Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1 | <html><body> |
| 2 | <style> |
| 3 | |
| 4 | body, h1, h2, h3, div, span, p, pre, a { |
| 5 | margin: 0; |
| 6 | padding: 0; |
| 7 | border: 0; |
| 8 | font-weight: inherit; |
| 9 | font-style: inherit; |
| 10 | font-size: 100%; |
| 11 | font-family: inherit; |
| 12 | vertical-align: baseline; |
| 13 | } |
| 14 | |
| 15 | body { |
| 16 | font-size: 13px; |
| 17 | padding: 1em; |
| 18 | } |
| 19 | |
| 20 | h1 { |
| 21 | font-size: 26px; |
| 22 | margin-bottom: 1em; |
| 23 | } |
| 24 | |
| 25 | h2 { |
| 26 | font-size: 24px; |
| 27 | margin-bottom: 1em; |
| 28 | } |
| 29 | |
| 30 | h3 { |
| 31 | font-size: 20px; |
| 32 | margin-bottom: 1em; |
| 33 | margin-top: 1em; |
| 34 | } |
| 35 | |
| 36 | pre, code { |
| 37 | line-height: 1.5; |
| 38 | font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| 39 | } |
| 40 | |
| 41 | pre { |
| 42 | margin-top: 0.5em; |
| 43 | } |
| 44 | |
| 45 | h1, h2, h3, p { |
| 46 | font-family: Arial, sans serif; |
| 47 | } |
| 48 | |
| 49 | h1, h2, h3 { |
| 50 | border-bottom: solid #CCC 1px; |
| 51 | } |
| 52 | |
| 53 | .toc_element { |
| 54 | margin-top: 0.5em; |
| 55 | } |
| 56 | |
| 57 | .firstline { |
| 58 | margin-left: 2 em; |
| 59 | } |
| 60 | |
| 61 | .method { |
| 62 | margin-top: 1em; |
| 63 | border: solid 1px #CCC; |
| 64 | padding: 1em; |
| 65 | background: #EEE; |
| 66 | } |
| 67 | |
| 68 | .details { |
| 69 | font-weight: bold; |
| 70 | font-size: 14px; |
| 71 | } |
| 72 | |
| 73 | </style> |
| 74 | |
| 75 | <h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.projects.html">projects</a> . <a href="containeranalysis_v1alpha1.projects.occurrences.html">occurrences</a></h1> |
| 76 | <h2>Instance Methods</h2> |
| 77 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 78 | <code><a href="#create">create(parent, body=None, name=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 79 | <p class="firstline">Creates a new `Occurrence`. Use this method to create `Occurrences`</p> |
| 80 | <p class="toc_element"> |
| 81 | <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| 82 | <p class="firstline">Deletes the given `Occurrence` from the system. Use this when</p> |
| 83 | <p class="toc_element"> |
| 84 | <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| 85 | <p class="firstline">Returns the requested `Occurrence`.</p> |
| 86 | <p class="toc_element"> |
| 87 | <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
| 88 | <p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p> |
| 89 | <p class="toc_element"> |
| 90 | <code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p> |
| 91 | <p class="firstline">Gets the `Note` attached to the given `Occurrence`.</p> |
| 92 | <p class="toc_element"> |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 93 | <code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 94 | <p class="firstline">Gets a summary of the number and severity of occurrences.</p> |
| 95 | <p class="toc_element"> |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 96 | <code><a href="#list">list(parent, pageToken=None, kind=None, pageSize=None, name=None, filter=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 97 | <p class="firstline">Lists active `Occurrences` for a given project matching the filters.</p> |
| 98 | <p class="toc_element"> |
| 99 | <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| 100 | <p class="firstline">Retrieves the next page of results.</p> |
| 101 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 102 | <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 103 | <p class="firstline">Updates an existing occurrence.</p> |
| 104 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 105 | <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 106 | <p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p> |
| 107 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 108 | <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 109 | <p class="firstline">Returns the permissions that a caller has on the specified note or</p> |
| 110 | <h3>Method Details</h3> |
| 111 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 112 | <code class="details" id="create">create(parent, body=None, name=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 113 | <pre>Creates a new `Occurrence`. Use this method to create `Occurrences` |
| 114 | for a resource. |
| 115 | |
| 116 | Args: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 117 | parent: string, This field contains the project Id for example: "projects/{project_id}" (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 118 | body: object, The request body. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 119 | The object takes the form of: |
| 120 | |
| 121 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 122 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 123 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 124 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 125 | "id": "A String", # Unique identifier of the build. |
| 126 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 127 | # build providers can enter any desired additional details. |
| 128 | "a_key": "A String", |
| 129 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 130 | "startTime": "A String", # Time at which execution of the build was started. |
| 131 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 132 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 133 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 134 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 135 | # Repository. |
| 136 | "projectId": "A String", # ID of the project that owns the repo. |
| 137 | "repoName": "A String", # Name of the repo. |
| 138 | "branchName": "A String", # Name of the branch to build. |
| 139 | "tagName": "A String", # Name of the tag to build. |
| 140 | "commitSha": "A String", # Explicit commit SHA to build. |
| 141 | }, |
| 142 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 143 | # Storage. |
| 144 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 145 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 146 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 147 | # Requirements] |
| 148 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 149 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 150 | }, |
| 151 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 152 | # source integrity was maintained in the build. |
| 153 | # |
| 154 | # The keys to this map are file paths used as build source and the values |
| 155 | # contain the hash values for those files. |
| 156 | # |
| 157 | # If the build source came in a single package such as a gzipped tarfile |
| 158 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 159 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 160 | # messages to verify integrity of source input to the build. |
| 161 | "fileHash": [ # Collection of file hashes. |
| 162 | { # Container message for hash values. |
| 163 | "type": "A String", # The type of hash that was performed. |
| 164 | "value": "A String", # The hash value. |
| 165 | }, |
| 166 | ], |
| 167 | }, |
| 168 | }, |
| 169 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 170 | # location. |
| 171 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 172 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 173 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 174 | # Requirements] |
| 175 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 176 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 177 | }, |
| 178 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 179 | # these locations, in the case where the source repository had multiple |
| 180 | # remotes or submodules. This list will not include the context specified in |
| 181 | # the context field. |
| 182 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 183 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 184 | "labels": { # Labels with user defined metadata. |
| 185 | "a_key": "A String", |
| 186 | }, |
| 187 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 188 | # repository (e.g., GitHub). |
| 189 | "revisionId": "A String", # Required. Git commit hash. |
| 190 | "url": "A String", # Git repository URL. |
| 191 | }, |
| 192 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 193 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 194 | # "project/subproject" is a valid project name. The "repo name" is |
| 195 | # the hostURI/project. |
| 196 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 197 | "name": "A String", # The alias name. |
| 198 | "kind": "A String", # The alias kind. |
| 199 | }, |
| 200 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 201 | "revisionId": "A String", # A revision (commit) ID. |
| 202 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 203 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 204 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 205 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 206 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 207 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 208 | # winged-cargo-31) and a repo name within that project. |
| 209 | "projectId": "A String", # The ID of the project. |
| 210 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 211 | }, |
| 212 | }, |
| 213 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 214 | "name": "A String", # The alias name. |
| 215 | "kind": "A String", # The alias kind. |
| 216 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 217 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 218 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 219 | }, |
| 220 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 221 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 222 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 223 | "labels": { # Labels with user defined metadata. |
| 224 | "a_key": "A String", |
| 225 | }, |
| 226 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 227 | # repository (e.g., GitHub). |
| 228 | "revisionId": "A String", # Required. Git commit hash. |
| 229 | "url": "A String", # Git repository URL. |
| 230 | }, |
| 231 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 232 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 233 | # "project/subproject" is a valid project name. The "repo name" is |
| 234 | # the hostURI/project. |
| 235 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 236 | "name": "A String", # The alias name. |
| 237 | "kind": "A String", # The alias kind. |
| 238 | }, |
| 239 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 240 | "revisionId": "A String", # A revision (commit) ID. |
| 241 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 242 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 243 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 244 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 245 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 246 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 247 | # winged-cargo-31) and a repo name within that project. |
| 248 | "projectId": "A String", # The ID of the project. |
| 249 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 250 | }, |
| 251 | }, |
| 252 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 253 | "name": "A String", # The alias name. |
| 254 | "kind": "A String", # The alias kind. |
| 255 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 256 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 257 | }, |
| 258 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 259 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 260 | "projectId": "A String", # ID of the project. |
| 261 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 262 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 263 | # user's e-mail address at the time the build was initiated; this address may |
| 264 | # not represent the same end-user for all time. |
| 265 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 266 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 267 | "commands": [ # Commands requested by the build. |
| 268 | { # Command describes a step performed as part of the build pipeline. |
| 269 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 270 | # packaged as a Docker container, as presented to `docker pull`. |
| 271 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 272 | # this Command as a dependency. |
| 273 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 274 | # this Command. |
| 275 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 276 | "A String", |
| 277 | ], |
| 278 | "env": [ # Environment variables set before running this Command. |
| 279 | "A String", |
| 280 | ], |
| 281 | "args": [ # Command-line arguments used when executing this Command. |
| 282 | "A String", |
| 283 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 284 | }, |
| 285 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 286 | "builtArtifacts": [ # Output of the build. |
| 287 | { # Artifact describes a build product. |
| 288 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 289 | # like gcr.io/projectID/imagename@sha256:123456 |
| 290 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 291 | # the case of a container build, the name used to push the container image to |
| 292 | # Google Container Registry, as presented to `docker push`. Note that a |
| 293 | # single Artifact ID can have multiple names, for example if two tags are |
| 294 | # applied to one image. |
| 295 | "A String", |
| 296 | ], |
| 297 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 298 | # the case of a container build, the name used to push the container image to |
| 299 | # Google Container Registry, as presented to `docker push`. |
| 300 | # |
| 301 | # This field is deprecated in favor of the plural `names` field; it continues |
| 302 | # to exist here to allow existing BuildProvenance serialized to json in |
| 303 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 304 | # deserialize back into proto. |
| 305 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 306 | # container. |
| 307 | }, |
| 308 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 309 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 310 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 311 | # `BuildSignature` in the corresponding Result. After verifying the |
| 312 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 313 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 314 | # representation of the provenance bytes is used for the signature in order |
| 315 | # to interoperate with openssl which expects this format for signature |
| 316 | # verification. |
| 317 | # |
| 318 | # The serialized form is captured both to avoid ambiguity in how the |
| 319 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 320 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 321 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 322 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 323 | # specified. This field can be used as a filter in list requests. |
| 324 | "resource": { # # |
| 325 | # The resource for which the `Occurrence` applies. |
| 326 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 327 | "uri": "A String", # The unique URI of the resource. E.g., |
| 328 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 329 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 330 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 331 | "type": "A String", # The type of hash that was performed. |
| 332 | "value": "A String", # The hash value. |
| 333 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 334 | }, |
| 335 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 336 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 337 | # can be used as a filter in list requests. |
| 338 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 339 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 340 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 341 | # Attestation can be verified using the attached signature. If the verifier |
| 342 | # trusts the public key of the signer, then verifying the signature is |
| 343 | # sufficient to establish trust. In this circumstance, the |
| 344 | # AttestationAuthority to which this Attestation is attached is primarily |
| 345 | # useful for look-up (how to find this Attestation if you already know the |
| 346 | # Authority and artifact to be verified) and intent (which authority was this |
| 347 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 348 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 349 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 350 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 351 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 352 | # equivalent. Since this message only supports attached signatures, the |
| 353 | # payload that was signed must be attached. While the signature format |
| 354 | # supported is dependent on the verification implementation, currently only |
| 355 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 356 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 357 | # --output=signature.gpg payload.json` will create the signature content |
| 358 | # expected in this field in `signature.gpg` for the `payload.json` |
| 359 | # attestation payload. |
| 360 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 361 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 362 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 363 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 364 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 365 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 366 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 367 | # returned when calling --list-keys with --with-colons. For example: |
| 368 | # ``` |
| 369 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 370 | # --list-keys attester@example.com |
| 371 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 372 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 373 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 374 | # ``` |
| 375 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 376 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 377 | # The verifier must ensure that the provided type is one that the verifier |
| 378 | # supports, and that the attestation payload is a valid instantiation of that |
| 379 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 380 | }, |
| 381 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 382 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 383 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 384 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 385 | "location": [ # All of the places within the filesystem versions of this package |
| 386 | # have been found. |
| 387 | { # An occurrence of a particular package installation found within a |
| 388 | # system's filesystem. |
| 389 | # e.g. glibc was found in /var/lib/dpkg/status |
| 390 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 391 | # denoting the package manager version distributing a package. |
| 392 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 393 | # For a discussion of this in Debian/Ubuntu: |
| 394 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 395 | # For a discussion of this in Redhat/Fedora/Centos: |
| 396 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 397 | "name": "A String", # The main part of the version name. |
| 398 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 399 | # If kind is not NORMAL, then the other fields are ignored. |
| 400 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 401 | "revision": "A String", # The iteration of the package build from the above version. |
| 402 | }, |
| 403 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 404 | }, |
| 405 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 406 | }, |
| 407 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 408 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 409 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 410 | "package": "A String", # Required - The package this Upgrade is for. |
| 411 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 412 | # For a discussion of this in Debian/Ubuntu: |
| 413 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 414 | # For a discussion of this in Redhat/Fedora/Centos: |
| 415 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 416 | "name": "A String", # The main part of the version name. |
| 417 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 418 | # If kind is not NORMAL, then the other fields are ignored. |
| 419 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 420 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 421 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 422 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 423 | # for the resource_url. This allows efficient filtering, as well as |
| 424 | # making it easier to use the occurrence. |
| 425 | # operating system (CPE). Some distributions have additional metadata around |
| 426 | # updates, classifying them into various categories and severities. |
| 427 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 428 | # upstream operating system upgrade feed. |
| 429 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 430 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 431 | # https://cpe.mitre.org/specification/. |
| 432 | "cve": [ # The cve that would be resolved by this upgrade. |
| 433 | "A String", |
| 434 | ], |
| 435 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 436 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 437 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 438 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 439 | # This field is deprecated, do not use. |
| 440 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 441 | "response": { # The normal response of the operation in case of success. If the original |
| 442 | # method returns no data on success, such as `Delete`, the response is |
| 443 | # `google.protobuf.Empty`. If the original method is standard |
| 444 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 445 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 446 | # is the original method name. For example, if the original method name |
| 447 | # is `TakeSnapshot()`, the inferred response type is |
| 448 | # `TakeSnapshotResponse`. |
| 449 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 450 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 451 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 452 | # originally returns it. If you use the default HTTP mapping, the |
| 453 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 454 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 455 | # different programming environments, including REST APIs and RPC APIs. It is |
| 456 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 457 | # three pieces of data: error code, error message, and error details. |
| 458 | # |
| 459 | # You can find out more about this error model and how to work with it in the |
| 460 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 461 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 462 | # message types for APIs to use. |
| 463 | { |
| 464 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 465 | }, |
| 466 | ], |
| 467 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 468 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 469 | # user-facing error message should be localized and sent in the |
| 470 | # google.rpc.Status.details field, or localized by the client. |
| 471 | }, |
| 472 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 473 | # contains progress information and common metadata such as create time. |
| 474 | # Some services might not provide such metadata. Any method that returns a |
| 475 | # long-running operation should document the metadata type, if any. |
| 476 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 477 | }, |
| 478 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 479 | # If `true`, the operation is completed, and either `error` or `response` is |
| 480 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 481 | }, |
| 482 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 483 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 484 | "cpe": "A String", # The CPE of the resource being scanned. |
| 485 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 486 | # details to show to the user. The LocalizedMessage output only and |
| 487 | # populated by the API. |
| 488 | # different programming environments, including REST APIs and RPC APIs. It is |
| 489 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 490 | # three pieces of data: error code, error message, and error details. |
| 491 | # |
| 492 | # You can find out more about this error model and how to work with it in the |
| 493 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 494 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 495 | # message types for APIs to use. |
| 496 | { |
| 497 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 498 | }, |
| 499 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 500 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 501 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 502 | # user-facing error message should be localized and sent in the |
| 503 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 504 | }, |
| 505 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 506 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 507 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 508 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 509 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 510 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 511 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 512 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 513 | # deployable field with the same name. |
| 514 | "A String", |
| 515 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 516 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 517 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 518 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 519 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 520 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 521 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 522 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 523 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 524 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 525 | # available and note provider assigned severity when distro has not yet |
| 526 | # assigned a severity for this vulnerability. |
| 527 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 528 | # the associated resource. |
| 529 | { # This message wraps a location affected by a vulnerability and its |
| 530 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 531 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 532 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 533 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 534 | # filter in list requests. |
| 535 | # For a discussion of this in Debian/Ubuntu: |
| 536 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 537 | # For a discussion of this in Redhat/Fedora/Centos: |
| 538 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 539 | "name": "A String", # The main part of the version name. |
| 540 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 541 | # If kind is not NORMAL, then the other fields are ignored. |
| 542 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 543 | "revision": "A String", # The iteration of the package build from the above version. |
| 544 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 545 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 546 | # format. Examples include distro or storage location for vulnerable jar. |
| 547 | # This field can be used as a filter in list requests. |
| 548 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 549 | }, |
| 550 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 551 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 552 | # filter in list requests. |
| 553 | # For a discussion of this in Debian/Ubuntu: |
| 554 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 555 | # For a discussion of this in Redhat/Fedora/Centos: |
| 556 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 557 | "name": "A String", # The main part of the version name. |
| 558 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 559 | # If kind is not NORMAL, then the other fields are ignored. |
| 560 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 561 | "revision": "A String", # The iteration of the package build from the above version. |
| 562 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 563 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 564 | # format. Examples include distro or storage location for vulnerable jar. |
| 565 | # This field can be used as a filter in list requests. |
| 566 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 567 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 568 | }, |
