Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 715bd7f9ca9a324a05ee05a6476af383e54930f9 / . / docs / dyn / containeranalysis_v1alpha1.projects.occurrences.html
blob: 83d56d3bb5c8512bde41f39646263b07e7e9fc64 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.projects.html">projects</a> . <a href="containeranalysis_v1alpha1.projects.occurrences.html">occurrences</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#create">create(parent, body, name=None, x__xgafv=None)</a></code></p>
79<p class="firstline">Creates a new `Occurrence`. Use this method to create `Occurrences`</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes the given `Occurrence` from the system. Use this when</p>
83<p class="toc_element">
84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns the requested `Occurrence`.</p>
86<p class="toc_element">
87 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
88<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p>
89<p class="toc_element">
90 <code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p>
91<p class="firstline">Gets the `Note` attached to the given `Occurrence`.</p>
92<p class="toc_element">
93 <code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, x__xgafv=None, filter=None)</a></code></p>
94<p class="firstline">Gets a summary of the number and severity of occurrences.</p>
95<p class="toc_element">
96 <code><a href="#list">list(parent, kind=None, name=None, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</a></code></p>
97<p class="firstline">Lists active `Occurrences` for a given project matching the filters.</p>
98<p class="toc_element">
99 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
100<p class="firstline">Retrieves the next page of results.</p>
101<p class="toc_element">
102 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
103<p class="firstline">Updates an existing occurrence.</p>
104<p class="toc_element">
105 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
106<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p>
107<p class="toc_element">
108 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
109<p class="firstline">Returns the permissions that a caller has on the specified note or</p>
110<h3>Method Details</h3>
111<div class="method">
112 <code class="details" id="create">create(parent, body, name=None, x__xgafv=None)</code>
113 <pre>Creates a new `Occurrence`. Use this method to create `Occurrences`
114for a resource.
115
116Args:
117 parent: string, This field contains the project Id for example: "projects/{project_id}" (required)
118 body: object, The request body. (required)
119 The object takes the form of:
120
121{ # `Occurrence` includes information about analysis occurrences for an image.
122 "resource": { # #
123 # The resource for which the `Occurrence` applies.
124 # Resource is an entity that can have metadata. E.g., a Docker image.
125 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
126 "type": "A String", # The type of hash that was performed.
127 "value": "A String", # The hash value.
128 },
129 "uri": "A String", # The unique URI of the resource. E.g.,
130 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
131 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
132 },
133 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
134 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
135 # a system.
136 "location": [ # All of the places within the filesystem versions of this package
137 # have been found.
138 { # An occurrence of a particular package installation found within a
139 # system's filesystem.
140 # e.g. glibc was found in /var/lib/dpkg/status
141 "path": "A String", # The path from which we gathered that this package/version is installed.
142 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
143 # denoting the package manager version distributing a package.
144 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
145 # For a discussion of this in Debian/Ubuntu:
146 # http://serverfault.com/questions/604541/debian-packages-version-convention
147 # For a discussion of this in Redhat/Fedora/Centos:
148 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
149 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
150 # If kind is not NORMAL, then the other fields are ignored.
151 "revision": "A String", # The iteration of the package build from the above version.
152 "name": "A String", # The main part of the version name.
153 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
154 },
155 },
156 ],
157 "name": "A String", # Output only. The name of the installed package.
158 },
159 "name": "A String", # Output only. The name of the `Occurrence` in the form
160 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
161 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
162 # specified. This field can be used as a filter in list requests.
163 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
164 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
165 # details about the build from source to completion.
166 "finishTime": "A String", # Time at which execution of the build was finished.
167 "commands": [ # Commands requested by the build.
168 { # Command describes a step performed as part of the build pipeline.
169 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
170 "A String",
171 ],
172 "name": "A String", # Name of the command, as presented on the command line, or if the command is
173 # packaged as a Docker container, as presented to `docker pull`.
174 "args": [ # Command-line arguments used when executing this Command.
175 "A String",
176 ],
177 "env": [ # Environment variables set before running this Command.
178 "A String",
179 ],
180 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
181 # this Command as a dependency.
182 "dir": "A String", # Working directory (relative to project source root) used when running
183 # this Command.
184 },
185 ],
186 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
187 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
188 # location.
189 # Google Cloud Storage.
190 "generation": "A String", # Google Cloud Storage generation for the object.
191 "object": "A String", # Google Cloud Storage object containing source.
192 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
193 # Requirements]
194 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
195 },
196 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
197 # Repository.
198 "projectId": "A String", # ID of the project that owns the repo.
199 "branchName": "A String", # Name of the branch to build.
200 "repoName": "A String", # Name of the repo.
201 "tagName": "A String", # Name of the tag to build.
202 "commitSha": "A String", # Explicit commit SHA to build.
203 },
204 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
205 # source integrity was maintained in the build.
206 #
207 # The keys to this map are file paths used as build source and the values
208 # contain the hash values for those files.
209 #
210 # If the build source came in a single package such as a gzipped tarfile
211 # (.tar.gz), the FileHash will be for the single path to that file.
212 "a_key": { # Container message for hashes of byte content of files, used in Source
213 # messages to verify integrity of source input to the build.
214 "fileHash": [ # Collection of file hashes.
215 { # Container message for hash values.
216 "type": "A String", # The type of hash that was performed.
217 "value": "A String", # The hash value.
218 },
219 ],
220 },
221 },
222 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
223 # these locations, in the case where the source repository had multiple
224 # remotes or submodules. This list will not include the context specified in
225 # the context field.
226 { # A SourceContext is a reference to a tree of files. A SourceContext together
227 # with a path point to a unique revision of a single file or directory.
228 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
229 # repository (e.g., GitHub).
230 "url": "A String", # Git repository URL.
231 "revisionId": "A String", # Required.
232 # Git commit hash.
233 },
234 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
235 # Source Repo.
236 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
237 "kind": "A String", # The alias kind.
238 "name": "A String", # The alias name.
239 },
240 "revisionId": "A String", # A revision ID.
241 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
242 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
243 # winged-cargo-31) and a repo name within that project.
244 "projectId": "A String", # The ID of the project.
245 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
246 },
247 "uid": "A String", # A server-assigned, globally unique identifier.
248 },
249 },
250 "labels": { # Labels with user defined metadata.
251 "a_key": "A String",
252 },
253 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
254 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
255 "kind": "A String", # The alias kind.
256 "name": "A String", # The alias name.
257 },
258 "revisionId": "A String", # A revision (commit) ID.
259 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
260 # "project/subproject" is a valid project name. The "repo name" is
261 # the hostURI/project.
262 "hostUri": "A String", # The URI of a running Gerrit instance.
263 },
264 },
265 ],
266 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
267 # with a path point to a unique revision of a single file or directory.
268 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
269 # repository (e.g., GitHub).
270 "url": "A String", # Git repository URL.
271 "revisionId": "A String", # Required.
272 # Git commit hash.
273 },
274 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
275 # Source Repo.
276 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
277 "kind": "A String", # The alias kind.
278 "name": "A String", # The alias name.
279 },
280 "revisionId": "A String", # A revision ID.
281 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
282 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
283 # winged-cargo-31) and a repo name within that project.
284 "projectId": "A String", # The ID of the project.
285 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
286 },
287 "uid": "A String", # A server-assigned, globally unique identifier.
288 },
289 },
290 "labels": { # Labels with user defined metadata.
291 "a_key": "A String",
292 },
293 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
294 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
295 "kind": "A String", # The alias kind.
296 "name": "A String", # The alias name.
297 },
298 "revisionId": "A String", # A revision (commit) ID.
299 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
300 # "project/subproject" is a valid project name. The "repo name" is
301 # the hostURI/project.
302 "hostUri": "A String", # The URI of a running Gerrit instance.
303 },
304 },
305 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
306 # Storage.
307 # Google Cloud Storage.
308 "generation": "A String", # Google Cloud Storage generation for the object.
309 "object": "A String", # Google Cloud Storage object containing source.
310 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
311 # Requirements]
312 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
313 },
314 },
315 "buildOptions": { # Special options applied to this build. This is a catch-all field where
316 # build providers can enter any desired additional details.
317 "a_key": "A String",
318 },
319 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
320 # user's e-mail address at the time the build was initiated; this address may
321 # not represent the same end-user for all time.
322 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
323 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
324 "createTime": "A String", # Time at which the build was created.
325 "builtArtifacts": [ # Output of the build.
326 { # Artifact describes a build product.
327 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
328 # container.
329 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
330 # like gcr.io/projectID/imagename@sha256:123456
331 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
332 # the case of a container build, the name used to push the container image to
333 # Google Container Registry, as presented to `docker push`.
334 #
335 # This field is deprecated in favor of the plural `names` field; it continues
336 # to exist here to allow existing BuildProvenance serialized to json in
337 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
338 # deserialize back into proto.
339 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
340 # the case of a container build, the name used to push the container image to
341 # Google Container Registry, as presented to `docker push`. Note that a
342 # single Artifact ID can have multiple names, for example if two tags are
343 # applied to one image.
