Blame - docs/dyn/containeranalysis_v1alpha1.projects.occurrences.html - platform/external/python/google-api-python-client

2020-05-01 07:42:23 -0700

[diff] [blame]

78

<code><a href="#create">create(parent, body=None, name=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

79

<p class="firstline">Creates a new `Occurrence`. Use this method to create `Occurrences`</p>

80

81

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

82

<p class="firstline">Deletes the given `Occurrence` from the system. Use this when</p>

83

84

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

85

<p class="firstline">Returns the requested `Occurrence`.</p>

86

87

<code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

88

<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p>

89

90

<code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p>

91

<p class="firstline">Gets the `Note` attached to the given `Occurrence`.</p>

92

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

93

<code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

94

<p class="firstline">Gets a summary of the number and severity of occurrences.</p>

95

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

96

<code><a href="#list">list(parent, name=None, filter=None, pageToken=None, kind=None, pageSize=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

97

<p class="firstline">Lists active `Occurrences` for a given project matching the filters.</p>

98

99

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

100

<p class="firstline">Retrieves the next page of results.</p>

101

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

102

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

103

<p class="firstline">Updates an existing occurrence.</p>

104

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

105

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

106

<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p>

107

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

108

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

109

<p class="firstline">Returns the permissions that a caller has on the specified note or</p>

110

<h3>Method Details</h3>

111

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

112

<code class="details" id="create">create(parent, body=None, name=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

113

<pre>Creates a new `Occurrence`. Use this method to create `Occurrences`

114

for a resource.

115

116

Args:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

117

parent: string, This field contains the project Id for example: "projects/{project_id}" (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

118

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

119

The object takes the form of:

120

121

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

122

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

123

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

124

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

125

# in the associated note.

126

# DockerImage relationship. This image would be produced from a Dockerfile

127

# with FROM <DockerImage.Basis in attached Note>.

128

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

129

# occurrence.

130

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

131

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

132

"A String",

133

],

134

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

135

# representation.

136

# This field can be used as a filter in list requests.

137

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

138

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

139

# Only the name of the final blob is kept.

140

# This field can be used as a filter in list requests.

141

},

142

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

143

# "distance" and is ordered with [distance] being the layer immediately

144

# following the base image and [1] being the final layer.

145

{ # Layer holds metadata specific to a layer of a Docker image.

146

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

147

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

148

},

149

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

150

"distance": 42, # Output only. The number of layers by which this image differs from the

151

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

152

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

153

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

154

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

155

# `BuildSignature` in the corresponding Result. After verifying the

156

# signature, `provenance_bytes` can be unmarshalled and compared to the

157

# provenance to confirm that it is unchanged. A base64-encoded string

158

# representation of the provenance bytes is used for the signature in order

159

# to interoperate with openssl which expects this format for signature

160

# verification.

161

#

162

# The serialized form is captured both to avoid ambiguity in how the

163

# provenance is marshalled to json as well to prevent incompatibilities with

164

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

165

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

166

# details about the build from source to completion.

167

"startTime": "A String", # Time at which execution of the build was started.

168

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

169

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

170

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

171

# Repository.

172

"projectId": "A String", # ID of the project that owns the repo.

173

"repoName": "A String", # Name of the repo.

174

"branchName": "A String", # Name of the branch to build.

175

"tagName": "A String", # Name of the tag to build.

176

"commitSha": "A String", # Explicit commit SHA to build.

177

},

178

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

179

# Storage.

180

# Google Cloud Storage.

181

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

182

# Requirements]

183

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

184

"object": "A String", # Google Cloud Storage object containing source.

185

"generation": "A String", # Google Cloud Storage generation for the object.

186

},

187

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

188

# source integrity was maintained in the build.

189

#

190

# The keys to this map are file paths used as build source and the values

191

# contain the hash values for those files.

192

#

193

# If the build source came in a single package such as a gzipped tarfile

194

# (.tar.gz), the FileHash will be for the single path to that file.

195

"a_key": { # Container message for hashes of byte content of files, used in Source

196

# messages to verify integrity of source input to the build.

197

"fileHash": [ # Collection of file hashes.

198

{ # Container message for hash values.

199

"type": "A String", # The type of hash that was performed.

200

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

206

# location.

207

# Google Cloud Storage.

208

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

209

# Requirements]

210

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

211

"object": "A String", # Google Cloud Storage object containing source.

212

"generation": "A String", # Google Cloud Storage generation for the object.

213

},

214

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

215

# these locations, in the case where the source repository had multiple

216

# remotes or submodules. This list will not include the context specified in

217

# the context field.

218

{ # A SourceContext is a reference to a tree of files. A SourceContext together

219

# with a path point to a unique revision of a single file or directory.

220

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

221

# Source Repo.

222

"revisionId": "A String", # A revision ID.

223

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

224

"uid": "A String", # A server-assigned, globally unique identifier.

225

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

226

# winged-cargo-31) and a repo name within that project.

227

"projectId": "A String", # The ID of the project.

228

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

229

},

230

},

231

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

232

"name": "A String", # The alias name.

233

"kind": "A String", # The alias kind.

234

},

235

},

236

"labels": { # Labels with user defined metadata.

237

"a_key": "A String",

238

},

239

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

240

# repository (e.g., GitHub).

241

"revisionId": "A String", # Required. Git commit hash.

242

"url": "A String", # Git repository URL.

243

},

244

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

245

"hostUri": "A String", # The URI of a running Gerrit instance.

246

"revisionId": "A String", # A revision (commit) ID.

247

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

248

# "project/subproject" is a valid project name. The "repo name" is

249

# the hostURI/project.

250

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

251

"name": "A String", # The alias name.

252

"kind": "A String", # The alias kind.

253

},

254

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

255

},

256

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

257

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

258

# with a path point to a unique revision of a single file or directory.

259

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

260

# Source Repo.

261

"revisionId": "A String", # A revision ID.

262

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

263

"uid": "A String", # A server-assigned, globally unique identifier.

264

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

265

# winged-cargo-31) and a repo name within that project.

266

"projectId": "A String", # The ID of the project.

267

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

268

},

269

},

270

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

271

"name": "A String", # The alias name.

272

"kind": "A String", # The alias kind.

273

},

274

},

275

"labels": { # Labels with user defined metadata.

276

"a_key": "A String",

277

},

278

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

279

# repository (e.g., GitHub).

280

"revisionId": "A String", # Required. Git commit hash.

281

"url": "A String", # Git repository URL.

282

},

283

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

284

"hostUri": "A String", # The URI of a running Gerrit instance.

285

"revisionId": "A String", # A revision (commit) ID.

286

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

287

# "project/subproject" is a valid project name. The "repo name" is

288

# the hostURI/project.

289

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

290

"name": "A String", # The alias name.

291

"kind": "A String", # The alias kind.

292

},

293

},

294

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

295

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

296

"createTime": "A String", # Time at which the build was created.

297

"projectId": "A String", # ID of the project.

298

"finishTime": "A String", # Time at which execution of the build was finished.

299

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

300

# user's e-mail address at the time the build was initiated; this address may

301

# not represent the same end-user for all time.

302

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

303

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

304

"commands": [ # Commands requested by the build.

305

{ # Command describes a step performed as part of the build pipeline.

306

"name": "A String", # Name of the command, as presented on the command line, or if the command is

307

# packaged as a Docker container, as presented to `docker pull`.

308

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

309

# this Command as a dependency.

310

"dir": "A String", # Working directory (relative to project source root) used when running

311

# this Command.

312

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

313

"A String",

314

],

315

"env": [ # Environment variables set before running this Command.

316

"A String",

317

],

318

"args": [ # Command-line arguments used when executing this Command.

319

"A String",

320

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

321

},

322

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

323

"builtArtifacts": [ # Output of the build.

324

{ # Artifact describes a build product.

325

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

326

# like gcr.io/projectID/imagename@sha256:123456

327

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

328

# the case of a container build, the name used to push the container image to

329

# Google Container Registry, as presented to `docker push`. Note that a

330

# single Artifact ID can have multiple names, for example if two tags are

331

# applied to one image.

332

"A String",

333

],

334

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

335

# the case of a container build, the name used to push the container image to

336

# Google Container Registry, as presented to `docker push`.

337

#

338

# This field is deprecated in favor of the plural `names` field; it continues

339

# to exist here to allow existing BuildProvenance serialized to json in

340

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

341

# deserialize back into proto.

342

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

347

"buildOptions": { # Special options applied to this build. This is a catch-all field where

348

# build providers can enter any desired additional details.

349

"a_key": "A String",

350

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

351

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

352

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

353

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

354

# specified. This field can be used as a filter in list requests.

355

"resource": { # #

356

# The resource for which the `Occurrence` applies.

357

# Resource is an entity that can have metadata. E.g., a Docker image.

358

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

359

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

360

"type": "A String", # The type of hash that was performed.

361

"value": "A String", # The hash value.

362

},

363

"uri": "A String", # The unique URI of the resource. E.g.,

364

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

365

},

366

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

367

# applies. For example, https://gcr.io/project/image@sha256:foo This field

368

# can be used as a filter in list requests.

369

"name": "A String", # Output only. The name of the `Occurrence` in the form

370

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

371

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

372

# Attestation can be verified using the attached signature. If the verifier

373

# trusts the public key of the signer, then verifying the signature is

374

# sufficient to establish trust. In this circumstance, the

375

# AttestationAuthority to which this Attestation is attached is primarily

376

# useful for look-up (how to find this Attestation if you already know the

377

# Authority and artifact to be verified) and intent (which authority was this

378

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

379

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

380

# This message only supports `ATTACHED` signatures, where the payload that is

381

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

382

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

383

# equivalent. Since this message only supports attached signatures, the

384

# payload that was signed must be attached. While the signature format

385

# supported is dependent on the verification implementation, currently only

386

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

387

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

388

# --output=signature.gpg payload.json` will create the signature content

389

# expected in this field in `signature.gpg` for the `payload.json`

390

# attestation payload.

391

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

392

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

393

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

394

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

395

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

396

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

397

# In gpg, the full fingerprint can be retrieved from the `fpr` field

398

# returned when calling --list-keys with --with-colons. For example:

399

# ```

400

# gpg --with-colons --with-fingerprint --force-v4-certs \

401

# --list-keys attester@example.com

402

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

403

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

404

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

405

# ```

406

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

407

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

408

# The verifier must ensure that the provided type is one that the verifier

409

# supports, and that the attestation payload is a valid instantiation of that

410

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

411

},

412

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

413

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

414

# a system.

415

"location": [ # All of the places within the filesystem versions of this package

416

# have been found.

417

{ # An occurrence of a particular package installation found within a

418

# system's filesystem.

419

# e.g. glibc was found in /var/lib/dpkg/status

420

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

421

# denoting the package manager version distributing a package.

422

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

423

# For a discussion of this in Debian/Ubuntu:

424

# http://serverfault.com/questions/604541/debian-packages-version-convention

425

# For a discussion of this in Redhat/Fedora/Centos:

426

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

427

"name": "A String", # The main part of the version name.

428

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

429

# If kind is not NORMAL, then the other fields are ignored.

430

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

431

"revision": "A String", # The iteration of the package build from the above version.

432

},

433

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

434

},

435

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

436

"name": "A String", # Output only. The name of the installed package.

437

},

438

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

439

# specific upgrade. This presence is supplied via local sources (i.e. it is

440

# present in the mirror and the running system has noticed its availability).

441

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

442

# for the resource_url. This allows efficient filtering, as well as

443

# making it easier to use the occurrence.

444

# operating system (CPE). Some distributions have additional metadata around

445

# updates, classifying them into various categories and severities.

446

"cve": [ # The cve that would be resolved by this upgrade.

447

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

448

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

449

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

450

# upstream operating system upgrade feed.

451

"severity": "A String", # The severity as specified by the upstream operating system.

452

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

453

# https://cpe.mitre.org/specification/.

454

},

455

"package": "A String", # Required - The package this Upgrade is for.

456

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

457

# For a discussion of this in Debian/Ubuntu:

458

# http://serverfault.com/questions/604541/debian-packages-version-convention

459

# For a discussion of this in Redhat/Fedora/Centos:

460

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

461

"name": "A String", # The main part of the version name.

462

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

463

# If kind is not NORMAL, then the other fields are ignored.

464

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

465

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

466

},

467

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

468

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

469

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

470

# This field is deprecated, do not use.

471

# network API call.

472

"name": "A String", # The server-assigned name, which is only unique within the same service that

473

# originally returns it. If you use the default HTTP mapping, the

474

# `name` should be a resource name ending with `operations/{unique_id}`.

475

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

476

# different programming environments, including REST APIs and RPC APIs. It is

477

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

478

# three pieces of data: error code, error message, and error details.

479

#

480

# You can find out more about this error model and how to work with it in the

481

# [API Design Guide](https://cloud.google.com/apis/design/errors).

482

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

483

"message": "A String", # A developer-facing error message, which should be in English. Any

484

# user-facing error message should be localized and sent in the

485

# google.rpc.Status.details field, or localized by the client.

486

"details": [ # A list of messages that carry the error details. There is a common set of

487

# message types for APIs to use.

488

{

489

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

494

# contains progress information and common metadata such as create time.

495

# Some services might not provide such metadata. Any method that returns a

496

# long-running operation should document the metadata type, if any.

497

"a_key": "", # Properties of the object. Contains field @type with type URL.

498

},

499

"done": True or False, # If the value is `false`, it means the operation is still in progress.

500

# If `true`, the operation is completed, and either `error` or `response` is

501

# available.

502

"response": { # The normal response of the operation in case of success. If the original

503

# method returns no data on success, such as `Delete`, the response is

504

# `google.protobuf.Empty`. If the original method is standard

505

# `Get`/`Create`/`Update`, the response should be the resource. For other

506

# methods, the response should have the type `XxxResponse`, where `Xxx`

507

# is the original method name. For example, if the original method name

508

# is `TakeSnapshot()`, the inferred response type is

509

# `TakeSnapshotResponse`.

510

"a_key": "", # Properties of the object. Contains field @type with type URL.

511

},

512

},

513

"analysisStatus": "A String", # The status of discovery for the resource.

514

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

515

"cpe": "A String", # The CPE of the resource being scanned.

516

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

517

# details to show to the user. The LocalizedMessage output only and

518

# populated by the API.

519

# different programming environments, including REST APIs and RPC APIs. It is

520

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

521

# three pieces of data: error code, error message, and error details.

522

#

523

# You can find out more about this error model and how to work with it in the

524

# [API Design Guide](https://cloud.google.com/apis/design/errors).

525

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

526

"message": "A String", # A developer-facing error message, which should be in English. Any

527

# user-facing error message should be localized and sent in the

528

# google.rpc.Status.details field, or localized by the client.

529

"details": [ # A list of messages that carry the error details. There is a common set of

530

# message types for APIs to use.

531

{

532

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

538

"address": "A String", # Address of the runtime element hosting this deployment.

539

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

540

# deployable field with the same name.

541

"A String",

542

],

543

"userEmail": "A String", # Identity of the user that triggered this deployment.

544

"config": "A String", # Configuration used to create this deployment.

545

"undeployTime": "A String", # End of the lifetime of this deployment.

546

"platform": "A String", # Platform hosting this deployment.

547

"deployTime": "A String", # Beginning of the lifetime of this deployment.

548

},

549

"noteName": "A String", # An analysis note associated with this image, in the form

550

# "providers/{provider_id}/notes/{NOTE_ID}"

551

# This field can be used as a filter in list requests.

552

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

553

# to fix it.

554

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

555

# scale of 0-10 where 0 indicates low severity and 10 indicates high

556

# severity.

557

"type": "A String", # The type of package; whether native or non native(ruby gems,

558

# node.js packages etc)

559

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

560

# available and note provider assigned severity when distro has not yet

561

# assigned a severity for this vulnerability.

562

"packageIssue": [ # The set of affected locations and their fixes (if available) within

563

# the associated resource.

564

{ # This message wraps a location affected by a vulnerability and its

565

# associated fix (if one is available).

566

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

567

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

568

# format. Examples include distro or storage location for vulnerable jar.

569

# This field can be used as a filter in list requests.

570

"package": "A String", # The package being described.

571

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

572

# filter in list requests.

573

# For a discussion of this in Debian/Ubuntu:

574

# http://serverfault.com/questions/604541/debian-packages-version-convention

575

# For a discussion of this in Redhat/Fedora/Centos:

576

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

577

"name": "A String", # The main part of the version name.

578

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

579

# If kind is not NORMAL, then the other fields are ignored.

580

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

581

"revision": "A String", # The iteration of the package build from the above version.

582

},

583

},

584

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

585

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

586

# format. Examples include distro or storage location for vulnerable jar.

587

# This field can be used as a filter in list requests.

588

"package": "A String", # The package being described.

589

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

590

# filter in list requests.

591

# For a discussion of this in Debian/Ubuntu:

592

# http://serverfault.com/questions/604541/debian-packages-version-convention

593

# For a discussion of this in Redhat/Fedora/Centos:

594

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

595

"name": "A String", # The main part of the version name.

596

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

597

# If kind is not NORMAL, then the other fields are ignored.

598

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

599

"revision": "A String", # The iteration of the package build from the above version.

600

},

601

},

602

"severityName": "A String",

603

},

604

],

605

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

606

},

607

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

608

}

609

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

610

name: string, The name of the project. Should be of the form "projects/{project_id}".