| 569 | ], |
| 570 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 571 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 572 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 573 | # severity. |
| 574 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 575 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 576 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 577 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 578 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 579 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 580 | # in the associated note. |
| 581 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 582 | # with FROM <DockerImage.Basis in attached Note>. |
| 583 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 584 | # associated image basis. |
| 585 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 586 | # occurrence. |
| 587 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 588 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 589 | "A String", |
| 590 | ], |
| 591 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 592 | # representation. |
| 593 | # This field can be used as a filter in list requests. |
| 594 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 595 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 596 | # Only the name of the final blob is kept. |
| 597 | # This field can be used as a filter in list requests. |
| 598 | }, |
| 599 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 600 | # "distance" and is ordered with [distance] being the layer immediately |
| 601 | # following the base image and [1] being the final layer. |
| 602 | { # Layer holds metadata specific to a layer of a Docker image. |
| 603 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 604 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 605 | }, |
| 606 | ], |
| 607 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 608 | } |
| 609 | |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 610 | name: string, The name of the project. Should be of the form "projects/{project_id}". |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 611 | @Deprecated |
| 612 | x__xgafv: string, V1 error format. |
| 613 | Allowed values |
| 614 | 1 - v1 error format |
| 615 | 2 - v2 error format |
| 616 | |
| 617 | Returns: |
| 618 | An object of the form: |
| 619 | |
| 620 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 621 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 622 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 623 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 624 | "id": "A String", # Unique identifier of the build. |
| 625 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 626 | # build providers can enter any desired additional details. |
| 627 | "a_key": "A String", |
| 628 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 629 | "startTime": "A String", # Time at which execution of the build was started. |
| 630 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 631 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 632 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 633 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 634 | # Repository. |
| 635 | "projectId": "A String", # ID of the project that owns the repo. |
| 636 | "repoName": "A String", # Name of the repo. |
| 637 | "branchName": "A String", # Name of the branch to build. |
| 638 | "tagName": "A String", # Name of the tag to build. |
| 639 | "commitSha": "A String", # Explicit commit SHA to build. |
| 640 | }, |
| 641 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 642 | # Storage. |
| 643 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 644 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 645 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 646 | # Requirements] |
| 647 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 648 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 649 | }, |
| 650 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 651 | # source integrity was maintained in the build. |
| 652 | # |
| 653 | # The keys to this map are file paths used as build source and the values |
| 654 | # contain the hash values for those files. |
| 655 | # |
| 656 | # If the build source came in a single package such as a gzipped tarfile |
| 657 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 658 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 659 | # messages to verify integrity of source input to the build. |
| 660 | "fileHash": [ # Collection of file hashes. |
| 661 | { # Container message for hash values. |
| 662 | "type": "A String", # The type of hash that was performed. |
| 663 | "value": "A String", # The hash value. |
| 664 | }, |
| 665 | ], |
| 666 | }, |
| 667 | }, |
| 668 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 669 | # location. |
| 670 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 671 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 672 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 673 | # Requirements] |
| 674 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 675 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 676 | }, |
| 677 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 678 | # these locations, in the case where the source repository had multiple |
| 679 | # remotes or submodules. This list will not include the context specified in |
| 680 | # the context field. |
| 681 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 682 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 683 | "labels": { # Labels with user defined metadata. |
| 684 | "a_key": "A String", |
| 685 | }, |
| 686 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 687 | # repository (e.g., GitHub). |
| 688 | "revisionId": "A String", # Required. Git commit hash. |
| 689 | "url": "A String", # Git repository URL. |
| 690 | }, |
| 691 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 692 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 693 | # "project/subproject" is a valid project name. The "repo name" is |
| 694 | # the hostURI/project. |
| 695 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 696 | "name": "A String", # The alias name. |
| 697 | "kind": "A String", # The alias kind. |
| 698 | }, |
| 699 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 700 | "revisionId": "A String", # A revision (commit) ID. |
| 701 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 702 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 703 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 704 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 705 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 706 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 707 | # winged-cargo-31) and a repo name within that project. |
| 708 | "projectId": "A String", # The ID of the project. |
| 709 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 710 | }, |
| 711 | }, |
| 712 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 713 | "name": "A String", # The alias name. |
| 714 | "kind": "A String", # The alias kind. |
| 715 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 716 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 717 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 718 | }, |
| 719 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 720 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 721 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 722 | "labels": { # Labels with user defined metadata. |
| 723 | "a_key": "A String", |
| 724 | }, |
| 725 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 726 | # repository (e.g., GitHub). |
| 727 | "revisionId": "A String", # Required. Git commit hash. |
| 728 | "url": "A String", # Git repository URL. |
| 729 | }, |
| 730 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 731 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 732 | # "project/subproject" is a valid project name. The "repo name" is |
| 733 | # the hostURI/project. |
| 734 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 735 | "name": "A String", # The alias name. |
| 736 | "kind": "A String", # The alias kind. |
| 737 | }, |
| 738 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 739 | "revisionId": "A String", # A revision (commit) ID. |
| 740 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 741 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 742 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 743 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 744 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 745 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 746 | # winged-cargo-31) and a repo name within that project. |
| 747 | "projectId": "A String", # The ID of the project. |
| 748 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 749 | }, |
| 750 | }, |
| 751 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 752 | "name": "A String", # The alias name. |
| 753 | "kind": "A String", # The alias kind. |
| 754 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 755 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 756 | }, |
| 757 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 758 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 759 | "projectId": "A String", # ID of the project. |
| 760 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 761 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 762 | # user's e-mail address at the time the build was initiated; this address may |
| 763 | # not represent the same end-user for all time. |
| 764 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 765 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 766 | "commands": [ # Commands requested by the build. |
| 767 | { # Command describes a step performed as part of the build pipeline. |
| 768 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 769 | # packaged as a Docker container, as presented to `docker pull`. |
| 770 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 771 | # this Command as a dependency. |
| 772 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 773 | # this Command. |
| 774 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 775 | "A String", |
| 776 | ], |
| 777 | "env": [ # Environment variables set before running this Command. |
| 778 | "A String", |
| 779 | ], |
| 780 | "args": [ # Command-line arguments used when executing this Command. |
| 781 | "A String", |
| 782 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 783 | }, |
| 784 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 785 | "builtArtifacts": [ # Output of the build. |
| 786 | { # Artifact describes a build product. |
| 787 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 788 | # like gcr.io/projectID/imagename@sha256:123456 |
| 789 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 790 | # the case of a container build, the name used to push the container image to |
| 791 | # Google Container Registry, as presented to `docker push`. Note that a |
| 792 | # single Artifact ID can have multiple names, for example if two tags are |
| 793 | # applied to one image. |
| 794 | "A String", |
| 795 | ], |
| 796 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 797 | # the case of a container build, the name used to push the container image to |
| 798 | # Google Container Registry, as presented to `docker push`. |
| 799 | # |
| 800 | # This field is deprecated in favor of the plural `names` field; it continues |
| 801 | # to exist here to allow existing BuildProvenance serialized to json in |
| 802 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 803 | # deserialize back into proto. |
| 804 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 805 | # container. |
| 806 | }, |
| 807 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 808 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 809 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 810 | # `BuildSignature` in the corresponding Result. After verifying the |
| 811 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 812 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 813 | # representation of the provenance bytes is used for the signature in order |
| 814 | # to interoperate with openssl which expects this format for signature |
| 815 | # verification. |
| 816 | # |
| 817 | # The serialized form is captured both to avoid ambiguity in how the |
| 818 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 819 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 820 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 821 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 822 | # specified. This field can be used as a filter in list requests. |
| 823 | "resource": { # # |
| 824 | # The resource for which the `Occurrence` applies. |
| 825 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 826 | "uri": "A String", # The unique URI of the resource. E.g., |
| 827 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 828 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 829 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 830 | "type": "A String", # The type of hash that was performed. |
| 831 | "value": "A String", # The hash value. |
| 832 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 833 | }, |
| 834 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 835 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 836 | # can be used as a filter in list requests. |
| 837 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 838 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 839 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 840 | # Attestation can be verified using the attached signature. If the verifier |
| 841 | # trusts the public key of the signer, then verifying the signature is |
| 842 | # sufficient to establish trust. In this circumstance, the |
| 843 | # AttestationAuthority to which this Attestation is attached is primarily |
| 844 | # useful for look-up (how to find this Attestation if you already know the |
| 845 | # Authority and artifact to be verified) and intent (which authority was this |
| 846 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 847 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 848 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 849 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 850 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 851 | # equivalent. Since this message only supports attached signatures, the |
| 852 | # payload that was signed must be attached. While the signature format |
| 853 | # supported is dependent on the verification implementation, currently only |
| 854 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 855 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 856 | # --output=signature.gpg payload.json` will create the signature content |
| 857 | # expected in this field in `signature.gpg` for the `payload.json` |
| 858 | # attestation payload. |
| 859 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 860 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 861 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 862 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 863 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 864 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 865 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 866 | # returned when calling --list-keys with --with-colons. For example: |
| 867 | # ``` |
| 868 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 869 | # --list-keys attester@example.com |
| 870 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 871 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 872 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 873 | # ``` |
| 874 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 875 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 876 | # The verifier must ensure that the provided type is one that the verifier |
| 877 | # supports, and that the attestation payload is a valid instantiation of that |
| 878 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 879 | }, |
| 880 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 881 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 882 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 883 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 884 | "location": [ # All of the places within the filesystem versions of this package |
| 885 | # have been found. |
| 886 | { # An occurrence of a particular package installation found within a |
| 887 | # system's filesystem. |
| 888 | # e.g. glibc was found in /var/lib/dpkg/status |
| 889 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 890 | # denoting the package manager version distributing a package. |
| 891 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 892 | # For a discussion of this in Debian/Ubuntu: |
| 893 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 894 | # For a discussion of this in Redhat/Fedora/Centos: |
| 895 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 896 | "name": "A String", # The main part of the version name. |
| 897 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 898 | # If kind is not NORMAL, then the other fields are ignored. |
| 899 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 900 | "revision": "A String", # The iteration of the package build from the above version. |
| 901 | }, |
| 902 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 903 | }, |
| 904 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 905 | }, |
| 906 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 907 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 908 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 909 | "package": "A String", # Required - The package this Upgrade is for. |
| 910 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 911 | # For a discussion of this in Debian/Ubuntu: |
| 912 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 913 | # For a discussion of this in Redhat/Fedora/Centos: |
| 914 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 915 | "name": "A String", # The main part of the version name. |
| 916 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 917 | # If kind is not NORMAL, then the other fields are ignored. |
| 918 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 919 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 920 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 921 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 922 | # for the resource_url. This allows efficient filtering, as well as |
| 923 | # making it easier to use the occurrence. |
| 924 | # operating system (CPE). Some distributions have additional metadata around |
| 925 | # updates, classifying them into various categories and severities. |
| 926 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 927 | # upstream operating system upgrade feed. |
| 928 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 929 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 930 | # https://cpe.mitre.org/specification/. |
| 931 | "cve": [ # The cve that would be resolved by this upgrade. |
| 932 | "A String", |
| 933 | ], |
| 934 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 935 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 936 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 937 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 938 | # This field is deprecated, do not use. |
| 939 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 940 | "response": { # The normal response of the operation in case of success. If the original |
| 941 | # method returns no data on success, such as `Delete`, the response is |
| 942 | # `google.protobuf.Empty`. If the original method is standard |
| 943 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 944 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 945 | # is the original method name. For example, if the original method name |
| 946 | # is `TakeSnapshot()`, the inferred response type is |
| 947 | # `TakeSnapshotResponse`. |
| 948 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 949 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 950 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 951 | # originally returns it. If you use the default HTTP mapping, the |
| 952 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 953 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 954 | # different programming environments, including REST APIs and RPC APIs. It is |
| 955 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 956 | # three pieces of data: error code, error message, and error details. |
| 957 | # |
| 958 | # You can find out more about this error model and how to work with it in the |
| 959 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 960 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 961 | # message types for APIs to use. |
| 962 | { |
| 963 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 964 | }, |
| 965 | ], |
| 966 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 967 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 968 | # user-facing error message should be localized and sent in the |
| 969 | # google.rpc.Status.details field, or localized by the client. |
| 970 | }, |
| 971 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 972 | # contains progress information and common metadata such as create time. |
| 973 | # Some services might not provide such metadata. Any method that returns a |
| 974 | # long-running operation should document the metadata type, if any. |
| 975 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 976 | }, |
| 977 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 978 | # If `true`, the operation is completed, and either `error` or `response` is |
| 979 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 980 | }, |
| 981 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 982 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 983 | "cpe": "A String", # The CPE of the resource being scanned. |
| 984 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 985 | # details to show to the user. The LocalizedMessage output only and |
| 986 | # populated by the API. |
| 987 | # different programming environments, including REST APIs and RPC APIs. It is |
| 988 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 989 | # three pieces of data: error code, error message, and error details. |
| 990 | # |
| 991 | # You can find out more about this error model and how to work with it in the |
| 992 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 993 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 994 | # message types for APIs to use. |
| 995 | { |
| 996 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 997 | }, |
| 998 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 999 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 1000 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 1001 | # user-facing error message should be localized and sent in the |
| 1002 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1003 | }, |
| 1004 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1005 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 1006 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 1007 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1008 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1009 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1010 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 1011 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 1012 | # deployable field with the same name. |
| 1013 | "A String", |
| 1014 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1015 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1016 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1017 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 1018 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1019 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1020 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1021 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 1022 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1023 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 1024 | # available and note provider assigned severity when distro has not yet |
| 1025 | # assigned a severity for this vulnerability. |
| 1026 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 1027 | # the associated resource. |
| 1028 | { # This message wraps a location affected by a vulnerability and its |
| 1029 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1030 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1031 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1032 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 1033 | # filter in list requests. |
| 1034 | # For a discussion of this in Debian/Ubuntu: |
| 1035 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1036 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1037 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1038 | "name": "A String", # The main part of the version name. |
| 1039 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1040 | # If kind is not NORMAL, then the other fields are ignored. |
| 1041 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1042 | "revision": "A String", # The iteration of the package build from the above version. |
| 1043 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1044 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 1045 | # format. Examples include distro or storage location for vulnerable jar. |
| 1046 | # This field can be used as a filter in list requests. |
| 1047 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1048 | }, |
| 1049 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1050 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 1051 | # filter in list requests. |
| 1052 | # For a discussion of this in Debian/Ubuntu: |
| 1053 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1054 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1055 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1056 | "name": "A String", # The main part of the version name. |
| 1057 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1058 | # If kind is not NORMAL, then the other fields are ignored. |
| 1059 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1060 | "revision": "A String", # The iteration of the package build from the above version. |
| 1061 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1062 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 1063 | # format. Examples include distro or storage location for vulnerable jar. |
| 1064 | # This field can be used as a filter in list requests. |
| 1065 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1066 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1067 | }, |
| 1068 | ], |
| 1069 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1070 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 1071 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 1072 | # severity. |
| 1073 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 1074 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1075 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1076 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 1077 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 1078 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 1079 | # in the associated note. |
| 1080 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 1081 | # with FROM <DockerImage.Basis in attached Note>. |
| 1082 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 1083 | # associated image basis. |
| 1084 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 1085 | # occurrence. |
| 1086 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 1087 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 1088 | "A String", |
| 1089 | ], |
| 1090 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 1091 | # representation. |
| 1092 | # This field can be used as a filter in list requests. |
| 1093 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 1094 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 1095 | # Only the name of the final blob is kept. |
| 1096 | # This field can be used as a filter in list requests. |
| 1097 | }, |
| 1098 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 1099 | # "distance" and is ordered with [distance] being the layer immediately |
| 1100 | # following the base image and [1] being the final layer. |
| 1101 | { # Layer holds metadata specific to a layer of a Docker image. |
| 1102 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 1103 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 1104 | }, |
| 1105 | ], |
| 1106 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1107 | }</pre> |
| 1108 | </div> |
| 1109 | |
| 1110 | <div class="method"> |
| 1111 | <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| 1112 | <pre>Deletes the given `Occurrence` from the system. Use this when |
| 1113 | an `Occurrence` is no longer applicable for the given resource. |
| 1114 | |
| 1115 | Args: |