344 "A String",
345 ],
346 },
347 ],
348 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
349 "startTime": "A String", # Time at which execution of the build was started.
350 "projectId": "A String", # ID of the project.
351 "id": "A String", # Unique identifier of the build.
352 },
353 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
354 # `BuildSignature` in the corresponding Result. After verifying the
355 # signature, `provenance_bytes` can be unmarshalled and compared to the
356 # provenance to confirm that it is unchanged. A base64-encoded string
357 # representation of the provenance bytes is used for the signature in order
358 # to interoperate with openssl which expects this format for signature
359 # verification.
360 #
361 # The serialized form is captured both to avoid ambiguity in how the
362 # provenance is marshalled to json as well to prevent incompatibilities with
363 # future changes.
364 },
365 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
366 "analysisStatus": "A String", # The status of discovery for the resource.
367 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
368 # This field is deprecated, do not use.
369 # network API call.
370 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
371 # different programming environments, including REST APIs and RPC APIs. It is
372 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
373 # three pieces of data: error code, error message, and error details.
374 #
375 # You can find out more about this error model and how to work with it in the
376 # [API Design Guide](https://cloud.google.com/apis/design/errors).
377 "message": "A String", # A developer-facing error message, which should be in English. Any
378 # user-facing error message should be localized and sent in the
379 # google.rpc.Status.details field, or localized by the client.
380 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
381 "details": [ # A list of messages that carry the error details. There is a common set of
382 # message types for APIs to use.
383 {
384 "a_key": "", # Properties of the object. Contains field @type with type URL.
385 },
386 ],
387 },
388 "done": True or False, # If the value is `false`, it means the operation is still in progress.
389 # If `true`, the operation is completed, and either `error` or `response` is
390 # available.
391 "response": { # The normal response of the operation in case of success. If the original
392 # method returns no data on success, such as `Delete`, the response is
393 # `google.protobuf.Empty`. If the original method is standard
394 # `Get`/`Create`/`Update`, the response should be the resource. For other
395 # methods, the response should have the type `XxxResponse`, where `Xxx`
396 # is the original method name. For example, if the original method name
397 # is `TakeSnapshot()`, the inferred response type is
398 # `TakeSnapshotResponse`.
399 "a_key": "", # Properties of the object. Contains field @type with type URL.
400 },
401 "name": "A String", # The server-assigned name, which is only unique within the same service that
402 # originally returns it. If you use the default HTTP mapping, the
403 # `name` should be a resource name ending with `operations/{unique_id}`.
404 "metadata": { # Service-specific metadata associated with the operation. It typically
405 # contains progress information and common metadata such as create time.
406 # Some services might not provide such metadata. Any method that returns a
407 # long-running operation should document the metadata type, if any.
408 "a_key": "", # Properties of the object. Contains field @type with type URL.
409 },
410 },
411 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
412 # details to show to the user. The LocalizedMessage output only and
413 # populated by the API.
414 # different programming environments, including REST APIs and RPC APIs. It is
415 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
416 # three pieces of data: error code, error message, and error details.
417 #
418 # You can find out more about this error model and how to work with it in the
419 # [API Design Guide](https://cloud.google.com/apis/design/errors).
420 "message": "A String", # A developer-facing error message, which should be in English. Any
421 # user-facing error message should be localized and sent in the
422 # google.rpc.Status.details field, or localized by the client.
423 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
424 "details": [ # A list of messages that carry the error details. There is a common set of
425 # message types for APIs to use.
426 {
427 "a_key": "", # Properties of the object. Contains field @type with type URL.
428 },
429 ],
430 },
431 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
432 },
433 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
434 # Attestation can be verified using the attached signature. If the verifier
435 # trusts the public key of the signer, then verifying the signature is
436 # sufficient to establish trust. In this circumstance, the
437 # AttestationAuthority to which this Attestation is attached is primarily
438 # useful for look-up (how to find this Attestation if you already know the
439 # Authority and artifact to be verified) and intent (which authority was this
440 # attestation intended to sign for).
441 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
442 # This message only supports `ATTACHED` signatures, where the payload that is
443 # signed is included alongside the signature itself in the same file.
444 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
445 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
446 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
447 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
448 # Implementations may choose to acknowledge "LONG", "SHORT", or other
449 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
450 # In gpg, the full fingerprint can be retrieved from the `fpr` field
451 # returned when calling --list-keys with --with-colons. For example:
452 # ```
453 # gpg --with-colons --with-fingerprint --force-v4-certs \
454 # --list-keys attester@example.com
455 # tru::1:1513631572:0:3:1:5
456 # pub:...<SNIP>...
457 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
458 # ```
459 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
460 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
461 # The verifier must ensure that the provided type is one that the verifier
462 # supports, and that the attestation payload is a valid instantiation of that
463 # type (for example by validating a JSON schema).
464 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
465 # equivalent. Since this message only supports attached signatures, the
466 # payload that was signed must be attached. While the signature format
467 # supported is dependent on the verification implementation, currently only
468 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
469 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
470 # --output=signature.gpg payload.json` will create the signature content
471 # expected in this field in `signature.gpg` for the `payload.json`
472 # attestation payload.
473 },
474 },
475 "noteName": "A String", # An analysis note associated with this image, in the form
476 # "providers/{provider_id}/notes/{NOTE_ID}"
477 # This field can be used as a filter in list requests.
478 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
479 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
480 # deployable field with the same name.
481 "A String",
482 ],
483 "userEmail": "A String", # Identity of the user that triggered this deployment.
484 "address": "A String", # Address of the runtime element hosting this deployment.
485 "platform": "A String", # Platform hosting this deployment.
486 "deployTime": "A String", # Beginning of the lifetime of this deployment.
487 "undeployTime": "A String", # End of the lifetime of this deployment.
488 "config": "A String", # Configuration used to create this deployment.
489 },
490 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
491 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
492 # to fix it.
493 "packageIssue": [ # The set of affected locations and their fixes (if available) within
494 # the associated resource.
495 { # This message wraps a location affected by a vulnerability and its
496 # associated fix (if one is available).
497 "severityName": "A String",
498 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
499 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
500 # format. Examples include distro or storage location for vulnerable jar.
501 # This field can be used as a filter in list requests.
502 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
503 # filter in list requests.
504 # For a discussion of this in Debian/Ubuntu:
505 # http://serverfault.com/questions/604541/debian-packages-version-convention
506 # For a discussion of this in Redhat/Fedora/Centos:
507 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
508 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
509 # If kind is not NORMAL, then the other fields are ignored.
510 "revision": "A String", # The iteration of the package build from the above version.
511 "name": "A String", # The main part of the version name.
512 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
513 },
514 "package": "A String", # The package being described.
515 },
516 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
517 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
518 # format. Examples include distro or storage location for vulnerable jar.
519 # This field can be used as a filter in list requests.
520 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
521 # filter in list requests.
522 # For a discussion of this in Debian/Ubuntu:
523 # http://serverfault.com/questions/604541/debian-packages-version-convention
524 # For a discussion of this in Redhat/Fedora/Centos:
525 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
526 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
527 # If kind is not NORMAL, then the other fields are ignored.
528 "revision": "A String", # The iteration of the package build from the above version.
529 "name": "A String", # The main part of the version name.
530 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
531 },
532 "package": "A String", # The package being described.
533 },
534 },
535 ],
536 "type": "A String", # The type of package; whether native or non native(ruby gems,
537 # node.js packages etc)
538 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
539 # scale of 0-10 where 0 indicates low severity and 10 indicates high
540 # severity.
541 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
542 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
543 # available and note provider assigned severity when distro has not yet
544 # assigned a severity for this vulnerability.
545 },
546 "createTime": "A String", # Output only. The time this `Occurrence` was created.
547 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
548 # in the associated note.
549 # DockerImage relationship. This image would be produced from a Dockerfile
550 # with FROM <DockerImage.Basis in attached Note>.
551 "distance": 42, # Output only. The number of layers by which this image differs from the
552 # associated image basis.
553 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
554 # occurrence.
555 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
556 # "distance" and is ordered with [distance] being the layer immediately
557 # following the base image and [1] being the final layer.
558 { # Layer holds metadata specific to a layer of a Docker image.
559 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
560 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
561 },
562 ],
563 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
564 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
565 # representation.
566 # This field can be used as a filter in list requests.
567 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
568 "A String",
569 ],
570 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
571 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
572 # Only the name of the final blob is kept.
573 # This field can be used as a filter in list requests.
574 },
575 },
576 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
577 # applies. For example, https://gcr.io/project/image@sha256:foo This field
578 # can be used as a filter in list requests.
579}
580
581 name: string, The name of the project. Should be of the form "projects/{project_id}".
582@Deprecated
583 x__xgafv: string, V1 error format.
584 Allowed values
585 1 - v1 error format
586 2 - v2 error format
587
588Returns:
589 An object of the form:
590
591 { # `Occurrence` includes information about analysis occurrences for an image.
592 "resource": { # #
593 # The resource for which the `Occurrence` applies.
594 # Resource is an entity that can have metadata. E.g., a Docker image.
595 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
596 "type": "A String", # The type of hash that was performed.