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

611

@Deprecated

612

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

619

620

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

621

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

622

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

623

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

624

# in the associated note.

625

# DockerImage relationship. This image would be produced from a Dockerfile

626

# with FROM <DockerImage.Basis in attached Note>.

627

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

628

# occurrence.

629

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

630

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

631

"A String",

632

],

633

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

634

# representation.

635

# This field can be used as a filter in list requests.

636

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

637

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

638

# Only the name of the final blob is kept.

639

# This field can be used as a filter in list requests.

640

},

641

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

642

# "distance" and is ordered with [distance] being the layer immediately

643

# following the base image and [1] being the final layer.

644

{ # Layer holds metadata specific to a layer of a Docker image.

645

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

646

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

647

},

648

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

649

"distance": 42, # Output only. The number of layers by which this image differs from the

650

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

651

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

652

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

653

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

654

# `BuildSignature` in the corresponding Result. After verifying the

655

# signature, `provenance_bytes` can be unmarshalled and compared to the

656

# provenance to confirm that it is unchanged. A base64-encoded string

657

# representation of the provenance bytes is used for the signature in order

658

# to interoperate with openssl which expects this format for signature

659

# verification.

660

#

661

# The serialized form is captured both to avoid ambiguity in how the

662

# provenance is marshalled to json as well to prevent incompatibilities with

663

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

664

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

665

# details about the build from source to completion.

666

"startTime": "A String", # Time at which execution of the build was started.

667

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

668

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

669

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

670

# Repository.

671

"projectId": "A String", # ID of the project that owns the repo.

672

"repoName": "A String", # Name of the repo.

673

"branchName": "A String", # Name of the branch to build.

674

"tagName": "A String", # Name of the tag to build.

675

"commitSha": "A String", # Explicit commit SHA to build.

676

},

677

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

678

# Storage.

679

# Google Cloud Storage.

680

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

681

# Requirements]

682

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

683

"object": "A String", # Google Cloud Storage object containing source.

684

"generation": "A String", # Google Cloud Storage generation for the object.

685

},

686

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

687

# source integrity was maintained in the build.

688

#

689

# The keys to this map are file paths used as build source and the values

690

# contain the hash values for those files.

691

#

692

# If the build source came in a single package such as a gzipped tarfile

693

# (.tar.gz), the FileHash will be for the single path to that file.

694

"a_key": { # Container message for hashes of byte content of files, used in Source

695

# messages to verify integrity of source input to the build.

696

"fileHash": [ # Collection of file hashes.

697

{ # Container message for hash values.

698

"type": "A String", # The type of hash that was performed.

699

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

705

# location.

706

# Google Cloud Storage.

707

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

708

# Requirements]

709

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

710

"object": "A String", # Google Cloud Storage object containing source.

711

"generation": "A String", # Google Cloud Storage generation for the object.

712

},

713

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

714

# these locations, in the case where the source repository had multiple

715

# remotes or submodules. This list will not include the context specified in

716

# the context field.

717

{ # A SourceContext is a reference to a tree of files. A SourceContext together

718

# with a path point to a unique revision of a single file or directory.

719

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

720

# Source Repo.

721

"revisionId": "A String", # A revision ID.

722

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

723

"uid": "A String", # A server-assigned, globally unique identifier.

724

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

725

# winged-cargo-31) and a repo name within that project.

726

"projectId": "A String", # The ID of the project.

727

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

728

},

729

},

730

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

731

"name": "A String", # The alias name.

732

"kind": "A String", # The alias kind.

733

},

734

},

735

"labels": { # Labels with user defined metadata.

736

"a_key": "A String",

737

},

738

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

739

# repository (e.g., GitHub).

740

"revisionId": "A String", # Required. Git commit hash.

741

"url": "A String", # Git repository URL.

742

},

743

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

744

"hostUri": "A String", # The URI of a running Gerrit instance.

745

"revisionId": "A String", # A revision (commit) ID.

746

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

747

# "project/subproject" is a valid project name. The "repo name" is

748

# the hostURI/project.

749

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

750

"name": "A String", # The alias name.

751

"kind": "A String", # The alias kind.

752

},

753

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

754

},

755

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

756

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

757

# with a path point to a unique revision of a single file or directory.

758

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

759

# Source Repo.

760

"revisionId": "A String", # A revision ID.

761

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

762

"uid": "A String", # A server-assigned, globally unique identifier.

763

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

764

# winged-cargo-31) and a repo name within that project.

765

"projectId": "A String", # The ID of the project.

766

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

767

},

768

},

769

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

770

"name": "A String", # The alias name.

771

"kind": "A String", # The alias kind.

772

},

773

},

774

"labels": { # Labels with user defined metadata.

775

"a_key": "A String",

776

},

777

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

778

# repository (e.g., GitHub).

779

"revisionId": "A String", # Required. Git commit hash.

780

"url": "A String", # Git repository URL.

781

},

782

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

783

"hostUri": "A String", # The URI of a running Gerrit instance.

784

"revisionId": "A String", # A revision (commit) ID.

785

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

786

# "project/subproject" is a valid project name. The "repo name" is

787

# the hostURI/project.

788

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

789

"name": "A String", # The alias name.

790

"kind": "A String", # The alias kind.

791

},

792

},

793

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

794

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

795

"createTime": "A String", # Time at which the build was created.

796

"projectId": "A String", # ID of the project.

797

"finishTime": "A String", # Time at which execution of the build was finished.

798

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

799

# user's e-mail address at the time the build was initiated; this address may

800

# not represent the same end-user for all time.

801

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

802

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

803

"commands": [ # Commands requested by the build.

804

{ # Command describes a step performed as part of the build pipeline.

805

"name": "A String", # Name of the command, as presented on the command line, or if the command is

806

# packaged as a Docker container, as presented to `docker pull`.

807

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

808

# this Command as a dependency.

809

"dir": "A String", # Working directory (relative to project source root) used when running

810

# this Command.

811

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

812

"A String",

813

],

814

"env": [ # Environment variables set before running this Command.

815

"A String",

816

],

817

"args": [ # Command-line arguments used when executing this Command.

818

"A String",

819

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

820

},

821

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

822

"builtArtifacts": [ # Output of the build.

823

{ # Artifact describes a build product.

824

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

825

# like gcr.io/projectID/imagename@sha256:123456

826

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

827

# the case of a container build, the name used to push the container image to

828

# Google Container Registry, as presented to `docker push`. Note that a

829

# single Artifact ID can have multiple names, for example if two tags are

830

# applied to one image.

831

"A String",

832

],

833

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

834

# the case of a container build, the name used to push the container image to

835

# Google Container Registry, as presented to `docker push`.

836

#

837

# This field is deprecated in favor of the plural `names` field; it continues

838

# to exist here to allow existing BuildProvenance serialized to json in

839

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

840

# deserialize back into proto.

841

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

846

"buildOptions": { # Special options applied to this build. This is a catch-all field where

847

# build providers can enter any desired additional details.

848

"a_key": "A String",

849

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

850

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

851

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

852

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

853

# specified. This field can be used as a filter in list requests.

854

"resource": { # #

855

# The resource for which the `Occurrence` applies.

856

# Resource is an entity that can have metadata. E.g., a Docker image.

857

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

858

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

859

"type": "A String", # The type of hash that was performed.

860

"value": "A String", # The hash value.

861

},

862

"uri": "A String", # The unique URI of the resource. E.g.,

863

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

864

},

865

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

866

# applies. For example, https://gcr.io/project/image@sha256:foo This field

867

# can be used as a filter in list requests.

868

"name": "A String", # Output only. The name of the `Occurrence` in the form

869

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

870

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

871

# Attestation can be verified using the attached signature. If the verifier

872

# trusts the public key of the signer, then verifying the signature is

873

# sufficient to establish trust. In this circumstance, the

874

# AttestationAuthority to which this Attestation is attached is primarily

875

# useful for look-up (how to find this Attestation if you already know the

876

# Authority and artifact to be verified) and intent (which authority was this

877

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

878

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

879

# This message only supports `ATTACHED` signatures, where the payload that is

880

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

881

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

882

# equivalent. Since this message only supports attached signatures, the

883

# payload that was signed must be attached. While the signature format

884

# supported is dependent on the verification implementation, currently only

885

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

886

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

887

# --output=signature.gpg payload.json` will create the signature content

888

# expected in this field in `signature.gpg` for the `payload.json`

889

# attestation payload.

890

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

891

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

892

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

893

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

894

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

895

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

896

# In gpg, the full fingerprint can be retrieved from the `fpr` field

897

# returned when calling --list-keys with --with-colons. For example:

898

# ```

899

# gpg --with-colons --with-fingerprint --force-v4-certs \

900

# --list-keys attester@example.com

901

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

902

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

903

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

904

# ```

905

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

906

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

907

# The verifier must ensure that the provided type is one that the verifier

908

# supports, and that the attestation payload is a valid instantiation of that

909

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

910

},

911

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

912

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

913

# a system.

914

"location": [ # All of the places within the filesystem versions of this package

915

# have been found.

916

{ # An occurrence of a particular package installation found within a

917

# system's filesystem.

918

# e.g. glibc was found in /var/lib/dpkg/status

919

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

920

# denoting the package manager version distributing a package.

921

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

922

# For a discussion of this in Debian/Ubuntu:

923

# http://serverfault.com/questions/604541/debian-packages-version-convention

924

# For a discussion of this in Redhat/Fedora/Centos:

925

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

926

"name": "A String", # The main part of the version name.

927

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

928

# If kind is not NORMAL, then the other fields are ignored.

929

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

930

"revision": "A String", # The iteration of the package build from the above version.

931

},

932

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

933

},

934

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

935

"name": "A String", # Output only. The name of the installed package.

936

},

937

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

938

# specific upgrade. This presence is supplied via local sources (i.e. it is

939

# present in the mirror and the running system has noticed its availability).

940

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

941

# for the resource_url. This allows efficient filtering, as well as

942

# making it easier to use the occurrence.

943

# operating system (CPE). Some distributions have additional metadata around

944

# updates, classifying them into various categories and severities.

945

"cve": [ # The cve that would be resolved by this upgrade.

946

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

947

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

948

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

949

# upstream operating system upgrade feed.

950

"severity": "A String", # The severity as specified by the upstream operating system.

951

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

952

# https://cpe.mitre.org/specification/.

953

},

954

"package": "A String", # Required - The package this Upgrade is for.

955

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

956

# For a discussion of this in Debian/Ubuntu:

957

# http://serverfault.com/questions/604541/debian-packages-version-convention

958

# For a discussion of this in Redhat/Fedora/Centos:

959

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

960

"name": "A String", # The main part of the version name.

961

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

962

# If kind is not NORMAL, then the other fields are ignored.

963

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

964

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

965

},

966

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

967

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

968

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

969

# This field is deprecated, do not use.

970

# network API call.

971

"name": "A String", # The server-assigned name, which is only unique within the same service that

972

# originally returns it. If you use the default HTTP mapping, the

973

# `name` should be a resource name ending with `operations/{unique_id}`.

974

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

975

# different programming environments, including REST APIs and RPC APIs. It is

976

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

977

# three pieces of data: error code, error message, and error details.

978

#

979

# You can find out more about this error model and how to work with it in the

980

# [API Design Guide](https://cloud.google.com/apis/design/errors).

981

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

982

"message": "A String", # A developer-facing error message, which should be in English. Any

983

# user-facing error message should be localized and sent in the

984

# google.rpc.Status.details field, or localized by the client.

985

"details": [ # A list of messages that carry the error details. There is a common set of

986

# message types for APIs to use.

987

{

988

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

993

# contains progress information and common metadata such as create time.

994

# Some services might not provide such metadata. Any method that returns a

995

# long-running operation should document the metadata type, if any.

996

"a_key": "", # Properties of the object. Contains field @type with type URL.

997

},

998

"done": True or False, # If the value is `false`, it means the operation is still in progress.

999

# If `true`, the operation is completed, and either `error` or `response` is

1000

# available.

1001

"response": { # The normal response of the operation in case of success. If the original

1002

# method returns no data on success, such as `Delete`, the response is

1003

# `google.protobuf.Empty`. If the original method is standard

1004

# `Get`/`Create`/`Update`, the response should be the resource. For other

1005

# methods, the response should have the type `XxxResponse`, where `Xxx`

1006

# is the original method name. For example, if the original method name

1007

# is `TakeSnapshot()`, the inferred response type is

1008

# `TakeSnapshotResponse`.

1009

"a_key": "", # Properties of the object. Contains field @type with type URL.

1010

},

1011

},

1012

"analysisStatus": "A String", # The status of discovery for the resource.

1013

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

1014

"cpe": "A String", # The CPE of the resource being scanned.

1015

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

1016

# details to show to the user. The LocalizedMessage output only and

1017

# populated by the API.

1018

# different programming environments, including REST APIs and RPC APIs. It is

1019

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

1020

# three pieces of data: error code, error message, and error details.

1021

#

1022

# You can find out more about this error model and how to work with it in the

1023

# [API Design Guide](https://cloud.google.com/apis/design/errors).

1024

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

1025

"message": "A String", # A developer-facing error message, which should be in English. Any

1026

# user-facing error message should be localized and sent in the

1027

# google.rpc.Status.details field, or localized by the client.

1028

"details": [ # A list of messages that carry the error details. There is a common set of

1029

# message types for APIs to use.

1030

{

1031

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

1037

"address": "A String", # Address of the runtime element hosting this deployment.

1038

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

1039

# deployable field with the same name.

1040

"A String",

1041

],

1042

"userEmail": "A String", # Identity of the user that triggered this deployment.

1043

"config": "A String", # Configuration used to create this deployment.

1044

"undeployTime": "A String", # End of the lifetime of this deployment.

1045

"platform": "A String", # Platform hosting this deployment.

1046

"deployTime": "A String", # Beginning of the lifetime of this deployment.

1047

},

1048

"noteName": "A String", # An analysis note associated with this image, in the form

1049

# "providers/{provider_id}/notes/{NOTE_ID}"

1050

# This field can be used as a filter in list requests.

1051

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

1052

# to fix it.

1053

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

1054

# scale of 0-10 where 0 indicates low severity and 10 indicates high

1055

# severity.

1056

"type": "A String", # The type of package; whether native or non native(ruby gems,

1057

# node.js packages etc)

1058

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

1059

# available and note provider assigned severity when distro has not yet

1060

# assigned a severity for this vulnerability.

1061

"packageIssue": [ # The set of affected locations and their fixes (if available) within

1062

# the associated resource.

1063

{ # This message wraps a location affected by a vulnerability and its

1064

# associated fix (if one is available).

1065

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

1066

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

1067

# format. Examples include distro or storage location for vulnerable jar.

1068

# This field can be used as a filter in list requests.

1069

"package": "A String", # The package being described.

1070

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

1071

# filter in list requests.

1072

# For a discussion of this in Debian/Ubuntu:

1073

# http://serverfault.com/questions/604541/debian-packages-version-convention

1074

# For a discussion of this in Redhat/Fedora/Centos:

1075

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1076

"name": "A String", # The main part of the version name.

1077

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1078

# If kind is not NORMAL, then the other fields are ignored.

1079

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1080

"revision": "A String", # The iteration of the package build from the above version.

1081

},

1082

},

1083

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

1084

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

1085

# format. Examples include distro or storage location for vulnerable jar.

1086

# This field can be used as a filter in list requests.

1087

"package": "A String", # The package being described.

1088

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

1089

# filter in list requests.

1090

# For a discussion of this in Debian/Ubuntu:

1091

# http://serverfault.com/questions/604541/debian-packages-version-convention

1092

# For a discussion of this in Redhat/Fedora/Centos:

1093

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1094

"name": "A String", # The main part of the version name.

1095

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1096

# If kind is not NORMAL, then the other fields are ignored.

1097

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1098

"revision": "A String", # The iteration of the package build from the above version.

1099

},

1100

},

1101

"severityName": "A String",

1102

},

1103

],

1104

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

1105

},

1106

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

1112

<pre>Deletes the given `Occurrence` from the system. Use this when

1113

an `Occurrence` is no longer applicable for the given resource.

Args:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1117

"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1118

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1125

1126

{ # A generic empty message that you can re-use to avoid defining duplicated

1127

# empty messages in your APIs. A typical example is to use it as the request

1128

# or the response type of an API method. For instance:

1129

#

1130

# service Foo {

1131

# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);

1132

# }

1133

#

1134

# The JSON representation for `Empty` is empty JSON object `{}`.

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

1140

<pre>Returns the requested `Occurrence`.

Args:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1144

"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1145

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1152

1153

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1154

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

1155

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

1156

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

1157

# in the associated note.

1158

# DockerImage relationship. This image would be produced from a Dockerfile

1159

# with FROM <DockerImage.Basis in attached Note>.

1160

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

1161

# occurrence.

1162

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

1163

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

1164

"A String",

1165

],

1166

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

1167

# representation.

1168

# This field can be used as a filter in list requests.

1169

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

1170

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

1171

# Only the name of the final blob is kept.

1172

# This field can be used as a filter in list requests.

1173

},

1174

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

1175

# "distance" and is ordered with [distance] being the layer immediately

1176

# following the base image and [1] being the final layer.

1177

{ # Layer holds metadata specific to a layer of a Docker image.