| 1116 | name: string, The name of the occurrence in the form of |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1117 | "projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1118 | x__xgafv: string, V1 error format. |
| 1119 | Allowed values |
| 1120 | 1 - v1 error format |
| 1121 | 2 - v2 error format |
| 1122 | |
| 1123 | Returns: |
| 1124 | An object of the form: |
| 1125 | |
| 1126 | { # A generic empty message that you can re-use to avoid defining duplicated |
| 1127 | # empty messages in your APIs. A typical example is to use it as the request |
| 1128 | # or the response type of an API method. For instance: |
| 1129 | # |
| 1130 | # service Foo { |
| 1131 | # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); |
| 1132 | # } |
| 1133 | # |
| 1134 | # The JSON representation for `Empty` is empty JSON object `{}`. |
| 1135 | }</pre> |
| 1136 | </div> |
| 1137 | |
| 1138 | <div class="method"> |
| 1139 | <code class="details" id="get">get(name, x__xgafv=None)</code> |
| 1140 | <pre>Returns the requested `Occurrence`. |
| 1141 | |
| 1142 | Args: |
| 1143 | name: string, The name of the occurrence of the form |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1144 | "projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1145 | x__xgafv: string, V1 error format. |
| 1146 | Allowed values |
| 1147 | 1 - v1 error format |
| 1148 | 2 - v2 error format |
| 1149 | |
| 1150 | Returns: |
| 1151 | An object of the form: |
| 1152 | |
| 1153 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1154 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1155 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 1156 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1157 | "id": "A String", # Unique identifier of the build. |
| 1158 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 1159 | # build providers can enter any desired additional details. |
| 1160 | "a_key": "A String", |
| 1161 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1162 | "startTime": "A String", # Time at which execution of the build was started. |
| 1163 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1164 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1165 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 1166 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 1167 | # Repository. |
| 1168 | "projectId": "A String", # ID of the project that owns the repo. |
| 1169 | "repoName": "A String", # Name of the repo. |
| 1170 | "branchName": "A String", # Name of the branch to build. |
| 1171 | "tagName": "A String", # Name of the tag to build. |
| 1172 | "commitSha": "A String", # Explicit commit SHA to build. |
| 1173 | }, |
| 1174 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 1175 | # Storage. |
| 1176 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1177 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1178 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 1179 | # Requirements] |
| 1180 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 1181 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1182 | }, |
| 1183 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 1184 | # source integrity was maintained in the build. |
| 1185 | # |
| 1186 | # The keys to this map are file paths used as build source and the values |
| 1187 | # contain the hash values for those files. |
| 1188 | # |
| 1189 | # If the build source came in a single package such as a gzipped tarfile |
| 1190 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 1191 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 1192 | # messages to verify integrity of source input to the build. |
| 1193 | "fileHash": [ # Collection of file hashes. |
| 1194 | { # Container message for hash values. |
| 1195 | "type": "A String", # The type of hash that was performed. |
| 1196 | "value": "A String", # The hash value. |
| 1197 | }, |
| 1198 | ], |
| 1199 | }, |
| 1200 | }, |
| 1201 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 1202 | # location. |
| 1203 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1204 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1205 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 1206 | # Requirements] |
| 1207 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 1208 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1209 | }, |
| 1210 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 1211 | # these locations, in the case where the source repository had multiple |
| 1212 | # remotes or submodules. This list will not include the context specified in |
| 1213 | # the context field. |
| 1214 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 1215 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1216 | "labels": { # Labels with user defined metadata. |
| 1217 | "a_key": "A String", |
| 1218 | }, |
| 1219 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 1220 | # repository (e.g., GitHub). |
| 1221 | "revisionId": "A String", # Required. Git commit hash. |
| 1222 | "url": "A String", # Git repository URL. |
| 1223 | }, |
| 1224 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 1225 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 1226 | # "project/subproject" is a valid project name. The "repo name" is |
| 1227 | # the hostURI/project. |
| 1228 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 1229 | "name": "A String", # The alias name. |
| 1230 | "kind": "A String", # The alias kind. |
| 1231 | }, |
| 1232 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 1233 | "revisionId": "A String", # A revision (commit) ID. |
| 1234 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1235 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 1236 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1237 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 1238 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 1239 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 1240 | # winged-cargo-31) and a repo name within that project. |
| 1241 | "projectId": "A String", # The ID of the project. |
| 1242 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 1243 | }, |
| 1244 | }, |
| 1245 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 1246 | "name": "A String", # The alias name. |
| 1247 | "kind": "A String", # The alias kind. |
| 1248 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1249 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1250 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1251 | }, |
| 1252 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1253 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 1254 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1255 | "labels": { # Labels with user defined metadata. |
| 1256 | "a_key": "A String", |
| 1257 | }, |
| 1258 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 1259 | # repository (e.g., GitHub). |
| 1260 | "revisionId": "A String", # Required. Git commit hash. |
| 1261 | "url": "A String", # Git repository URL. |
| 1262 | }, |
| 1263 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 1264 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 1265 | # "project/subproject" is a valid project name. The "repo name" is |
| 1266 | # the hostURI/project. |
| 1267 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 1268 | "name": "A String", # The alias name. |
| 1269 | "kind": "A String", # The alias kind. |
| 1270 | }, |
| 1271 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 1272 | "revisionId": "A String", # A revision (commit) ID. |
| 1273 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1274 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 1275 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1276 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 1277 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 1278 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 1279 | # winged-cargo-31) and a repo name within that project. |
| 1280 | "projectId": "A String", # The ID of the project. |
| 1281 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 1282 | }, |
| 1283 | }, |
| 1284 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 1285 | "name": "A String", # The alias name. |
| 1286 | "kind": "A String", # The alias kind. |
| 1287 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1288 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1289 | }, |
| 1290 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1291 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1292 | "projectId": "A String", # ID of the project. |
| 1293 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 1294 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 1295 | # user's e-mail address at the time the build was initiated; this address may |
| 1296 | # not represent the same end-user for all time. |
| 1297 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 1298 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 1299 | "commands": [ # Commands requested by the build. |
| 1300 | { # Command describes a step performed as part of the build pipeline. |
| 1301 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 1302 | # packaged as a Docker container, as presented to `docker pull`. |
| 1303 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 1304 | # this Command as a dependency. |
| 1305 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 1306 | # this Command. |
| 1307 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 1308 | "A String", |
| 1309 | ], |
| 1310 | "env": [ # Environment variables set before running this Command. |
| 1311 | "A String", |
| 1312 | ], |
| 1313 | "args": [ # Command-line arguments used when executing this Command. |
| 1314 | "A String", |
| 1315 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1316 | }, |
| 1317 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1318 | "builtArtifacts": [ # Output of the build. |
| 1319 | { # Artifact describes a build product. |
| 1320 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 1321 | # like gcr.io/projectID/imagename@sha256:123456 |
| 1322 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 1323 | # the case of a container build, the name used to push the container image to |
| 1324 | # Google Container Registry, as presented to `docker push`. Note that a |
| 1325 | # single Artifact ID can have multiple names, for example if two tags are |
| 1326 | # applied to one image. |
| 1327 | "A String", |
| 1328 | ], |
| 1329 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 1330 | # the case of a container build, the name used to push the container image to |
| 1331 | # Google Container Registry, as presented to `docker push`. |
| 1332 | # |
| 1333 | # This field is deprecated in favor of the plural `names` field; it continues |
| 1334 | # to exist here to allow existing BuildProvenance serialized to json in |
| 1335 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 1336 | # deserialize back into proto. |
| 1337 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 1338 | # container. |
| 1339 | }, |
| 1340 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1341 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1342 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 1343 | # `BuildSignature` in the corresponding Result. After verifying the |
| 1344 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 1345 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 1346 | # representation of the provenance bytes is used for the signature in order |
| 1347 | # to interoperate with openssl which expects this format for signature |
| 1348 | # verification. |
| 1349 | # |
| 1350 | # The serialized form is captured both to avoid ambiguity in how the |
| 1351 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 1352 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1353 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1354 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 1355 | # specified. This field can be used as a filter in list requests. |
| 1356 | "resource": { # # |
| 1357 | # The resource for which the `Occurrence` applies. |
| 1358 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1359 | "uri": "A String", # The unique URI of the resource. E.g., |
| 1360 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1361 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 1362 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 1363 | "type": "A String", # The type of hash that was performed. |
| 1364 | "value": "A String", # The hash value. |
| 1365 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1366 | }, |
| 1367 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 1368 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 1369 | # can be used as a filter in list requests. |
| 1370 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 1371 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 1372 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1373 | # Attestation can be verified using the attached signature. If the verifier |
| 1374 | # trusts the public key of the signer, then verifying the signature is |
| 1375 | # sufficient to establish trust. In this circumstance, the |
| 1376 | # AttestationAuthority to which this Attestation is attached is primarily |
| 1377 | # useful for look-up (how to find this Attestation if you already know the |
| 1378 | # Authority and artifact to be verified) and intent (which authority was this |
| 1379 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1380 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1381 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 1382 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1383 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 1384 | # equivalent. Since this message only supports attached signatures, the |
| 1385 | # payload that was signed must be attached. While the signature format |
| 1386 | # supported is dependent on the verification implementation, currently only |
| 1387 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 1388 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 1389 | # --output=signature.gpg payload.json` will create the signature content |
| 1390 | # expected in this field in `signature.gpg` for the `payload.json` |
| 1391 | # attestation payload. |
| 1392 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1393 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 1394 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 1395 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1396 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1397 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 1398 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 1399 | # returned when calling --list-keys with --with-colons. For example: |
| 1400 | # ``` |
| 1401 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 1402 | # --list-keys attester@example.com |
| 1403 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1404 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1405 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 1406 | # ``` |
| 1407 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1408 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1409 | # The verifier must ensure that the provided type is one that the verifier |
| 1410 | # supports, and that the attestation payload is a valid instantiation of that |
| 1411 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1412 | }, |
| 1413 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1414 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 1415 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1416 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1417 | "location": [ # All of the places within the filesystem versions of this package |
| 1418 | # have been found. |
| 1419 | { # An occurrence of a particular package installation found within a |
| 1420 | # system's filesystem. |
| 1421 | # e.g. glibc was found in /var/lib/dpkg/status |
| 1422 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 1423 | # denoting the package manager version distributing a package. |
| 1424 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 1425 | # For a discussion of this in Debian/Ubuntu: |
| 1426 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1427 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1428 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1429 | "name": "A String", # The main part of the version name. |
| 1430 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1431 | # If kind is not NORMAL, then the other fields are ignored. |
| 1432 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1433 | "revision": "A String", # The iteration of the package build from the above version. |
| 1434 | }, |
| 1435 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1436 | }, |
| 1437 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1438 | }, |
| 1439 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 1440 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 1441 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1442 | "package": "A String", # Required - The package this Upgrade is for. |
| 1443 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 1444 | # For a discussion of this in Debian/Ubuntu: |
| 1445 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1446 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1447 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1448 | "name": "A String", # The main part of the version name. |
| 1449 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1450 | # If kind is not NORMAL, then the other fields are ignored. |
| 1451 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1452 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1453 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1454 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 1455 | # for the resource_url. This allows efficient filtering, as well as |
| 1456 | # making it easier to use the occurrence. |
| 1457 | # operating system (CPE). Some distributions have additional metadata around |
| 1458 | # updates, classifying them into various categories and severities. |
| 1459 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 1460 | # upstream operating system upgrade feed. |
| 1461 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 1462 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 1463 | # https://cpe.mitre.org/specification/. |
| 1464 | "cve": [ # The cve that would be resolved by this upgrade. |
| 1465 | "A String", |
| 1466 | ], |
| 1467 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1468 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1469 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 1470 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 1471 | # This field is deprecated, do not use. |
| 1472 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1473 | "response": { # The normal response of the operation in case of success. If the original |
| 1474 | # method returns no data on success, such as `Delete`, the response is |
| 1475 | # `google.protobuf.Empty`. If the original method is standard |
| 1476 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 1477 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 1478 | # is the original method name. For example, if the original method name |
| 1479 | # is `TakeSnapshot()`, the inferred response type is |
| 1480 | # `TakeSnapshotResponse`. |
| 1481 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1482 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1483 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 1484 | # originally returns it. If you use the default HTTP mapping, the |
| 1485 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 1486 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 1487 | # different programming environments, including REST APIs and RPC APIs. It is |
| 1488 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 1489 | # three pieces of data: error code, error message, and error details. |
| 1490 | # |
| 1491 | # You can find out more about this error model and how to work with it in the |
| 1492 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 1493 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 1494 | # message types for APIs to use. |
| 1495 | { |
| 1496 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1497 | }, |
| 1498 | ], |
| 1499 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 1500 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 1501 | # user-facing error message should be localized and sent in the |
| 1502 | # google.rpc.Status.details field, or localized by the client. |
| 1503 | }, |
| 1504 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 1505 | # contains progress information and common metadata such as create time. |
| 1506 | # Some services might not provide such metadata. Any method that returns a |
| 1507 | # long-running operation should document the metadata type, if any. |
| 1508 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1509 | }, |
| 1510 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 1511 | # If `true`, the operation is completed, and either `error` or `response` is |
| 1512 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1513 | }, |
| 1514 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 1515 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 1516 | "cpe": "A String", # The CPE of the resource being scanned. |
| 1517 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 1518 | # details to show to the user. The LocalizedMessage output only and |
| 1519 | # populated by the API. |
| 1520 | # different programming environments, including REST APIs and RPC APIs. It is |
| 1521 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 1522 | # three pieces of data: error code, error message, and error details. |
| 1523 | # |
| 1524 | # You can find out more about this error model and how to work with it in the |
| 1525 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1526 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 1527 | # message types for APIs to use. |
| 1528 | { |
| 1529 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1530 | }, |
| 1531 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1532 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 1533 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 1534 | # user-facing error message should be localized and sent in the |
| 1535 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1536 | }, |
| 1537 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1538 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 1539 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 1540 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1541 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1542 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1543 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 1544 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 1545 | # deployable field with the same name. |
| 1546 | "A String", |
| 1547 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1548 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1549 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1550 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 1551 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1552 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1553 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1554 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 1555 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1556 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 1557 | # available and note provider assigned severity when distro has not yet |
| 1558 | # assigned a severity for this vulnerability. |
| 1559 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 1560 | # the associated resource. |
| 1561 | { # This message wraps a location affected by a vulnerability and its |
| 1562 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1563 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1564 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1565 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 1566 | # filter in list requests. |
| 1567 | # For a discussion of this in Debian/Ubuntu: |
| 1568 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1569 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1570 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1571 | "name": "A String", # The main part of the version name. |
| 1572 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1573 | # If kind is not NORMAL, then the other fields are ignored. |
| 1574 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1575 | "revision": "A String", # The iteration of the package build from the above version. |
| 1576 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1577 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 1578 | # format. Examples include distro or storage location for vulnerable jar. |
| 1579 | # This field can be used as a filter in list requests. |
| 1580 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1581 | }, |
| 1582 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1583 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 1584 | # filter in list requests. |
| 1585 | # For a discussion of this in Debian/Ubuntu: |
| 1586 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 1587 | # For a discussion of this in Redhat/Fedora/Centos: |
| 1588 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 1589 | "name": "A String", # The main part of the version name. |
| 1590 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 1591 | # If kind is not NORMAL, then the other fields are ignored. |
| 1592 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 1593 | "revision": "A String", # The iteration of the package build from the above version. |
| 1594 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1595 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 1596 | # format. Examples include distro or storage location for vulnerable jar. |
| 1597 | # This field can be used as a filter in list requests. |
| 1598 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1599 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1600 | }, |
| 1601 | ], |
| 1602 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1603 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 1604 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 1605 | # severity. |
| 1606 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 1607 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1608 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1609 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 1610 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 1611 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 1612 | # in the associated note. |
| 1613 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 1614 | # with FROM <DockerImage.Basis in attached Note>. |
| 1615 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 1616 | # associated image basis. |
| 1617 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 1618 | # occurrence. |
| 1619 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 1620 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 1621 | "A String", |
| 1622 | ], |
| 1623 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 1624 | # representation. |
| 1625 | # This field can be used as a filter in list requests. |
| 1626 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 1627 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 1628 | # Only the name of the final blob is kept. |
| 1629 | # This field can be used as a filter in list requests. |
| 1630 | }, |
| 1631 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 1632 | # "distance" and is ordered with [distance] being the layer immediately |
| 1633 | # following the base image and [1] being the final layer. |
| 1634 | { # Layer holds metadata specific to a layer of a Docker image. |
| 1635 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 1636 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 1637 | }, |
| 1638 | ], |
| 1639 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1640 | }</pre> |
| 1641 | </div> |
| 1642 | |
| 1643 | <div class="method"> |
| 1644 | <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> |
| 1645 | <pre>Gets the access control policy for a note or an `Occurrence` resource. |
| 1646 | Requires `containeranalysis.notes.setIamPolicy` or |
| 1647 | `containeranalysis.occurrences.setIamPolicy` permission if the resource is |
| 1648 | a note or occurrence, respectively. |
| 1649 | Attempting to call this method on a resource without the required |
| 1650 | permission will result in a `PERMISSION_DENIED` error. Attempting to call |
| 1651 | this method on a non-existent resource will result in a `NOT_FOUND` error |
| 1652 | if the user has list permission on the project, or a `PERMISSION_DENIED` |
| 1653 | error otherwise. The resource takes the following formats: |
| 1654 | `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and |
| 1655 | projects/{PROJECT_ID}/notes/{NOTE_ID} for notes |
| 1656 | |
| 1657 | Args: |
| 1658 | resource: string, REQUIRED: The resource for which the policy is being requested. |