597 "value": "A String", # The hash value.
598 },
599 "uri": "A String", # The unique URI of the resource. E.g.,
600 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
601 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
602 },
603 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
604 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
605 # a system.
606 "location": [ # All of the places within the filesystem versions of this package
607 # have been found.
608 { # An occurrence of a particular package installation found within a
609 # system's filesystem.
610 # e.g. glibc was found in /var/lib/dpkg/status
611 "path": "A String", # The path from which we gathered that this package/version is installed.
612 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
613 # denoting the package manager version distributing a package.
614 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
615 # For a discussion of this in Debian/Ubuntu:
616 # http://serverfault.com/questions/604541/debian-packages-version-convention
617 # For a discussion of this in Redhat/Fedora/Centos:
618 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
619 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
620 # If kind is not NORMAL, then the other fields are ignored.
621 "revision": "A String", # The iteration of the package build from the above version.
622 "name": "A String", # The main part of the version name.
623 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
624 },
625 },
626 ],
627 "name": "A String", # Output only. The name of the installed package.
628 },
629 "name": "A String", # Output only. The name of the `Occurrence` in the form
630 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
631 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
632 # specified. This field can be used as a filter in list requests.
633 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
634 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
635 # details about the build from source to completion.
636 "finishTime": "A String", # Time at which execution of the build was finished.
637 "commands": [ # Commands requested by the build.
638 { # Command describes a step performed as part of the build pipeline.
639 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
640 "A String",
641 ],
642 "name": "A String", # Name of the command, as presented on the command line, or if the command is
643 # packaged as a Docker container, as presented to `docker pull`.
644 "args": [ # Command-line arguments used when executing this Command.
645 "A String",
646 ],
647 "env": [ # Environment variables set before running this Command.
648 "A String",
649 ],
650 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
651 # this Command as a dependency.
652 "dir": "A String", # Working directory (relative to project source root) used when running
653 # this Command.
654 },
655 ],
656 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
657 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
658 # location.
659 # Google Cloud Storage.
660 "generation": "A String", # Google Cloud Storage generation for the object.
661 "object": "A String", # Google Cloud Storage object containing source.
662 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
663 # Requirements]
664 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
665 },
666 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
667 # Repository.
668 "projectId": "A String", # ID of the project that owns the repo.
669 "branchName": "A String", # Name of the branch to build.
670 "repoName": "A String", # Name of the repo.
671 "tagName": "A String", # Name of the tag to build.
672 "commitSha": "A String", # Explicit commit SHA to build.
673 },
674 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
675 # source integrity was maintained in the build.
676 #
677 # The keys to this map are file paths used as build source and the values
678 # contain the hash values for those files.
679 #
680 # If the build source came in a single package such as a gzipped tarfile
681 # (.tar.gz), the FileHash will be for the single path to that file.
682 "a_key": { # Container message for hashes of byte content of files, used in Source
683 # messages to verify integrity of source input to the build.
684 "fileHash": [ # Collection of file hashes.
685 { # Container message for hash values.
686 "type": "A String", # The type of hash that was performed.
687 "value": "A String", # The hash value.
688 },
689 ],
690 },
691 },
692 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
693 # these locations, in the case where the source repository had multiple
694 # remotes or submodules. This list will not include the context specified in
695 # the context field.
696 { # A SourceContext is a reference to a tree of files. A SourceContext together
697 # with a path point to a unique revision of a single file or directory.
698 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
699 # repository (e.g., GitHub).
700 "url": "A String", # Git repository URL.
701 "revisionId": "A String", # Required.
702 # Git commit hash.
703 },
704 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
705 # Source Repo.
706 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
707 "kind": "A String", # The alias kind.
708 "name": "A String", # The alias name.
709 },
710 "revisionId": "A String", # A revision ID.
711 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
712 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
713 # winged-cargo-31) and a repo name within that project.
714 "projectId": "A String", # The ID of the project.
715 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
716 },
717 "uid": "A String", # A server-assigned, globally unique identifier.
718 },
719 },
720 "labels": { # Labels with user defined metadata.
721 "a_key": "A String",
722 },
723 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
724 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
725 "kind": "A String", # The alias kind.
726 "name": "A String", # The alias name.
727 },
728 "revisionId": "A String", # A revision (commit) ID.
729 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
730 # "project/subproject" is a valid project name. The "repo name" is
731 # the hostURI/project.
732 "hostUri": "A String", # The URI of a running Gerrit instance.
733 },
734 },
735 ],
736 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
737 # with a path point to a unique revision of a single file or directory.
738 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
739 # repository (e.g., GitHub).
740 "url": "A String", # Git repository URL.
741 "revisionId": "A String", # Required.
742 # Git commit hash.
743 },
744 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
745 # Source Repo.
746 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
747 "kind": "A String", # The alias kind.
748 "name": "A String", # The alias name.
749 },
750 "revisionId": "A String", # A revision ID.
751 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
752 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
753 # winged-cargo-31) and a repo name within that project.
754 "projectId": "A String", # The ID of the project.
755 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
756 },
757 "uid": "A String", # A server-assigned, globally unique identifier.
758 },
759 },
760 "labels": { # Labels with user defined metadata.
761 "a_key": "A String",
762 },
763 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
764 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
765 "kind": "A String", # The alias kind.
766 "name": "A String", # The alias name.
767 },
768 "revisionId": "A String", # A revision (commit) ID.
769 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
770 # "project/subproject" is a valid project name. The "repo name" is
771 # the hostURI/project.
772 "hostUri": "A String", # The URI of a running Gerrit instance.
773 },
774 },
775 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
776 # Storage.
777 # Google Cloud Storage.
778 "generation": "A String", # Google Cloud Storage generation for the object.
779 "object": "A String", # Google Cloud Storage object containing source.
780 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
781 # Requirements]
782 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
783 },
784 },
785 "buildOptions": { # Special options applied to this build. This is a catch-all field where
786 # build providers can enter any desired additional details.
787 "a_key": "A String",
788 },
789 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
790 # user's e-mail address at the time the build was initiated; this address may
791 # not represent the same end-user for all time.
792 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
793 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
794 "createTime": "A String", # Time at which the build was created.
795 "builtArtifacts": [ # Output of the build.
796 { # Artifact describes a build product.
797 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
798 # container.
799 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
800 # like gcr.io/projectID/imagename@sha256:123456
801 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
802 # the case of a container build, the name used to push the container image to
803 # Google Container Registry, as presented to `docker push`.
804 #
805 # This field is deprecated in favor of the plural `names` field; it continues
806 # to exist here to allow existing BuildProvenance serialized to json in
807 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
808 # deserialize back into proto.
809 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
810 # the case of a container build, the name used to push the container image to
811 # Google Container Registry, as presented to `docker push`. Note that a
812 # single Artifact ID can have multiple names, for example if two tags are
813 # applied to one image.
814 "A String",
815 ],
816 },
817 ],
818 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
819 "startTime": "A String", # Time at which execution of the build was started.
820 "projectId": "A String", # ID of the project.
821 "id": "A String", # Unique identifier of the build.
822 },
823 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
824 # `BuildSignature` in the corresponding Result. After verifying the
825 # signature, `provenance_bytes` can be unmarshalled and compared to the
826 # provenance to confirm that it is unchanged. A base64-encoded string
827 # representation of the provenance bytes is used for the signature in order
828 # to interoperate with openssl which expects this format for signature
829 # verification.
830 #
831 # The serialized form is captured both to avoid ambiguity in how the
832 # provenance is marshalled to json as well to prevent incompatibilities with
833 # future changes.
834 },
835 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
836 "analysisStatus": "A String", # The status of discovery for the resource.
837 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
838 # This field is deprecated, do not use.
839 # network API call.
840 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
841 # different programming environments, including REST APIs and RPC APIs. It is
842 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
843 # three pieces of data: error code, error message, and error details.
844 #
845 # You can find out more about this error model and how to work with it in the
846 # [API Design Guide](https://cloud.google.com/apis/design/errors).
847 "message": "A String", # A developer-facing error message, which should be in English. Any
848 # user-facing error message should be localized and sent in the
849 # google.rpc.Status.details field, or localized by the client.
850 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
851 "details": [ # A list of messages that carry the error details. There is a common set of
852 # message types for APIs to use.
853 {
854 "a_key": "", # Properties of the object. Contains field @type with type URL.
855 },
856 ],
857 },
858 "done": True or False, # If the value is `false`, it means the operation is still in progress.
859 # If `true`, the operation is completed, and either `error` or `response` is
860 # available.
861 "response": { # The normal response of the operation in case of success. If the original
862 # method returns no data on success, such as `Delete`, the response is
863 # `google.protobuf.Empty`. If the original method is standard
864 # `Get`/`Create`/`Update`, the response should be the resource. For other
865 # methods, the response should have the type `XxxResponse`, where `Xxx`
866 # is the original method name. For example, if the original method name
867 # is `TakeSnapshot()`, the inferred response type is
868 # `TakeSnapshotResponse`.
869 "a_key": "", # Properties of the object. Contains field @type with type URL.
