3905 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
3906 # you to overwrite a version `3` policy with a version `1` policy, and all of
3907 # the conditions in the version `3` policy are lost.
3908 #
3909 # If a policy does not include any conditions, operations on that policy may
3910 # specify any valid version or leave the field unset.
3911 #
3912 # To learn which resources support conditions in their IAM policies, see the
3913 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
3914 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
3915 # prevent simultaneous updates of a policy from overwriting each other.
3916 # It is strongly suggested that systems make use of the `etag` in the
3917 # read-modify-write cycle to perform policy updates in order to avoid race
3918 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
3919 # systems are expected to put that etag in the request to `setIamPolicy` to
3920 # ensure that their change will be applied to the same version of the policy.
3921 #
3922 # **Important:** If you use IAM Conditions, you must include the `etag` field
3923 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
3924 # you to overwrite a version `3` policy with a version `1` policy, and all of
3925 # the conditions in the version `3` policy are lost.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003926 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003927 }
3928
3929 x__xgafv: string, V1 error format.
3930 Allowed values
3931 1 - v1 error format
3932 2 - v2 error format
3933
3934Returns:
3935 An object of the form:
3936
Dan O'Mearadd494642020-05-01 07:42:23 -07003937 { # An Identity and Access Management (IAM) policy, which specifies access
3938 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003939 #
3940 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003941 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
3942 # `members` to a single `role`. Members can be user accounts, service accounts,
3943 # Google groups, and domains (such as G Suite). A `role` is a named list of
3944 # permissions; each `role` can be an IAM predefined role or a user-created
3945 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003946 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003947 # For some types of Google Cloud resources, a `binding` can also specify a
3948 # `condition`, which is a logical expression that allows access to a resource
3949 # only if the expression evaluates to `true`. A condition can add constraints
3950 # based on attributes of the request, the resource, or both. To learn which
3951 # resources support conditions in their IAM policies, see the
3952 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07003953 #
3954 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003955 #
3956 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003957 # &quot;bindings&quot;: [
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003958 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003959 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
3960 # &quot;members&quot;: [
3961 # &quot;user:mike@example.com&quot;,
3962 # &quot;group:admins@example.com&quot;,
3963 # &quot;domain:google.com&quot;,
3964 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003965 # ]
3966 # },
3967 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07003968 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
3969 # &quot;members&quot;: [
3970 # &quot;user:eve@example.com&quot;
3971 # ],
3972 # &quot;condition&quot;: {
3973 # &quot;title&quot;: &quot;expirable access&quot;,
3974 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
3975 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07003976 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003977 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07003978 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07003979 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
3980 # &quot;version&quot;: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003981 # }
3982 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003983 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003984 #
3985 # bindings:
3986 # - members:
3987 # - user:mike@example.com
3988 # - group:admins@example.com
3989 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07003990 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
3991 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003992 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07003993 # - user:eve@example.com
3994 # role: roles/resourcemanager.organizationViewer
3995 # condition:
3996 # title: expirable access
3997 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07003998 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07003999 # - etag: BwWWja0YfJA=
4000 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004001 #
4002 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07004003 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07004004 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07004005 # `condition` that determines how and when the `bindings` are applied. Each
4006 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004007 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07004008 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
4009 #
4010 # If the condition evaluates to `true`, then this binding applies to the
4011 # current request.
4012 #
4013 # If the condition evaluates to `false`, then this binding does not apply to
4014 # the current request. However, a different role binding might grant the same
4015 # role to one or more of the members in this binding.
4016 #
4017 # To learn which resources support conditions in their IAM policies, see the
4018 # [IAM
4019 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
4020 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
4021 # are documented at https://github.com/google/cel-spec.
4022 #
4023 # Example (Comparison):
4024 #
4025 # title: &quot;Summary size limit&quot;
4026 # description: &quot;Determines if a summary is less than 100 chars&quot;
4027 # expression: &quot;document.summary.size() &lt; 100&quot;
4028 #
4029 # Example (Equality):
4030 #
4031 # title: &quot;Requestor is owner&quot;
4032 # description: &quot;Determines if requestor is the document owner&quot;
4033 # expression: &quot;document.owner == request.auth.claims.email&quot;
4034 #
4035 # Example (Logic):
4036 #
4037 # title: &quot;Public documents&quot;
4038 # description: &quot;Determine whether the document should be publicly visible&quot;
4039 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
4040 #
4041 # Example (Data Manipulation):
4042 #
4043 # title: &quot;Notification string&quot;
4044 # description: &quot;Create a notification string with a timestamp.&quot;
4045 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
4046 #
4047 # The exact variables and functions that may be referenced within an expression
4048 # are determined by the service that evaluates it. See the service
4049 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -07004050 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
4051 # its purpose. This can be used e.g. in UIs which allow to enter the
4052 # expression.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07004053 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
4054 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -07004055 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
4056 # reporting, e.g. a file name and a position in the file.