| 1659 | See the operation documentation for the appropriate value for this field. (required) |
| 1660 | body: object, The request body. |
| 1661 | The object takes the form of: |
| 1662 | |
| 1663 | { # Request message for `GetIamPolicy` method. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1664 | "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1665 | # `GetIamPolicy`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1666 | "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1667 | # |
| 1668 | # Valid values are 0, 1, and 3. Requests specifying an invalid value will be |
| 1669 | # rejected. |
| 1670 | # |
| 1671 | # Requests for policies with any conditional bindings must specify version 3. |
| 1672 | # Policies without any conditional bindings may specify any valid value or |
| 1673 | # leave the field unset. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1674 | # |
| 1675 | # To learn which resources support conditions in their IAM policies, see the |
| 1676 | # [IAM |
| 1677 | # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1678 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1679 | } |
| 1680 | |
| 1681 | x__xgafv: string, V1 error format. |
| 1682 | Allowed values |
| 1683 | 1 - v1 error format |
| 1684 | 2 - v2 error format |
| 1685 | |
| 1686 | Returns: |
| 1687 | An object of the form: |
| 1688 | |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1689 | { # An Identity and Access Management (IAM) policy, which specifies access |
| 1690 | # controls for Google Cloud resources. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1691 | # |
| 1692 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1693 | # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| 1694 | # `members` to a single `role`. Members can be user accounts, service accounts, |
| 1695 | # Google groups, and domains (such as G Suite). A `role` is a named list of |
| 1696 | # permissions; each `role` can be an IAM predefined role or a user-created |
| 1697 | # custom role. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1698 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1699 | # For some types of Google Cloud resources, a `binding` can also specify a |
| 1700 | # `condition`, which is a logical expression that allows access to a resource |
| 1701 | # only if the expression evaluates to `true`. A condition can add constraints |
| 1702 | # based on attributes of the request, the resource, or both. To learn which |
| 1703 | # resources support conditions in their IAM policies, see the |
| 1704 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1705 | # |
| 1706 | # **JSON example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1707 | # |
| 1708 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1709 | # "bindings": [ |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1710 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1711 | # "role": "roles/resourcemanager.organizationAdmin", |
| 1712 | # "members": [ |
| 1713 | # "user:mike@example.com", |
| 1714 | # "group:admins@example.com", |
| 1715 | # "domain:google.com", |
| 1716 | # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1717 | # ] |
| 1718 | # }, |
| 1719 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1720 | # "role": "roles/resourcemanager.organizationViewer", |
| 1721 | # "members": [ |
| 1722 | # "user:eve@example.com" |
| 1723 | # ], |
| 1724 | # "condition": { |
| 1725 | # "title": "expirable access", |
| 1726 | # "description": "Does not grant access after Sep 2020", |
| 1727 | # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1728 | # } |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1729 | # } |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1730 | # ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1731 | # "etag": "BwWWja0YfJA=", |
| 1732 | # "version": 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1733 | # } |
| 1734 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1735 | # **YAML example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1736 | # |
| 1737 | # bindings: |
| 1738 | # - members: |
| 1739 | # - user:mike@example.com |
| 1740 | # - group:admins@example.com |
| 1741 | # - domain:google.com |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1742 | # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| 1743 | # role: roles/resourcemanager.organizationAdmin |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1744 | # - members: |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1745 | # - user:eve@example.com |
| 1746 | # role: roles/resourcemanager.organizationViewer |
| 1747 | # condition: |
| 1748 | # title: expirable access |
| 1749 | # description: Does not grant access after Sep 2020 |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1750 | # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1751 | # - etag: BwWWja0YfJA= |
| 1752 | # - version: 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1753 | # |
| 1754 | # For a description of IAM and its features, see the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1755 | # [IAM documentation](https://cloud.google.com/iam/docs/). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1756 | "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| 1757 | # prevent simultaneous updates of a policy from overwriting each other. |
| 1758 | # It is strongly suggested that systems make use of the `etag` in the |
| 1759 | # read-modify-write cycle to perform policy updates in order to avoid race |
| 1760 | # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| 1761 | # systems are expected to put that etag in the request to `setIamPolicy` to |
| 1762 | # ensure that their change will be applied to the same version of the policy. |
| 1763 | # |
| 1764 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 1765 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 1766 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 1767 | # the conditions in the version `3` policy are lost. |
| 1768 | "version": 42, # Specifies the format of the policy. |
| 1769 | # |
| 1770 | # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| 1771 | # are rejected. |
| 1772 | # |
| 1773 | # Any operation that affects conditional role bindings must specify version |
| 1774 | # `3`. This requirement applies to the following operations: |
| 1775 | # |
| 1776 | # * Getting a policy that includes a conditional role binding |
| 1777 | # * Adding a conditional role binding to a policy |
| 1778 | # * Changing a conditional role binding in a policy |
| 1779 | # * Removing any role binding, with or without a condition, from a policy |
| 1780 | # that includes conditions |
| 1781 | # |
| 1782 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 1783 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 1784 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 1785 | # the conditions in the version `3` policy are lost. |
| 1786 | # |
| 1787 | # If a policy does not include any conditions, operations on that policy may |
| 1788 | # specify any valid version or leave the field unset. |
| 1789 | # |
| 1790 | # To learn which resources support conditions in their IAM policies, see the |
| 1791 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 1792 | "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1793 | # `condition` that determines how and when the `bindings` are applied. Each |
| 1794 | # of the `bindings` must contain at least one member. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1795 | { # Associates `members` with a `role`. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1796 | "role": "A String", # Role that is assigned to `members`. |
| 1797 | # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1798 | "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| 1799 | # |
| 1800 | # If the condition evaluates to `true`, then this binding applies to the |
| 1801 | # current request. |
| 1802 | # |
| 1803 | # If the condition evaluates to `false`, then this binding does not apply to |
| 1804 | # the current request. However, a different role binding might grant the same |
| 1805 | # role to one or more of the members in this binding. |
| 1806 | # |
| 1807 | # To learn which resources support conditions in their IAM policies, see the |
| 1808 | # [IAM |
| 1809 | # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 1810 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 1811 | # are documented at https://github.com/google/cel-spec. |
| 1812 | # |
| 1813 | # Example (Comparison): |
| 1814 | # |
| 1815 | # title: "Summary size limit" |
| 1816 | # description: "Determines if a summary is less than 100 chars" |
| 1817 | # expression: "document.summary.size() < 100" |
| 1818 | # |
| 1819 | # Example (Equality): |
| 1820 | # |
| 1821 | # title: "Requestor is owner" |
| 1822 | # description: "Determines if requestor is the document owner" |
| 1823 | # expression: "document.owner == request.auth.claims.email" |
| 1824 | # |
| 1825 | # Example (Logic): |
| 1826 | # |
| 1827 | # title: "Public documents" |
| 1828 | # description: "Determine whether the document should be publicly visible" |
| 1829 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 1830 | # |
| 1831 | # Example (Data Manipulation): |
| 1832 | # |
| 1833 | # title: "Notification string" |
| 1834 | # description: "Create a notification string with a timestamp." |
| 1835 | # expression: "'New message received at ' + string(document.create_time)" |
| 1836 | # |
| 1837 | # The exact variables and functions that may be referenced within an expression |
| 1838 | # are determined by the service that evaluates it. See the service |
| 1839 | # documentation for additional information. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1840 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 1841 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 1842 | # expression. |
| 1843 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 1844 | # reporting, e.g. a file name and a position in the file. |
| 1845 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 1846 | # describes the expression, e.g. when hovered over it in a UI. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1847 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 1848 | # syntax. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1849 | }, |
| 1850 | "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1851 | # `members` can have the following values: |
| 1852 | # |
| 1853 | # * `allUsers`: A special identifier that represents anyone who is |
| 1854 | # on the internet; with or without a Google account. |
| 1855 | # |
| 1856 | # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| 1857 | # who is authenticated with a Google account or a service account. |
| 1858 | # |
| 1859 | # * `user:{emailid}`: An email address that represents a specific Google |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1860 | # account. For example, `alice@example.com` . |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1861 | # |
| 1862 | # |
| 1863 | # * `serviceAccount:{emailid}`: An email address that represents a service |
| 1864 | # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| 1865 | # |
| 1866 | # * `group:{emailid}`: An email address that represents a Google group. |
| 1867 | # For example, `admins@example.com`. |
| 1868 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1869 | # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 1870 | # identifier) representing a user that has been recently deleted. For |
| 1871 | # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| 1872 | # recovered, this value reverts to `user:{emailid}` and the recovered user |
| 1873 | # retains the role in the binding. |
| 1874 | # |
| 1875 | # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| 1876 | # unique identifier) representing a service account that has been recently |
| 1877 | # deleted. For example, |
| 1878 | # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| 1879 | # If the service account is undeleted, this value reverts to |
| 1880 | # `serviceAccount:{emailid}` and the undeleted service account retains the |
| 1881 | # role in the binding. |
| 1882 | # |
| 1883 | # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 1884 | # identifier) representing a Google group that has been recently |
| 1885 | # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| 1886 | # the group is recovered, this value reverts to `group:{emailid}` and the |
| 1887 | # recovered group retains the role in the binding. |
| 1888 | # |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1889 | # |
| 1890 | # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| 1891 | # users of that domain. For example, `google.com` or `example.com`. |
| 1892 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1893 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1894 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1895 | }, |
| 1896 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1897 | }</pre> |
| 1898 | </div> |
| 1899 | |
| 1900 | <div class="method"> |
| 1901 | <code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code> |
| 1902 | <pre>Gets the `Note` attached to the given `Occurrence`. |
| 1903 | |
| 1904 | Args: |
| 1905 | name: string, The name of the occurrence in the form |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1906 | "projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1907 | x__xgafv: string, V1 error format. |
| 1908 | Allowed values |
| 1909 | 1 - v1 error format |
| 1910 | 2 - v2 error format |
| 1911 | |
| 1912 | Returns: |
| 1913 | An object of the form: |
| 1914 | |
| 1915 | { # Provides a detailed description of a `Note`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1916 | "relatedUrl": [ # URLs associated with this note |
| 1917 | { # Metadata for any related URL information |
| 1918 | "url": "A String", # Specific URL to associate with the note |
| 1919 | "label": "A String", # Label to describe usage of the URL |
| 1920 | }, |
| 1921 | ], |
| 1922 | "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. |
| 1923 | "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. |
| 1924 | # relationship. Linked occurrences are derived from this or an |
| 1925 | # equivalent image via: |
| 1926 | # FROM <Basis.resource_url> |
| 1927 | # Or an equivalent reference, e.g. a tag of the resource_url. |
| 1928 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. |
| 1929 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 1930 | "A String", |
| 1931 | ], |
| 1932 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 1933 | # representation. |
| 1934 | # This field can be used as a filter in list requests. |
| 1935 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 1936 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 1937 | # Only the name of the final blob is kept. |
| 1938 | # This field can be used as a filter in list requests. |
| 1939 | }, |
| 1940 | "resourceUrl": "A String", # The resource_url for the resource representing the basis of |
| 1941 | # associated occurrence images. |
| 1942 | }, |
| 1943 | "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This |
| 1944 | # field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1945 | "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1946 | # the provenance message in linked BuildDetails. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1947 | "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1948 | # `BuilderDetails`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1949 | "publicKey": "A String", # Public key of the builder which can be used to verify that the related |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1950 | # findings are valid and unchanged. If `key_type` is empty, this defaults |
| 1951 | # to PEM encoded public keys. |
| 1952 | # |
| 1953 | # This field may be empty if `key_id` references an external key. |
| 1954 | # |
| 1955 | # For Cloud Build based signatures, this is a PEM encoded public |
| 1956 | # key. To verify the Cloud Build signature, place the contents of |
| 1957 | # this field into a file (public.pem). The signature field is base64-decoded |
| 1958 | # into its binary representation in signature.bin, and the provenance bytes |
| 1959 | # from `BuildDetails` are base64-decoded into a binary representation in |
| 1960 | # signed.bin. OpenSSL can then verify the signature: |
| 1961 | # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1962 | "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key |
| 1963 | # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the |
| 1964 | # CN for a cert), or a reference to an external key (such as a reference to a |
| 1965 | # key in Cloud Key Management Service). |
| 1966 | "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in |
| 1967 | # `key_id` |
| 1968 | "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1969 | }, |
| 1970 | "builderVersion": "A String", # Version of the builder which produced this Note. |
| 1971 | }, |
| 1972 | "longDescription": "A String", # A detailed description of this `Note`. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 1973 | "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. |
| 1974 | "resourceUri": [ # Resource URI for the artifact being deployed. |
| 1975 | "A String", |
| 1976 | ], |
| 1977 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1978 | "shortDescription": "A String", # A one sentence description of this `Note`. |
| 1979 | "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. |
| 1980 | # example, an organization might have one `AttestationAuthority` for "QA" and |
| 1981 | # one for "build". This Note is intended to act strictly as a grouping |
| 1982 | # mechanism for the attached Occurrences (Attestations). This grouping |
| 1983 | # mechanism also provides a security boundary, since IAM ACLs gate the ability |
| 1984 | # for a principle to attach an Occurrence to a given Note. It also provides a |
| 1985 | # single point of lookup to find all attached Attestation Occurrences, even if |
| 1986 | # they don't all live in the same project. |
| 1987 | "hint": { # This submessage provides human-readable hints about the purpose of the |
| 1988 | # AttestationAuthority. Because the name of a Note acts as its resource |
| 1989 | # reference, it is important to disambiguate the canonical name of the Note |
| 1990 | # (which might be a UUID for security purposes) from "readable" names more |
| 1991 | # suitable for debug output. Note that these hints should NOT be used to |
| 1992 | # look up AttestationAuthorities in security sensitive contexts, such as when |
| 1993 | # looking up Attestations to verify. |
| 1994 | "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1995 | }, |
| 1996 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1997 | "name": "A String", # The name of the note in the form |
| 1998 | # "projects/{provider_project_id}/notes/{NOTE_ID}" |
| 1999 | "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2000 | "severity": "A String", # Note provider assigned impact of the vulnerability |
| 2001 | "details": [ # All information about the package to specifically identify this |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2002 | # vulnerability. One entry per (version range and cpe_uri) the |
| 2003 | # package vulnerability has manifested in. |
| 2004 | { # Identifies all occurrences of this vulnerability in the package for a |
| 2005 | # specific distro/location |
| 2006 | # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2007 | "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2008 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2009 | # filter in list requests. |
| 2010 | # For a discussion of this in Debian/Ubuntu: |
| 2011 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2012 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2013 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2014 | "name": "A String", # The main part of the version name. |
| 2015 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2016 | # If kind is not NORMAL, then the other fields are ignored. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2017 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2018 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2019 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2020 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 2021 | # format. Examples include distro or storage location for vulnerable jar. |
| 2022 | # This field can be used as a filter in list requests. |
| 2023 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2024 | }, |
| 2025 | "packageType": "A String", # The type of package; whether native or non native(ruby gems, |
| 2026 | # node.js packages etc) |
| 2027 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in |
| 2028 | # which the vulnerability manifests. Examples include distro or storage |
| 2029 | # location for vulnerable jar. |
| 2030 | # This field can be used as a filter in list requests. |
| 2031 | "description": "A String", # A vendor-specific description of this note. |
| 2032 | "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. |
| 2033 | # For a discussion of this in Debian/Ubuntu: |
| 2034 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2035 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2036 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2037 | "name": "A String", # The main part of the version name. |
| 2038 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2039 | # If kind is not NORMAL, then the other fields are ignored. |
| 2040 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2041 | "revision": "A String", # The iteration of the package build from the above version. |
| 2042 | }, |
| 2043 | "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. |
| 2044 | "package": "A String", # The name of the package where the vulnerability was found. |
| 2045 | # This field can be used as a filter in list requests. |
| 2046 | "maxAffectedVersion": { # Version contains structured information about the version of the package. # The max version of the package in which the vulnerability exists. |
| 2047 | # For a discussion of this in Debian/Ubuntu: |
| 2048 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2049 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2050 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2051 | "name": "A String", # The main part of the version name. |
| 2052 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2053 | # If kind is not NORMAL, then the other fields are ignored. |
| 2054 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2055 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2056 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2057 | "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to |
| 2058 | # obsolete details. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2059 | }, |
| 2060 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2061 | "cvssScore": 3.14, # The CVSS score for this Vulnerability. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2062 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2063 | "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given # A note describing an upgrade. |
| 2064 | # version. For each package version combination (i.e. bash 4.0, bash 4.1, |
| 2065 | # bash 4.1.2), there will be a Upgrade Note. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2066 | "version": { # Version contains structured information about the version of the package. # Required - The version of the package in machine + human readable form. |
| 2067 | # For a discussion of this in Debian/Ubuntu: |
| 2068 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2069 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2070 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2071 | "name": "A String", # The main part of the version name. |
| 2072 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2073 | # If kind is not NORMAL, then the other fields are ignored. |
| 2074 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2075 | "revision": "A String", # The iteration of the package build from the above version. |
| 2076 | }, |
| 2077 | "distributions": [ # Metadata about the upgrade for each specific operating system. |
| 2078 | { # The Upgrade Distribution represents metadata about the Upgrade for each |
| 2079 | # operating system (CPE). Some distributions have additional metadata around |
| 2080 | # updates, classifying them into various categories and severities. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2081 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 2082 | # upstream operating system upgrade feed. |
| 2083 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 2084 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 2085 | # https://cpe.mitre.org/specification/. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2086 | "cve": [ # The cve that would be resolved by this upgrade. |
| 2087 | "A String", |
| 2088 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2089 | }, |
| 2090 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2091 | "package": "A String", # Required - The package this Upgrade is for. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2092 | }, |
| 2093 | "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2094 | # various channels. |
| 2095 | # e.g. glibc (aka libc6) is distributed by many, at various versions. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2096 | "name": "A String", # The name of the package. |
| 2097 | "distribution": [ # The various channels by which a package is distributed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2098 | { # This represents a particular channel of distribution for a given package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2099 | # e.g. Debian's jessie-backports dpkg mirror |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2100 | "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2101 | # this distribution channel. |
| 2102 | # For a discussion of this in Debian/Ubuntu: |
| 2103 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2104 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2105 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2106 | "name": "A String", # The main part of the version name. |
| 2107 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2108 | # If kind is not NORMAL, then the other fields are ignored. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2109 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2110 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2111 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2112 | "description": "A String", # The distribution channel-specific description of this package. |
| 2113 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 2114 | # denoting the package manager version distributing a package. |
| 2115 | "url": "A String", # The distribution channel-specific homepage for this package. |
| 2116 | "architecture": "A String", # The CPU architecture for which packages in this distribution |
| 2117 | # channel were built |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2118 | "maintainer": "A String", # A freeform string denoting the maintainer of this package. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2119 | }, |
| 2120 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2121 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2122 | "createTime": "A String", # Output only. The time this note was created. This field can be used as a |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2123 | # filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2124 | "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. |
| 2125 | # exists in a provider's project. A `Discovery` occurrence is created in a |
| 2126 | # consumer's project at the start of analysis. The occurrence's operation will |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2127 | # indicate the status of the analysis. Absence of an occurrence linked to this |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2128 | # note for a resource indicates that analysis hasn't started. |
| 2129 | "analysisKind": "A String", # The kind of analysis that is handled by this discovery. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2130 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2131 | "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as |
| 2132 | # a filter in list requests. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2133 | }</pre> |
| 2134 | </div> |
| 2135 | |
| 2136 | <div class="method"> |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2137 | <code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2138 | <pre>Gets a summary of the number and severity of occurrences. |
| 2139 | |
| 2140 | Args: |
| 2141 | parent: string, This contains the project Id for example: projects/{project_id} (required) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2142 | filter: string, The filter expression. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2143 | x__xgafv: string, V1 error format. |
| 2144 | Allowed values |