870 },
871 "name": "A String", # The server-assigned name, which is only unique within the same service that
872 # originally returns it. If you use the default HTTP mapping, the
873 # `name` should be a resource name ending with `operations/{unique_id}`.
874 "metadata": { # Service-specific metadata associated with the operation. It typically
875 # contains progress information and common metadata such as create time.
876 # Some services might not provide such metadata. Any method that returns a
877 # long-running operation should document the metadata type, if any.
878 "a_key": "", # Properties of the object. Contains field @type with type URL.
879 },
880 },
881 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
882 # details to show to the user. The LocalizedMessage output only and
883 # populated by the API.
884 # different programming environments, including REST APIs and RPC APIs. It is
885 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
886 # three pieces of data: error code, error message, and error details.
887 #
888 # You can find out more about this error model and how to work with it in the
889 # [API Design Guide](https://cloud.google.com/apis/design/errors).
890 "message": "A String", # A developer-facing error message, which should be in English. Any
891 # user-facing error message should be localized and sent in the
892 # google.rpc.Status.details field, or localized by the client.
893 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
894 "details": [ # A list of messages that carry the error details. There is a common set of
895 # message types for APIs to use.
896 {
897 "a_key": "", # Properties of the object. Contains field @type with type URL.
898 },
899 ],
900 },
901 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
902 },
903 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
904 # Attestation can be verified using the attached signature. If the verifier
905 # trusts the public key of the signer, then verifying the signature is
906 # sufficient to establish trust. In this circumstance, the
907 # AttestationAuthority to which this Attestation is attached is primarily
908 # useful for look-up (how to find this Attestation if you already know the
909 # Authority and artifact to be verified) and intent (which authority was this
910 # attestation intended to sign for).
911 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
912 # This message only supports `ATTACHED` signatures, where the payload that is
913 # signed is included alongside the signature itself in the same file.
914 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
915 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
916 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
917 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
918 # Implementations may choose to acknowledge "LONG", "SHORT", or other
919 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
920 # In gpg, the full fingerprint can be retrieved from the `fpr` field
921 # returned when calling --list-keys with --with-colons. For example:
922 # ```
923 # gpg --with-colons --with-fingerprint --force-v4-certs \
924 # --list-keys attester@example.com
925 # tru::1:1513631572:0:3:1:5
926 # pub:...<SNIP>...
927 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
928 # ```
929 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
930 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
931 # The verifier must ensure that the provided type is one that the verifier
932 # supports, and that the attestation payload is a valid instantiation of that
933 # type (for example by validating a JSON schema).
934 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
935 # equivalent. Since this message only supports attached signatures, the
936 # payload that was signed must be attached. While the signature format
937 # supported is dependent on the verification implementation, currently only
938 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
939 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
940 # --output=signature.gpg payload.json` will create the signature content
941 # expected in this field in `signature.gpg` for the `payload.json`
942 # attestation payload.
943 },
944 },
945 "noteName": "A String", # An analysis note associated with this image, in the form
946 # "providers/{provider_id}/notes/{NOTE_ID}"
947 # This field can be used as a filter in list requests.
948 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
949 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
950 # deployable field with the same name.
951 "A String",
952 ],
953 "userEmail": "A String", # Identity of the user that triggered this deployment.
954 "address": "A String", # Address of the runtime element hosting this deployment.
955 "platform": "A String", # Platform hosting this deployment.
956 "deployTime": "A String", # Beginning of the lifetime of this deployment.
957 "undeployTime": "A String", # End of the lifetime of this deployment.
958 "config": "A String", # Configuration used to create this deployment.
959 },
960 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
961 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
962 # to fix it.
963 "packageIssue": [ # The set of affected locations and their fixes (if available) within
964 # the associated resource.
965 { # This message wraps a location affected by a vulnerability and its
966 # associated fix (if one is available).
967 "severityName": "A String",
968 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
969 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
970 # format. Examples include distro or storage location for vulnerable jar.
971 # This field can be used as a filter in list requests.
972 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
973 # filter in list requests.
974 # For a discussion of this in Debian/Ubuntu:
975 # http://serverfault.com/questions/604541/debian-packages-version-convention
976 # For a discussion of this in Redhat/Fedora/Centos:
977 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
978 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
979 # If kind is not NORMAL, then the other fields are ignored.
980 "revision": "A String", # The iteration of the package build from the above version.
981 "name": "A String", # The main part of the version name.
982 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
983 },
984 "package": "A String", # The package being described.
985 },
986 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
987 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
988 # format. Examples include distro or storage location for vulnerable jar.
989 # This field can be used as a filter in list requests.
990 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
991 # filter in list requests.
992 # For a discussion of this in Debian/Ubuntu:
993 # http://serverfault.com/questions/604541/debian-packages-version-convention
994 # For a discussion of this in Redhat/Fedora/Centos:
995 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
996 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
997 # If kind is not NORMAL, then the other fields are ignored.
998 "revision": "A String", # The iteration of the package build from the above version.
999 "name": "A String", # The main part of the version name.
1000 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1001 },
1002 "package": "A String", # The package being described.
1003 },
1004 },
1005 ],
1006 "type": "A String", # The type of package; whether native or non native(ruby gems,
1007 # node.js packages etc)
1008 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
1009 # scale of 0-10 where 0 indicates low severity and 10 indicates high
1010 # severity.
1011 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
1012 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
1013 # available and note provider assigned severity when distro has not yet
1014 # assigned a severity for this vulnerability.
1015 },
1016 "createTime": "A String", # Output only. The time this `Occurrence` was created.
1017 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
1018 # in the associated note.
1019 # DockerImage relationship. This image would be produced from a Dockerfile
1020 # with FROM <DockerImage.Basis in attached Note>.
1021 "distance": 42, # Output only. The number of layers by which this image differs from the
1022 # associated image basis.
1023 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
1024 # occurrence.
1025 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
1026 # "distance" and is ordered with [distance] being the layer immediately
1027 # following the base image and [1] being the final layer.
1028 { # Layer holds metadata specific to a layer of a Docker image.
1029 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
1030 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
1031 },
1032 ],
1033 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
1034 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1035 # representation.
1036 # This field can be used as a filter in list requests.
1037 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1038 "A String",
1039 ],
1040 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1041 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1042 # Only the name of the final blob is kept.
1043 # This field can be used as a filter in list requests.
1044 },
1045 },
1046 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
1047 # applies. For example, https://gcr.io/project/image@sha256:foo This field
1048 # can be used as a filter in list requests.
1049 }</pre>
1050</div>
1051
1052<div class="method">
1053 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
1054 <pre>Deletes the given `Occurrence` from the system. Use this when
1055an `Occurrence` is no longer applicable for the given resource.
1056
1057Args:
1058 name: string, The name of the occurrence in the form of
1059"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)
1060 x__xgafv: string, V1 error format.
1061 Allowed values
1062 1 - v1 error format
1063 2 - v2 error format
1064
1065Returns:
1066 An object of the form:
1067
1068 { # A generic empty message that you can re-use to avoid defining duplicated
1069 # empty messages in your APIs. A typical example is to use it as the request
1070 # or the response type of an API method. For instance:
1071 #
1072 # service Foo {
1073 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
1074 # }
1075 #
1076 # The JSON representation for `Empty` is empty JSON object `{}`.
1077 }</pre>
1078</div>
1079
1080<div class="method">
1081 <code class="details" id="get">get(name, x__xgafv=None)</code>
1082 <pre>Returns the requested `Occurrence`.
1083
1084Args:
1085 name: string, The name of the occurrence of the form
1086"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)
1087 x__xgafv: string, V1 error format.
1088 Allowed values
1089 1 - v1 error format
1090 2 - v2 error format
1091
1092Returns:
1093 An object of the form:
1094
1095 { # `Occurrence` includes information about analysis occurrences for an image.
1096 "resource": { # #
1097 # The resource for which the `Occurrence` applies.
1098 # Resource is an entity that can have metadata. E.g., a Docker image.
1099 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
1100 "type": "A String", # The type of hash that was performed.
1101 "value": "A String", # The hash value.
1102 },
1103 "uri": "A String", # The unique URI of the resource. E.g.,
1104 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
1105 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
1106 },
1107 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
1108 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
1109 # a system.
1110 "location": [ # All of the places within the filesystem versions of this package
1111 # have been found.
1112 { # An occurrence of a particular package installation found within a
1113 # system's filesystem.
1114 # e.g. glibc was found in /var/lib/dpkg/status
1115 "path": "A String", # The path from which we gathered that this package/version is installed.
1116 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1117 # denoting the package manager version distributing a package.
1118 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
1119 # For a discussion of this in Debian/Ubuntu:
1120 # http://serverfault.com/questions/604541/debian-packages-version-convention
1121 # For a discussion of this in Redhat/Fedora/Centos:
1122 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1123 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1124 # If kind is not NORMAL, then the other fields are ignored.
1125 "revision": "A String", # The iteration of the package build from the above version.
1126 "name": "A String", # The main part of the version name.
1127 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1128 },
1129 },
1130 ],
1131 "name": "A String", # Output only. The name of the installed package.