1178

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

1179

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1180

},

1181

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1182

"distance": 42, # Output only. The number of layers by which this image differs from the

1183

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1184

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1185

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

1186

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1187

# `BuildSignature` in the corresponding Result. After verifying the

1188

# signature, `provenance_bytes` can be unmarshalled and compared to the

1189

# provenance to confirm that it is unchanged. A base64-encoded string

1190

# representation of the provenance bytes is used for the signature in order

1191

# to interoperate with openssl which expects this format for signature

1192

# verification.

1193

#

1194

# The serialized form is captured both to avoid ambiguity in how the

1195

# provenance is marshalled to json as well to prevent incompatibilities with

1196

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1197

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

1198

# details about the build from source to completion.

1199

"startTime": "A String", # Time at which execution of the build was started.

1200

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

1201

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

1202

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

1203

# Repository.

1204

"projectId": "A String", # ID of the project that owns the repo.

1205

"repoName": "A String", # Name of the repo.

1206

"branchName": "A String", # Name of the branch to build.

1207

"tagName": "A String", # Name of the tag to build.

1208

"commitSha": "A String", # Explicit commit SHA to build.

1209

},

1210

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

1211

# Storage.

1212

# Google Cloud Storage.

1213

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

1214

# Requirements]

1215

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

1216

"object": "A String", # Google Cloud Storage object containing source.

1217

"generation": "A String", # Google Cloud Storage generation for the object.

1218

},

1219

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

1220

# source integrity was maintained in the build.

1221

#

1222

# The keys to this map are file paths used as build source and the values

1223

# contain the hash values for those files.

1224

#

1225

# If the build source came in a single package such as a gzipped tarfile

1226

# (.tar.gz), the FileHash will be for the single path to that file.

1227

"a_key": { # Container message for hashes of byte content of files, used in Source

1228

# messages to verify integrity of source input to the build.

1229

"fileHash": [ # Collection of file hashes.

1230

{ # Container message for hash values.

1231

"type": "A String", # The type of hash that was performed.

1232

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

1238

# location.

1239

# Google Cloud Storage.

1240

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

1241

# Requirements]

1242

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

1243

"object": "A String", # Google Cloud Storage object containing source.

1244

"generation": "A String", # Google Cloud Storage generation for the object.

1245

},

1246

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

1247

# these locations, in the case where the source repository had multiple

1248

# remotes or submodules. This list will not include the context specified in

1249

# the context field.

1250

{ # A SourceContext is a reference to a tree of files. A SourceContext together

1251

# with a path point to a unique revision of a single file or directory.

1252

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

1253

# Source Repo.

1254

"revisionId": "A String", # A revision ID.

1255

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

1256

"uid": "A String", # A server-assigned, globally unique identifier.

1257

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

1258

# winged-cargo-31) and a repo name within that project.

1259

"projectId": "A String", # The ID of the project.

1260

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

1261

},

1262

},

1263

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

1264

"name": "A String", # The alias name.

1265

"kind": "A String", # The alias kind.

1266

},

1267

},

1268

"labels": { # Labels with user defined metadata.

1269

"a_key": "A String",

1270

},

1271

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

1272

# repository (e.g., GitHub).

1273

"revisionId": "A String", # Required. Git commit hash.

1274

"url": "A String", # Git repository URL.

1275

},

1276

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

1277

"hostUri": "A String", # The URI of a running Gerrit instance.

1278

"revisionId": "A String", # A revision (commit) ID.

1279

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

1280

# "project/subproject" is a valid project name. The "repo name" is

1281

# the hostURI/project.

1282

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

1283

"name": "A String", # The alias name.

1284

"kind": "A String", # The alias kind.

1285

},

1286

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1287

},

1288

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1289

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

1290

# with a path point to a unique revision of a single file or directory.

1291

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

1292

# Source Repo.

1293

"revisionId": "A String", # A revision ID.

1294

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

1295

"uid": "A String", # A server-assigned, globally unique identifier.

1296

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

1297

# winged-cargo-31) and a repo name within that project.

1298

"projectId": "A String", # The ID of the project.

1299

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

1300

},

1301

},

1302

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

1303

"name": "A String", # The alias name.

1304

"kind": "A String", # The alias kind.

1305

},

1306

},

1307

"labels": { # Labels with user defined metadata.

1308

"a_key": "A String",

1309

},

1310

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

1311

# repository (e.g., GitHub).

1312

"revisionId": "A String", # Required. Git commit hash.

1313

"url": "A String", # Git repository URL.

1314

},

1315

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

1316

"hostUri": "A String", # The URI of a running Gerrit instance.

1317

"revisionId": "A String", # A revision (commit) ID.

1318

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

1319

# "project/subproject" is a valid project name. The "repo name" is

1320

# the hostURI/project.

1321

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

1322

"name": "A String", # The alias name.

1323

"kind": "A String", # The alias kind.

1324

},

1325

},

1326

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1327

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1328

"createTime": "A String", # Time at which the build was created.

1329

"projectId": "A String", # ID of the project.

1330

"finishTime": "A String", # Time at which execution of the build was finished.

1331

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

1332

# user's e-mail address at the time the build was initiated; this address may

1333

# not represent the same end-user for all time.

1334

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

1335

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

1336

"commands": [ # Commands requested by the build.

1337

{ # Command describes a step performed as part of the build pipeline.

1338

"name": "A String", # Name of the command, as presented on the command line, or if the command is

1339

# packaged as a Docker container, as presented to `docker pull`.

1340

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

1341

# this Command as a dependency.

1342

"dir": "A String", # Working directory (relative to project source root) used when running

1343

# this Command.

1344

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

1345

"A String",

1346

],

1347

"env": [ # Environment variables set before running this Command.

1348

"A String",

1349

],

1350

"args": [ # Command-line arguments used when executing this Command.

1351

"A String",

1352

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1353

},

1354

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1355

"builtArtifacts": [ # Output of the build.

1356

{ # Artifact describes a build product.

1357

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

1358

# like gcr.io/projectID/imagename@sha256:123456

1359

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

1360

# the case of a container build, the name used to push the container image to

1361

# Google Container Registry, as presented to `docker push`. Note that a

1362

# single Artifact ID can have multiple names, for example if two tags are

1363

# applied to one image.

1364

"A String",

1365

],

1366

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

1367

# the case of a container build, the name used to push the container image to

1368

# Google Container Registry, as presented to `docker push`.

1369

#

1370

# This field is deprecated in favor of the plural `names` field; it continues

1371

# to exist here to allow existing BuildProvenance serialized to json in

1372

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

1373

# deserialize back into proto.

1374

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

1379

"buildOptions": { # Special options applied to this build. This is a catch-all field where

1380

# build providers can enter any desired additional details.

1381

"a_key": "A String",

1382

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1383

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1384

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1385

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

1386

# specified. This field can be used as a filter in list requests.

1387

"resource": { # #

1388

# The resource for which the `Occurrence` applies.

1389

# Resource is an entity that can have metadata. E.g., a Docker image.

1390

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

1391

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

1392

"type": "A String", # The type of hash that was performed.

1393

"value": "A String", # The hash value.

1394

},

1395

"uri": "A String", # The unique URI of the resource. E.g.,

1396

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

1397

},

1398

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

1399

# applies. For example, https://gcr.io/project/image@sha256:foo This field

1400

# can be used as a filter in list requests.

1401

"name": "A String", # Output only. The name of the `Occurrence` in the form

1402

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

1403

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1404

# Attestation can be verified using the attached signature. If the verifier

1405

# trusts the public key of the signer, then verifying the signature is

1406

# sufficient to establish trust. In this circumstance, the

1407

# AttestationAuthority to which this Attestation is attached is primarily

1408

# useful for look-up (how to find this Attestation if you already know the

1409

# Authority and artifact to be verified) and intent (which authority was this

1410

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1411

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1412

# This message only supports `ATTACHED` signatures, where the payload that is

1413

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1414

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

1415

# equivalent. Since this message only supports attached signatures, the

1416

# payload that was signed must be attached. While the signature format

1417

# supported is dependent on the verification implementation, currently only

1418

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

1419

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

1420

# --output=signature.gpg payload.json` will create the signature content

1421

# expected in this field in `signature.gpg` for the `payload.json`

1422

# attestation payload.

1423

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1424

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

1425

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

1426

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1427

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1428

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

1429

# In gpg, the full fingerprint can be retrieved from the `fpr` field

1430

# returned when calling --list-keys with --with-colons. For example:

1431

# ```

1432

# gpg --with-colons --with-fingerprint --force-v4-certs \

1433

# --list-keys attester@example.com

1434

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1435

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1436

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

1437

# ```

1438

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1439

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1440

# The verifier must ensure that the provided type is one that the verifier

1441

# supports, and that the attestation payload is a valid instantiation of that

1442

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1443

},

1444

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1445

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

1446

# a system.

1447

"location": [ # All of the places within the filesystem versions of this package

1448

# have been found.

1449

{ # An occurrence of a particular package installation found within a

1450

# system's filesystem.

1451

# e.g. glibc was found in /var/lib/dpkg/status

1452

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

1453

# denoting the package manager version distributing a package.

1454

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

1455

# For a discussion of this in Debian/Ubuntu:

1456

# http://serverfault.com/questions/604541/debian-packages-version-convention

1457

# For a discussion of this in Redhat/Fedora/Centos:

1458

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1459

"name": "A String", # The main part of the version name.

1460

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1461

# If kind is not NORMAL, then the other fields are ignored.

1462

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1463

"revision": "A String", # The iteration of the package build from the above version.

1464

},

1465

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1466

},

1467

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1468

"name": "A String", # Output only. The name of the installed package.

1469

},

1470

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

1471

# specific upgrade. This presence is supplied via local sources (i.e. it is

1472

# present in the mirror and the running system has noticed its availability).

1473

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

1474

# for the resource_url. This allows efficient filtering, as well as

1475

# making it easier to use the occurrence.

1476

# operating system (CPE). Some distributions have additional metadata around

1477

# updates, classifying them into various categories and severities.

1478

"cve": [ # The cve that would be resolved by this upgrade.

1479

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1480

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1481

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

1482

# upstream operating system upgrade feed.

1483

"severity": "A String", # The severity as specified by the upstream operating system.

1484

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

1485

# https://cpe.mitre.org/specification/.

1486

},

1487

"package": "A String", # Required - The package this Upgrade is for.

1488

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

1489

# For a discussion of this in Debian/Ubuntu:

1490

# http://serverfault.com/questions/604541/debian-packages-version-convention

1491

# For a discussion of this in Redhat/Fedora/Centos:

1492

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1493

"name": "A String", # The main part of the version name.

1494

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1495

# If kind is not NORMAL, then the other fields are ignored.

1496

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1497

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1498

},

1499

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1500

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

1501

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

1502

# This field is deprecated, do not use.

1503

# network API call.

1504

"name": "A String", # The server-assigned name, which is only unique within the same service that

1505

# originally returns it. If you use the default HTTP mapping, the

1506

# `name` should be a resource name ending with `operations/{unique_id}`.

1507

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

1508

# different programming environments, including REST APIs and RPC APIs. It is

1509

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

1510

# three pieces of data: error code, error message, and error details.

1511

#

1512

# You can find out more about this error model and how to work with it in the

1513

# [API Design Guide](https://cloud.google.com/apis/design/errors).

1514

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

1515

"message": "A String", # A developer-facing error message, which should be in English. Any

1516

# user-facing error message should be localized and sent in the

1517

# google.rpc.Status.details field, or localized by the client.

1518

"details": [ # A list of messages that carry the error details. There is a common set of

1519

# message types for APIs to use.

1520

{

1521

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

1526

# contains progress information and common metadata such as create time.

1527

# Some services might not provide such metadata. Any method that returns a

1528

# long-running operation should document the metadata type, if any.

1529

"a_key": "", # Properties of the object. Contains field @type with type URL.

1530

},

1531

"done": True or False, # If the value is `false`, it means the operation is still in progress.

1532

# If `true`, the operation is completed, and either `error` or `response` is

1533

# available.

1534

"response": { # The normal response of the operation in case of success. If the original

1535

# method returns no data on success, such as `Delete`, the response is

1536

# `google.protobuf.Empty`. If the original method is standard

1537

# `Get`/`Create`/`Update`, the response should be the resource. For other

1538

# methods, the response should have the type `XxxResponse`, where `Xxx`

1539

# is the original method name. For example, if the original method name

1540

# is `TakeSnapshot()`, the inferred response type is

1541

# `TakeSnapshotResponse`.

1542

"a_key": "", # Properties of the object. Contains field @type with type URL.

1543

},

1544

},

1545

"analysisStatus": "A String", # The status of discovery for the resource.

1546

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

1547

"cpe": "A String", # The CPE of the resource being scanned.

1548

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

1549

# details to show to the user. The LocalizedMessage output only and

1550

# populated by the API.

1551

# different programming environments, including REST APIs and RPC APIs. It is

1552

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

1553

# three pieces of data: error code, error message, and error details.

1554

#

1555

# You can find out more about this error model and how to work with it in the

1556

# [API Design Guide](https://cloud.google.com/apis/design/errors).

1557

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

1558

"message": "A String", # A developer-facing error message, which should be in English. Any

1559

# user-facing error message should be localized and sent in the

1560

# google.rpc.Status.details field, or localized by the client.

1561

"details": [ # A list of messages that carry the error details. There is a common set of

1562

# message types for APIs to use.

1563

{

1564

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

1570

"address": "A String", # Address of the runtime element hosting this deployment.

1571

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

1572

# deployable field with the same name.

1573

"A String",

1574

],

1575

"userEmail": "A String", # Identity of the user that triggered this deployment.

1576

"config": "A String", # Configuration used to create this deployment.

1577

"undeployTime": "A String", # End of the lifetime of this deployment.

1578

"platform": "A String", # Platform hosting this deployment.

1579

"deployTime": "A String", # Beginning of the lifetime of this deployment.

1580

},

1581

"noteName": "A String", # An analysis note associated with this image, in the form

1582

# "providers/{provider_id}/notes/{NOTE_ID}"

1583

# This field can be used as a filter in list requests.

1584

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

1585

# to fix it.

1586

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

1587

# scale of 0-10 where 0 indicates low severity and 10 indicates high

1588

# severity.

1589

"type": "A String", # The type of package; whether native or non native(ruby gems,

1590

# node.js packages etc)

1591

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

1592

# available and note provider assigned severity when distro has not yet

1593

# assigned a severity for this vulnerability.

1594

"packageIssue": [ # The set of affected locations and their fixes (if available) within

1595

# the associated resource.

1596

{ # This message wraps a location affected by a vulnerability and its

1597

# associated fix (if one is available).

1598

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

1599

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

1600

# format. Examples include distro or storage location for vulnerable jar.

1601

# This field can be used as a filter in list requests.

1602

"package": "A String", # The package being described.

1603

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

1604

# filter in list requests.

1605

# For a discussion of this in Debian/Ubuntu:

1606

# http://serverfault.com/questions/604541/debian-packages-version-convention

1607

# For a discussion of this in Redhat/Fedora/Centos:

1608

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1609

"name": "A String", # The main part of the version name.

1610

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1611

# If kind is not NORMAL, then the other fields are ignored.

1612

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1613

"revision": "A String", # The iteration of the package build from the above version.

1614

},

1615

},

1616

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

1617

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

1618

# format. Examples include distro or storage location for vulnerable jar.

1619

# This field can be used as a filter in list requests.

1620

"package": "A String", # The package being described.

1621

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

1622

# filter in list requests.

1623

# For a discussion of this in Debian/Ubuntu:

1624

# http://serverfault.com/questions/604541/debian-packages-version-convention

1625

# For a discussion of this in Redhat/Fedora/Centos:

1626

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

1627

"name": "A String", # The main part of the version name.

1628

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

1629

# If kind is not NORMAL, then the other fields are ignored.

1630

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

1631

"revision": "A String", # The iteration of the package build from the above version.

1632

},

1633

},

1634

"severityName": "A String",

1635

},

1636

],

1637

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

1638

},

1639

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>

1645

<pre>Gets the access control policy for a note or an `Occurrence` resource.

1646

Requires `containeranalysis.notes.setIamPolicy` or

1647

`containeranalysis.occurrences.setIamPolicy` permission if the resource is

1648

a note or occurrence, respectively.

1649

Attempting to call this method on a resource without the required

1650

permission will result in a `PERMISSION_DENIED` error. Attempting to call

1651

this method on a non-existent resource will result in a `NOT_FOUND` error

1652

if the user has list permission on the project, or a `PERMISSION_DENIED`

1653

error otherwise. The resource takes the following formats:

1654

`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and

1655

projects/{PROJECT_ID}/notes/{NOTE_ID} for notes

1656

1657

Args:

1658

resource: string, REQUIRED: The resource for which the policy is being requested.

1659

See the operation documentation for the appropriate value for this field. (required)

1660

body: object, The request body.