| 2145 | 1 - v1 error format |
| 2146 | 2 - v2 error format |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2147 | |
| 2148 | Returns: |
| 2149 | An object of the form: |
| 2150 | |
| 2151 | { # A summary of how many vulnz occurrences there are per severity type. |
| 2152 | # counts by groups, or if we should have different summary messages |
| 2153 | # like this. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2154 | "counts": [ # A map of how many occurrences were found for each severity. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2155 | { # The number of occurrences created for a specific severity. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2156 | "severity": "A String", # The severity of the occurrences. |
| 2157 | "count": "A String", # The number of occurrences with the severity. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2158 | }, |
| 2159 | ], |
| 2160 | }</pre> |
| 2161 | </div> |
| 2162 | |
| 2163 | <div class="method"> |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2164 | <code class="details" id="list">list(parent, pageToken=None, kind=None, pageSize=None, name=None, filter=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2165 | <pre>Lists active `Occurrences` for a given project matching the filters. |
| 2166 | |
| 2167 | Args: |
| 2168 | parent: string, This contains the project Id for example: projects/{project_id}. (required) |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2169 | pageToken: string, Token to provide to skip to a particular spot in the list. |
| 2170 | kind: string, The kind of occurrences to filter on. |
| 2171 | pageSize: integer, Number of occurrences to return in the list. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2172 | name: string, The name field contains the project Id. For example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2173 | "projects/{project_id} |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2174 | @Deprecated |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2175 | filter: string, The filter expression. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2176 | x__xgafv: string, V1 error format. |
| 2177 | Allowed values |
| 2178 | 1 - v1 error format |
| 2179 | 2 - v2 error format |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2180 | |
| 2181 | Returns: |
| 2182 | An object of the form: |
| 2183 | |
| 2184 | { # Response including listed active occurrences. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2185 | "occurrences": [ # The occurrences requested. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2186 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2187 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2188 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 2189 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2190 | "id": "A String", # Unique identifier of the build. |
| 2191 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 2192 | # build providers can enter any desired additional details. |
| 2193 | "a_key": "A String", |
| 2194 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2195 | "startTime": "A String", # Time at which execution of the build was started. |
| 2196 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2197 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2198 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 2199 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 2200 | # Repository. |
| 2201 | "projectId": "A String", # ID of the project that owns the repo. |
| 2202 | "repoName": "A String", # Name of the repo. |
| 2203 | "branchName": "A String", # Name of the branch to build. |
| 2204 | "tagName": "A String", # Name of the tag to build. |
| 2205 | "commitSha": "A String", # Explicit commit SHA to build. |
| 2206 | }, |
| 2207 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 2208 | # Storage. |
| 2209 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2210 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2211 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 2212 | # Requirements] |
| 2213 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 2214 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2215 | }, |
| 2216 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 2217 | # source integrity was maintained in the build. |
| 2218 | # |
| 2219 | # The keys to this map are file paths used as build source and the values |
| 2220 | # contain the hash values for those files. |
| 2221 | # |
| 2222 | # If the build source came in a single package such as a gzipped tarfile |
| 2223 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 2224 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 2225 | # messages to verify integrity of source input to the build. |
| 2226 | "fileHash": [ # Collection of file hashes. |
| 2227 | { # Container message for hash values. |
| 2228 | "type": "A String", # The type of hash that was performed. |
| 2229 | "value": "A String", # The hash value. |
| 2230 | }, |
| 2231 | ], |
| 2232 | }, |
| 2233 | }, |
| 2234 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 2235 | # location. |
| 2236 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2237 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2238 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 2239 | # Requirements] |
| 2240 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 2241 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2242 | }, |
| 2243 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 2244 | # these locations, in the case where the source repository had multiple |
| 2245 | # remotes or submodules. This list will not include the context specified in |
| 2246 | # the context field. |
| 2247 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 2248 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2249 | "labels": { # Labels with user defined metadata. |
| 2250 | "a_key": "A String", |
| 2251 | }, |
| 2252 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 2253 | # repository (e.g., GitHub). |
| 2254 | "revisionId": "A String", # Required. Git commit hash. |
| 2255 | "url": "A String", # Git repository URL. |
| 2256 | }, |
| 2257 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 2258 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 2259 | # "project/subproject" is a valid project name. The "repo name" is |
| 2260 | # the hostURI/project. |
| 2261 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2262 | "name": "A String", # The alias name. |
| 2263 | "kind": "A String", # The alias kind. |
| 2264 | }, |
| 2265 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 2266 | "revisionId": "A String", # A revision (commit) ID. |
| 2267 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2268 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 2269 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2270 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 2271 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 2272 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 2273 | # winged-cargo-31) and a repo name within that project. |
| 2274 | "projectId": "A String", # The ID of the project. |
| 2275 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 2276 | }, |
| 2277 | }, |
| 2278 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2279 | "name": "A String", # The alias name. |
| 2280 | "kind": "A String", # The alias kind. |
| 2281 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2282 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2283 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2284 | }, |
| 2285 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2286 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 2287 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2288 | "labels": { # Labels with user defined metadata. |
| 2289 | "a_key": "A String", |
| 2290 | }, |
| 2291 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 2292 | # repository (e.g., GitHub). |
| 2293 | "revisionId": "A String", # Required. Git commit hash. |
| 2294 | "url": "A String", # Git repository URL. |
| 2295 | }, |
| 2296 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 2297 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 2298 | # "project/subproject" is a valid project name. The "repo name" is |
| 2299 | # the hostURI/project. |
| 2300 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2301 | "name": "A String", # The alias name. |
| 2302 | "kind": "A String", # The alias kind. |
| 2303 | }, |
| 2304 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 2305 | "revisionId": "A String", # A revision (commit) ID. |
| 2306 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2307 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 2308 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2309 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 2310 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 2311 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 2312 | # winged-cargo-31) and a repo name within that project. |
| 2313 | "projectId": "A String", # The ID of the project. |
| 2314 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 2315 | }, |
| 2316 | }, |
| 2317 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2318 | "name": "A String", # The alias name. |
| 2319 | "kind": "A String", # The alias kind. |
| 2320 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2321 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2322 | }, |
| 2323 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2324 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2325 | "projectId": "A String", # ID of the project. |
| 2326 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 2327 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 2328 | # user's e-mail address at the time the build was initiated; this address may |
| 2329 | # not represent the same end-user for all time. |
| 2330 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 2331 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 2332 | "commands": [ # Commands requested by the build. |
| 2333 | { # Command describes a step performed as part of the build pipeline. |
| 2334 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 2335 | # packaged as a Docker container, as presented to `docker pull`. |
| 2336 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 2337 | # this Command as a dependency. |
| 2338 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 2339 | # this Command. |
| 2340 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 2341 | "A String", |
| 2342 | ], |
| 2343 | "env": [ # Environment variables set before running this Command. |
| 2344 | "A String", |
| 2345 | ], |
| 2346 | "args": [ # Command-line arguments used when executing this Command. |
| 2347 | "A String", |
| 2348 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2349 | }, |
| 2350 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2351 | "builtArtifacts": [ # Output of the build. |
| 2352 | { # Artifact describes a build product. |
| 2353 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 2354 | # like gcr.io/projectID/imagename@sha256:123456 |
| 2355 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 2356 | # the case of a container build, the name used to push the container image to |
| 2357 | # Google Container Registry, as presented to `docker push`. Note that a |
| 2358 | # single Artifact ID can have multiple names, for example if two tags are |
| 2359 | # applied to one image. |
| 2360 | "A String", |
| 2361 | ], |
| 2362 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 2363 | # the case of a container build, the name used to push the container image to |
| 2364 | # Google Container Registry, as presented to `docker push`. |
| 2365 | # |
| 2366 | # This field is deprecated in favor of the plural `names` field; it continues |
| 2367 | # to exist here to allow existing BuildProvenance serialized to json in |
| 2368 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 2369 | # deserialize back into proto. |
| 2370 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 2371 | # container. |
| 2372 | }, |
| 2373 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2374 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2375 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 2376 | # `BuildSignature` in the corresponding Result. After verifying the |
| 2377 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 2378 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 2379 | # representation of the provenance bytes is used for the signature in order |
| 2380 | # to interoperate with openssl which expects this format for signature |
| 2381 | # verification. |
| 2382 | # |
| 2383 | # The serialized form is captured both to avoid ambiguity in how the |
| 2384 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 2385 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2386 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2387 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 2388 | # specified. This field can be used as a filter in list requests. |
| 2389 | "resource": { # # |
| 2390 | # The resource for which the `Occurrence` applies. |
| 2391 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2392 | "uri": "A String", # The unique URI of the resource. E.g., |
| 2393 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2394 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 2395 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 2396 | "type": "A String", # The type of hash that was performed. |
| 2397 | "value": "A String", # The hash value. |
| 2398 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2399 | }, |
| 2400 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 2401 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 2402 | # can be used as a filter in list requests. |
| 2403 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 2404 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 2405 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2406 | # Attestation can be verified using the attached signature. If the verifier |
| 2407 | # trusts the public key of the signer, then verifying the signature is |
| 2408 | # sufficient to establish trust. In this circumstance, the |
| 2409 | # AttestationAuthority to which this Attestation is attached is primarily |
| 2410 | # useful for look-up (how to find this Attestation if you already know the |
| 2411 | # Authority and artifact to be verified) and intent (which authority was this |
| 2412 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2413 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2414 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 2415 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2416 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 2417 | # equivalent. Since this message only supports attached signatures, the |
| 2418 | # payload that was signed must be attached. While the signature format |
| 2419 | # supported is dependent on the verification implementation, currently only |
| 2420 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 2421 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 2422 | # --output=signature.gpg payload.json` will create the signature content |
| 2423 | # expected in this field in `signature.gpg` for the `payload.json` |
| 2424 | # attestation payload. |
| 2425 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2426 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 2427 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 2428 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2429 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2430 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 2431 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 2432 | # returned when calling --list-keys with --with-colons. For example: |
| 2433 | # ``` |
| 2434 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 2435 | # --list-keys attester@example.com |
| 2436 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 2437 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2438 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 2439 | # ``` |
| 2440 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2441 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2442 | # The verifier must ensure that the provided type is one that the verifier |
| 2443 | # supports, and that the attestation payload is a valid instantiation of that |
| 2444 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2445 | }, |
| 2446 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2447 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 2448 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2449 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2450 | "location": [ # All of the places within the filesystem versions of this package |
| 2451 | # have been found. |
| 2452 | { # An occurrence of a particular package installation found within a |
| 2453 | # system's filesystem. |
| 2454 | # e.g. glibc was found in /var/lib/dpkg/status |
| 2455 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 2456 | # denoting the package manager version distributing a package. |
| 2457 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 2458 | # For a discussion of this in Debian/Ubuntu: |
| 2459 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2460 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2461 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2462 | "name": "A String", # The main part of the version name. |
| 2463 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2464 | # If kind is not NORMAL, then the other fields are ignored. |
| 2465 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2466 | "revision": "A String", # The iteration of the package build from the above version. |
| 2467 | }, |
| 2468 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2469 | }, |
| 2470 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2471 | }, |
| 2472 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 2473 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 2474 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2475 | "package": "A String", # Required - The package this Upgrade is for. |
| 2476 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 2477 | # For a discussion of this in Debian/Ubuntu: |
| 2478 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2479 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2480 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2481 | "name": "A String", # The main part of the version name. |
| 2482 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2483 | # If kind is not NORMAL, then the other fields are ignored. |
| 2484 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2485 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2486 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2487 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 2488 | # for the resource_url. This allows efficient filtering, as well as |
| 2489 | # making it easier to use the occurrence. |
| 2490 | # operating system (CPE). Some distributions have additional metadata around |
| 2491 | # updates, classifying them into various categories and severities. |
| 2492 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 2493 | # upstream operating system upgrade feed. |
| 2494 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 2495 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 2496 | # https://cpe.mitre.org/specification/. |
| 2497 | "cve": [ # The cve that would be resolved by this upgrade. |
| 2498 | "A String", |
| 2499 | ], |
| 2500 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2501 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2502 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 2503 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 2504 | # This field is deprecated, do not use. |
| 2505 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2506 | "response": { # The normal response of the operation in case of success. If the original |
| 2507 | # method returns no data on success, such as `Delete`, the response is |
| 2508 | # `google.protobuf.Empty`. If the original method is standard |
| 2509 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 2510 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 2511 | # is the original method name. For example, if the original method name |
| 2512 | # is `TakeSnapshot()`, the inferred response type is |
| 2513 | # `TakeSnapshotResponse`. |
| 2514 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 2515 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2516 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 2517 | # originally returns it. If you use the default HTTP mapping, the |
| 2518 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 2519 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 2520 | # different programming environments, including REST APIs and RPC APIs. It is |
| 2521 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 2522 | # three pieces of data: error code, error message, and error details. |
| 2523 | # |
| 2524 | # You can find out more about this error model and how to work with it in the |
| 2525 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 2526 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 2527 | # message types for APIs to use. |
| 2528 | { |
| 2529 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 2530 | }, |
| 2531 | ], |
| 2532 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 2533 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 2534 | # user-facing error message should be localized and sent in the |
| 2535 | # google.rpc.Status.details field, or localized by the client. |
| 2536 | }, |
| 2537 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 2538 | # contains progress information and common metadata such as create time. |
| 2539 | # Some services might not provide such metadata. Any method that returns a |
| 2540 | # long-running operation should document the metadata type, if any. |
| 2541 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 2542 | }, |
| 2543 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 2544 | # If `true`, the operation is completed, and either `error` or `response` is |
| 2545 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2546 | }, |
| 2547 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 2548 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 2549 | "cpe": "A String", # The CPE of the resource being scanned. |
| 2550 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 2551 | # details to show to the user. The LocalizedMessage output only and |
| 2552 | # populated by the API. |
| 2553 | # different programming environments, including REST APIs and RPC APIs. It is |
| 2554 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 2555 | # three pieces of data: error code, error message, and error details. |
| 2556 | # |
| 2557 | # You can find out more about this error model and how to work with it in the |
| 2558 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2559 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 2560 | # message types for APIs to use. |
| 2561 | { |
| 2562 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 2563 | }, |
| 2564 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2565 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 2566 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 2567 | # user-facing error message should be localized and sent in the |
| 2568 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2569 | }, |
| 2570 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2571 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 2572 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 2573 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2574 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2575 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2576 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 2577 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 2578 | # deployable field with the same name. |
| 2579 | "A String", |
| 2580 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2581 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2582 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2583 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 2584 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2585 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2586 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2587 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 2588 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2589 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 2590 | # available and note provider assigned severity when distro has not yet |
| 2591 | # assigned a severity for this vulnerability. |
| 2592 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 2593 | # the associated resource. |
| 2594 | { # This message wraps a location affected by a vulnerability and its |
| 2595 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2596 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2597 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2598 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 2599 | # filter in list requests. |
| 2600 | # For a discussion of this in Debian/Ubuntu: |
| 2601 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2602 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2603 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2604 | "name": "A String", # The main part of the version name. |
| 2605 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2606 | # If kind is not NORMAL, then the other fields are ignored. |
| 2607 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2608 | "revision": "A String", # The iteration of the package build from the above version. |
| 2609 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2610 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 2611 | # format. Examples include distro or storage location for vulnerable jar. |
| 2612 | # This field can be used as a filter in list requests. |
| 2613 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2614 | }, |
| 2615 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2616 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 2617 | # filter in list requests. |
| 2618 | # For a discussion of this in Debian/Ubuntu: |
| 2619 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2620 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2621 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2622 | "name": "A String", # The main part of the version name. |
| 2623 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2624 | # If kind is not NORMAL, then the other fields are ignored. |
| 2625 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2626 | "revision": "A String", # The iteration of the package build from the above version. |
| 2627 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2628 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 2629 | # format. Examples include distro or storage location for vulnerable jar. |
| 2630 | # This field can be used as a filter in list requests. |
| 2631 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2632 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2633 | }, |
| 2634 | ], |
| 2635 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2636 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 2637 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 2638 | # severity. |
| 2639 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 2640 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2641 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2642 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 2643 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 2644 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 2645 | # in the associated note. |
| 2646 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 2647 | # with FROM <DockerImage.Basis in attached Note>. |
| 2648 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 2649 | # associated image basis. |
| 2650 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 2651 | # occurrence. |
| 2652 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 2653 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 2654 | "A String", |
| 2655 | ], |
| 2656 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 2657 | # representation. |
| 2658 | # This field can be used as a filter in list requests. |
| 2659 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 2660 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 2661 | # Only the name of the final blob is kept. |
| 2662 | # This field can be used as a filter in list requests. |
| 2663 | }, |
| 2664 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 2665 | # "distance" and is ordered with [distance] being the layer immediately |
| 2666 | # following the base image and [1] being the final layer. |
| 2667 | { # Layer holds metadata specific to a layer of a Docker image. |
| 2668 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 2669 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 2670 | }, |