1132 },
1133 "name": "A String", # Output only. The name of the `Occurrence` in the form
1134 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
1135 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
1136 # specified. This field can be used as a filter in list requests.
1137 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
1138 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
1139 # details about the build from source to completion.
1140 "finishTime": "A String", # Time at which execution of the build was finished.
1141 "commands": [ # Commands requested by the build.
1142 { # Command describes a step performed as part of the build pipeline.
1143 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
1144 "A String",
1145 ],
1146 "name": "A String", # Name of the command, as presented on the command line, or if the command is
1147 # packaged as a Docker container, as presented to `docker pull`.
1148 "args": [ # Command-line arguments used when executing this Command.
1149 "A String",
1150 ],
1151 "env": [ # Environment variables set before running this Command.
1152 "A String",
1153 ],
1154 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
1155 # this Command as a dependency.
1156 "dir": "A String", # Working directory (relative to project source root) used when running
1157 # this Command.
1158 },
1159 ],
1160 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
1161 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
1162 # location.
1163 # Google Cloud Storage.
1164 "generation": "A String", # Google Cloud Storage generation for the object.
1165 "object": "A String", # Google Cloud Storage object containing source.
1166 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
1167 # Requirements]
1168 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
1169 },
1170 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
1171 # Repository.
1172 "projectId": "A String", # ID of the project that owns the repo.
1173 "branchName": "A String", # Name of the branch to build.
1174 "repoName": "A String", # Name of the repo.
1175 "tagName": "A String", # Name of the tag to build.
1176 "commitSha": "A String", # Explicit commit SHA to build.
1177 },
1178 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
1179 # source integrity was maintained in the build.
1180 #
1181 # The keys to this map are file paths used as build source and the values
1182 # contain the hash values for those files.
1183 #
1184 # If the build source came in a single package such as a gzipped tarfile
1185 # (.tar.gz), the FileHash will be for the single path to that file.
1186 "a_key": { # Container message for hashes of byte content of files, used in Source
1187 # messages to verify integrity of source input to the build.
1188 "fileHash": [ # Collection of file hashes.
1189 { # Container message for hash values.
1190 "type": "A String", # The type of hash that was performed.
1191 "value": "A String", # The hash value.
1192 },
1193 ],
1194 },
1195 },
1196 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
1197 # these locations, in the case where the source repository had multiple
1198 # remotes or submodules. This list will not include the context specified in
1199 # the context field.
1200 { # A SourceContext is a reference to a tree of files. A SourceContext together
1201 # with a path point to a unique revision of a single file or directory.
1202 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
1203 # repository (e.g., GitHub).
1204 "url": "A String", # Git repository URL.
1205 "revisionId": "A String", # Required.
1206 # Git commit hash.
1207 },
1208 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
1209 # Source Repo.
1210 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
1211 "kind": "A String", # The alias kind.
1212 "name": "A String", # The alias name.
1213 },
1214 "revisionId": "A String", # A revision ID.
1215 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
1216 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
1217 # winged-cargo-31) and a repo name within that project.
1218 "projectId": "A String", # The ID of the project.
1219 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
1220 },
1221 "uid": "A String", # A server-assigned, globally unique identifier.
1222 },
1223 },
1224 "labels": { # Labels with user defined metadata.
1225 "a_key": "A String",
1226 },
1227 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
1228 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
1229 "kind": "A String", # The alias kind.
1230 "name": "A String", # The alias name.
1231 },
1232 "revisionId": "A String", # A revision (commit) ID.
1233 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
1234 # "project/subproject" is a valid project name. The "repo name" is
1235 # the hostURI/project.
1236 "hostUri": "A String", # The URI of a running Gerrit instance.
1237 },
1238 },
1239 ],
1240 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
1241 # with a path point to a unique revision of a single file or directory.
1242 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
1243 # repository (e.g., GitHub).
1244 "url": "A String", # Git repository URL.
1245 "revisionId": "A String", # Required.
1246 # Git commit hash.
1247 },
1248 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
1249 # Source Repo.
1250 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
1251 "kind": "A String", # The alias kind.
1252 "name": "A String", # The alias name.
1253 },
1254 "revisionId": "A String", # A revision ID.
1255 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
1256 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
1257 # winged-cargo-31) and a repo name within that project.
1258 "projectId": "A String", # The ID of the project.
1259 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
1260 },
1261 "uid": "A String", # A server-assigned, globally unique identifier.
1262 },
1263 },
1264 "labels": { # Labels with user defined metadata.
1265 "a_key": "A String",
1266 },
1267 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
1268 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
1269 "kind": "A String", # The alias kind.
1270 "name": "A String", # The alias name.
1271 },
1272 "revisionId": "A String", # A revision (commit) ID.
1273 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
1274 # "project/subproject" is a valid project name. The "repo name" is
1275 # the hostURI/project.
1276 "hostUri": "A String", # The URI of a running Gerrit instance.
1277 },
1278 },
1279 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
1280 # Storage.
1281 # Google Cloud Storage.
1282 "generation": "A String", # Google Cloud Storage generation for the object.
1283 "object": "A String", # Google Cloud Storage object containing source.
1284 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
1285 # Requirements]
1286 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
1287 },
1288 },
1289 "buildOptions": { # Special options applied to this build. This is a catch-all field where
1290 # build providers can enter any desired additional details.
1291 "a_key": "A String",
1292 },
1293 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
1294 # user's e-mail address at the time the build was initiated; this address may
1295 # not represent the same end-user for all time.
1296 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
1297 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
1298 "createTime": "A String", # Time at which the build was created.
1299 "builtArtifacts": [ # Output of the build.
1300 { # Artifact describes a build product.
1301 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
1302 # container.
1303 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
1304 # like gcr.io/projectID/imagename@sha256:123456
1305 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
1306 # the case of a container build, the name used to push the container image to
1307 # Google Container Registry, as presented to `docker push`.
1308 #
1309 # This field is deprecated in favor of the plural `names` field; it continues
1310 # to exist here to allow existing BuildProvenance serialized to json in
1311 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
1312 # deserialize back into proto.
1313 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
1314 # the case of a container build, the name used to push the container image to
1315 # Google Container Registry, as presented to `docker push`. Note that a
1316 # single Artifact ID can have multiple names, for example if two tags are
1317 # applied to one image.
1318 "A String",
1319 ],
1320 },
1321 ],
1322 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
1323 "startTime": "A String", # Time at which execution of the build was started.
1324 "projectId": "A String", # ID of the project.
1325 "id": "A String", # Unique identifier of the build.
1326 },
1327 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
1328 # `BuildSignature` in the corresponding Result. After verifying the
1329 # signature, `provenance_bytes` can be unmarshalled and compared to the
1330 # provenance to confirm that it is unchanged. A base64-encoded string
1331 # representation of the provenance bytes is used for the signature in order
1332 # to interoperate with openssl which expects this format for signature
1333 # verification.
1334 #
1335 # The serialized form is captured both to avoid ambiguity in how the
1336 # provenance is marshalled to json as well to prevent incompatibilities with
1337 # future changes.
1338 },
1339 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
1340 "analysisStatus": "A String", # The status of discovery for the resource.
1341 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
1342 # This field is deprecated, do not use.
1343 # network API call.
1344 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
1345 # different programming environments, including REST APIs and RPC APIs. It is
1346 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1347 # three pieces of data: error code, error message, and error details.
1348 #
1349 # You can find out more about this error model and how to work with it in the
1350 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1351 "message": "A String", # A developer-facing error message, which should be in English. Any
1352 # user-facing error message should be localized and sent in the
1353 # google.rpc.Status.details field, or localized by the client.
1354 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
1355 "details": [ # A list of messages that carry the error details. There is a common set of
1356 # message types for APIs to use.
1357 {
1358 "a_key": "", # Properties of the object. Contains field @type with type URL.
1359 },
1360 ],
1361 },
1362 "done": True or False, # If the value is `false`, it means the operation is still in progress.
1363 # If `true`, the operation is completed, and either `error` or `response` is
1364 # available.
1365 "response": { # The normal response of the operation in case of success. If the original
1366 # method returns no data on success, such as `Delete`, the response is
1367 # `google.protobuf.Empty`. If the original method is standard
1368 # `Get`/`Create`/`Update`, the response should be the resource. For other
1369 # methods, the response should have the type `XxxResponse`, where `Xxx`
1370 # is the original method name. For example, if the original method name
1371 # is `TakeSnapshot()`, the inferred response type is
1372 # `TakeSnapshotResponse`.
1373 "a_key": "", # Properties of the object. Contains field @type with type URL.
1374 },
1375 "name": "A String", # The server-assigned name, which is only unique within the same service that
1376 # originally returns it. If you use the default HTTP mapping, the
1377 # `name` should be a resource name ending with `operations/{unique_id}`.
1378 "metadata": { # Service-specific metadata associated with the operation. It typically
1379 # contains progress information and common metadata such as create time.
1380 # Some services might not provide such metadata. Any method that returns a
1381 # long-running operation should document the metadata type, if any.
1382 "a_key": "", # Properties of the object. Contains field @type with type URL.