1661

The object takes the form of:

1662

1663

{ # Request message for `GetIamPolicy` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1664

"options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1665

# `GetIamPolicy`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1666

"requestedPolicyVersion": 42, # Optional. The policy format version to be returned.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1667

#

1668

# Valid values are 0, 1, and 3. Requests specifying an invalid value will be

1669

# rejected.

1670

#

1671

# Requests for policies with any conditional bindings must specify version 3.

1672

# Policies without any conditional bindings may specify any valid value or

1673

# leave the field unset.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1674

#

1675

# To learn which resources support conditions in their IAM policies, see the

1676

# [IAM

1677

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1678

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1679

}

1680

1681

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1688

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1689

{ # An Identity and Access Management (IAM) policy, which specifies access

1690

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1691

#

1692

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1693

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1694

# `members` to a single `role`. Members can be user accounts, service accounts,

1695

# Google groups, and domains (such as G Suite). A `role` is a named list of

1696

# permissions; each `role` can be an IAM predefined role or a user-created

1697

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1698

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1699

# For some types of Google Cloud resources, a `binding` can also specify a

1700

# `condition`, which is a logical expression that allows access to a resource

1701

# only if the expression evaluates to `true`. A condition can add constraints

1702

# based on attributes of the request, the resource, or both. To learn which

1703

# resources support conditions in their IAM policies, see the

1704

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1705

#

1706

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1707

#

1708

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1709

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1710

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1711

# "role": "roles/resourcemanager.organizationAdmin",

1712

# "members": [

1713

# "user:mike@example.com",

1714

# "group:admins@example.com",

1715

# "domain:google.com",

1716

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1717

# ]

1718

# },

1719

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1720

# "role": "roles/resourcemanager.organizationViewer",

1721

# "members": [

1722

# "user:eve@example.com"

1723

# ],

1724

# "condition": {

1725

# "title": "expirable access",

1726

# "description": "Does not grant access after Sep 2020",

1727

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1728

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1729

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1730

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1731

# "etag": "BwWWja0YfJA=",

1732

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1733

# }

1734

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1735

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

1740

# - group:admins@example.com

1741

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1742

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1743

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1744

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1745

# - user:eve@example.com

1746

# role: roles/resourcemanager.organizationViewer

1747

# condition:

1748

# title: expirable access

1749

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1750

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1751

# - etag: BwWWja0YfJA=

1752

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1753

#

1754

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1755

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1756

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1757

# prevent simultaneous updates of a policy from overwriting each other.

1758

# It is strongly suggested that systems make use of the `etag` in the

1759

# read-modify-write cycle to perform policy updates in order to avoid race

1760

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1761

# systems are expected to put that etag in the request to `setIamPolicy` to

1762

# ensure that their change will be applied to the same version of the policy.

1763

#

1764

# **Important:** If you use IAM Conditions, you must include the `etag` field

1765

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1766

# you to overwrite a version `3` policy with a version `1` policy, and all of

1767

# the conditions in the version `3` policy are lost.

1768

"version": 42, # Specifies the format of the policy.

1769

#

1770

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1771

# are rejected.

1772

#

1773

# Any operation that affects conditional role bindings must specify version

1774

# `3`. This requirement applies to the following operations:

1775

#

1776

# * Getting a policy that includes a conditional role binding

1777

# * Adding a conditional role binding to a policy

1778

# * Changing a conditional role binding in a policy

1779

# * Removing any role binding, with or without a condition, from a policy

1780

# that includes conditions

1781

#

1782

# **Important:** If you use IAM Conditions, you must include the `etag` field

1783

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1784

# you to overwrite a version `3` policy with a version `1` policy, and all of

1785

# the conditions in the version `3` policy are lost.

1786

#

1787

# If a policy does not include any conditions, operations on that policy may

1788

# specify any valid version or leave the field unset.

1789

#

1790

# To learn which resources support conditions in their IAM policies, see the

1791

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1792

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1793

# `condition` that determines how and when the `bindings` are applied. Each

1794

# of the `bindings` must contain at least one member.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1795

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1796

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1797

#

1798

# If the condition evaluates to `true`, then this binding applies to the

1799

# current request.

1800

#

1801

# If the condition evaluates to `false`, then this binding does not apply to

1802

# the current request. However, a different role binding might grant the same

1803

# role to one or more of the members in this binding.

1804

#

1805

# To learn which resources support conditions in their IAM policies, see the

1806

# [IAM

1807

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1808

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1809

# are documented at https://github.com/google/cel-spec.

1810

#

1811

# Example (Comparison):

1812

#

1813

# title: "Summary size limit"

1814

# description: "Determines if a summary is less than 100 chars"

1815

# expression: "document.summary.size() < 100"

1816

#

1817

# Example (Equality):

1818

#

1819

# title: "Requestor is owner"

1820

# description: "Determines if requestor is the document owner"

1821

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1826

# description: "Determine whether the document should be publicly visible"

1827

# expression: "document.type != 'private' && document.type != 'internal'"

1828

#

1829

# Example (Data Manipulation):

1830

#

1831

# title: "Notification string"

1832

# description: "Create a notification string with a timestamp."

1833

# expression: "'New message received at ' + string(document.create_time)"

1834

#

1835

# The exact variables and functions that may be referenced within an expression

1836

# are determined by the service that evaluates it. See the service

1837

# documentation for additional information.

1838

"expression": "A String", # Textual representation of an expression in Common Expression Language

1839

# syntax.

1840

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1841

# its purpose. This can be used e.g. in UIs which allow to enter the

1842

# expression.

1843

"location": "A String", # Optional. String indicating the location of the expression for error

1844

# reporting, e.g. a file name and a position in the file.

1845

"description": "A String", # Optional. Description of the expression. This is a longer text which

1846

# describes the expression, e.g. when hovered over it in a UI.

1847

},

1848

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1849

# `members` can have the following values:

1850

#

1851

# * `allUsers`: A special identifier that represents anyone who is

1852

# on the internet; with or without a Google account.

1853

#

1854

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1855

# who is authenticated with a Google account or a service account.

1856

#

1857

# * `user:{emailid}`: An email address that represents a specific Google

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1858

# account. For example, `alice@example.com` .

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1859

#

1860

#

1861

# * `serviceAccount:{emailid}`: An email address that represents a service

1862

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1863

#

1864

# * `group:{emailid}`: An email address that represents a Google group.

1865

# For example, `admins@example.com`.

1866

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1867

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1868

# identifier) representing a user that has been recently deleted. For

1869

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1870

# recovered, this value reverts to `user:{emailid}` and the recovered user

1871

# retains the role in the binding.

1872

#

1873

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1874

# unique identifier) representing a service account that has been recently

1875

# deleted. For example,

1876

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1877

# If the service account is undeleted, this value reverts to

1878

# `serviceAccount:{emailid}` and the undeleted service account retains the

1879

# role in the binding.

1880

#

1881

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1882

# identifier) representing a Google group that has been recently

1883

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1884

# the group is recovered, this value reverts to `group:{emailid}` and the

1885

# recovered group retains the role in the binding.

1886

#

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1887

#

1888

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1889

# users of that domain. For example, `google.com` or `example.com`.

1890

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1891

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1892

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1893

"role": "A String", # Role that is assigned to `members`.

1894

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1895

},

1896

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code>

1902

<pre>Gets the `Note` attached to the given `Occurrence`.

Args:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1906

"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1907

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1914

1915

{ # Provides a detailed description of a `Note`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1916

"relatedUrl": [ # URLs associated with this note

1917

{ # Metadata for any related URL information

1918

"url": "A String", # Specific URL to associate with the note

1919

"label": "A String", # Label to describe usage of the URL

1920

},

1921

],

1922

"expirationTime": "A String", # Time of expiration for this note, null if note does not expire.

1923

"baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.

1924

# relationship. Linked occurrences are derived from this or an

1925

# equivalent image via:

1926

# FROM <Basis.resource_url>

1927

# Or an equivalent reference, e.g. a tag of the resource_url.

1928

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.

1929

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

1930

"A String",

1931

],

1932

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

1933

# representation.

1934

# This field can be used as a filter in list requests.

1935

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

1936

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

1937

# Only the name of the final blob is kept.

1938

# This field can be used as a filter in list requests.

1939

},

1940

"resourceUrl": "A String", # The resource_url for the resource representing the basis of

1941

# associated occurrence images.

1942

},

1943

"kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This

1944

# field can be used as a filter in list requests.

1945

"deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.

1946

"resourceUri": [ # Resource URI for the artifact being deployed.

"A String",

],

},

"buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1951

# the provenance message in linked BuildDetails.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1952

"signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1953

# `BuilderDetails`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1954

"keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key

1955

# stored in `public_key` (such as the Id or fingerprint for a PGP key, or the

1956

# CN for a cert), or a reference to an external key (such as a reference to a

1957

# key in Cloud Key Management Service).

1958

"keyType": "A String", # The type of the key, either stored in `public_key` or referenced in

1959

# `key_id`

1960

"signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.

1961

"publicKey": "A String", # Public key of the builder which can be used to verify that the related

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1962

# findings are valid and unchanged. If `key_type` is empty, this defaults

1963

# to PEM encoded public keys.

1964

#

1965

# This field may be empty if `key_id` references an external key.

1966

#

1967

# For Cloud Build based signatures, this is a PEM encoded public

1968

# key. To verify the Cloud Build signature, place the contents of

1969

# this field into a file (public.pem). The signature field is base64-decoded

1970

# into its binary representation in signature.bin, and the provenance bytes

1971

# from `BuildDetails` are base64-decoded into a binary representation in

1972

# signed.bin. OpenSSL can then verify the signature:

1973

# `openssl sha256 -verify public.pem -signature signature.bin signed.bin`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1974

},

1975

"builderVersion": "A String", # Version of the builder which produced this Note.

1976

},

1977

"longDescription": "A String", # A detailed description of this `Note`.

1978

"shortDescription": "A String", # A one sentence description of this `Note`.

1979

"attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.

1980

# example, an organization might have one `AttestationAuthority` for "QA" and

1981

# one for "build". This Note is intended to act strictly as a grouping

1982

# mechanism for the attached Occurrences (Attestations). This grouping

1983

# mechanism also provides a security boundary, since IAM ACLs gate the ability

1984

# for a principle to attach an Occurrence to a given Note. It also provides a

1985

# single point of lookup to find all attached Attestation Occurrences, even if

1986

# they don't all live in the same project.

1987

"hint": { # This submessage provides human-readable hints about the purpose of the

1988

# AttestationAuthority. Because the name of a Note acts as its resource

1989

# reference, it is important to disambiguate the canonical name of the Note

1990

# (which might be a UUID for security purposes) from "readable" names more

1991

# suitable for debug output. Note that these hints should NOT be used to

1992

# look up AttestationAuthorities in security sensitive contexts, such as when

1993

# looking up Attestations to verify.

1994

"humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1995

},

1996

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1997

"name": "A String", # The name of the note in the form

1998

# "projects/{provider_project_id}/notes/{NOTE_ID}"

1999

"vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.

2000

"cvssScore": 3.14, # The CVSS score for this Vulnerability.

2001

"severity": "A String", # Note provider assigned impact of the vulnerability

2002

"details": [ # All information about the package to specifically identify this

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2003

# vulnerability. One entry per (version range and cpe_uri) the

2004

# package vulnerability has manifested in.

2005

{ # Identifies all occurrences of this vulnerability in the package for a

2006

# specific distro/location

2007

# For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2008

"isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2009

# obsolete details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2010

"fixedLocation": { # The location of the vulnerability # The fix for this specific package version.

2011

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2012

# format. Examples include distro or storage location for vulnerable jar.

2013

# This field can be used as a filter in list requests.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2014

"package": "A String", # The package being described.

2015

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2016

# filter in list requests.

2017

# For a discussion of this in Debian/Ubuntu:

2018

# http://serverfault.com/questions/604541/debian-packages-version-convention

2019

# For a discussion of this in Redhat/Fedora/Centos:

2020

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2021

"name": "A String", # The main part of the version name.

2022

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2023

# If kind is not NORMAL, then the other fields are ignored.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2024

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2025

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2026

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2027

},

2028

"packageType": "A String", # The type of package; whether native or non native(ruby gems,

2029

# node.js packages etc)

2030

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in

2031

# which the vulnerability manifests. Examples include distro or storage

2032

# location for vulnerable jar.

2033

# This field can be used as a filter in list requests.

2034

"description": "A String", # A vendor-specific description of this note.

2035

"minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.

2036

# For a discussion of this in Debian/Ubuntu:

2037

# http://serverfault.com/questions/604541/debian-packages-version-convention

2038

# For a discussion of this in Redhat/Fedora/Centos:

2039

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2040

"name": "A String", # The main part of the version name.

2041

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2042

# If kind is not NORMAL, then the other fields are ignored.

2043

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2044

"revision": "A String", # The iteration of the package build from the above version.

2045

},

2046

"severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.

2047

"package": "A String", # The name of the package where the vulnerability was found.

2048

# This field can be used as a filter in list requests.

2049

"maxAffectedVersion": { # Version contains structured information about the version of the package. # The max version of the package in which the vulnerability exists.

2050

# For a discussion of this in Debian/Ubuntu:

2051

# http://serverfault.com/questions/604541/debian-packages-version-convention

2052

# For a discussion of this in Redhat/Fedora/Centos:

2053

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2054

"name": "A String", # The main part of the version name.

2055

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2056

# If kind is not NORMAL, then the other fields are ignored.

2057

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2058

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

},

},

],

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2063

"upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given # A note describing an upgrade.

2064

# version. For each package version combination (i.e. bash 4.0, bash 4.1,

2065

# bash 4.1.2), there will be a Upgrade Note.

2066

"package": "A String", # Required - The package this Upgrade is for.

2067

"version": { # Version contains structured information about the version of the package. # Required - The version of the package in machine + human readable form.

2068

# For a discussion of this in Debian/Ubuntu:

2069

# http://serverfault.com/questions/604541/debian-packages-version-convention

2070

# For a discussion of this in Redhat/Fedora/Centos:

2071

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2072

"name": "A String", # The main part of the version name.

2073

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2074

# If kind is not NORMAL, then the other fields are ignored.

2075

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2076

"revision": "A String", # The iteration of the package build from the above version.

2077

},

2078

"distributions": [ # Metadata about the upgrade for each specific operating system.

2079

{ # The Upgrade Distribution represents metadata about the Upgrade for each

2080

# operating system (CPE). Some distributions have additional metadata around

2081

# updates, classifying them into various categories and severities.

2082

"cve": [ # The cve that would be resolved by this upgrade.

2083

"A String",

2084

],

2085

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

2086

# upstream operating system upgrade feed.

2087

"severity": "A String", # The severity as specified by the upstream operating system.

2088

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

2089

# https://cpe.mitre.org/specification/.

},

],

},

"package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2094

# various channels.

2095

# e.g. glibc (aka libc6) is distributed by many, at various versions.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2096

"name": "A String", # The name of the package.

2097

"distribution": [ # The various channels by which a package is distributed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2098

{ # This represents a particular channel of distribution for a given package.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2099

# e.g. Debian's jessie-backports dpkg mirror

2100

"maintainer": "A String", # A freeform string denoting the maintainer of this package.

2101

"latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2102

# this distribution channel.

2103

# For a discussion of this in Debian/Ubuntu:

2104

# http://serverfault.com/questions/604541/debian-packages-version-convention

2105

# For a discussion of this in Redhat/Fedora/Centos:

2106

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2107

"name": "A String", # The main part of the version name.

2108

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2109

# If kind is not NORMAL, then the other fields are ignored.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2110

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2111

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2112

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2113

"description": "A String", # The distribution channel-specific description of this package.

2114

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

2115

# denoting the package manager version distributing a package.

2116

"url": "A String", # The distribution channel-specific homepage for this package.

2117

"architecture": "A String", # The CPU architecture for which packages in this distribution

2118

# channel were built

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2119

},

2120

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2121

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2122

"createTime": "A String", # Output only. The time this note was created. This field can be used as a

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2123

# filter in list requests.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2124

"updateTime": "A String", # Output only. The time this note was last updated. This field can be used as

2125

# a filter in list requests.

2126

"discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.

2127

# exists in a provider's project. A `Discovery` occurrence is created in a

2128

# consumer's project at the start of analysis. The occurrence's operation will

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2129

# indicate the status of the analysis. Absence of an occurrence linked to this

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2130

# note for a resource indicates that analysis hasn't started.

2131

"analysisKind": "A String", # The kind of analysis that is handled by this discovery.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

},

}</pre>

</div>

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2137

<code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2138

<pre>Gets a summary of the number and severity of occurrences.

2139

2140

Args:

2141

parent: string, This contains the project Id for example: projects/{project_id} (required)

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2142

filter: string, The filter expression.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2143

x__xgafv: string, V1 error format.

2144

Allowed values

2145

1 - v1 error format

2146

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2147

2148

Returns:

2149

An object of the form:

2150

2151

{ # A summary of how many vulnz occurrences there are per severity type.

2152

# counts by groups, or if we should have different summary messages

2153

# like this.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2154

"counts": [ # A map of how many occurrences were found for each severity.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2155

{ # The number of occurrences created for a specific severity.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2156

"severity": "A String", # The severity of the occurrences.

2157

"count": "A String", # The number of occurrences with the severity.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

},

],

}</pre>

</div>

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2164

<code class="details" id="list">list(parent, name=None, filter=None, pageToken=None, kind=None, pageSize=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2165

<pre>Lists active `Occurrences` for a given project matching the filters.

2166

2167

Args:

2168

parent: string, This contains the project Id for example: projects/{project_id}. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2169

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2170

"projects/{project_id}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2171

@Deprecated

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2172

filter: string, The filter expression.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2173

pageToken: string, Token to provide to skip to a particular spot in the list.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2174

kind: string, The kind of occurrences to filter on.

2175

pageSize: integer, Number of occurrences to return in the list.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2176

x__xgafv: string, V1 error format.