| 2671 | ], |
| 2672 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2673 | }, |
| 2674 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2675 | "nextPageToken": "A String", # The next pagination token in the list response. It should be used as |
| 2676 | # `page_token` for the following request. An empty value means no more |
| 2677 | # results. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2678 | }</pre> |
| 2679 | </div> |
| 2680 | |
| 2681 | <div class="method"> |
| 2682 | <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| 2683 | <pre>Retrieves the next page of results. |
| 2684 | |
| 2685 | Args: |
| 2686 | previous_request: The request for the previous page. (required) |
| 2687 | previous_response: The response from the request for the previous page. (required) |
| 2688 | |
| 2689 | Returns: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2690 | A request object that you can call 'execute()' on to request the next |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2691 | page. Returns None if there are no more items in the collection. |
| 2692 | </pre> |
| 2693 | </div> |
| 2694 | |
| 2695 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 2696 | <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2697 | <pre>Updates an existing occurrence. |
| 2698 | |
| 2699 | Args: |
| 2700 | name: string, The name of the occurrence. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2701 | Should be of the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}". (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 2702 | body: object, The request body. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2703 | The object takes the form of: |
| 2704 | |
| 2705 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2706 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2707 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 2708 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2709 | "id": "A String", # Unique identifier of the build. |
| 2710 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 2711 | # build providers can enter any desired additional details. |
| 2712 | "a_key": "A String", |
| 2713 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2714 | "startTime": "A String", # Time at which execution of the build was started. |
| 2715 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2716 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2717 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 2718 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 2719 | # Repository. |
| 2720 | "projectId": "A String", # ID of the project that owns the repo. |
| 2721 | "repoName": "A String", # Name of the repo. |
| 2722 | "branchName": "A String", # Name of the branch to build. |
| 2723 | "tagName": "A String", # Name of the tag to build. |
| 2724 | "commitSha": "A String", # Explicit commit SHA to build. |
| 2725 | }, |
| 2726 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 2727 | # Storage. |
| 2728 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2729 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2730 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 2731 | # Requirements] |
| 2732 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 2733 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2734 | }, |
| 2735 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 2736 | # source integrity was maintained in the build. |
| 2737 | # |
| 2738 | # The keys to this map are file paths used as build source and the values |
| 2739 | # contain the hash values for those files. |
| 2740 | # |
| 2741 | # If the build source came in a single package such as a gzipped tarfile |
| 2742 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 2743 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 2744 | # messages to verify integrity of source input to the build. |
| 2745 | "fileHash": [ # Collection of file hashes. |
| 2746 | { # Container message for hash values. |
| 2747 | "type": "A String", # The type of hash that was performed. |
| 2748 | "value": "A String", # The hash value. |
| 2749 | }, |
| 2750 | ], |
| 2751 | }, |
| 2752 | }, |
| 2753 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 2754 | # location. |
| 2755 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2756 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2757 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 2758 | # Requirements] |
| 2759 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 2760 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2761 | }, |
| 2762 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 2763 | # these locations, in the case where the source repository had multiple |
| 2764 | # remotes or submodules. This list will not include the context specified in |
| 2765 | # the context field. |
| 2766 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 2767 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2768 | "labels": { # Labels with user defined metadata. |
| 2769 | "a_key": "A String", |
| 2770 | }, |
| 2771 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 2772 | # repository (e.g., GitHub). |
| 2773 | "revisionId": "A String", # Required. Git commit hash. |
| 2774 | "url": "A String", # Git repository URL. |
| 2775 | }, |
| 2776 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 2777 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 2778 | # "project/subproject" is a valid project name. The "repo name" is |
| 2779 | # the hostURI/project. |
| 2780 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2781 | "name": "A String", # The alias name. |
| 2782 | "kind": "A String", # The alias kind. |
| 2783 | }, |
| 2784 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 2785 | "revisionId": "A String", # A revision (commit) ID. |
| 2786 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2787 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 2788 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2789 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 2790 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 2791 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 2792 | # winged-cargo-31) and a repo name within that project. |
| 2793 | "projectId": "A String", # The ID of the project. |
| 2794 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 2795 | }, |
| 2796 | }, |
| 2797 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2798 | "name": "A String", # The alias name. |
| 2799 | "kind": "A String", # The alias kind. |
| 2800 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2801 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2802 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2803 | }, |
| 2804 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2805 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 2806 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2807 | "labels": { # Labels with user defined metadata. |
| 2808 | "a_key": "A String", |
| 2809 | }, |
| 2810 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 2811 | # repository (e.g., GitHub). |
| 2812 | "revisionId": "A String", # Required. Git commit hash. |
| 2813 | "url": "A String", # Git repository URL. |
| 2814 | }, |
| 2815 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 2816 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 2817 | # "project/subproject" is a valid project name. The "repo name" is |
| 2818 | # the hostURI/project. |
| 2819 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2820 | "name": "A String", # The alias name. |
| 2821 | "kind": "A String", # The alias kind. |
| 2822 | }, |
| 2823 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 2824 | "revisionId": "A String", # A revision (commit) ID. |
| 2825 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2826 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 2827 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2828 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 2829 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 2830 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 2831 | # winged-cargo-31) and a repo name within that project. |
| 2832 | "projectId": "A String", # The ID of the project. |
| 2833 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 2834 | }, |
| 2835 | }, |
| 2836 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 2837 | "name": "A String", # The alias name. |
| 2838 | "kind": "A String", # The alias kind. |
| 2839 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2840 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2841 | }, |
| 2842 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2843 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2844 | "projectId": "A String", # ID of the project. |
| 2845 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 2846 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 2847 | # user's e-mail address at the time the build was initiated; this address may |
| 2848 | # not represent the same end-user for all time. |
| 2849 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 2850 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 2851 | "commands": [ # Commands requested by the build. |
| 2852 | { # Command describes a step performed as part of the build pipeline. |
| 2853 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 2854 | # packaged as a Docker container, as presented to `docker pull`. |
| 2855 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 2856 | # this Command as a dependency. |
| 2857 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 2858 | # this Command. |
| 2859 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 2860 | "A String", |
| 2861 | ], |
| 2862 | "env": [ # Environment variables set before running this Command. |
| 2863 | "A String", |
| 2864 | ], |
| 2865 | "args": [ # Command-line arguments used when executing this Command. |
| 2866 | "A String", |
| 2867 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2868 | }, |
| 2869 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2870 | "builtArtifacts": [ # Output of the build. |
| 2871 | { # Artifact describes a build product. |
| 2872 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 2873 | # like gcr.io/projectID/imagename@sha256:123456 |
| 2874 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 2875 | # the case of a container build, the name used to push the container image to |
| 2876 | # Google Container Registry, as presented to `docker push`. Note that a |
| 2877 | # single Artifact ID can have multiple names, for example if two tags are |
| 2878 | # applied to one image. |
| 2879 | "A String", |
| 2880 | ], |
| 2881 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 2882 | # the case of a container build, the name used to push the container image to |
| 2883 | # Google Container Registry, as presented to `docker push`. |
| 2884 | # |
| 2885 | # This field is deprecated in favor of the plural `names` field; it continues |
| 2886 | # to exist here to allow existing BuildProvenance serialized to json in |
| 2887 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 2888 | # deserialize back into proto. |
| 2889 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 2890 | # container. |
| 2891 | }, |
| 2892 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2893 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2894 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 2895 | # `BuildSignature` in the corresponding Result. After verifying the |
| 2896 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 2897 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 2898 | # representation of the provenance bytes is used for the signature in order |
| 2899 | # to interoperate with openssl which expects this format for signature |
| 2900 | # verification. |
| 2901 | # |
| 2902 | # The serialized form is captured both to avoid ambiguity in how the |
| 2903 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 2904 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2905 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2906 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 2907 | # specified. This field can be used as a filter in list requests. |
| 2908 | "resource": { # # |
| 2909 | # The resource for which the `Occurrence` applies. |
| 2910 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2911 | "uri": "A String", # The unique URI of the resource. E.g., |
| 2912 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2913 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 2914 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 2915 | "type": "A String", # The type of hash that was performed. |
| 2916 | "value": "A String", # The hash value. |
| 2917 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2918 | }, |
| 2919 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 2920 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 2921 | # can be used as a filter in list requests. |
| 2922 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 2923 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 2924 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2925 | # Attestation can be verified using the attached signature. If the verifier |
| 2926 | # trusts the public key of the signer, then verifying the signature is |
| 2927 | # sufficient to establish trust. In this circumstance, the |
| 2928 | # AttestationAuthority to which this Attestation is attached is primarily |
| 2929 | # useful for look-up (how to find this Attestation if you already know the |
| 2930 | # Authority and artifact to be verified) and intent (which authority was this |
| 2931 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2932 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2933 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 2934 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2935 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 2936 | # equivalent. Since this message only supports attached signatures, the |
| 2937 | # payload that was signed must be attached. While the signature format |
| 2938 | # supported is dependent on the verification implementation, currently only |
| 2939 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 2940 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 2941 | # --output=signature.gpg payload.json` will create the signature content |
| 2942 | # expected in this field in `signature.gpg` for the `payload.json` |
| 2943 | # attestation payload. |
| 2944 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2945 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 2946 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 2947 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2948 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2949 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 2950 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 2951 | # returned when calling --list-keys with --with-colons. For example: |
| 2952 | # ``` |
| 2953 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 2954 | # --list-keys attester@example.com |
| 2955 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 2956 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2957 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 2958 | # ``` |
| 2959 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2960 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2961 | # The verifier must ensure that the provided type is one that the verifier |
| 2962 | # supports, and that the attestation payload is a valid instantiation of that |
| 2963 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2964 | }, |
| 2965 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2966 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 2967 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 2968 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2969 | "location": [ # All of the places within the filesystem versions of this package |
| 2970 | # have been found. |
| 2971 | { # An occurrence of a particular package installation found within a |
| 2972 | # system's filesystem. |
| 2973 | # e.g. glibc was found in /var/lib/dpkg/status |
| 2974 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 2975 | # denoting the package manager version distributing a package. |
| 2976 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 2977 | # For a discussion of this in Debian/Ubuntu: |
| 2978 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2979 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2980 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 2981 | "name": "A String", # The main part of the version name. |
| 2982 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 2983 | # If kind is not NORMAL, then the other fields are ignored. |
| 2984 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 2985 | "revision": "A String", # The iteration of the package build from the above version. |
| 2986 | }, |
| 2987 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 2988 | }, |
| 2989 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2990 | }, |
| 2991 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 2992 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 2993 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2994 | "package": "A String", # Required - The package this Upgrade is for. |
| 2995 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 2996 | # For a discussion of this in Debian/Ubuntu: |
| 2997 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 2998 | # For a discussion of this in Redhat/Fedora/Centos: |
| 2999 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3000 | "name": "A String", # The main part of the version name. |
| 3001 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3002 | # If kind is not NORMAL, then the other fields are ignored. |
| 3003 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3004 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3005 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3006 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 3007 | # for the resource_url. This allows efficient filtering, as well as |
| 3008 | # making it easier to use the occurrence. |
| 3009 | # operating system (CPE). Some distributions have additional metadata around |
| 3010 | # updates, classifying them into various categories and severities. |
| 3011 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 3012 | # upstream operating system upgrade feed. |
| 3013 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 3014 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 3015 | # https://cpe.mitre.org/specification/. |
| 3016 | "cve": [ # The cve that would be resolved by this upgrade. |
| 3017 | "A String", |
| 3018 | ], |
| 3019 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3020 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3021 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 3022 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 3023 | # This field is deprecated, do not use. |
| 3024 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3025 | "response": { # The normal response of the operation in case of success. If the original |
| 3026 | # method returns no data on success, such as `Delete`, the response is |
| 3027 | # `google.protobuf.Empty`. If the original method is standard |
| 3028 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 3029 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 3030 | # is the original method name. For example, if the original method name |
| 3031 | # is `TakeSnapshot()`, the inferred response type is |
| 3032 | # `TakeSnapshotResponse`. |
| 3033 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3034 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3035 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 3036 | # originally returns it. If you use the default HTTP mapping, the |
| 3037 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 3038 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 3039 | # different programming environments, including REST APIs and RPC APIs. It is |
| 3040 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 3041 | # three pieces of data: error code, error message, and error details. |
| 3042 | # |
| 3043 | # You can find out more about this error model and how to work with it in the |
| 3044 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 3045 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 3046 | # message types for APIs to use. |
| 3047 | { |
| 3048 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3049 | }, |
| 3050 | ], |
| 3051 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 3052 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 3053 | # user-facing error message should be localized and sent in the |
| 3054 | # google.rpc.Status.details field, or localized by the client. |
| 3055 | }, |
| 3056 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 3057 | # contains progress information and common metadata such as create time. |
| 3058 | # Some services might not provide such metadata. Any method that returns a |
| 3059 | # long-running operation should document the metadata type, if any. |
| 3060 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3061 | }, |
| 3062 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 3063 | # If `true`, the operation is completed, and either `error` or `response` is |
| 3064 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3065 | }, |
| 3066 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 3067 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 3068 | "cpe": "A String", # The CPE of the resource being scanned. |
| 3069 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 3070 | # details to show to the user. The LocalizedMessage output only and |
| 3071 | # populated by the API. |
| 3072 | # different programming environments, including REST APIs and RPC APIs. It is |
| 3073 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 3074 | # three pieces of data: error code, error message, and error details. |
| 3075 | # |
| 3076 | # You can find out more about this error model and how to work with it in the |
| 3077 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3078 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 3079 | # message types for APIs to use. |
| 3080 | { |
| 3081 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3082 | }, |
| 3083 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3084 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 3085 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 3086 | # user-facing error message should be localized and sent in the |
| 3087 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3088 | }, |
| 3089 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3090 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 3091 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 3092 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3093 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3094 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3095 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 3096 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 3097 | # deployable field with the same name. |
| 3098 | "A String", |
| 3099 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3100 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3101 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3102 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 3103 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3104 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3105 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3106 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 3107 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3108 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 3109 | # available and note provider assigned severity when distro has not yet |
| 3110 | # assigned a severity for this vulnerability. |
| 3111 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 3112 | # the associated resource. |
| 3113 | { # This message wraps a location affected by a vulnerability and its |
| 3114 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3115 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3116 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3117 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 3118 | # filter in list requests. |
| 3119 | # For a discussion of this in Debian/Ubuntu: |
| 3120 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3121 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3122 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3123 | "name": "A String", # The main part of the version name. |
| 3124 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3125 | # If kind is not NORMAL, then the other fields are ignored. |
| 3126 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3127 | "revision": "A String", # The iteration of the package build from the above version. |
| 3128 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3129 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 3130 | # format. Examples include distro or storage location for vulnerable jar. |
| 3131 | # This field can be used as a filter in list requests. |
| 3132 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3133 | }, |
| 3134 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3135 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 3136 | # filter in list requests. |
| 3137 | # For a discussion of this in Debian/Ubuntu: |
| 3138 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3139 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3140 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3141 | "name": "A String", # The main part of the version name. |
| 3142 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3143 | # If kind is not NORMAL, then the other fields are ignored. |
| 3144 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3145 | "revision": "A String", # The iteration of the package build from the above version. |
| 3146 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3147 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 3148 | # format. Examples include distro or storage location for vulnerable jar. |
| 3149 | # This field can be used as a filter in list requests. |
| 3150 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3151 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3152 | }, |
| 3153 | ], |
| 3154 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3155 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 3156 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 3157 | # severity. |
| 3158 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 3159 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3160 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3161 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 3162 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 3163 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 3164 | # in the associated note. |
| 3165 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 3166 | # with FROM <DockerImage.Basis in attached Note>. |
| 3167 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 3168 | # associated image basis. |
| 3169 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 3170 | # occurrence. |
| 3171 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 3172 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 3173 | "A String", |
| 3174 | ], |
| 3175 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 3176 | # representation. |
| 3177 | # This field can be used as a filter in list requests. |
| 3178 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 3179 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 3180 | # Only the name of the final blob is kept. |
| 3181 | # This field can be used as a filter in list requests. |
| 3182 | }, |
| 3183 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 3184 | # "distance" and is ordered with [distance] being the layer immediately |
| 3185 | # following the base image and [1] being the final layer. |
| 3186 | { # Layer holds metadata specific to a layer of a Docker image. |
| 3187 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 3188 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 3189 | }, |
| 3190 | ], |
| 3191 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3192 | } |
| 3193 | |
| 3194 | updateMask: string, The fields to update. |
| 3195 | x__xgafv: string, V1 error format. |
| 3196 | Allowed values |
| 3197 | 1 - v1 error format |
| 3198 | 2 - v2 error format |
| 3199 | |
| 3200 | Returns: |
| 3201 | An object of the form: |
| 3202 | |
| 3203 | { # `Occurrence` includes information about analysis occurrences for an image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3204 | "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3205 | "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance |
| 3206 | # details about the build from source to completion. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3207 | "id": "A String", # Unique identifier of the build. |