1383 },
1384 },
1385 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
1386 # details to show to the user. The LocalizedMessage output only and
1387 # populated by the API.
1388 # different programming environments, including REST APIs and RPC APIs. It is
1389 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1390 # three pieces of data: error code, error message, and error details.
1391 #
1392 # You can find out more about this error model and how to work with it in the
1393 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1394 "message": "A String", # A developer-facing error message, which should be in English. Any
1395 # user-facing error message should be localized and sent in the
1396 # google.rpc.Status.details field, or localized by the client.
1397 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
1398 "details": [ # A list of messages that carry the error details. There is a common set of
1399 # message types for APIs to use.
1400 {
1401 "a_key": "", # Properties of the object. Contains field @type with type URL.
1402 },
1403 ],
1404 },
1405 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
1406 },
1407 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
1408 # Attestation can be verified using the attached signature. If the verifier
1409 # trusts the public key of the signer, then verifying the signature is
1410 # sufficient to establish trust. In this circumstance, the
1411 # AttestationAuthority to which this Attestation is attached is primarily
1412 # useful for look-up (how to find this Attestation if you already know the
1413 # Authority and artifact to be verified) and intent (which authority was this
1414 # attestation intended to sign for).
1415 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
1416 # This message only supports `ATTACHED` signatures, where the payload that is
1417 # signed is included alongside the signature itself in the same file.
1418 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
1419 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
1420 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
1421 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
1422 # Implementations may choose to acknowledge "LONG", "SHORT", or other
1423 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
1424 # In gpg, the full fingerprint can be retrieved from the `fpr` field
1425 # returned when calling --list-keys with --with-colons. For example:
1426 # ```
1427 # gpg --with-colons --with-fingerprint --force-v4-certs \
1428 # --list-keys attester@example.com
1429 # tru::1:1513631572:0:3:1:5
1430 # pub:...<SNIP>...
1431 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
1432 # ```
1433 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
1434 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
1435 # The verifier must ensure that the provided type is one that the verifier
1436 # supports, and that the attestation payload is a valid instantiation of that
1437 # type (for example by validating a JSON schema).
1438 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
1439 # equivalent. Since this message only supports attached signatures, the
1440 # payload that was signed must be attached. While the signature format
1441 # supported is dependent on the verification implementation, currently only
1442 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
1443 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
1444 # --output=signature.gpg payload.json` will create the signature content
1445 # expected in this field in `signature.gpg` for the `payload.json`
1446 # attestation payload.
1447 },
1448 },
1449 "noteName": "A String", # An analysis note associated with this image, in the form
1450 # "providers/{provider_id}/notes/{NOTE_ID}"
1451 # This field can be used as a filter in list requests.
1452 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
1453 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
1454 # deployable field with the same name.
1455 "A String",
1456 ],
1457 "userEmail": "A String", # Identity of the user that triggered this deployment.
1458 "address": "A String", # Address of the runtime element hosting this deployment.
1459 "platform": "A String", # Platform hosting this deployment.
1460 "deployTime": "A String", # Beginning of the lifetime of this deployment.
1461 "undeployTime": "A String", # End of the lifetime of this deployment.
1462 "config": "A String", # Configuration used to create this deployment.
1463 },
1464 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
1465 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
1466 # to fix it.
1467 "packageIssue": [ # The set of affected locations and their fixes (if available) within
1468 # the associated resource.
1469 { # This message wraps a location affected by a vulnerability and its
1470 # associated fix (if one is available).
1471 "severityName": "A String",
1472 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
1473 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1474 # format. Examples include distro or storage location for vulnerable jar.
1475 # This field can be used as a filter in list requests.
1476 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1477 # filter in list requests.
1478 # For a discussion of this in Debian/Ubuntu:
1479 # http://serverfault.com/questions/604541/debian-packages-version-convention
1480 # For a discussion of this in Redhat/Fedora/Centos:
1481 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1482 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1483 # If kind is not NORMAL, then the other fields are ignored.
1484 "revision": "A String", # The iteration of the package build from the above version.
1485 "name": "A String", # The main part of the version name.
1486 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1487 },
1488 "package": "A String", # The package being described.
1489 },
1490 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
1491 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1492 # format. Examples include distro or storage location for vulnerable jar.
1493 # This field can be used as a filter in list requests.
1494 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1495 # filter in list requests.
1496 # For a discussion of this in Debian/Ubuntu:
1497 # http://serverfault.com/questions/604541/debian-packages-version-convention
1498 # For a discussion of this in Redhat/Fedora/Centos:
1499 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1500 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1501 # If kind is not NORMAL, then the other fields are ignored.
1502 "revision": "A String", # The iteration of the package build from the above version.
1503 "name": "A String", # The main part of the version name.
1504 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1505 },
1506 "package": "A String", # The package being described.
1507 },
1508 },
1509 ],
1510 "type": "A String", # The type of package; whether native or non native(ruby gems,
1511 # node.js packages etc)
1512 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
1513 # scale of 0-10 where 0 indicates low severity and 10 indicates high
1514 # severity.
1515 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
1516 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
1517 # available and note provider assigned severity when distro has not yet
1518 # assigned a severity for this vulnerability.
1519 },
1520 "createTime": "A String", # Output only. The time this `Occurrence` was created.
1521 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
1522 # in the associated note.
1523 # DockerImage relationship. This image would be produced from a Dockerfile
1524 # with FROM <DockerImage.Basis in attached Note>.
1525 "distance": 42, # Output only. The number of layers by which this image differs from the
1526 # associated image basis.
1527 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
1528 # occurrence.
1529 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
1530 # "distance" and is ordered with [distance] being the layer immediately
1531 # following the base image and [1] being the final layer.
1532 { # Layer holds metadata specific to a layer of a Docker image.
1533 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
1534 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
1535 },
1536 ],
1537 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
1538 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1539 # representation.
1540 # This field can be used as a filter in list requests.
1541 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1542 "A String",
1543 ],
1544 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1545 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1546 # Only the name of the final blob is kept.
1547 # This field can be used as a filter in list requests.
1548 },
1549 },
1550 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
1551 # applies. For example, https://gcr.io/project/image@sha256:foo This field
1552 # can be used as a filter in list requests.
1553 }</pre>
1554</div>
1555
1556<div class="method">
1557 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
1558 <pre>Gets the access control policy for a note or an `Occurrence` resource.
1559Requires `containeranalysis.notes.setIamPolicy` or
1560`containeranalysis.occurrences.setIamPolicy` permission if the resource is
1561a note or occurrence, respectively.
1562Attempting to call this method on a resource without the required
1563permission will result in a `PERMISSION_DENIED` error. Attempting to call
1564this method on a non-existent resource will result in a `NOT_FOUND` error
1565if the user has list permission on the project, or a `PERMISSION_DENIED`
1566error otherwise. The resource takes the following formats:
1567`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and
1568projects/{PROJECT_ID}/notes/{NOTE_ID} for notes
1569
1570Args:
1571 resource: string, REQUIRED: The resource for which the policy is being requested.
1572See the operation documentation for the appropriate value for this field. (required)
1573 body: object, The request body.
1574 The object takes the form of:
1575
1576{ # Request message for `GetIamPolicy` method.
1577 }
1578
1579 x__xgafv: string, V1 error format.
1580 Allowed values
1581 1 - v1 error format
1582 2 - v2 error format
1583
1584Returns:
1585 An object of the form:
1586
1587 { # Defines an Identity and Access Management (IAM) policy. It is used to
1588 # specify access control policies for Cloud Platform resources.
1589 #
1590 #
1591 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
1592 # `members` to a `role`, where the members can be user accounts, Google groups,
1593 # Google domains, and service accounts. A `role` is a named list of permissions
1594 # defined by IAM.
1595 #
1596 # **JSON Example**
1597 #
1598 # {
1599 # "bindings": [
1600 # {
1601 # "role": "roles/owner",
1602 # "members": [
1603 # "user:mike@example.com",
1604 # "group:admins@example.com",
1605 # "domain:google.com",
1606 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
1607 # ]
1608 # },
1609 # {
1610 # "role": "roles/viewer",
1611 # "members": ["user:sean@example.com"]
1612 # }
1613 # ]
1614 # }
1615 #
1616 # **YAML Example**
1617 #
1618 # bindings:
1619 # - members:
1620 # - user:mike@example.com
1621 # - group:admins@example.com
1622 # - domain:google.com
1623 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
1624 # role: roles/owner
1625 # - members:
1626 # - user:sean@example.com
1627 # role: roles/viewer
1628 #
1629 #
1630 # For a description of IAM and its features, see the
1631 # [IAM developer's guide](https://cloud.google.com/iam/docs).
1632 "bindings": [ # Associates a list of `members` to a `role`.
1633 # `bindings` with no members will result in an error.
1634 { # Associates `members` with a `role`.
1635 "role": "A String", # Role that is assigned to `members`.
1636 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1637 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1638 # `members` can have the following values:
1639 #
1640 # * `allUsers`: A special identifier that represents anyone who is
1641 # on the internet; with or without a Google account.
1642 #
1643 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1644 # who is authenticated with a Google account or a service account.