4057 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
4058 # describes the expression, e.g. when hovered over it in a UI.
4059 },
4060 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004061 # `members` can have the following values:
4062 #
4063 # * `allUsers`: A special identifier that represents anyone who is
4064 # on the internet; with or without a Google account.
4065 #
4066 # * `allAuthenticatedUsers`: A special identifier that represents anyone
4067 # who is authenticated with a Google account or a service account.
4068 #
4069 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07004070 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004071 #
4072 #
4073 # * `serviceAccount:{emailid}`: An email address that represents a service
4074 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
4075 #
4076 # * `group:{emailid}`: An email address that represents a Google group.
4077 # For example, `admins@example.com`.
4078 #
Dan O'Mearadd494642020-05-01 07:42:23 -07004079 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
4080 # identifier) representing a user that has been recently deleted. For
4081 # example, `alice@example.com?uid=123456789012345678901`. If the user is
4082 # recovered, this value reverts to `user:{emailid}` and the recovered user
4083 # retains the role in the binding.
4084 #
4085 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
4086 # unique identifier) representing a service account that has been recently
4087 # deleted. For example,
4088 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
4089 # If the service account is undeleted, this value reverts to
4090 # `serviceAccount:{emailid}` and the undeleted service account retains the
4091 # role in the binding.
4092 #
4093 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
4094 # identifier) representing a Google group that has been recently
4095 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
4096 # the group is recovered, this value reverts to `group:{emailid}` and the
4097 # recovered group retains the role in the binding.
4098 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004099 #
4100 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
4101 # users of that domain. For example, `google.com` or `example.com`.
4102 #
Bu Sun Kim65020912020-05-20 12:08:20 -07004103 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004104 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07004105 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
4106 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004107 },
4108 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07004109 &quot;version&quot;: 42, # Specifies the format of the policy.
4110 #
4111 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
4112 # are rejected.
4113 #
4114 # Any operation that affects conditional role bindings must specify version
4115 # `3`. This requirement applies to the following operations:
4116 #
4117 # * Getting a policy that includes a conditional role binding
4118 # * Adding a conditional role binding to a policy
4119 # * Changing a conditional role binding in a policy
4120 # * Removing any role binding, with or without a condition, from a policy
4121 # that includes conditions
4122 #
4123 # **Important:** If you use IAM Conditions, you must include the `etag` field
4124 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
4125 # you to overwrite a version `3` policy with a version `1` policy, and all of
4126 # the conditions in the version `3` policy are lost.
4127 #
4128 # If a policy does not include any conditions, operations on that policy may
4129 # specify any valid version or leave the field unset.
4130 #
4131 # To learn which resources support conditions in their IAM policies, see the
4132 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
4133 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
4134 # prevent simultaneous updates of a policy from overwriting each other.
4135 # It is strongly suggested that systems make use of the `etag` in the
4136 # read-modify-write cycle to perform policy updates in order to avoid race
4137 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
4138 # systems are expected to put that etag in the request to `setIamPolicy` to
4139 # ensure that their change will be applied to the same version of the policy.
4140 #
4141 # **Important:** If you use IAM Conditions, you must include the `etag` field
4142 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
4143 # you to overwrite a version `3` policy with a version `1` policy, and all of
4144 # the conditions in the version `3` policy are lost.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004145 }</pre>
4146</div>
4147
4148<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07004149 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004150 <pre>Returns the permissions that a caller has on the specified note or
4151occurrence resource. Requires list permission on the project (for example,
Bu Sun Kim65020912020-05-20 12:08:20 -07004152&quot;storage.objects.list&quot; on the containing bucket for testing permission of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004153an object). Attempting to call this method on a non-existent resource will
4154result in a `NOT_FOUND` error if the user has list permission on the
4155project, or a `PERMISSION_DENIED` error otherwise. The resource takes the
4156following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for
4157`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes`
4158
4159Args:
4160 resource: string, REQUIRED: The resource for which the policy detail is being requested.
4161See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07004162 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004163 The object takes the form of:
4164
4165{ # Request message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07004166 &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
4167 # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004168 # information see
4169 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
Bu Sun Kim65020912020-05-20 12:08:20 -07004170 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004171 ],
4172 }
4173
4174 x__xgafv: string, V1 error format.
4175 Allowed values
4176 1 - v1 error format
4177 2 - v2 error format
4178
4179Returns:
4180 An object of the form:
4181
4182 { # Response message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07004183 &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004184 # allowed.
Bu Sun Kim65020912020-05-20 12:08:20 -07004185 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004186 ],
4187 }</pre>
4188</div>
4189
4190</body></html>