| 3208 | "buildOptions": { # Special options applied to this build. This is a catch-all field where |
| 3209 | # build providers can enter any desired additional details. |
| 3210 | "a_key": "A String", |
| 3211 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3212 | "startTime": "A String", # Time at which execution of the build was started. |
| 3213 | "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3214 | "createTime": "A String", # Time at which the build was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3215 | "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. |
| 3216 | "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. |
| 3217 | # Repository. |
| 3218 | "projectId": "A String", # ID of the project that owns the repo. |
| 3219 | "repoName": "A String", # Name of the repo. |
| 3220 | "branchName": "A String", # Name of the branch to build. |
| 3221 | "tagName": "A String", # Name of the tag to build. |
| 3222 | "commitSha": "A String", # Explicit commit SHA to build. |
| 3223 | }, |
| 3224 | "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud |
| 3225 | # Storage. |
| 3226 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3227 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3228 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 3229 | # Requirements] |
| 3230 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 3231 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3232 | }, |
| 3233 | "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original |
| 3234 | # source integrity was maintained in the build. |
| 3235 | # |
| 3236 | # The keys to this map are file paths used as build source and the values |
| 3237 | # contain the hash values for those files. |
| 3238 | # |
| 3239 | # If the build source came in a single package such as a gzipped tarfile |
| 3240 | # (.tar.gz), the FileHash will be for the single path to that file. |
| 3241 | "a_key": { # Container message for hashes of byte content of files, used in Source |
| 3242 | # messages to verify integrity of source input to the build. |
| 3243 | "fileHash": [ # Collection of file hashes. |
| 3244 | { # Container message for hash values. |
| 3245 | "type": "A String", # The type of hash that was performed. |
| 3246 | "value": "A String", # The hash value. |
| 3247 | }, |
| 3248 | ], |
| 3249 | }, |
| 3250 | }, |
| 3251 | "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this |
| 3252 | # location. |
| 3253 | # Google Cloud Storage. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3254 | "generation": "A String", # Google Cloud Storage generation for the object. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3255 | "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name |
| 3256 | # Requirements] |
| 3257 | # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). |
| 3258 | "object": "A String", # Google Cloud Storage object containing source. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3259 | }, |
| 3260 | "additionalContexts": [ # If provided, some of the source code used for the build may be found in |
| 3261 | # these locations, in the case where the source repository had multiple |
| 3262 | # remotes or submodules. This list will not include the context specified in |
| 3263 | # the context field. |
| 3264 | { # A SourceContext is a reference to a tree of files. A SourceContext together |
| 3265 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3266 | "labels": { # Labels with user defined metadata. |
| 3267 | "a_key": "A String", |
| 3268 | }, |
| 3269 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 3270 | # repository (e.g., GitHub). |
| 3271 | "revisionId": "A String", # Required. Git commit hash. |
| 3272 | "url": "A String", # Git repository URL. |
| 3273 | }, |
| 3274 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 3275 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 3276 | # "project/subproject" is a valid project name. The "repo name" is |
| 3277 | # the hostURI/project. |
| 3278 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 3279 | "name": "A String", # The alias name. |
| 3280 | "kind": "A String", # The alias kind. |
| 3281 | }, |
| 3282 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 3283 | "revisionId": "A String", # A revision (commit) ID. |
| 3284 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3285 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 3286 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3287 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 3288 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 3289 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 3290 | # winged-cargo-31) and a repo name within that project. |
| 3291 | "projectId": "A String", # The ID of the project. |
| 3292 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 3293 | }, |
| 3294 | }, |
| 3295 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 3296 | "name": "A String", # The alias name. |
| 3297 | "kind": "A String", # The alias kind. |
| 3298 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3299 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3300 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3301 | }, |
| 3302 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3303 | "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. |
| 3304 | # with a path point to a unique revision of a single file or directory. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3305 | "labels": { # Labels with user defined metadata. |
| 3306 | "a_key": "A String", |
| 3307 | }, |
| 3308 | "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). |
| 3309 | # repository (e.g., GitHub). |
| 3310 | "revisionId": "A String", # Required. Git commit hash. |
| 3311 | "url": "A String", # Git repository URL. |
| 3312 | }, |
| 3313 | "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. |
| 3314 | "gerritProject": "A String", # The full project name within the host. Projects may be nested, so |
| 3315 | # "project/subproject" is a valid project name. The "repo name" is |
| 3316 | # the hostURI/project. |
| 3317 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 3318 | "name": "A String", # The alias name. |
| 3319 | "kind": "A String", # The alias kind. |
| 3320 | }, |
| 3321 | "hostUri": "A String", # The URI of a running Gerrit instance. |
| 3322 | "revisionId": "A String", # A revision (commit) ID. |
| 3323 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3324 | "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. |
| 3325 | # Source Repo. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3326 | "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. |
| 3327 | "uid": "A String", # A server-assigned, globally unique identifier. |
| 3328 | "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. |
| 3329 | # winged-cargo-31) and a repo name within that project. |
| 3330 | "projectId": "A String", # The ID of the project. |
| 3331 | "repoName": "A String", # The name of the repo. Leave empty for the default repo. |
| 3332 | }, |
| 3333 | }, |
| 3334 | "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. |
| 3335 | "name": "A String", # The alias name. |
| 3336 | "kind": "A String", # The alias kind. |
| 3337 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3338 | "revisionId": "A String", # A revision ID. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3339 | }, |
| 3340 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3341 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3342 | "projectId": "A String", # ID of the project. |
| 3343 | "finishTime": "A String", # Time at which execution of the build was finished. |
| 3344 | "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the |
| 3345 | # user's e-mail address at the time the build was initiated; this address may |
| 3346 | # not represent the same end-user for all time. |
| 3347 | "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. |
| 3348 | "builderVersion": "A String", # Version string of the builder at the time this build was executed. |
| 3349 | "commands": [ # Commands requested by the build. |
| 3350 | { # Command describes a step performed as part of the build pipeline. |
| 3351 | "name": "A String", # Name of the command, as presented on the command line, or if the command is |
| 3352 | # packaged as a Docker container, as presented to `docker pull`. |
| 3353 | "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference |
| 3354 | # this Command as a dependency. |
| 3355 | "dir": "A String", # Working directory (relative to project source root) used when running |
| 3356 | # this Command. |
| 3357 | "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. |
| 3358 | "A String", |
| 3359 | ], |
| 3360 | "env": [ # Environment variables set before running this Command. |
| 3361 | "A String", |
| 3362 | ], |
| 3363 | "args": [ # Command-line arguments used when executing this Command. |
| 3364 | "A String", |
| 3365 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3366 | }, |
| 3367 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3368 | "builtArtifacts": [ # Output of the build. |
| 3369 | { # Artifact describes a build product. |
| 3370 | "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest |
| 3371 | # like gcr.io/projectID/imagename@sha256:123456 |
| 3372 | "names": [ # Related artifact names. This may be the path to a binary or jar file, or in |
| 3373 | # the case of a container build, the name used to push the container image to |
| 3374 | # Google Container Registry, as presented to `docker push`. Note that a |
| 3375 | # single Artifact ID can have multiple names, for example if two tags are |
| 3376 | # applied to one image. |
| 3377 | "A String", |
| 3378 | ], |
| 3379 | "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in |
| 3380 | # the case of a container build, the name used to push the container image to |
| 3381 | # Google Container Registry, as presented to `docker push`. |
| 3382 | # |
| 3383 | # This field is deprecated in favor of the plural `names` field; it continues |
| 3384 | # to exist here to allow existing BuildProvenance serialized to json in |
| 3385 | # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to |
| 3386 | # deserialize back into proto. |
| 3387 | "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a |
| 3388 | # container. |
| 3389 | }, |
| 3390 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3391 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3392 | "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the |
| 3393 | # `BuildSignature` in the corresponding Result. After verifying the |
| 3394 | # signature, `provenance_bytes` can be unmarshalled and compared to the |
| 3395 | # provenance to confirm that it is unchanged. A base64-encoded string |
| 3396 | # representation of the provenance bytes is used for the signature in order |
| 3397 | # to interoperate with openssl which expects this format for signature |
| 3398 | # verification. |
| 3399 | # |
| 3400 | # The serialized form is captured both to avoid ambiguity in how the |
| 3401 | # provenance is marshalled to json as well to prevent incompatibilities with |
| 3402 | # future changes. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3403 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3404 | "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are |
| 3405 | # specified. This field can be used as a filter in list requests. |
| 3406 | "resource": { # # |
| 3407 | # The resource for which the `Occurrence` applies. |
| 3408 | # Resource is an entity that can have metadata. E.g., a Docker image. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3409 | "uri": "A String", # The unique URI of the resource. E.g., |
| 3410 | # "https://gcr.io/project/image@sha256:foo" for a Docker image. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3411 | "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". |
| 3412 | "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. |
| 3413 | "type": "A String", # The type of hash that was performed. |
| 3414 | "value": "A String", # The hash value. |
| 3415 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3416 | }, |
| 3417 | "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` |
| 3418 | # applies. For example, https://gcr.io/project/image@sha256:foo This field |
| 3419 | # can be used as a filter in list requests. |
| 3420 | "name": "A String", # Output only. The name of the `Occurrence` in the form |
| 3421 | # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" |
| 3422 | "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3423 | # Attestation can be verified using the attached signature. If the verifier |
| 3424 | # trusts the public key of the signer, then verifying the signature is |
| 3425 | # sufficient to establish trust. In this circumstance, the |
| 3426 | # AttestationAuthority to which this Attestation is attached is primarily |
| 3427 | # useful for look-up (how to find this Attestation if you already know the |
| 3428 | # Authority and artifact to be verified) and intent (which authority was this |
| 3429 | # attestation intended to sign for). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3430 | "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3431 | # This message only supports `ATTACHED` signatures, where the payload that is |
| 3432 | # signed is included alongside the signature itself in the same file. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3433 | "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or |
| 3434 | # equivalent. Since this message only supports attached signatures, the |
| 3435 | # payload that was signed must be attached. While the signature format |
| 3436 | # supported is dependent on the verification implementation, currently only |
| 3437 | # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than |
| 3438 | # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor |
| 3439 | # --output=signature.gpg payload.json` will create the signature content |
| 3440 | # expected in this field in `signature.gpg` for the `payload.json` |
| 3441 | # attestation payload. |
| 3442 | "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3443 | # as output by, e.g. `gpg --list-keys`. This should be the version 4, full |
| 3444 | # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See |
| 3445 | # https://tools.ietf.org/html/rfc4880#section-12.2 for details. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3446 | # Implementations may choose to acknowledge "LONG", "SHORT", or other |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3447 | # abbreviated key IDs, but only the full fingerprint is guaranteed to work. |
| 3448 | # In gpg, the full fingerprint can be retrieved from the `fpr` field |
| 3449 | # returned when calling --list-keys with --with-colons. For example: |
| 3450 | # ``` |
| 3451 | # gpg --with-colons --with-fingerprint --force-v4-certs \ |
| 3452 | # --list-keys attester@example.com |
| 3453 | # tru::1:1513631572:0:3:1:5 |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3454 | # pub:...<SNIP>... |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3455 | # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: |
| 3456 | # ``` |
| 3457 | # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3458 | "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3459 | # The verifier must ensure that the provided type is one that the verifier |
| 3460 | # supports, and that the attestation payload is a valid instantiation of that |
| 3461 | # type (for example by validating a JSON schema). |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3462 | }, |
| 3463 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3464 | "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. |
| 3465 | # a system. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3466 | "name": "A String", # Output only. The name of the installed package. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3467 | "location": [ # All of the places within the filesystem versions of this package |
| 3468 | # have been found. |
| 3469 | { # An occurrence of a particular package installation found within a |
| 3470 | # system's filesystem. |
| 3471 | # e.g. glibc was found in /var/lib/dpkg/status |
| 3472 | "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) |
| 3473 | # denoting the package manager version distributing a package. |
| 3474 | "version": { # Version contains structured information about the version of the package. # The version installed at this location. |
| 3475 | # For a discussion of this in Debian/Ubuntu: |
| 3476 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3477 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3478 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3479 | "name": "A String", # The main part of the version name. |
| 3480 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3481 | # If kind is not NORMAL, then the other fields are ignored. |
| 3482 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3483 | "revision": "A String", # The iteration of the package build from the above version. |
| 3484 | }, |
| 3485 | "path": "A String", # The path from which we gathered that this package/version is installed. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3486 | }, |
| 3487 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3488 | }, |
| 3489 | "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a # Describes an upgrade. |
| 3490 | # specific upgrade. This presence is supplied via local sources (i.e. it is |
| 3491 | # present in the mirror and the running system has noticed its availability). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3492 | "package": "A String", # Required - The package this Upgrade is for. |
| 3493 | "parsedVersion": { # Version contains structured information about the version of the package. # Required - The version of the package in a machine + human readable form. |
| 3494 | # For a discussion of this in Debian/Ubuntu: |
| 3495 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3496 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3497 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3498 | "name": "A String", # The main part of the version name. |
| 3499 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3500 | # If kind is not NORMAL, then the other fields are ignored. |
| 3501 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3502 | "revision": "A String", # The iteration of the package build from the above version. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3503 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3504 | "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each # Metadata about the upgrade for available for the specific operating system |
| 3505 | # for the resource_url. This allows efficient filtering, as well as |
| 3506 | # making it easier to use the occurrence. |
| 3507 | # operating system (CPE). Some distributions have additional metadata around |
| 3508 | # updates, classifying them into various categories and severities. |
| 3509 | "classification": "A String", # The operating system classification of this Upgrade, as specified by the |
| 3510 | # upstream operating system upgrade feed. |
| 3511 | "severity": "A String", # The severity as specified by the upstream operating system. |
| 3512 | "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See |
| 3513 | # https://cpe.mitre.org/specification/. |
| 3514 | "cve": [ # The cve that would be resolved by this upgrade. |
| 3515 | "A String", |
| 3516 | ], |
| 3517 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3518 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3519 | "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. |
| 3520 | "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. |
| 3521 | # This field is deprecated, do not use. |
| 3522 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3523 | "response": { # The normal response of the operation in case of success. If the original |
| 3524 | # method returns no data on success, such as `Delete`, the response is |
| 3525 | # `google.protobuf.Empty`. If the original method is standard |
| 3526 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 3527 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 3528 | # is the original method name. For example, if the original method name |
| 3529 | # is `TakeSnapshot()`, the inferred response type is |
| 3530 | # `TakeSnapshotResponse`. |
| 3531 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3532 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3533 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
| 3534 | # originally returns it. If you use the default HTTP mapping, the |
| 3535 | # `name` should be a resource name ending with `operations/{unique_id}`. |
| 3536 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 3537 | # different programming environments, including REST APIs and RPC APIs. It is |
| 3538 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 3539 | # three pieces of data: error code, error message, and error details. |
| 3540 | # |
| 3541 | # You can find out more about this error model and how to work with it in the |
| 3542 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 3543 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 3544 | # message types for APIs to use. |
| 3545 | { |
| 3546 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3547 | }, |
| 3548 | ], |
| 3549 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 3550 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 3551 | # user-facing error message should be localized and sent in the |
| 3552 | # google.rpc.Status.details field, or localized by the client. |
| 3553 | }, |
| 3554 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 3555 | # contains progress information and common metadata such as create time. |
| 3556 | # Some services might not provide such metadata. Any method that returns a |
| 3557 | # long-running operation should document the metadata type, if any. |
| 3558 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3559 | }, |
| 3560 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| 3561 | # If `true`, the operation is completed, and either `error` or `response` is |
| 3562 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3563 | }, |
| 3564 | "analysisStatus": "A String", # The status of discovery for the resource. |
| 3565 | "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. |
| 3566 | "cpe": "A String", # The CPE of the resource being scanned. |
| 3567 | "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under |
| 3568 | # details to show to the user. The LocalizedMessage output only and |
| 3569 | # populated by the API. |
| 3570 | # different programming environments, including REST APIs and RPC APIs. It is |
| 3571 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 3572 | # three pieces of data: error code, error message, and error details. |
| 3573 | # |
| 3574 | # You can find out more about this error model and how to work with it in the |
| 3575 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3576 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 3577 | # message types for APIs to use. |
| 3578 | { |
| 3579 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 3580 | }, |
| 3581 | ], |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3582 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 3583 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 3584 | # user-facing error message should be localized and sent in the |
| 3585 | # google.rpc.Status.details field, or localized by the client. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3586 | }, |
| 3587 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3588 | "noteName": "A String", # An analysis note associated with this image, in the form |
| 3589 | # "providers/{provider_id}/notes/{NOTE_ID}" |
| 3590 | # This field can be used as a filter in list requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3591 | "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3592 | "deployTime": "A String", # Beginning of the lifetime of this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3593 | "address": "A String", # Address of the runtime element hosting this deployment. |
| 3594 | "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the |
| 3595 | # deployable field with the same name. |
| 3596 | "A String", |
| 3597 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3598 | "config": "A String", # Configuration used to create this deployment. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3599 | "userEmail": "A String", # Identity of the user that triggered this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3600 | "undeployTime": "A String", # End of the lifetime of this deployment. |
| 3601 | "platform": "A String", # Platform hosting this deployment. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3602 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3603 | "createTime": "A String", # Output only. The time this `Occurrence` was created. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3604 | "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. |
| 3605 | # to fix it. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3606 | "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is |
| 3607 | # available and note provider assigned severity when distro has not yet |
| 3608 | # assigned a severity for this vulnerability. |
| 3609 | "packageIssue": [ # The set of affected locations and their fixes (if available) within |
| 3610 | # the associated resource. |
| 3611 | { # This message wraps a location affected by a vulnerability and its |
| 3612 | # associated fix (if one is available). |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3613 | "severityName": "A String", |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3614 | "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3615 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 3616 | # filter in list requests. |
| 3617 | # For a discussion of this in Debian/Ubuntu: |
| 3618 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3619 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3620 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3621 | "name": "A String", # The main part of the version name. |
| 3622 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3623 | # If kind is not NORMAL, then the other fields are ignored. |
| 3624 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3625 | "revision": "A String", # The iteration of the package build from the above version. |
| 3626 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3627 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 3628 | # format. Examples include distro or storage location for vulnerable jar. |
| 3629 | # This field can be used as a filter in list requests. |
| 3630 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3631 | }, |
| 3632 | "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3633 | "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a |
| 3634 | # filter in list requests. |
| 3635 | # For a discussion of this in Debian/Ubuntu: |
| 3636 | # http://serverfault.com/questions/604541/debian-packages-version-convention |
| 3637 | # For a discussion of this in Redhat/Fedora/Centos: |
| 3638 | # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ |
| 3639 | "name": "A String", # The main part of the version name. |
| 3640 | "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. |
| 3641 | # If kind is not NORMAL, then the other fields are ignored. |
| 3642 | "epoch": 42, # Used to correct mistakes in the version numbering scheme. |
| 3643 | "revision": "A String", # The iteration of the package build from the above version. |
| 3644 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3645 | "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) |
| 3646 | # format. Examples include distro or storage location for vulnerable jar. |
| 3647 | # This field can be used as a filter in list requests. |
| 3648 | "package": "A String", # The package being described. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3649 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3650 | }, |
| 3651 | ], |
| 3652 | "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3653 | "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a |
| 3654 | # scale of 0-10 where 0 indicates low severity and 10 indicates high |
| 3655 | # severity. |
| 3656 | "type": "A String", # The type of package; whether native or non native(ruby gems, |
| 3657 | # node.js packages etc) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3658 | }, |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3659 | "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. |
| 3660 | "remediation": "A String", # A description of actions that can be taken to remedy the `Note` |
| 3661 | "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis |
| 3662 | # in the associated note. |
| 3663 | # DockerImage relationship. This image would be produced from a Dockerfile |
| 3664 | # with FROM <DockerImage.Basis in attached Note>. |