1645 #
1646 # * `user:{emailid}`: An email address that represents a specific Google
1647 # account. For example, `alice@gmail.com` .
1648 #
1649 #
1650 # * `serviceAccount:{emailid}`: An email address that represents a service
1651 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1652 #
1653 # * `group:{emailid}`: An email address that represents a Google group.
1654 # For example, `admins@example.com`.
1655 #
1656 #
1657 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1658 # users of that domain. For example, `google.com` or `example.com`.
1659 #
1660 "A String",
1661 ],
1662 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1663 # NOTE: An unsatisfied condition will not allow user access via current
1664 # binding. Different bindings, including their conditions, are examined
1665 # independently.
1666 #
1667 # title: "User account presence"
1668 # description: "Determines whether the request has a user account"
1669 # expression: "size(request.user) > 0"
1670 "description": "A String", # An optional description of the expression. This is a longer text which
1671 # describes the expression, e.g. when hovered over it in a UI.
1672 "expression": "A String", # Textual representation of an expression in
1673 # Common Expression Language syntax.
1674 #
1675 # The application context of the containing message determines which
1676 # well-known feature set of CEL is supported.
1677 "location": "A String", # An optional string indicating the location of the expression for error
1678 # reporting, e.g. a file name and a position in the file.
1679 "title": "A String", # An optional title for the expression, i.e. a short string describing
1680 # its purpose. This can be used e.g. in UIs which allow to enter the
1681 # expression.
1682 },
1683 },
1684 ],
1685 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1686 { # Specifies the audit configuration for a service.
1687 # The configuration determines which permission types are logged, and what
1688 # identities, if any, are exempted from logging.
1689 # An AuditConfig must have one or more AuditLogConfigs.
1690 #
1691 # If there are AuditConfigs for both `allServices` and a specific service,
1692 # the union of the two AuditConfigs is used for that service: the log_types
1693 # specified in each AuditConfig are enabled, and the exempted_members in each
1694 # AuditLogConfig are exempted.
1695 #
1696 # Example Policy with multiple AuditConfigs:
1697 #
1698 # {
1699 # "audit_configs": [
1700 # {
1701 # "service": "allServices"
1702 # "audit_log_configs": [
1703 # {
1704 # "log_type": "DATA_READ",
1705 # "exempted_members": [
1706 # "user:foo@gmail.com"
1707 # ]
1708 # },
1709 # {
1710 # "log_type": "DATA_WRITE",
1711 # },
1712 # {
1713 # "log_type": "ADMIN_READ",
1714 # }
1715 # ]
1716 # },
1717 # {
1718 # "service": "fooservice.googleapis.com"
1719 # "audit_log_configs": [
1720 # {
1721 # "log_type": "DATA_READ",
1722 # },
1723 # {
1724 # "log_type": "DATA_WRITE",
1725 # "exempted_members": [
1726 # "user:bar@gmail.com"
1727 # ]
1728 # }
1729 # ]
1730 # }
1731 # ]
1732 # }
1733 #
1734 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1735 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1736 # bar@gmail.com from DATA_WRITE logging.
1737 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1738 { # Provides the configuration for logging a type of permissions.
1739 # Example:
1740 #
1741 # {
1742 # "audit_log_configs": [
1743 # {
1744 # "log_type": "DATA_READ",
1745 # "exempted_members": [
1746 # "user:foo@gmail.com"
1747 # ]
1748 # },
1749 # {
1750 # "log_type": "DATA_WRITE",
1751 # }
1752 # ]
1753 # }
1754 #
1755 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1756 # foo@gmail.com from DATA_READ logging.
1757 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1758 # permission.
1759 # Follows the same format of Binding.members.
1760 "A String",
1761 ],
1762 "logType": "A String", # The log type that this config enables.
1763 },
1764 ],
1765 "service": "A String", # Specifies a service that will be enabled for audit logging.
1766 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1767 # `allServices` is a special value that covers all services.
1768 },
1769 ],
1770 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1771 # prevent simultaneous updates of a policy from overwriting each other.
1772 # It is strongly suggested that systems make use of the `etag` in the
1773 # read-modify-write cycle to perform policy updates in order to avoid race
1774 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1775 # systems are expected to put that etag in the request to `setIamPolicy` to
1776 # ensure that their change will be applied to the same version of the policy.
1777 #
1778 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1779 # policy is overwritten blindly.
1780 "version": 42, # Deprecated.
1781 }</pre>
1782</div>
1783
1784<div class="method">
1785 <code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code>
1786 <pre>Gets the `Note` attached to the given `Occurrence`.
1787
1788Args:
1789 name: string, The name of the occurrence in the form
1790"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required)
1791 x__xgafv: string, V1 error format.
1792 Allowed values
1793 1 - v1 error format
1794 2 - v2 error format
1795
1796Returns:
1797 An object of the form:
1798
1799 { # Provides a detailed description of a `Note`.
1800 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
1801 # the provenance message in linked BuildDetails.
1802 "builderVersion": "A String", # Version of the builder which produced this Note.
1803 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
1804 # `BuilderDetails`.
1805 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1806 # findings are valid and unchanged. If `key_type` is empty, this defaults
1807 # to PEM encoded public keys.
1808 #
1809 # This field may be empty if `key_id` references an external key.
1810 #
1811 # For Cloud Build based signatures, this is a PEM encoded public
1812 # key. To verify the Cloud Build signature, place the contents of
1813 # this field into a file (public.pem). The signature field is base64-decoded
1814 # into its binary representation in signature.bin, and the provenance bytes
1815 # from `BuildDetails` are base64-decoded into a binary representation in
1816 # signed.bin. OpenSSL can then verify the signature:
1817 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1818 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1819 # `key_id`
1820 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
1821 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
1822 # CN for a cert), or a reference to an external key (such as a reference to a
1823 # key in Cloud Key Management Service).
1824 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
1825 },
1826 },
1827 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
1828 # field can be used as a filter in list requests.
1829 "name": "A String", # The name of the note in the form
1830 # "providers/{provider_id}/notes/{NOTE_ID}"
1831 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
1832 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
1833 "severity": "A String", # Note provider assigned impact of the vulnerability
1834 "details": [ # All information about the package to specifically identify this
1835 # vulnerability. One entry per (version range and cpe_uri) the
1836 # package vulnerability has manifested in.
1837 { # Identifies all occurrences of this vulnerability in the package for a
1838 # specific distro/location
1839 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1840 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1841 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
1842 # which the vulnerability manifests. Examples include distro or storage
1843 # location for vulnerable jar.
1844 # This field can be used as a filter in list requests.
1845 "description": "A String", # A vendor-specific description of this note.
1846 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
1847 # For a discussion of this in Debian/Ubuntu:
1848 # http://serverfault.com/questions/604541/debian-packages-version-convention
1849 # For a discussion of this in Redhat/Fedora/Centos:
1850 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1851 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1852 # If kind is not NORMAL, then the other fields are ignored.
1853 "revision": "A String", # The iteration of the package build from the above version.
1854 "name": "A String", # The main part of the version name.
1855 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1856 },
1857 "package": "A String", # The name of the package where the vulnerability was found.
1858 # This field can be used as a filter in list requests.
1859 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
1860 # node.js packages etc)
1861 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
1862 # obsolete details.
1863 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
1864 #
1865 # The max version of the package in which the vulnerability exists.
1866 # For a discussion of this in Debian/Ubuntu:
1867 # http://serverfault.com/questions/604541/debian-packages-version-convention
1868 # For a discussion of this in Redhat/Fedora/Centos:
1869 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1870 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1871 # If kind is not NORMAL, then the other fields are ignored.
1872 "revision": "A String", # The iteration of the package build from the above version.
1873 "name": "A String", # The main part of the version name.
1874 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1875 },
1876 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
1877 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1878 # format. Examples include distro or storage location for vulnerable jar.
1879 # This field can be used as a filter in list requests.
1880 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1881 # filter in list requests.
1882 # For a discussion of this in Debian/Ubuntu:
1883 # http://serverfault.com/questions/604541/debian-packages-version-convention
1884 # For a discussion of this in Redhat/Fedora/Centos:
1885 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1886 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1887 # If kind is not NORMAL, then the other fields are ignored.
1888 "revision": "A String", # The iteration of the package build from the above version.
1889 "name": "A String", # The main part of the version name.
1890 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1891 },
1892 "package": "A String", # The package being described.
1893 },
1894 },
1895 ],
1896 },
1897 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
1898 # various channels.
1899 # e.g. glibc (aka libc6) is distributed by many, at various versions.
1900 "distribution": [ # The various channels by which a package is distributed.
1901 { # This represents a particular channel of distribution for a given package.
1902 # e.g. Debian's jessie-backports dpkg mirror
1903 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1904 # denoting the package manager version distributing a package.
1905 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1906 "description": "A String", # The distribution channel-specific description of this package.
1907 "url": "A String", # The distribution channel-specific homepage for this package.
1908 "architecture": "A String", # The CPU architecture for which packages in this distribution
1909 # channel were built
1910 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
1911 # this distribution channel.