2177

Allowed values

2178

1 - v1 error format

2179

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2180

2181

Returns:

2182

An object of the form:

2183

2184

{ # Response including listed active occurrences.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2185

"occurrences": [ # The occurrences requested.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2186

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2187

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

2188

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

2189

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

2190

# in the associated note.

2191

# DockerImage relationship. This image would be produced from a Dockerfile

2192

# with FROM <DockerImage.Basis in attached Note>.

2193

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

2194

# occurrence.

2195

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

2196

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

2197

"A String",

2198

],

2199

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

2200

# representation.

2201

# This field can be used as a filter in list requests.

2202

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

2203

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

2204

# Only the name of the final blob is kept.

2205

# This field can be used as a filter in list requests.

2206

},

2207

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

2208

# "distance" and is ordered with [distance] being the layer immediately

2209

# following the base image and [1] being the final layer.

2210

{ # Layer holds metadata specific to a layer of a Docker image.

2211

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

2212

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2213

},

2214

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2215

"distance": 42, # Output only. The number of layers by which this image differs from the

2216

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2217

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2218

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

2219

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2220

# `BuildSignature` in the corresponding Result. After verifying the

2221

# signature, `provenance_bytes` can be unmarshalled and compared to the

2222

# provenance to confirm that it is unchanged. A base64-encoded string

2223

# representation of the provenance bytes is used for the signature in order

2224

# to interoperate with openssl which expects this format for signature

2225

# verification.

2226

#

2227

# The serialized form is captured both to avoid ambiguity in how the

2228

# provenance is marshalled to json as well to prevent incompatibilities with

2229

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2230

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

2231

# details about the build from source to completion.

2232

"startTime": "A String", # Time at which execution of the build was started.

2233

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

2234

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

2235

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

2236

# Repository.

2237

"projectId": "A String", # ID of the project that owns the repo.

2238

"repoName": "A String", # Name of the repo.

2239

"branchName": "A String", # Name of the branch to build.

2240

"tagName": "A String", # Name of the tag to build.

2241

"commitSha": "A String", # Explicit commit SHA to build.

2242

},

2243

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

2244

# Storage.

2245

# Google Cloud Storage.

2246

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

2247

# Requirements]

2248

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

2249

"object": "A String", # Google Cloud Storage object containing source.

2250

"generation": "A String", # Google Cloud Storage generation for the object.

2251

},

2252

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

2253

# source integrity was maintained in the build.

2254

#

2255

# The keys to this map are file paths used as build source and the values

2256

# contain the hash values for those files.

2257

#

2258

# If the build source came in a single package such as a gzipped tarfile

2259

# (.tar.gz), the FileHash will be for the single path to that file.

2260

"a_key": { # Container message for hashes of byte content of files, used in Source

2261

# messages to verify integrity of source input to the build.

2262

"fileHash": [ # Collection of file hashes.

2263

{ # Container message for hash values.

2264

"type": "A String", # The type of hash that was performed.

2265

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

2271

# location.

2272

# Google Cloud Storage.

2273

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

2274

# Requirements]

2275

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

2276

"object": "A String", # Google Cloud Storage object containing source.

2277

"generation": "A String", # Google Cloud Storage generation for the object.

2278

},

2279

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

2280

# these locations, in the case where the source repository had multiple

2281

# remotes or submodules. This list will not include the context specified in

2282

# the context field.

2283

{ # A SourceContext is a reference to a tree of files. A SourceContext together

2284

# with a path point to a unique revision of a single file or directory.

2285

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

2286

# Source Repo.

2287

"revisionId": "A String", # A revision ID.

2288

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

2289

"uid": "A String", # A server-assigned, globally unique identifier.

2290

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

2291

# winged-cargo-31) and a repo name within that project.

2292

"projectId": "A String", # The ID of the project.

2293

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

2294

},

2295

},

2296

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2297

"name": "A String", # The alias name.

2298

"kind": "A String", # The alias kind.

2299

},

2300

},

2301

"labels": { # Labels with user defined metadata.

2302

"a_key": "A String",

2303

},

2304

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

2305

# repository (e.g., GitHub).

2306

"revisionId": "A String", # Required. Git commit hash.

2307

"url": "A String", # Git repository URL.

2308

},

2309

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

2310

"hostUri": "A String", # The URI of a running Gerrit instance.

2311

"revisionId": "A String", # A revision (commit) ID.

2312

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

2313

# "project/subproject" is a valid project name. The "repo name" is

2314

# the hostURI/project.

2315

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2316

"name": "A String", # The alias name.

2317

"kind": "A String", # The alias kind.

2318

},

2319

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2320

},

2321

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2322

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

2323

# with a path point to a unique revision of a single file or directory.

2324

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

2325

# Source Repo.

2326

"revisionId": "A String", # A revision ID.

2327

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

2328

"uid": "A String", # A server-assigned, globally unique identifier.

2329

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

2330

# winged-cargo-31) and a repo name within that project.

2331

"projectId": "A String", # The ID of the project.

2332

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

2333

},

2334

},

2335

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2336

"name": "A String", # The alias name.

2337

"kind": "A String", # The alias kind.

2338

},

2339

},

2340

"labels": { # Labels with user defined metadata.

2341

"a_key": "A String",

2342

},

2343

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

2344

# repository (e.g., GitHub).

2345

"revisionId": "A String", # Required. Git commit hash.

2346

"url": "A String", # Git repository URL.

2347

},

2348

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

2349

"hostUri": "A String", # The URI of a running Gerrit instance.

2350

"revisionId": "A String", # A revision (commit) ID.

2351

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

2352

# "project/subproject" is a valid project name. The "repo name" is

2353

# the hostURI/project.

2354

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2355

"name": "A String", # The alias name.

2356

"kind": "A String", # The alias kind.

2357

},

2358

},

2359

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2360

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2361

"createTime": "A String", # Time at which the build was created.

2362

"projectId": "A String", # ID of the project.

2363

"finishTime": "A String", # Time at which execution of the build was finished.

2364

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

2365

# user's e-mail address at the time the build was initiated; this address may

2366

# not represent the same end-user for all time.

2367

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

2368

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

2369

"commands": [ # Commands requested by the build.

2370

{ # Command describes a step performed as part of the build pipeline.

2371

"name": "A String", # Name of the command, as presented on the command line, or if the command is

2372

# packaged as a Docker container, as presented to `docker pull`.

2373

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

2374

# this Command as a dependency.

2375

"dir": "A String", # Working directory (relative to project source root) used when running

2376

# this Command.

2377

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

2378

"A String",

2379

],

2380

"env": [ # Environment variables set before running this Command.

2381

"A String",

2382

],

2383

"args": [ # Command-line arguments used when executing this Command.

2384

"A String",

2385

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2386

},

2387

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2388

"builtArtifacts": [ # Output of the build.

2389

{ # Artifact describes a build product.

2390

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

2391

# like gcr.io/projectID/imagename@sha256:123456

2392

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

2393

# the case of a container build, the name used to push the container image to

2394

# Google Container Registry, as presented to `docker push`. Note that a

2395

# single Artifact ID can have multiple names, for example if two tags are

2396

# applied to one image.

2397

"A String",

2398

],

2399

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

2400

# the case of a container build, the name used to push the container image to

2401

# Google Container Registry, as presented to `docker push`.

2402

#

2403

# This field is deprecated in favor of the plural `names` field; it continues

2404

# to exist here to allow existing BuildProvenance serialized to json in

2405

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

2406

# deserialize back into proto.

2407

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

2412

"buildOptions": { # Special options applied to this build. This is a catch-all field where

2413

# build providers can enter any desired additional details.

2414

"a_key": "A String",

2415

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2416

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2417

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2418

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

2419

# specified. This field can be used as a filter in list requests.

2420

"resource": { # #

2421

# The resource for which the `Occurrence` applies.

2422

# Resource is an entity that can have metadata. E.g., a Docker image.

2423

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

2424

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

2425

"type": "A String", # The type of hash that was performed.

2426

"value": "A String", # The hash value.

2427

},

2428

"uri": "A String", # The unique URI of the resource. E.g.,

2429

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

2430

},

2431

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

2432

# applies. For example, https://gcr.io/project/image@sha256:foo This field

2433

# can be used as a filter in list requests.

2434

"name": "A String", # Output only. The name of the `Occurrence` in the form

2435

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

2436

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2437

# Attestation can be verified using the attached signature. If the verifier

2438

# trusts the public key of the signer, then verifying the signature is

2439

# sufficient to establish trust. In this circumstance, the

2440

# AttestationAuthority to which this Attestation is attached is primarily

2441

# useful for look-up (how to find this Attestation if you already know the

2442

# Authority and artifact to be verified) and intent (which authority was this

2443

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2444

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2445

# This message only supports `ATTACHED` signatures, where the payload that is

2446

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2447

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

2448

# equivalent. Since this message only supports attached signatures, the

2449

# payload that was signed must be attached. While the signature format

2450

# supported is dependent on the verification implementation, currently only

2451

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

2452

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

2453

# --output=signature.gpg payload.json` will create the signature content

2454

# expected in this field in `signature.gpg` for the `payload.json`

2455

# attestation payload.

2456

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2457

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

2458

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

2459

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2460

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2461

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

2462

# In gpg, the full fingerprint can be retrieved from the `fpr` field

2463

# returned when calling --list-keys with --with-colons. For example:

2464

# ```

2465

# gpg --with-colons --with-fingerprint --force-v4-certs \

2466

# --list-keys attester@example.com

2467

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2468

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2469

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

2470

# ```

2471

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2472

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2473

# The verifier must ensure that the provided type is one that the verifier

2474

# supports, and that the attestation payload is a valid instantiation of that

2475

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2476

},

2477

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2478

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

2479

# a system.

2480

"location": [ # All of the places within the filesystem versions of this package

2481

# have been found.

2482

{ # An occurrence of a particular package installation found within a

2483

# system's filesystem.

2484

# e.g. glibc was found in /var/lib/dpkg/status

2485

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

2486

# denoting the package manager version distributing a package.

2487

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

2488

# For a discussion of this in Debian/Ubuntu:

2489

# http://serverfault.com/questions/604541/debian-packages-version-convention

2490

# For a discussion of this in Redhat/Fedora/Centos:

2491

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2492

"name": "A String", # The main part of the version name.

2493

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2494

# If kind is not NORMAL, then the other fields are ignored.

2495

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2496

"revision": "A String", # The iteration of the package build from the above version.

2497

},

2498

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2499

},

2500

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2501

"name": "A String", # Output only. The name of the installed package.

2502

},

2503

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

2504

# specific upgrade. This presence is supplied via local sources (i.e. it is

2505

# present in the mirror and the running system has noticed its availability).

2506

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

2507

# for the resource_url. This allows efficient filtering, as well as

2508

# making it easier to use the occurrence.

2509

# operating system (CPE). Some distributions have additional metadata around

2510

# updates, classifying them into various categories and severities.

2511

"cve": [ # The cve that would be resolved by this upgrade.

2512

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2513

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2514

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

2515

# upstream operating system upgrade feed.

2516

"severity": "A String", # The severity as specified by the upstream operating system.

2517

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

2518

# https://cpe.mitre.org/specification/.

2519

},

2520

"package": "A String", # Required - The package this Upgrade is for.

2521

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

2522

# For a discussion of this in Debian/Ubuntu:

2523

# http://serverfault.com/questions/604541/debian-packages-version-convention

2524

# For a discussion of this in Redhat/Fedora/Centos:

2525

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2526

"name": "A String", # The main part of the version name.

2527

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2528

# If kind is not NORMAL, then the other fields are ignored.

2529

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2530

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2531

},

2532

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2533

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

2534

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

2535

# This field is deprecated, do not use.

2536

# network API call.

2537

"name": "A String", # The server-assigned name, which is only unique within the same service that

2538

# originally returns it. If you use the default HTTP mapping, the

2539

# `name` should be a resource name ending with `operations/{unique_id}`.

2540

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

2541

# different programming environments, including REST APIs and RPC APIs. It is

2542

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

2543

# three pieces of data: error code, error message, and error details.

2544

#

2545

# You can find out more about this error model and how to work with it in the

2546

# [API Design Guide](https://cloud.google.com/apis/design/errors).

2547

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

2548

"message": "A String", # A developer-facing error message, which should be in English. Any

2549

# user-facing error message should be localized and sent in the

2550

# google.rpc.Status.details field, or localized by the client.

2551

"details": [ # A list of messages that carry the error details. There is a common set of

2552

# message types for APIs to use.

2553

{

2554

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

2559

# contains progress information and common metadata such as create time.

2560

# Some services might not provide such metadata. Any method that returns a

2561

# long-running operation should document the metadata type, if any.

2562

"a_key": "", # Properties of the object. Contains field @type with type URL.

2563

},

2564

"done": True or False, # If the value is `false`, it means the operation is still in progress.

2565

# If `true`, the operation is completed, and either `error` or `response` is

2566

# available.

2567

"response": { # The normal response of the operation in case of success. If the original

2568

# method returns no data on success, such as `Delete`, the response is

2569

# `google.protobuf.Empty`. If the original method is standard

2570

# `Get`/`Create`/`Update`, the response should be the resource. For other

2571

# methods, the response should have the type `XxxResponse`, where `Xxx`

2572

# is the original method name. For example, if the original method name

2573

# is `TakeSnapshot()`, the inferred response type is

2574

# `TakeSnapshotResponse`.

2575

"a_key": "", # Properties of the object. Contains field @type with type URL.

2576

},

2577

},

2578

"analysisStatus": "A String", # The status of discovery for the resource.

2579

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

2580

"cpe": "A String", # The CPE of the resource being scanned.

2581

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

2582

# details to show to the user. The LocalizedMessage output only and

2583

# populated by the API.

2584

# different programming environments, including REST APIs and RPC APIs. It is

2585

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

2586

# three pieces of data: error code, error message, and error details.

2587

#

2588

# You can find out more about this error model and how to work with it in the

2589

# [API Design Guide](https://cloud.google.com/apis/design/errors).

2590

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

2591

"message": "A String", # A developer-facing error message, which should be in English. Any

2592

# user-facing error message should be localized and sent in the

2593

# google.rpc.Status.details field, or localized by the client.

2594

"details": [ # A list of messages that carry the error details. There is a common set of

2595

# message types for APIs to use.

2596

{

2597

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

2603

"address": "A String", # Address of the runtime element hosting this deployment.

2604

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

2605

# deployable field with the same name.

2606

"A String",

2607

],

2608

"userEmail": "A String", # Identity of the user that triggered this deployment.

2609

"config": "A String", # Configuration used to create this deployment.

2610

"undeployTime": "A String", # End of the lifetime of this deployment.

2611

"platform": "A String", # Platform hosting this deployment.

2612

"deployTime": "A String", # Beginning of the lifetime of this deployment.

2613

},

2614

"noteName": "A String", # An analysis note associated with this image, in the form

2615

# "providers/{provider_id}/notes/{NOTE_ID}"

2616

# This field can be used as a filter in list requests.

2617

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

2618

# to fix it.

2619

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

2620

# scale of 0-10 where 0 indicates low severity and 10 indicates high

2621

# severity.

2622

"type": "A String", # The type of package; whether native or non native(ruby gems,

2623

# node.js packages etc)

2624

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

2625

# available and note provider assigned severity when distro has not yet

2626

# assigned a severity for this vulnerability.

2627

"packageIssue": [ # The set of affected locations and their fixes (if available) within

2628

# the associated resource.

2629

{ # This message wraps a location affected by a vulnerability and its

2630

# associated fix (if one is available).

2631

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

2632

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

2633

# format. Examples include distro or storage location for vulnerable jar.

2634

# This field can be used as a filter in list requests.

2635

"package": "A String", # The package being described.

2636

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

2637

# filter in list requests.

2638

# For a discussion of this in Debian/Ubuntu:

2639

# http://serverfault.com/questions/604541/debian-packages-version-convention

2640

# For a discussion of this in Redhat/Fedora/Centos:

2641

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2642

"name": "A String", # The main part of the version name.

2643

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2644

# If kind is not NORMAL, then the other fields are ignored.

2645

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2646

"revision": "A String", # The iteration of the package build from the above version.

2647

},

2648

},

2649

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

2650

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

2651

# format. Examples include distro or storage location for vulnerable jar.

2652

# This field can be used as a filter in list requests.

2653

"package": "A String", # The package being described.

2654

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

2655

# filter in list requests.

2656

# For a discussion of this in Debian/Ubuntu:

2657

# http://serverfault.com/questions/604541/debian-packages-version-convention

2658

# For a discussion of this in Redhat/Fedora/Centos:

2659

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

2660

"name": "A String", # The main part of the version name.

2661

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

2662

# If kind is not NORMAL, then the other fields are ignored.

2663

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

2664

"revision": "A String", # The iteration of the package build from the above version.

2665

},

2666

},

2667

"severityName": "A String",

2668

},

2669

],

2670

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

2671

},

2672

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2673

},

2674

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2675

"nextPageToken": "A String", # The next pagination token in the list response. It should be used as

2676

# `page_token` for the following request. An empty value means no more

2677

# results.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

2683

<pre>Retrieves the next page of results.

2684

2685

Args:

2686

previous_request: The request for the previous page. (required)

2687

previous_response: The response from the request for the previous page. (required)

2688

2689

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2690

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2691

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2696

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2697

<pre>Updates an existing occurrence.