| 3665 | "distance": 42, # Output only. The number of layers by which this image differs from the |
| 3666 | # associated image basis. |
| 3667 | "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image |
| 3668 | # occurrence. |
| 3669 | "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. |
| 3670 | "v2Blob": [ # The ordered list of v2 blobs that represent a given image. |
| 3671 | "A String", |
| 3672 | ], |
| 3673 | "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 |
| 3674 | # representation. |
| 3675 | # This field can be used as a filter in list requests. |
| 3676 | "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: |
| 3677 | # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) |
| 3678 | # Only the name of the final blob is kept. |
| 3679 | # This field can be used as a filter in list requests. |
| 3680 | }, |
| 3681 | "layerInfo": [ # This contains layer-specific metadata, if populated it has length |
| 3682 | # "distance" and is ordered with [distance] being the layer immediately |
| 3683 | # following the base image and [1] being the final layer. |
| 3684 | { # Layer holds metadata specific to a layer of a Docker image. |
| 3685 | "directive": "A String", # The recovered Dockerfile directive used to construct this layer. |
| 3686 | "arguments": "A String", # The recovered arguments to the Dockerfile directive. |
| 3687 | }, |
| 3688 | ], |
| 3689 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3690 | }</pre> |
| 3691 | </div> |
| 3692 | |
| 3693 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3694 | <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3695 | <pre>Sets the access control policy on the specified `Note` or `Occurrence`. |
| 3696 | Requires `containeranalysis.notes.setIamPolicy` or |
| 3697 | `containeranalysis.occurrences.setIamPolicy` permission if the resource is |
| 3698 | a `Note` or an `Occurrence`, respectively. |
| 3699 | Attempting to call this method without these permissions will result in a ` |
| 3700 | `PERMISSION_DENIED` error. |
| 3701 | Attempting to call this method on a non-existent resource will result in a |
| 3702 | `NOT_FOUND` error if the user has `containeranalysis.notes.list` permission |
| 3703 | on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or |
| 3704 | a `PERMISSION_DENIED` error otherwise. The resource takes the following |
| 3705 | formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences |
| 3706 | and projects/{projectid}/notes/{noteid} for notes |
| 3707 | |
| 3708 | Args: |
| 3709 | resource: string, REQUIRED: The resource for which the policy is being specified. |
| 3710 | See the operation documentation for the appropriate value for this field. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3711 | body: object, The request body. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3712 | The object takes the form of: |
| 3713 | |
| 3714 | { # Request message for `SetIamPolicy` method. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3715 | "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3716 | # the policy is limited to a few 10s of KB. An empty policy is a |
| 3717 | # valid policy but certain Cloud Platform services (such as Projects) |
| 3718 | # might reject them. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3719 | # controls for Google Cloud resources. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3720 | # |
| 3721 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3722 | # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| 3723 | # `members` to a single `role`. Members can be user accounts, service accounts, |
| 3724 | # Google groups, and domains (such as G Suite). A `role` is a named list of |
| 3725 | # permissions; each `role` can be an IAM predefined role or a user-created |
| 3726 | # custom role. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3727 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3728 | # For some types of Google Cloud resources, a `binding` can also specify a |
| 3729 | # `condition`, which is a logical expression that allows access to a resource |
| 3730 | # only if the expression evaluates to `true`. A condition can add constraints |
| 3731 | # based on attributes of the request, the resource, or both. To learn which |
| 3732 | # resources support conditions in their IAM policies, see the |
| 3733 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3734 | # |
| 3735 | # **JSON example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3736 | # |
| 3737 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3738 | # "bindings": [ |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3739 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3740 | # "role": "roles/resourcemanager.organizationAdmin", |
| 3741 | # "members": [ |
| 3742 | # "user:mike@example.com", |
| 3743 | # "group:admins@example.com", |
| 3744 | # "domain:google.com", |
| 3745 | # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3746 | # ] |
| 3747 | # }, |
| 3748 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3749 | # "role": "roles/resourcemanager.organizationViewer", |
| 3750 | # "members": [ |
| 3751 | # "user:eve@example.com" |
| 3752 | # ], |
| 3753 | # "condition": { |
| 3754 | # "title": "expirable access", |
| 3755 | # "description": "Does not grant access after Sep 2020", |
| 3756 | # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3757 | # } |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3758 | # } |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3759 | # ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3760 | # "etag": "BwWWja0YfJA=", |
| 3761 | # "version": 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3762 | # } |
| 3763 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3764 | # **YAML example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3765 | # |
| 3766 | # bindings: |
| 3767 | # - members: |
| 3768 | # - user:mike@example.com |
| 3769 | # - group:admins@example.com |
| 3770 | # - domain:google.com |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3771 | # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| 3772 | # role: roles/resourcemanager.organizationAdmin |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3773 | # - members: |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3774 | # - user:eve@example.com |
| 3775 | # role: roles/resourcemanager.organizationViewer |
| 3776 | # condition: |
| 3777 | # title: expirable access |
| 3778 | # description: Does not grant access after Sep 2020 |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3779 | # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3780 | # - etag: BwWWja0YfJA= |
| 3781 | # - version: 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3782 | # |
| 3783 | # For a description of IAM and its features, see the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3784 | # [IAM documentation](https://cloud.google.com/iam/docs/). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3785 | "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| 3786 | # prevent simultaneous updates of a policy from overwriting each other. |
| 3787 | # It is strongly suggested that systems make use of the `etag` in the |
| 3788 | # read-modify-write cycle to perform policy updates in order to avoid race |
| 3789 | # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| 3790 | # systems are expected to put that etag in the request to `setIamPolicy` to |
| 3791 | # ensure that their change will be applied to the same version of the policy. |
| 3792 | # |
| 3793 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 3794 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 3795 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 3796 | # the conditions in the version `3` policy are lost. |
| 3797 | "version": 42, # Specifies the format of the policy. |
| 3798 | # |
| 3799 | # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| 3800 | # are rejected. |
| 3801 | # |
| 3802 | # Any operation that affects conditional role bindings must specify version |
| 3803 | # `3`. This requirement applies to the following operations: |
| 3804 | # |
| 3805 | # * Getting a policy that includes a conditional role binding |
| 3806 | # * Adding a conditional role binding to a policy |
| 3807 | # * Changing a conditional role binding in a policy |
| 3808 | # * Removing any role binding, with or without a condition, from a policy |
| 3809 | # that includes conditions |
| 3810 | # |
| 3811 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 3812 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 3813 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 3814 | # the conditions in the version `3` policy are lost. |
| 3815 | # |
| 3816 | # If a policy does not include any conditions, operations on that policy may |
| 3817 | # specify any valid version or leave the field unset. |
| 3818 | # |
| 3819 | # To learn which resources support conditions in their IAM policies, see the |
| 3820 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 3821 | "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3822 | # `condition` that determines how and when the `bindings` are applied. Each |
| 3823 | # of the `bindings` must contain at least one member. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3824 | { # Associates `members` with a `role`. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3825 | "role": "A String", # Role that is assigned to `members`. |
| 3826 | # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3827 | "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| 3828 | # |
| 3829 | # If the condition evaluates to `true`, then this binding applies to the |
| 3830 | # current request. |
| 3831 | # |
| 3832 | # If the condition evaluates to `false`, then this binding does not apply to |
| 3833 | # the current request. However, a different role binding might grant the same |
| 3834 | # role to one or more of the members in this binding. |
| 3835 | # |
| 3836 | # To learn which resources support conditions in their IAM policies, see the |
| 3837 | # [IAM |
| 3838 | # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 3839 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 3840 | # are documented at https://github.com/google/cel-spec. |
| 3841 | # |
| 3842 | # Example (Comparison): |
| 3843 | # |
| 3844 | # title: "Summary size limit" |
| 3845 | # description: "Determines if a summary is less than 100 chars" |
| 3846 | # expression: "document.summary.size() < 100" |
| 3847 | # |
| 3848 | # Example (Equality): |
| 3849 | # |
| 3850 | # title: "Requestor is owner" |
| 3851 | # description: "Determines if requestor is the document owner" |
| 3852 | # expression: "document.owner == request.auth.claims.email" |
| 3853 | # |
| 3854 | # Example (Logic): |
| 3855 | # |
| 3856 | # title: "Public documents" |
| 3857 | # description: "Determine whether the document should be publicly visible" |
| 3858 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 3859 | # |
| 3860 | # Example (Data Manipulation): |
| 3861 | # |
| 3862 | # title: "Notification string" |
| 3863 | # description: "Create a notification string with a timestamp." |
| 3864 | # expression: "'New message received at ' + string(document.create_time)" |
| 3865 | # |
| 3866 | # The exact variables and functions that may be referenced within an expression |
| 3867 | # are determined by the service that evaluates it. See the service |
| 3868 | # documentation for additional information. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3869 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 3870 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 3871 | # expression. |
| 3872 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 3873 | # reporting, e.g. a file name and a position in the file. |
| 3874 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 3875 | # describes the expression, e.g. when hovered over it in a UI. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 3876 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 3877 | # syntax. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3878 | }, |
| 3879 | "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3880 | # `members` can have the following values: |
| 3881 | # |
| 3882 | # * `allUsers`: A special identifier that represents anyone who is |
| 3883 | # on the internet; with or without a Google account. |
| 3884 | # |
| 3885 | # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| 3886 | # who is authenticated with a Google account or a service account. |
| 3887 | # |
| 3888 | # * `user:{emailid}`: An email address that represents a specific Google |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3889 | # account. For example, `alice@example.com` . |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3890 | # |
| 3891 | # |
| 3892 | # * `serviceAccount:{emailid}`: An email address that represents a service |
| 3893 | # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| 3894 | # |
| 3895 | # * `group:{emailid}`: An email address that represents a Google group. |
| 3896 | # For example, `admins@example.com`. |
| 3897 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3898 | # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 3899 | # identifier) representing a user that has been recently deleted. For |
| 3900 | # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| 3901 | # recovered, this value reverts to `user:{emailid}` and the recovered user |
| 3902 | # retains the role in the binding. |
| 3903 | # |
| 3904 | # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| 3905 | # unique identifier) representing a service account that has been recently |
| 3906 | # deleted. For example, |
| 3907 | # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| 3908 | # If the service account is undeleted, this value reverts to |
| 3909 | # `serviceAccount:{emailid}` and the undeleted service account retains the |
| 3910 | # role in the binding. |
| 3911 | # |
| 3912 | # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 3913 | # identifier) representing a Google group that has been recently |
| 3914 | # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| 3915 | # the group is recovered, this value reverts to `group:{emailid}` and the |
| 3916 | # recovered group retains the role in the binding. |
| 3917 | # |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3918 | # |
| 3919 | # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| 3920 | # users of that domain. For example, `google.com` or `example.com`. |
| 3921 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3922 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3923 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3924 | }, |
| 3925 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3926 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3927 | } |
| 3928 | |
| 3929 | x__xgafv: string, V1 error format. |
| 3930 | Allowed values |
| 3931 | 1 - v1 error format |
| 3932 | 2 - v2 error format |
| 3933 | |
| 3934 | Returns: |
| 3935 | An object of the form: |
| 3936 | |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3937 | { # An Identity and Access Management (IAM) policy, which specifies access |
| 3938 | # controls for Google Cloud resources. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3939 | # |
| 3940 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3941 | # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| 3942 | # `members` to a single `role`. Members can be user accounts, service accounts, |
| 3943 | # Google groups, and domains (such as G Suite). A `role` is a named list of |
| 3944 | # permissions; each `role` can be an IAM predefined role or a user-created |
| 3945 | # custom role. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3946 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3947 | # For some types of Google Cloud resources, a `binding` can also specify a |
| 3948 | # `condition`, which is a logical expression that allows access to a resource |
| 3949 | # only if the expression evaluates to `true`. A condition can add constraints |
| 3950 | # based on attributes of the request, the resource, or both. To learn which |
| 3951 | # resources support conditions in their IAM policies, see the |
| 3952 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3953 | # |
| 3954 | # **JSON example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3955 | # |
| 3956 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3957 | # "bindings": [ |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3958 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3959 | # "role": "roles/resourcemanager.organizationAdmin", |
| 3960 | # "members": [ |
| 3961 | # "user:mike@example.com", |
| 3962 | # "group:admins@example.com", |
| 3963 | # "domain:google.com", |
| 3964 | # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3965 | # ] |
| 3966 | # }, |
| 3967 | # { |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3968 | # "role": "roles/resourcemanager.organizationViewer", |
| 3969 | # "members": [ |
| 3970 | # "user:eve@example.com" |
| 3971 | # ], |
| 3972 | # "condition": { |
| 3973 | # "title": "expirable access", |
| 3974 | # "description": "Does not grant access after Sep 2020", |
| 3975 | # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3976 | # } |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3977 | # } |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3978 | # ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3979 | # "etag": "BwWWja0YfJA=", |
| 3980 | # "version": 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3981 | # } |
| 3982 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3983 | # **YAML example:** |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3984 | # |
| 3985 | # bindings: |
| 3986 | # - members: |
| 3987 | # - user:mike@example.com |
| 3988 | # - group:admins@example.com |
| 3989 | # - domain:google.com |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3990 | # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| 3991 | # role: roles/resourcemanager.organizationAdmin |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 3992 | # - members: |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3993 | # - user:eve@example.com |
| 3994 | # role: roles/resourcemanager.organizationViewer |
| 3995 | # condition: |
| 3996 | # title: expirable access |
| 3997 | # description: Does not grant access after Sep 2020 |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3998 | # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 3999 | # - etag: BwWWja0YfJA= |
| 4000 | # - version: 3 |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4001 | # |
| 4002 | # For a description of IAM and its features, see the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4003 | # [IAM documentation](https://cloud.google.com/iam/docs/). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4004 | "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| 4005 | # prevent simultaneous updates of a policy from overwriting each other. |
| 4006 | # It is strongly suggested that systems make use of the `etag` in the |
| 4007 | # read-modify-write cycle to perform policy updates in order to avoid race |
| 4008 | # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| 4009 | # systems are expected to put that etag in the request to `setIamPolicy` to |
| 4010 | # ensure that their change will be applied to the same version of the policy. |
| 4011 | # |
| 4012 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 4013 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 4014 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 4015 | # the conditions in the version `3` policy are lost. |
| 4016 | "version": 42, # Specifies the format of the policy. |
| 4017 | # |
| 4018 | # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| 4019 | # are rejected. |
| 4020 | # |
| 4021 | # Any operation that affects conditional role bindings must specify version |
| 4022 | # `3`. This requirement applies to the following operations: |
| 4023 | # |
| 4024 | # * Getting a policy that includes a conditional role binding |
| 4025 | # * Adding a conditional role binding to a policy |
| 4026 | # * Changing a conditional role binding in a policy |
| 4027 | # * Removing any role binding, with or without a condition, from a policy |
| 4028 | # that includes conditions |
| 4029 | # |
| 4030 | # **Important:** If you use IAM Conditions, you must include the `etag` field |
| 4031 | # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| 4032 | # you to overwrite a version `3` policy with a version `1` policy, and all of |
| 4033 | # the conditions in the version `3` policy are lost. |
| 4034 | # |
| 4035 | # If a policy does not include any conditions, operations on that policy may |
| 4036 | # specify any valid version or leave the field unset. |
| 4037 | # |
| 4038 | # To learn which resources support conditions in their IAM policies, see the |
| 4039 | # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 4040 | "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4041 | # `condition` that determines how and when the `bindings` are applied. Each |
| 4042 | # of the `bindings` must contain at least one member. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4043 | { # Associates `members` with a `role`. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 4044 | "role": "A String", # Role that is assigned to `members`. |
| 4045 | # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4046 | "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| 4047 | # |
| 4048 | # If the condition evaluates to `true`, then this binding applies to the |
| 4049 | # current request. |
| 4050 | # |
| 4051 | # If the condition evaluates to `false`, then this binding does not apply to |
| 4052 | # the current request. However, a different role binding might grant the same |
| 4053 | # role to one or more of the members in this binding. |
| 4054 | # |
| 4055 | # To learn which resources support conditions in their IAM policies, see the |
| 4056 | # [IAM |
| 4057 | # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| 4058 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 4059 | # are documented at https://github.com/google/cel-spec. |
| 4060 | # |
| 4061 | # Example (Comparison): |
| 4062 | # |
| 4063 | # title: "Summary size limit" |
| 4064 | # description: "Determines if a summary is less than 100 chars" |
| 4065 | # expression: "document.summary.size() < 100" |
| 4066 | # |
| 4067 | # Example (Equality): |
| 4068 | # |
| 4069 | # title: "Requestor is owner" |
| 4070 | # description: "Determines if requestor is the document owner" |
| 4071 | # expression: "document.owner == request.auth.claims.email" |
| 4072 | # |
| 4073 | # Example (Logic): |
| 4074 | # |
| 4075 | # title: "Public documents" |
| 4076 | # description: "Determine whether the document should be publicly visible" |
| 4077 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 4078 | # |
| 4079 | # Example (Data Manipulation): |
| 4080 | # |
| 4081 | # title: "Notification string" |
| 4082 | # description: "Create a notification string with a timestamp." |
| 4083 | # expression: "'New message received at ' + string(document.create_time)" |
| 4084 | # |
| 4085 | # The exact variables and functions that may be referenced within an expression |
| 4086 | # are determined by the service that evaluates it. See the service |
| 4087 | # documentation for additional information. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4088 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 4089 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 4090 | # expression. |
| 4091 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 4092 | # reporting, e.g. a file name and a position in the file. |
| 4093 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 4094 | # describes the expression, e.g. when hovered over it in a UI. |
Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame^] | 4095 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 4096 | # syntax. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4097 | }, |
| 4098 | "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4099 | # `members` can have the following values: |
| 4100 | # |
| 4101 | # * `allUsers`: A special identifier that represents anyone who is |
| 4102 | # on the internet; with or without a Google account. |
| 4103 | # |
| 4104 | # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| 4105 | # who is authenticated with a Google account or a service account. |
| 4106 | # |
| 4107 | # * `user:{emailid}`: An email address that represents a specific Google |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4108 | # account. For example, `alice@example.com` . |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4109 | # |
| 4110 | # |
| 4111 | # * `serviceAccount:{emailid}`: An email address that represents a service |
| 4112 | # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| 4113 | # |
| 4114 | # * `group:{emailid}`: An email address that represents a Google group. |
| 4115 | # For example, `admins@example.com`. |
| 4116 | # |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4117 | # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 4118 | # identifier) representing a user that has been recently deleted. For |
| 4119 | # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| 4120 | # recovered, this value reverts to `user:{emailid}` and the recovered user |
| 4121 | # retains the role in the binding. |
| 4122 | # |
| 4123 | # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| 4124 | # unique identifier) representing a service account that has been recently |
| 4125 | # deleted. For example, |
| 4126 | # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| 4127 | # If the service account is undeleted, this value reverts to |
| 4128 | # `serviceAccount:{emailid}` and the undeleted service account retains the |
| 4129 | # role in the binding. |
| 4130 | # |
| 4131 | # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| 4132 | # identifier) representing a Google group that has been recently |
| 4133 | # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| 4134 | # the group is recovered, this value reverts to `group:{emailid}` and the |
| 4135 | # recovered group retains the role in the binding. |
| 4136 | # |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4137 | # |
| 4138 | # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| 4139 | # users of that domain. For example, `google.com` or `example.com`. |
| 4140 | # |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4141 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4142 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4143 | }, |
| 4144 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4145 | }</pre> |
| 4146 | </div> |
| 4147 | |
| 4148 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4149 | <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4150 | <pre>Returns the permissions that a caller has on the specified note or |
| 4151 | occurrence resource. Requires list permission on the project (for example, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4152 | "storage.objects.list" on the containing bucket for testing permission of |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4153 | an object). Attempting to call this method on a non-existent resource will |
| 4154 | result in a `NOT_FOUND` error if the user has list permission on the |
| 4155 | project, or a `PERMISSION_DENIED` error otherwise. The resource takes the |
| 4156 | following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for |
| 4157 | `Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes` |
| 4158 | |
| 4159 | Args: |
| 4160 | resource: string, REQUIRED: The resource for which the policy detail is being requested. |
| 4161 | See the operation documentation for the appropriate value for this field. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 4162 | body: object, The request body. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4163 | The object takes the form of: |
| 4164 | |
| 4165 | { # Request message for `TestIamPermissions` method. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4166 | "permissions": [ # The set of permissions to check for the `resource`. Permissions with |
| 4167 | # wildcards (such as '*' or 'storage.*') are not allowed. For more |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4168 | # information see |
| 4169 | # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4170 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4171 | ], |
| 4172 | } |
| 4173 | |
| 4174 | x__xgafv: string, V1 error format. |
| 4175 | Allowed values |
| 4176 | 1 - v1 error format |
| 4177 | 2 - v2 error format |
| 4178 | |
| 4179 | Returns: |
| 4180 | An object of the form: |
| 4181 | |
| 4182 | { # Response message for `TestIamPermissions` method. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4183 | "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4184 | # allowed. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4185 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 4186 | ], |
| 4187 | }</pre> |
| 4188 | </div> |
| 4189 | |
| 4190 | </body></html> |