Args:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2701

Should be of the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}". (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2702

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2703

The object takes the form of:

2704

2705

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2706

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

2707

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

2708

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

2709

# in the associated note.

2710

# DockerImage relationship. This image would be produced from a Dockerfile

2711

# with FROM <DockerImage.Basis in attached Note>.

2712

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

2713

# occurrence.

2714

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

2715

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

2716

"A String",

2717

],

2718

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

2719

# representation.

2720

# This field can be used as a filter in list requests.

2721

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

2722

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

2723

# Only the name of the final blob is kept.

2724

# This field can be used as a filter in list requests.

2725

},

2726

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

2727

# "distance" and is ordered with [distance] being the layer immediately

2728

# following the base image and [1] being the final layer.

2729

{ # Layer holds metadata specific to a layer of a Docker image.

2730

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

2731

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2732

},

2733

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2734

"distance": 42, # Output only. The number of layers by which this image differs from the

2735

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2736

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2737

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

2738

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2739

# `BuildSignature` in the corresponding Result. After verifying the

2740

# signature, `provenance_bytes` can be unmarshalled and compared to the

2741

# provenance to confirm that it is unchanged. A base64-encoded string

2742

# representation of the provenance bytes is used for the signature in order

2743

# to interoperate with openssl which expects this format for signature

2744

# verification.

2745

#

2746

# The serialized form is captured both to avoid ambiguity in how the

2747

# provenance is marshalled to json as well to prevent incompatibilities with

2748

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2749

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

2750

# details about the build from source to completion.

2751

"startTime": "A String", # Time at which execution of the build was started.

2752

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

2753

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

2754

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

2755

# Repository.

2756

"projectId": "A String", # ID of the project that owns the repo.

2757

"repoName": "A String", # Name of the repo.

2758

"branchName": "A String", # Name of the branch to build.

2759

"tagName": "A String", # Name of the tag to build.

2760

"commitSha": "A String", # Explicit commit SHA to build.

2761

},

2762

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

2763

# Storage.

2764

# Google Cloud Storage.

2765

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

2766

# Requirements]

2767

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

2768

"object": "A String", # Google Cloud Storage object containing source.

2769

"generation": "A String", # Google Cloud Storage generation for the object.

2770

},

2771

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

2772

# source integrity was maintained in the build.

2773

#

2774

# The keys to this map are file paths used as build source and the values

2775

# contain the hash values for those files.

2776

#

2777

# If the build source came in a single package such as a gzipped tarfile

2778

# (.tar.gz), the FileHash will be for the single path to that file.

2779

"a_key": { # Container message for hashes of byte content of files, used in Source

2780

# messages to verify integrity of source input to the build.

2781

"fileHash": [ # Collection of file hashes.

2782

{ # Container message for hash values.

2783

"type": "A String", # The type of hash that was performed.

2784

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

2790

# location.

2791

# Google Cloud Storage.

2792

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

2793

# Requirements]

2794

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

2795

"object": "A String", # Google Cloud Storage object containing source.

2796

"generation": "A String", # Google Cloud Storage generation for the object.

2797

},

2798

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

2799

# these locations, in the case where the source repository had multiple

2800

# remotes or submodules. This list will not include the context specified in

2801

# the context field.

2802

{ # A SourceContext is a reference to a tree of files. A SourceContext together

2803

# with a path point to a unique revision of a single file or directory.

2804

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

2805

# Source Repo.

2806

"revisionId": "A String", # A revision ID.

2807

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

2808

"uid": "A String", # A server-assigned, globally unique identifier.

2809

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

2810

# winged-cargo-31) and a repo name within that project.

2811

"projectId": "A String", # The ID of the project.

2812

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

2813

},

2814

},

2815

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2816

"name": "A String", # The alias name.

2817

"kind": "A String", # The alias kind.

2818

},

2819

},

2820

"labels": { # Labels with user defined metadata.

2821

"a_key": "A String",

2822

},

2823

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

2824

# repository (e.g., GitHub).

2825

"revisionId": "A String", # Required. Git commit hash.

2826

"url": "A String", # Git repository URL.

2827

},

2828

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

2829

"hostUri": "A String", # The URI of a running Gerrit instance.

2830

"revisionId": "A String", # A revision (commit) ID.

2831

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

2832

# "project/subproject" is a valid project name. The "repo name" is

2833

# the hostURI/project.

2834

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2835

"name": "A String", # The alias name.

2836

"kind": "A String", # The alias kind.

2837

},

2838

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2839

},

2840

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2841

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

2842

# with a path point to a unique revision of a single file or directory.

2843

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

2844

# Source Repo.

2845

"revisionId": "A String", # A revision ID.

2846

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

2847

"uid": "A String", # A server-assigned, globally unique identifier.

2848

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

2849

# winged-cargo-31) and a repo name within that project.

2850

"projectId": "A String", # The ID of the project.

2851

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

2852

},

2853

},

2854

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2855

"name": "A String", # The alias name.

2856

"kind": "A String", # The alias kind.

2857

},

2858

},

2859

"labels": { # Labels with user defined metadata.

2860

"a_key": "A String",

2861

},

2862

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

2863

# repository (e.g., GitHub).

2864

"revisionId": "A String", # Required. Git commit hash.

2865

"url": "A String", # Git repository URL.

2866

},

2867

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

2868

"hostUri": "A String", # The URI of a running Gerrit instance.

2869

"revisionId": "A String", # A revision (commit) ID.

2870

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

2871

# "project/subproject" is a valid project name. The "repo name" is

2872

# the hostURI/project.

2873

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

2874

"name": "A String", # The alias name.

2875

"kind": "A String", # The alias kind.

2876

},

2877

},

2878

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2879

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2880

"createTime": "A String", # Time at which the build was created.

2881

"projectId": "A String", # ID of the project.

2882

"finishTime": "A String", # Time at which execution of the build was finished.

2883

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

2884

# user's e-mail address at the time the build was initiated; this address may

2885

# not represent the same end-user for all time.

2886

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

2887

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

2888

"commands": [ # Commands requested by the build.

2889

{ # Command describes a step performed as part of the build pipeline.

2890

"name": "A String", # Name of the command, as presented on the command line, or if the command is

2891

# packaged as a Docker container, as presented to `docker pull`.

2892

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

2893

# this Command as a dependency.

2894

"dir": "A String", # Working directory (relative to project source root) used when running

2895

# this Command.

2896

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

2897

"A String",

2898

],

2899

"env": [ # Environment variables set before running this Command.

2900

"A String",

2901

],

2902

"args": [ # Command-line arguments used when executing this Command.

2903

"A String",

2904

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2905

},

2906

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2907

"builtArtifacts": [ # Output of the build.

2908

{ # Artifact describes a build product.

2909

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

2910

# like gcr.io/projectID/imagename@sha256:123456

2911

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

2912

# the case of a container build, the name used to push the container image to

2913

# Google Container Registry, as presented to `docker push`. Note that a

2914

# single Artifact ID can have multiple names, for example if two tags are

2915

# applied to one image.

2916

"A String",

2917

],

2918

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

2919

# the case of a container build, the name used to push the container image to

2920

# Google Container Registry, as presented to `docker push`.

2921

#

2922

# This field is deprecated in favor of the plural `names` field; it continues

2923

# to exist here to allow existing BuildProvenance serialized to json in

2924

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

2925

# deserialize back into proto.

2926

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

2931

"buildOptions": { # Special options applied to this build. This is a catch-all field where

2932

# build providers can enter any desired additional details.

2933

"a_key": "A String",

2934

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2935

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2936

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2937

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

2938

# specified. This field can be used as a filter in list requests.

2939

"resource": { # #

2940

# The resource for which the `Occurrence` applies.

2941

# Resource is an entity that can have metadata. E.g., a Docker image.

2942

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

2943

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

2944

"type": "A String", # The type of hash that was performed.

2945

"value": "A String", # The hash value.

2946

},

2947

"uri": "A String", # The unique URI of the resource. E.g.,

2948

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

2949

},

2950

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

2951

# applies. For example, https://gcr.io/project/image@sha256:foo This field

2952

# can be used as a filter in list requests.

2953

"name": "A String", # Output only. The name of the `Occurrence` in the form

2954

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

2955

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2956

# Attestation can be verified using the attached signature. If the verifier

2957

# trusts the public key of the signer, then verifying the signature is

2958

# sufficient to establish trust. In this circumstance, the

2959

# AttestationAuthority to which this Attestation is attached is primarily

2960

# useful for look-up (how to find this Attestation if you already know the

2961

# Authority and artifact to be verified) and intent (which authority was this

2962

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2963

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2964

# This message only supports `ATTACHED` signatures, where the payload that is

2965

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2966

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

2967

# equivalent. Since this message only supports attached signatures, the

2968

# payload that was signed must be attached. While the signature format

2969

# supported is dependent on the verification implementation, currently only

2970

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

2971

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

2972

# --output=signature.gpg payload.json` will create the signature content

2973

# expected in this field in `signature.gpg` for the `payload.json`

2974

# attestation payload.

2975

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2976

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

2977

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

2978

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2979

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2980

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

2981

# In gpg, the full fingerprint can be retrieved from the `fpr` field

2982

# returned when calling --list-keys with --with-colons. For example:

2983

# ```

2984

# gpg --with-colons --with-fingerprint --force-v4-certs \

2985

# --list-keys attester@example.com

2986

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2987

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2988

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

2989

# ```

2990

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2991

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2992

# The verifier must ensure that the provided type is one that the verifier

2993

# supports, and that the attestation payload is a valid instantiation of that

2994

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2995

},

2996

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2997

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

2998

# a system.

2999

"location": [ # All of the places within the filesystem versions of this package

3000

# have been found.

3001

{ # An occurrence of a particular package installation found within a

3002

# system's filesystem.

3003

# e.g. glibc was found in /var/lib/dpkg/status

3004

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

3005

# denoting the package manager version distributing a package.

3006

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

3007

# For a discussion of this in Debian/Ubuntu:

3008

# http://serverfault.com/questions/604541/debian-packages-version-convention

3009

# For a discussion of this in Redhat/Fedora/Centos:

3010

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3011

"name": "A String", # The main part of the version name.

3012

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3013

# If kind is not NORMAL, then the other fields are ignored.

3014

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3015

"revision": "A String", # The iteration of the package build from the above version.

3016

},

3017

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3018

},

3019

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3020

"name": "A String", # Output only. The name of the installed package.

3021

},

3022

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

3023

# specific upgrade. This presence is supplied via local sources (i.e. it is

3024

# present in the mirror and the running system has noticed its availability).

3025

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

3026

# for the resource_url. This allows efficient filtering, as well as

3027

# making it easier to use the occurrence.

3028

# operating system (CPE). Some distributions have additional metadata around

3029

# updates, classifying them into various categories and severities.

3030

"cve": [ # The cve that would be resolved by this upgrade.

3031

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3032

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3033

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

3034

# upstream operating system upgrade feed.

3035

"severity": "A String", # The severity as specified by the upstream operating system.

3036

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

3037

# https://cpe.mitre.org/specification/.

3038

},

3039

"package": "A String", # Required - The package this Upgrade is for.

3040

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

3041

# For a discussion of this in Debian/Ubuntu:

3042

# http://serverfault.com/questions/604541/debian-packages-version-convention

3043

# For a discussion of this in Redhat/Fedora/Centos:

3044

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3045

"name": "A String", # The main part of the version name.

3046

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3047

# If kind is not NORMAL, then the other fields are ignored.

3048

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3049

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3050

},

3051

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3052

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

3053

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

3054

# This field is deprecated, do not use.

3055

# network API call.

3056

"name": "A String", # The server-assigned name, which is only unique within the same service that

3057

# originally returns it. If you use the default HTTP mapping, the

3058

# `name` should be a resource name ending with `operations/{unique_id}`.

3059

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

3060

# different programming environments, including REST APIs and RPC APIs. It is

3061

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

3062

# three pieces of data: error code, error message, and error details.

3063

#

3064

# You can find out more about this error model and how to work with it in the

3065

# [API Design Guide](https://cloud.google.com/apis/design/errors).

3066

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

3067

"message": "A String", # A developer-facing error message, which should be in English. Any

3068

# user-facing error message should be localized and sent in the

3069

# google.rpc.Status.details field, or localized by the client.

3070

"details": [ # A list of messages that carry the error details. There is a common set of

3071

# message types for APIs to use.

3072

{

3073

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

3078

# contains progress information and common metadata such as create time.

3079

# Some services might not provide such metadata. Any method that returns a

3080

# long-running operation should document the metadata type, if any.

3081

"a_key": "", # Properties of the object. Contains field @type with type URL.

3082

},

3083

"done": True or False, # If the value is `false`, it means the operation is still in progress.

3084

# If `true`, the operation is completed, and either `error` or `response` is

3085

# available.

3086

"response": { # The normal response of the operation in case of success. If the original

3087

# method returns no data on success, such as `Delete`, the response is

3088

# `google.protobuf.Empty`. If the original method is standard

3089

# `Get`/`Create`/`Update`, the response should be the resource. For other

3090

# methods, the response should have the type `XxxResponse`, where `Xxx`

3091

# is the original method name. For example, if the original method name

3092

# is `TakeSnapshot()`, the inferred response type is

3093

# `TakeSnapshotResponse`.

3094

"a_key": "", # Properties of the object. Contains field @type with type URL.

3095

},

3096

},

3097

"analysisStatus": "A String", # The status of discovery for the resource.

3098

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

3099

"cpe": "A String", # The CPE of the resource being scanned.

3100

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

3101

# details to show to the user. The LocalizedMessage output only and

3102

# populated by the API.

3103

# different programming environments, including REST APIs and RPC APIs. It is

3104

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

3105

# three pieces of data: error code, error message, and error details.

3106

#

3107

# You can find out more about this error model and how to work with it in the

3108

# [API Design Guide](https://cloud.google.com/apis/design/errors).

3109

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

3110

"message": "A String", # A developer-facing error message, which should be in English. Any

3111

# user-facing error message should be localized and sent in the

3112

# google.rpc.Status.details field, or localized by the client.

3113

"details": [ # A list of messages that carry the error details. There is a common set of

3114

# message types for APIs to use.

3115

{

3116

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

3122

"address": "A String", # Address of the runtime element hosting this deployment.

3123

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

3124

# deployable field with the same name.

3125

"A String",

3126

],

3127

"userEmail": "A String", # Identity of the user that triggered this deployment.

3128

"config": "A String", # Configuration used to create this deployment.

3129

"undeployTime": "A String", # End of the lifetime of this deployment.

3130

"platform": "A String", # Platform hosting this deployment.

3131

"deployTime": "A String", # Beginning of the lifetime of this deployment.

3132

},

3133

"noteName": "A String", # An analysis note associated with this image, in the form

3134

# "providers/{provider_id}/notes/{NOTE_ID}"

3135

# This field can be used as a filter in list requests.

3136

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

3137

# to fix it.

3138

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

3139

# scale of 0-10 where 0 indicates low severity and 10 indicates high

3140

# severity.

3141

"type": "A String", # The type of package; whether native or non native(ruby gems,

3142

# node.js packages etc)

3143

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

3144

# available and note provider assigned severity when distro has not yet

3145

# assigned a severity for this vulnerability.

3146

"packageIssue": [ # The set of affected locations and their fixes (if available) within

3147

# the associated resource.

3148

{ # This message wraps a location affected by a vulnerability and its

3149

# associated fix (if one is available).

3150

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

3151

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

3152

# format. Examples include distro or storage location for vulnerable jar.

3153

# This field can be used as a filter in list requests.

3154

"package": "A String", # The package being described.

3155

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

3156

# filter in list requests.

3157

# For a discussion of this in Debian/Ubuntu:

3158

# http://serverfault.com/questions/604541/debian-packages-version-convention

3159

# For a discussion of this in Redhat/Fedora/Centos:

3160

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3161

"name": "A String", # The main part of the version name.

3162

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3163

# If kind is not NORMAL, then the other fields are ignored.

3164

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3165

"revision": "A String", # The iteration of the package build from the above version.

3166

},

3167

},

3168

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

3169

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

3170

# format. Examples include distro or storage location for vulnerable jar.

3171

# This field can be used as a filter in list requests.

3172

"package": "A String", # The package being described.

3173

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

3174

# filter in list requests.

3175

# For a discussion of this in Debian/Ubuntu:

3176

# http://serverfault.com/questions/604541/debian-packages-version-convention

3177

# For a discussion of this in Redhat/Fedora/Centos:

3178

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3179

"name": "A String", # The main part of the version name.

3180

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3181

# If kind is not NORMAL, then the other fields are ignored.

3182

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3183

"revision": "A String", # The iteration of the package build from the above version.

3184

},

3185

},

3186

"severityName": "A String",

3187

},

3188

],

3189

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

3190

},

3191

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3192

}

3193

3194

updateMask: string, The fields to update.

3195

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

3202

3203

{ # `Occurrence` includes information about analysis occurrences for an image.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3204

"updateTime": "A String", # Output only. The time this `Occurrence` was last updated.

3205

"remediation": "A String", # A description of actions that can be taken to remedy the `Note`

3206

"derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis

3207

# in the associated note.

3208

# DockerImage relationship. This image would be produced from a Dockerfile

3209

# with FROM <DockerImage.Basis in attached Note>.

3210

"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image

3211

# occurrence.

3212

"fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.

3213

"v2Blob": [ # The ordered list of v2 blobs that represent a given image.

3214

"A String",

3215

],

3216

"v1Name": "A String", # The layer-id of the final layer in the Docker image's v1

3217

# representation.

3218

# This field can be used as a filter in list requests.

3219

"v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:

3220

# [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])

3221

# Only the name of the final blob is kept.

3222

# This field can be used as a filter in list requests.

3223

},

3224

"layerInfo": [ # This contains layer-specific metadata, if populated it has length

3225

# "distance" and is ordered with [distance] being the layer immediately

3226

# following the base image and [1] being the final layer.

3227

{ # Layer holds metadata specific to a layer of a Docker image.

3228

"directive": "A String", # The recovered Dockerfile directive used to construct this layer.

3229

"arguments": "A String", # The recovered arguments to the Dockerfile directive.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3230

},

3231

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3232

"distance": 42, # Output only. The number of layers by which this image differs from the

3233

# associated image basis.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3234

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3235

"buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.

3236

"provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3237

# `BuildSignature` in the corresponding Result. After verifying the

3238

# signature, `provenance_bytes` can be unmarshalled and compared to the

3239

# provenance to confirm that it is unchanged. A base64-encoded string

3240

# representation of the provenance bytes is used for the signature in order

3241

# to interoperate with openssl which expects this format for signature

3242

# verification.

3243

#

3244

# The serialized form is captured both to avoid ambiguity in how the

3245

# provenance is marshalled to json as well to prevent incompatibilities with

3246

# future changes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3247

"provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance

3248

# details about the build from source to completion.

3249

"startTime": "A String", # Time at which execution of the build was started.

3250

"triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.

3251

"sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.

3252

"repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.

3253

# Repository.

3254

"projectId": "A String", # ID of the project that owns the repo.

3255

"repoName": "A String", # Name of the repo.

3256

"branchName": "A String", # Name of the branch to build.

3257

"tagName": "A String", # Name of the tag to build.

3258

"commitSha": "A String", # Explicit commit SHA to build.

3259

},

3260

"storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud

3261

# Storage.

3262

# Google Cloud Storage.

3263

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

3264

# Requirements]

3265

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

3266

"object": "A String", # Google Cloud Storage object containing source.

3267

"generation": "A String", # Google Cloud Storage generation for the object.

3268

},

3269

"fileHashes": { # Hash(es) of the build source, which can be used to verify that the original

3270

# source integrity was maintained in the build.

3271

#

3272

# The keys to this map are file paths used as build source and the values

3273

# contain the hash values for those files.

3274

#

3275

# If the build source came in a single package such as a gzipped tarfile

3276

# (.tar.gz), the FileHash will be for the single path to that file.

3277

"a_key": { # Container message for hashes of byte content of files, used in Source

3278

# messages to verify integrity of source input to the build.

3279

"fileHash": [ # Collection of file hashes.

3280

{ # Container message for hash values.

3281

"type": "A String", # The type of hash that was performed.

3282

"value": "A String", # The hash value.

},

],

},

},

"artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this

3288

# location.

3289

# Google Cloud Storage.

3290

"bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name

3291

# Requirements]

3292

# (https://cloud.google.com/storage/docs/bucket-naming#requirements)).

3293

"object": "A String", # Google Cloud Storage object containing source.

3294

"generation": "A String", # Google Cloud Storage generation for the object.

3295

},

3296

"additionalContexts": [ # If provided, some of the source code used for the build may be found in

3297

# these locations, in the case where the source repository had multiple

3298

# remotes or submodules. This list will not include the context specified in

3299

# the context field.

3300

{ # A SourceContext is a reference to a tree of files. A SourceContext together

3301

# with a path point to a unique revision of a single file or directory.

3302

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

3303

# Source Repo.

3304

"revisionId": "A String", # A revision ID.

3305

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

3306

"uid": "A String", # A server-assigned, globally unique identifier.

3307

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

3308

# winged-cargo-31) and a repo name within that project.

3309

"projectId": "A String", # The ID of the project.

3310

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

3311

},

3312

},

3313

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

3314

"name": "A String", # The alias name.

3315

"kind": "A String", # The alias kind.

3316

},

3317

},

3318

"labels": { # Labels with user defined metadata.

3319

"a_key": "A String",

3320

},

3321

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

3322

# repository (e.g., GitHub).

3323

"revisionId": "A String", # Required. Git commit hash.

3324

"url": "A String", # Git repository URL.

3325

},

3326

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

3327

"hostUri": "A String", # The URI of a running Gerrit instance.

3328

"revisionId": "A String", # A revision (commit) ID.

3329

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

3330

# "project/subproject" is a valid project name. The "repo name" is

3331

# the hostURI/project.

3332

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

3333

"name": "A String", # The alias name.

3334

"kind": "A String", # The alias kind.

3335

},

3336

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3337

},

3338

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3339

"context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.

3340

# with a path point to a unique revision of a single file or directory.

3341

"cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.

3342

# Source Repo.

3343

"revisionId": "A String", # A revision ID.

3344

"repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.

3345

"uid": "A String", # A server-assigned, globally unique identifier.

3346

"projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.

3347

# winged-cargo-31) and a repo name within that project.

3348

"projectId": "A String", # The ID of the project.

3349

"repoName": "A String", # The name of the repo. Leave empty for the default repo.

3350

},

3351

},

3352

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

3353

"name": "A String", # The alias name.

3354

"kind": "A String", # The alias kind.

3355

},

3356

},

3357

"labels": { # Labels with user defined metadata.

3358

"a_key": "A String",

3359

},

3360

"git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).

3361

# repository (e.g., GitHub).

3362

"revisionId": "A String", # Required. Git commit hash.

3363

"url": "A String", # Git repository URL.

3364

},

3365

"gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.

3366

"hostUri": "A String", # The URI of a running Gerrit instance.

3367

"revisionId": "A String", # A revision (commit) ID.

3368

"gerritProject": "A String", # The full project name within the host. Projects may be nested, so

3369

# "project/subproject" is a valid project name. The "repo name" is

3370

# the hostURI/project.

3371

"aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.

3372

"name": "A String", # The alias name.

3373

"kind": "A String", # The alias kind.

3374

},

3375

},

3376

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3377

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3378

"createTime": "A String", # Time at which the build was created.

3379

"projectId": "A String", # ID of the project.

3380

"finishTime": "A String", # Time at which execution of the build was finished.

3381

"creator": "A String", # E-mail address of the user who initiated this build. Note that this was the

3382

# user's e-mail address at the time the build was initiated; this address may

3383

# not represent the same end-user for all time.

3384

"logsBucket": "A String", # Google Cloud Storage bucket where logs were written.

3385

"builderVersion": "A String", # Version string of the builder at the time this build was executed.

3386

"commands": [ # Commands requested by the build.

3387

{ # Command describes a step performed as part of the build pipeline.

3388

"name": "A String", # Name of the command, as presented on the command line, or if the command is

3389

# packaged as a Docker container, as presented to `docker pull`.

3390

"id": "A String", # Optional unique identifier for this Command, used in wait_for to reference

3391

# this Command as a dependency.

3392

"dir": "A String", # Working directory (relative to project source root) used when running

3393

# this Command.

3394

"waitFor": [ # The ID(s) of the Command(s) that this Command depends on.

3395

"A String",

3396

],

3397

"env": [ # Environment variables set before running this Command.

3398

"A String",

3399

],

3400

"args": [ # Command-line arguments used when executing this Command.

3401

"A String",

3402

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3403

},

3404

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3405

"builtArtifacts": [ # Output of the build.

3406

{ # Artifact describes a build product.

3407

"id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest

3408

# like gcr.io/projectID/imagename@sha256:123456

3409

"names": [ # Related artifact names. This may be the path to a binary or jar file, or in

3410

# the case of a container build, the name used to push the container image to

3411

# Google Container Registry, as presented to `docker push`. Note that a

3412

# single Artifact ID can have multiple names, for example if two tags are

3413

# applied to one image.

3414

"A String",

3415

],

3416

"name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in

3417

# the case of a container build, the name used to push the container image to

3418

# Google Container Registry, as presented to `docker push`.

3419

#

3420

# This field is deprecated in favor of the plural `names` field; it continues

3421

# to exist here to allow existing BuildProvenance serialized to json in

3422

# google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to

3423

# deserialize back into proto.

3424

"checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a

# container.

},

],

"id": "A String", # Unique identifier of the build.

3429

"buildOptions": { # Special options applied to this build. This is a catch-all field where

3430

# build providers can enter any desired additional details.

3431

"a_key": "A String",

3432

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3433

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3434

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3435

"kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are

3436

# specified. This field can be used as a filter in list requests.

3437

"resource": { # #

3438

# The resource for which the `Occurrence` applies.

3439

# Resource is an entity that can have metadata. E.g., a Docker image.

3440

"name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".

3441

"contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.

3442

"type": "A String", # The type of hash that was performed.

3443

"value": "A String", # The hash value.

3444

},

3445

"uri": "A String", # The unique URI of the resource. E.g.,

3446

# "https://gcr.io/project/image@sha256:foo" for a Docker image.

3447

},

3448

"resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`

3449

# applies. For example, https://gcr.io/project/image@sha256:foo This field

3450

# can be used as a filter in list requests.

3451

"name": "A String", # Output only. The name of the `Occurrence` in the form

3452

# "projects/{project_id}/occurrences/{OCCURRENCE_ID}"

3453

"attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3454

# Attestation can be verified using the attached signature. If the verifier

3455

# trusts the public key of the signer, then verifying the signature is

3456

# sufficient to establish trust. In this circumstance, the

3457

# AttestationAuthority to which this Attestation is attached is primarily

3458

# useful for look-up (how to find this Attestation if you already know the

3459

# Authority and artifact to be verified) and intent (which authority was this

3460

# attestation intended to sign for).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3461

"pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3462

# This message only supports `ATTACHED` signatures, where the payload that is

3463

# signed is included alongside the signature itself in the same file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3464

"signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or

3465

# equivalent. Since this message only supports attached signatures, the

3466

# payload that was signed must be attached. While the signature format

3467

# supported is dependent on the verification implementation, currently only

3468

# ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than

3469

# `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor

3470

# --output=signature.gpg payload.json` will create the signature content

3471

# expected in this field in `signature.gpg` for the `payload.json`

3472

# attestation payload.

3473

"pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3474

# as output by, e.g. `gpg --list-keys`. This should be the version 4, full

3475

# 160-bit fingerprint, expressed as a 40 character hexadecimal string. See

3476

# https://tools.ietf.org/html/rfc4880#section-12.2 for details.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3477

# Implementations may choose to acknowledge "LONG", "SHORT", or other

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3478

# abbreviated key IDs, but only the full fingerprint is guaranteed to work.

3479

# In gpg, the full fingerprint can be retrieved from the `fpr` field

3480

# returned when calling --list-keys with --with-colons. For example:

3481

# ```

3482

# gpg --with-colons --with-fingerprint --force-v4-certs \

3483

# --list-keys attester@example.com

3484

# tru::1:1513631572:0:3:1:5

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3485

# pub:...<SNIP>...

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3486

# fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

3487

# ```

3488

# Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3489

"contentType": "A String", # Type (for example schema) of the attestation payload that was signed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3490

# The verifier must ensure that the provided type is one that the verifier

3491

# supports, and that the attestation payload is a valid instantiation of that

3492

# type (for example by validating a JSON schema).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3493

},

3494

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3495

"installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.

3496

# a system.

3497

"location": [ # All of the places within the filesystem versions of this package

3498

# have been found.

3499

{ # An occurrence of a particular package installation found within a

3500

# system's filesystem.

3501

# e.g. glibc was found in /var/lib/dpkg/status

3502

"cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)

3503

# denoting the package manager version distributing a package.

3504

"version": { # Version contains structured information about the version of the package. # The version installed at this location.

3505

# For a discussion of this in Debian/Ubuntu:

3506

# http://serverfault.com/questions/604541/debian-packages-version-convention

3507

# For a discussion of this in Redhat/Fedora/Centos:

3508

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3509

"name": "A String", # The main part of the version name.

3510

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3511

# If kind is not NORMAL, then the other fields are ignored.

3512

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3513

"revision": "A String", # The iteration of the package build from the above version.

3514

},

3515

"path": "A String", # The path from which we gathered that this package/version is installed.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3516

},

3517

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3518

"name": "A String", # Output only. The name of the installed package.

3519

},

3520

"upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade.

3521

# specific upgrade. This presence is supplied via local sources (i.e. it is

3522

# present in the mirror and the running system has noticed its availability).

3523

"distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system

3524

# for the resource_url. This allows efficient filtering, as well as

3525

# making it easier to use the occurrence.

3526

# operating system (CPE). Some distributions have additional metadata around

3527

# updates, classifying them into various categories and severities.

3528

"cve": [ # The cve that would be resolved by this upgrade.

3529

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3530

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3531

"classification": "A String", # The operating system classification of this Upgrade, as specified by the

3532

# upstream operating system upgrade feed.

3533

"severity": "A String", # The severity as specified by the upstream operating system.

3534

"cpeUri": "A String", # Required - The specific operating system this metadata applies to. See

3535

# https://cpe.mitre.org/specification/.

3536

},

3537

"package": "A String", # Required - The package this Upgrade is for.

3538

"parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form.

3539

# For a discussion of this in Debian/Ubuntu:

3540

# http://serverfault.com/questions/604541/debian-packages-version-convention

3541

# For a discussion of this in Redhat/Fedora/Centos:

3542

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3543

"name": "A String", # The main part of the version name.

3544

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3545

# If kind is not NORMAL, then the other fields are ignored.

3546

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3547

"revision": "A String", # The iteration of the package build from the above version.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3548

},

3549

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3550

"discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.

3551

"operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.

3552

# This field is deprecated, do not use.

3553

# network API call.

3554

"name": "A String", # The server-assigned name, which is only unique within the same service that

3555

# originally returns it. If you use the default HTTP mapping, the

3556

# `name` should be a resource name ending with `operations/{unique_id}`.

3557

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

3558

# different programming environments, including REST APIs and RPC APIs. It is

3559

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

3560

# three pieces of data: error code, error message, and error details.

3561

#

3562

# You can find out more about this error model and how to work with it in the

3563

# [API Design Guide](https://cloud.google.com/apis/design/errors).

3564

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

3565

"message": "A String", # A developer-facing error message, which should be in English. Any

3566

# user-facing error message should be localized and sent in the

3567

# google.rpc.Status.details field, or localized by the client.

3568

"details": [ # A list of messages that carry the error details. There is a common set of

3569

# message types for APIs to use.

3570

{

3571

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"metadata": { # Service-specific metadata associated with the operation. It typically

3576

# contains progress information and common metadata such as create time.

3577

# Some services might not provide such metadata. Any method that returns a

3578

# long-running operation should document the metadata type, if any.

3579

"a_key": "", # Properties of the object. Contains field @type with type URL.

3580

},

3581

"done": True or False, # If the value is `false`, it means the operation is still in progress.

3582

# If `true`, the operation is completed, and either `error` or `response` is

3583

# available.

3584

"response": { # The normal response of the operation in case of success. If the original

3585

# method returns no data on success, such as `Delete`, the response is

3586

# `google.protobuf.Empty`. If the original method is standard

3587

# `Get`/`Create`/`Update`, the response should be the resource. For other

3588

# methods, the response should have the type `XxxResponse`, where `Xxx`

3589

# is the original method name. For example, if the original method name

3590

# is `TakeSnapshot()`, the inferred response type is

3591

# `TakeSnapshotResponse`.

3592

"a_key": "", # Properties of the object. Contains field @type with type URL.

3593

},

3594

},

3595

"analysisStatus": "A String", # The status of discovery for the resource.

3596

"continuousAnalysis": "A String", # Whether the resource is continuously analyzed.

3597

"cpe": "A String", # The CPE of the resource being scanned.

3598

"analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under

3599

# details to show to the user. The LocalizedMessage output only and

3600

# populated by the API.

3601

# different programming environments, including REST APIs and RPC APIs. It is

3602

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

3603

# three pieces of data: error code, error message, and error details.

3604

#

3605

# You can find out more about this error model and how to work with it in the

3606

# [API Design Guide](https://cloud.google.com/apis/design/errors).

3607

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

3608

"message": "A String", # A developer-facing error message, which should be in English. Any

3609

# user-facing error message should be localized and sent in the

3610

# google.rpc.Status.details field, or localized by the client.

3611

"details": [ # A list of messages that carry the error details. There is a common set of

3612

# message types for APIs to use.

3613

{

3614

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

},

"deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.

3620

"address": "A String", # Address of the runtime element hosting this deployment.

3621

"resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the

3622

# deployable field with the same name.

3623

"A String",

3624

],

3625

"userEmail": "A String", # Identity of the user that triggered this deployment.

3626

"config": "A String", # Configuration used to create this deployment.

3627

"undeployTime": "A String", # End of the lifetime of this deployment.

3628

"platform": "A String", # Platform hosting this deployment.

3629

"deployTime": "A String", # Beginning of the lifetime of this deployment.

3630

},

3631

"noteName": "A String", # An analysis note associated with this image, in the form

3632

# "providers/{provider_id}/notes/{NOTE_ID}"

3633

# This field can be used as a filter in list requests.

3634

"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.

3635

# to fix it.

3636

"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a

3637

# scale of 0-10 where 0 indicates low severity and 10 indicates high

3638

# severity.

3639

"type": "A String", # The type of package; whether native or non native(ruby gems,

3640

# node.js packages etc)

3641

"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is

3642

# available and note provider assigned severity when distro has not yet

3643

# assigned a severity for this vulnerability.

3644

"packageIssue": [ # The set of affected locations and their fixes (if available) within

3645

# the associated resource.

3646

{ # This message wraps a location affected by a vulnerability and its

3647

# associated fix (if one is available).

3648

"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.

3649

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

3650

# format. Examples include distro or storage location for vulnerable jar.

3651

# This field can be used as a filter in list requests.

3652

"package": "A String", # The package being described.

3653

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

3654

# filter in list requests.

3655

# For a discussion of this in Debian/Ubuntu:

3656

# http://serverfault.com/questions/604541/debian-packages-version-convention

3657

# For a discussion of this in Redhat/Fedora/Centos:

3658

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3659

"name": "A String", # The main part of the version name.

3660

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3661

# If kind is not NORMAL, then the other fields are ignored.

3662

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3663

"revision": "A String", # The iteration of the package build from the above version.

3664

},

3665

},

3666

"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.

3667

"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)

3668

# format. Examples include distro or storage location for vulnerable jar.

3669

# This field can be used as a filter in list requests.

3670

"package": "A String", # The package being described.

3671

"version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a

3672

# filter in list requests.

3673

# For a discussion of this in Debian/Ubuntu:

3674

# http://serverfault.com/questions/604541/debian-packages-version-convention

3675

# For a discussion of this in Redhat/Fedora/Centos:

3676

# http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/

3677

"name": "A String", # The main part of the version name.

3678

"kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.

3679

# If kind is not NORMAL, then the other fields are ignored.

3680

"epoch": 42, # Used to correct mistakes in the version numbering scheme.

3681

"revision": "A String", # The iteration of the package build from the above version.

3682

},

3683

},

3684

"severityName": "A String",

3685

},

3686

],

3687

"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.

3688

},

3689

"createTime": "A String", # Output only. The time this `Occurrence` was created.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3694

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3695

<pre>Sets the access control policy on the specified `Note` or `Occurrence`.

3696

Requires `containeranalysis.notes.setIamPolicy` or

3697

`containeranalysis.occurrences.setIamPolicy` permission if the resource is

3698

a `Note` or an `Occurrence`, respectively.

3699

Attempting to call this method without these permissions will result in a `

3700

`PERMISSION_DENIED` error.

3701

Attempting to call this method on a non-existent resource will result in a

3702

`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission

3703

on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or

3704

a `PERMISSION_DENIED` error otherwise. The resource takes the following

3705

formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences

3706

and projects/{projectid}/notes/{noteid} for notes

3707

3708

Args:

3709

resource: string, REQUIRED: The resource for which the policy is being specified.

3710

See the operation documentation for the appropriate value for this field. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3711

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3712

The object takes the form of:

3713

3714

{ # Request message for `SetIamPolicy` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3715

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3716

# the policy is limited to a few 10s of KB. An empty policy is a

3717

# valid policy but certain Cloud Platform services (such as Projects)

3718

# might reject them.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3719

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3720

#

3721

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3722

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

3723

# `members` to a single `role`. Members can be user accounts, service accounts,

3724

# Google groups, and domains (such as G Suite). A `role` is a named list of

3725

# permissions; each `role` can be an IAM predefined role or a user-created

3726

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3727

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3728

# For some types of Google Cloud resources, a `binding` can also specify a

3729

# `condition`, which is a logical expression that allows access to a resource

3730

# only if the expression evaluates to `true`. A condition can add constraints

3731

# based on attributes of the request, the resource, or both. To learn which

3732

# resources support conditions in their IAM policies, see the

3733

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3734

#

3735

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3736

#

3737

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3738

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3739

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3740

# "role": "roles/resourcemanager.organizationAdmin",

3741

# "members": [

3742

# "user:mike@example.com",

3743

# "group:admins@example.com",

3744

# "domain:google.com",

3745

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3746

# ]

3747

# },

3748

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3749

# "role": "roles/resourcemanager.organizationViewer",

3750

# "members": [

3751

# "user:eve@example.com"

3752

# ],

3753

# "condition": {

3754

# "title": "expirable access",

3755

# "description": "Does not grant access after Sep 2020",

3756

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3757

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3758

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3759

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3760

# "etag": "BwWWja0YfJA=",

3761

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3762

# }

3763

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3764

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

3769

# - group:admins@example.com

3770

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3771

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

3772

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3773

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3774

# - user:eve@example.com

3775

# role: roles/resourcemanager.organizationViewer

3776

# condition:

3777

# title: expirable access

3778

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3779

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3780

# - etag: BwWWja0YfJA=

3781

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3782

#

3783

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3784

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3785

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

3786

# prevent simultaneous updates of a policy from overwriting each other.

3787

# It is strongly suggested that systems make use of the `etag` in the

3788

# read-modify-write cycle to perform policy updates in order to avoid race

3789

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

3790

# systems are expected to put that etag in the request to `setIamPolicy` to

3791

# ensure that their change will be applied to the same version of the policy.

3792

#

3793

# **Important:** If you use IAM Conditions, you must include the `etag` field

3794

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

3795

# you to overwrite a version `3` policy with a version `1` policy, and all of

3796

# the conditions in the version `3` policy are lost.

3797

"version": 42, # Specifies the format of the policy.

3798

#

3799

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

3800

# are rejected.

3801

#

3802

# Any operation that affects conditional role bindings must specify version

3803

# `3`. This requirement applies to the following operations:

3804

#

3805

# * Getting a policy that includes a conditional role binding

3806

# * Adding a conditional role binding to a policy

3807

# * Changing a conditional role binding in a policy

3808

# * Removing any role binding, with or without a condition, from a policy

3809

# that includes conditions

3810

#

3811

# **Important:** If you use IAM Conditions, you must include the `etag` field

3812

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

3813

# you to overwrite a version `3` policy with a version `1` policy, and all of

3814

# the conditions in the version `3` policy are lost.

3815

#

3816

# If a policy does not include any conditions, operations on that policy may

3817

# specify any valid version or leave the field unset.

3818

#

3819

# To learn which resources support conditions in their IAM policies, see the

3820

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

3821

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3822

# `condition` that determines how and when the `bindings` are applied. Each

3823

# of the `bindings` must contain at least one member.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3824

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3825

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

3826

#

3827

# If the condition evaluates to `true`, then this binding applies to the

3828

# current request.

3829

#

3830

# If the condition evaluates to `false`, then this binding does not apply to

3831

# the current request. However, a different role binding might grant the same

3832

# role to one or more of the members in this binding.

3833

#

3834

# To learn which resources support conditions in their IAM policies, see the

3835

# [IAM

3836

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

3837

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

3838

# are documented at https://github.com/google/cel-spec.

3839

#

3840

# Example (Comparison):

3841

#

3842

# title: "Summary size limit"

3843

# description: "Determines if a summary is less than 100 chars"

3844

# expression: "document.summary.size() < 100"

3845

#

3846

# Example (Equality):

3847

#

3848

# title: "Requestor is owner"

3849

# description: "Determines if requestor is the document owner"

3850

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

3855

# description: "Determine whether the document should be publicly visible"

3856

# expression: "document.type != 'private' && document.type != 'internal'"

3857

#

3858

# Example (Data Manipulation):

3859

#

3860

# title: "Notification string"

3861

# description: "Create a notification string with a timestamp."

3862

# expression: "'New message received at ' + string(document.create_time)"

3863

#

3864

# The exact variables and functions that may be referenced within an expression

3865

# are determined by the service that evaluates it. See the service

3866

# documentation for additional information.

3867

"expression": "A String", # Textual representation of an expression in Common Expression Language

3868

# syntax.

3869

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

3870

# its purpose. This can be used e.g. in UIs which allow to enter the

3871

# expression.

3872

"location": "A String", # Optional. String indicating the location of the expression for error

3873

# reporting, e.g. a file name and a position in the file.

3874

"description": "A String", # Optional. Description of the expression. This is a longer text which

3875

# describes the expression, e.g. when hovered over it in a UI.

3876

},

3877

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3878

# `members` can have the following values:

3879

#

3880

# * `allUsers`: A special identifier that represents anyone who is

3881

# on the internet; with or without a Google account.

3882

#

3883

# * `allAuthenticatedUsers`: A special identifier that represents anyone

3884

# who is authenticated with a Google account or a service account.

3885

#

3886

# * `user:{emailid}`: An email address that represents a specific Google

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3887

# account. For example, `alice@example.com` .

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3888

#

3889

#

3890

# * `serviceAccount:{emailid}`: An email address that represents a service

3891

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

3892

#

3893

# * `group:{emailid}`: An email address that represents a Google group.

3894

# For example, `admins@example.com`.

3895

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3896

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

3897

# identifier) representing a user that has been recently deleted. For

3898

# example, `alice@example.com?uid=123456789012345678901`. If the user is

3899

# recovered, this value reverts to `user:{emailid}` and the recovered user

3900

# retains the role in the binding.

3901

#

3902

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

3903

# unique identifier) representing a service account that has been recently

3904

# deleted. For example,

3905

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

3906

# If the service account is undeleted, this value reverts to

3907

# `serviceAccount:{emailid}` and the undeleted service account retains the

3908

# role in the binding.

3909

#

3910

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

3911

# identifier) representing a Google group that has been recently

3912

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

3913

# the group is recovered, this value reverts to `group:{emailid}` and the

3914

# recovered group retains the role in the binding.

3915

#

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3916

#

3917

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

3918

# users of that domain. For example, `google.com` or `example.com`.

3919

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3920

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3921

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3922

"role": "A String", # Role that is assigned to `members`.

3923

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3924

},

3925

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3926

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3927

}

3928

3929

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

3936

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3937

{ # An Identity and Access Management (IAM) policy, which specifies access

3938

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3939

#

3940

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3941

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

3942

# `members` to a single `role`. Members can be user accounts, service accounts,

3943

# Google groups, and domains (such as G Suite). A `role` is a named list of

3944

# permissions; each `role` can be an IAM predefined role or a user-created

3945

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3946

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3947

# For some types of Google Cloud resources, a `binding` can also specify a

3948

# `condition`, which is a logical expression that allows access to a resource

3949

# only if the expression evaluates to `true`. A condition can add constraints

3950

# based on attributes of the request, the resource, or both. To learn which

3951

# resources support conditions in their IAM policies, see the

3952

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3953

#

3954

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3955

#

3956

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3957

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3958

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3959

# "role": "roles/resourcemanager.organizationAdmin",

3960

# "members": [

3961

# "user:mike@example.com",

3962

# "group:admins@example.com",

3963

# "domain:google.com",

3964

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3965

# ]

3966

# },

3967

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3968

# "role": "roles/resourcemanager.organizationViewer",

3969

# "members": [

3970

# "user:eve@example.com"

3971

# ],

3972

# "condition": {

3973

# "title": "expirable access",

3974

# "description": "Does not grant access after Sep 2020",

3975

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3976

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3977

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3978

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3979

# "etag": "BwWWja0YfJA=",

3980

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3981

# }

3982

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3983

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

3988

# - group:admins@example.com

3989

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3990

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

3991

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3992

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3993

# - user:eve@example.com

3994

# role: roles/resourcemanager.organizationViewer

3995

# condition:

3996

# title: expirable access

3997

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3998

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3999

# - etag: BwWWja0YfJA=

4000

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4001

#

4002

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4003

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4004

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

4005

# prevent simultaneous updates of a policy from overwriting each other.

4006

# It is strongly suggested that systems make use of the `etag` in the

4007

# read-modify-write cycle to perform policy updates in order to avoid race

4008

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

4009

# systems are expected to put that etag in the request to `setIamPolicy` to

4010

# ensure that their change will be applied to the same version of the policy.

4011

#

4012

# **Important:** If you use IAM Conditions, you must include the `etag` field

4013

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

4014

# you to overwrite a version `3` policy with a version `1` policy, and all of

4015

# the conditions in the version `3` policy are lost.

4016

"version": 42, # Specifies the format of the policy.

4017

#

4018

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

4019

# are rejected.

4020

#

4021

# Any operation that affects conditional role bindings must specify version

4022

# `3`. This requirement applies to the following operations:

4023

#

4024

# * Getting a policy that includes a conditional role binding

4025

# * Adding a conditional role binding to a policy

4026

# * Changing a conditional role binding in a policy

4027

# * Removing any role binding, with or without a condition, from a policy

4028

# that includes conditions

4029

#

4030

# **Important:** If you use IAM Conditions, you must include the `etag` field

4031

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

4032

# you to overwrite a version `3` policy with a version `1` policy, and all of

4033

# the conditions in the version `3` policy are lost.

4034

#

4035

# If a policy does not include any conditions, operations on that policy may

4036

# specify any valid version or leave the field unset.

4037

#

4038

# To learn which resources support conditions in their IAM policies, see the

4039

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

4040

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4041

# `condition` that determines how and when the `bindings` are applied. Each

4042

# of the `bindings` must contain at least one member.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4043

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4044

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

4045

#

4046

# If the condition evaluates to `true`, then this binding applies to the

4047

# current request.

4048

#

4049

# If the condition evaluates to `false`, then this binding does not apply to

4050

# the current request. However, a different role binding might grant the same

4051

# role to one or more of the members in this binding.

4052

#

4053

# To learn which resources support conditions in their IAM policies, see the

4054

# [IAM

4055

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

4056

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

4057

# are documented at https://github.com/google/cel-spec.

4058

#

4059

# Example (Comparison):

4060

#

4061

# title: "Summary size limit"

4062

# description: "Determines if a summary is less than 100 chars"

4063

# expression: "document.summary.size() < 100"

4064

#

4065

# Example (Equality):

4066

#

4067

# title: "Requestor is owner"

4068

# description: "Determines if requestor is the document owner"

4069

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

4074

# description: "Determine whether the document should be publicly visible"

4075

# expression: "document.type != 'private' && document.type != 'internal'"

4076

#

4077

# Example (Data Manipulation):

4078

#

4079

# title: "Notification string"

4080

# description: "Create a notification string with a timestamp."

4081

# expression: "'New message received at ' + string(document.create_time)"

4082

#

4083

# The exact variables and functions that may be referenced within an expression

4084

# are determined by the service that evaluates it. See the service

4085

# documentation for additional information.

4086

"expression": "A String", # Textual representation of an expression in Common Expression Language

4087

# syntax.

4088

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

4089

# its purpose. This can be used e.g. in UIs which allow to enter the

4090

# expression.

4091

"location": "A String", # Optional. String indicating the location of the expression for error

4092

# reporting, e.g. a file name and a position in the file.

4093

"description": "A String", # Optional. Description of the expression. This is a longer text which

4094

# describes the expression, e.g. when hovered over it in a UI.

4095

},

4096

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4097

# `members` can have the following values:

4098

#

4099

# * `allUsers`: A special identifier that represents anyone who is

4100

# on the internet; with or without a Google account.

4101

#

4102

# * `allAuthenticatedUsers`: A special identifier that represents anyone

4103

# who is authenticated with a Google account or a service account.

4104

#

4105

# * `user:{emailid}`: An email address that represents a specific Google

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4106

# account. For example, `alice@example.com` .

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4107

#

4108

#

4109

# * `serviceAccount:{emailid}`: An email address that represents a service

4110

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

4111

#

4112

# * `group:{emailid}`: An email address that represents a Google group.

4113

# For example, `admins@example.com`.

4114

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4115

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

4116

# identifier) representing a user that has been recently deleted. For

4117

# example, `alice@example.com?uid=123456789012345678901`. If the user is

4118

# recovered, this value reverts to `user:{emailid}` and the recovered user

4119

# retains the role in the binding.

4120

#

4121

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

4122

# unique identifier) representing a service account that has been recently

4123

# deleted. For example,

4124

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

4125

# If the service account is undeleted, this value reverts to

4126

# `serviceAccount:{emailid}` and the undeleted service account retains the

4127

# role in the binding.

4128

#

4129

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

4130

# identifier) representing a Google group that has been recently

4131

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

4132

# the group is recovered, this value reverts to `group:{emailid}` and the

4133

# recovered group retains the role in the binding.

4134

#

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4135

#

4136

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

4137

# users of that domain. For example, `google.com` or `example.com`.

4138

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4139

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4140

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4141

"role": "A String", # Role that is assigned to `members`.

4142

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4143

},

4144

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4149

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4150

<pre>Returns the permissions that a caller has on the specified note or

4151

occurrence resource. Requires list permission on the project (for example,

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4152

"storage.objects.list" on the containing bucket for testing permission of

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4153

an object). Attempting to call this method on a non-existent resource will

4154

result in a `NOT_FOUND` error if the user has list permission on the

4155

project, or a `PERMISSION_DENIED` error otherwise. The resource takes the

4156

following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for

4157

`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes`

4158

4159

Args:

4160

resource: string, REQUIRED: The resource for which the policy detail is being requested.

4161

See the operation documentation for the appropriate value for this field. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4162

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4163

The object takes the form of:

4164

4165

{ # Request message for `TestIamPermissions` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4166

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

4167

# wildcards (such as '*' or 'storage.*') are not allowed. For more

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4168

# information see

4169

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4170

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

4181

4182

{ # Response message for `TestIamPermissions` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4183

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4184

# allowed.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4185

"A String",

Bu Sun Kim