1912 # For a discussion of this in Debian/Ubuntu:
1913 # http://serverfault.com/questions/604541/debian-packages-version-convention
1914 # For a discussion of this in Redhat/Fedora/Centos:
1915 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1916 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1917 # If kind is not NORMAL, then the other fields are ignored.
1918 "revision": "A String", # The iteration of the package build from the above version.
1919 "name": "A String", # The main part of the version name.
1920 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1921 },
1922 },
1923 ],
1924 "name": "A String", # The name of the package.
1925 },
1926 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1927 # a filter in list requests.
1928 "relatedUrl": [ # URLs associated with this note
1929 { # Metadata for any related URL information
1930 "url": "A String", # Specific URL to associate with the note
1931 "label": "A String", # Label to describe usage of the URL
1932 },
1933 ],
1934 "longDescription": "A String", # A detailed description of this `Note`.
1935 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1936 # example, an organization might have one `AttestationAuthority` for "QA" and
1937 # one for "build". This Note is intended to act strictly as a grouping
1938 # mechanism for the attached Occurrences (Attestations). This grouping
1939 # mechanism also provides a security boundary, since IAM ACLs gate the ability
1940 # for a principle to attach an Occurrence to a given Note. It also provides a
1941 # single point of lookup to find all attached Attestation Occurrences, even if
1942 # they don't all live in the same project.
1943 "hint": { # This submessage provides human-readable hints about the purpose of the
1944 # AttestationAuthority. Because the name of a Note acts as its resource
1945 # reference, it is important to disambiguate the canonical name of the Note
1946 # (which might be a UUID for security purposes) from "readable" names more
1947 # suitable for debug output. Note that these hints should NOT be used to
1948 # look up AttestationAuthorities in security sensitive contexts, such as when
1949 # looking up Attestations to verify.
1950 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
1951 },
1952 },
1953 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1954 # relationship. Linked occurrences are derived from this or an
1955 # equivalent image via:
1956 # FROM <Basis.resource_url>
1957 # Or an equivalent reference, e.g. a tag of the resource_url.
1958 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
1959 # associated occurrence images.
1960 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
1961 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1962 # representation.
1963 # This field can be used as a filter in list requests.
1964 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1965 "A String",
1966 ],
1967 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1968 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1969 # Only the name of the final blob is kept.
1970 # This field can be used as a filter in list requests.
1971 },
1972 },
1973 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
1974 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1975 "resourceUri": [ # Resource URI for the artifact being deployed.
1976 "A String",
1977 ],
1978 },
1979 "shortDescription": "A String", # A one sentence description of this `Note`.
1980 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1981 # filter in list requests.
1982 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
1983 # exists in a provider's project. A `Discovery` occurrence is created in a
1984 # consumer's project at the start of analysis. The occurrence's operation will
1985 # indicate the status of the analysis. Absence of an occurrence linked to this
1986 # note for a resource indicates that analysis hasn't started.
1987 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
1988 },
1989 }</pre>
1990</div>
1991
1992<div class="method">
1993 <code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, x__xgafv=None, filter=None)</code>
1994 <pre>Gets a summary of the number and severity of occurrences.
1995
1996Args:
1997 parent: string, This contains the project Id for example: projects/{project_id} (required)
1998 x__xgafv: string, V1 error format.
1999 Allowed values
2000 1 - v1 error format
2001 2 - v2 error format
2002 filter: string, The filter expression.
2003
2004Returns:
2005 An object of the form:
2006
2007 { # A summary of how many vulnz occurrences there are per severity type.
2008 # counts by groups, or if we should have different summary messages
2009 # like this.
2010 "counts": [ # A map of how many occurrences were found for each severity.
2011 { # The number of occurrences created for a specific severity.
2012 "count": "A String", # The number of occurrences with the severity.
2013 "severity": "A String", # The severity of the occurrences.
2014 },
2015 ],
2016 }</pre>
2017</div>
2018
2019<div class="method">
2020 <code class="details" id="list">list(parent, kind=None, name=None, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</code>
2021 <pre>Lists active `Occurrences` for a given project matching the filters.
2022
2023Args:
2024 parent: string, This contains the project Id for example: projects/{project_id}. (required)
2025 kind: string, The kind of occurrences to filter on.
2026 name: string, The name field contains the project Id. For example:
2027"projects/{project_id}
2028@Deprecated
2029 pageToken: string, Token to provide to skip to a particular spot in the list.
2030 x__xgafv: string, V1 error format.
2031 Allowed values
2032 1 - v1 error format
2033 2 - v2 error format
2034 pageSize: integer, Number of occurrences to return in the list.
2035 filter: string, The filter expression.
2036
2037Returns:
2038 An object of the form:
2039
2040 { # Response including listed active occurrences.
2041 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as
2042 # `page_token` for the following request. An empty value means no more
2043 # results.
2044 "occurrences": [ # The occurrences requested.
2045 { # `Occurrence` includes information about analysis occurrences for an image.
2046 "resource": { # #
2047 # The resource for which the `Occurrence` applies.
2048 # Resource is an entity that can have metadata. E.g., a Docker image.
2049 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
2050 "type": "A String", # The type of hash that was performed.
2051 "value": "A String", # The hash value.
2052 },
2053 "uri": "A String", # The unique URI of the resource. E.g.,
2054 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
2055 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
2056 },
2057 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
2058 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
2059 # a system.
2060 "location": [ # All of the places within the filesystem versions of this package
2061 # have been found.
2062 { # An occurrence of a particular package installation found within a
2063 # system's filesystem.
2064 # e.g. glibc was found in /var/lib/dpkg/status
2065 "path": "A String", # The path from which we gathered that this package/version is installed.
2066 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
2067 # denoting the package manager version distributing a package.
2068 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
2069 # For a discussion of this in Debian/Ubuntu:
2070 # http://serverfault.com/questions/604541/debian-packages-version-convention
2071 # For a discussion of this in Redhat/Fedora/Centos:
2072 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2073 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2074 # If kind is not NORMAL, then the other fields are ignored.
2075 "revision": "A String", # The iteration of the package build from the above version.
2076 "name": "A String", # The main part of the version name.
2077 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2078 },
2079 },
2080 ],
2081 "name": "A String", # Output only. The name of the installed package.
2082 },
2083 "name": "A String", # Output only. The name of the `Occurrence` in the form
2084 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
2085 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
2086 # specified. This field can be used as a filter in list requests.
2087 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
2088 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
2089 # details about the build from source to completion.
2090 "finishTime": "A String", # Time at which execution of the build was finished.
2091 "commands": [ # Commands requested by the build.
2092 { # Command describes a step performed as part of the build pipeline.
2093 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
2094 "A String",
2095 ],
2096 "name": "A String", # Name of the command, as presented on the command line, or if the command is
2097 # packaged as a Docker container, as presented to `docker pull`.
2098 "args": [ # Command-line arguments used when executing this Command.
2099 "A String",
2100 ],
2101 "env": [ # Environment variables set before running this Command.
2102 "A String",
2103 ],
2104 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
2105 # this Command as a dependency.
2106 "dir": "A String", # Working directory (relative to project source root) used when running
2107 # this Command.
2108 },
2109 ],
2110 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
2111 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
2112 # location.
2113 # Google Cloud Storage.
2114 "generation": "A String", # Google Cloud Storage generation for the object.
2115 "object": "A String", # Google Cloud Storage object containing source.
2116 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
2117 # Requirements]
2118 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
2119 },
2120 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
2121 # Repository.
2122 "projectId": "A String", # ID of the project that owns the repo.
2123 "branchName": "A String", # Name of the branch to build.
2124 "repoName": "A String", # Name of the repo.
2125 "tagName": "A String", # Name of the tag to build.
2126 "commitSha": "A String", # Explicit commit SHA to build.
2127 },
2128 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
2129 # source integrity was maintained in the build.
2130 #
2131 # The keys to this map are file paths used as build source and the values
2132 # contain the hash values for those files.
2133 #
2134 # If the build source came in a single package such as a gzipped tarfile
2135 # (.tar.gz), the FileHash will be for the single path to that file.
2136 "a_key": { # Container message for hashes of byte content of files, used in Source
2137 # messages to verify integrity of source input to the build.
2138 "fileHash": [ # Collection of file hashes.
2139 { # Container message for hash values.
2140 "type": "A String", # The type of hash that was performed.
2141 "value": "A String", # The hash value.
2142 },
2143 ],
2144 },
2145 },
2146 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
2147 # these locations, in the case where the source repository had multiple
2148 # remotes or submodules. This list will not include the context specified in
2149 # the context field.
2150 { # A SourceContext is a reference to a tree of files. A SourceContext together
2151 # with a path point to a unique revision of a single file or directory.
2152 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2153 # repository (e.g., GitHub).
2154 "url": "A String", # Git repository URL.
2155 "revisionId": "A String", # Required.
2156 # Git commit hash.
2157 },
2158 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2159 # Source Repo.
2160 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2161 "kind": "A String", # The alias kind.
2162 "name": "A String", # The alias name.
2163 },
2164 "revisionId": "A String", # A revision ID.
2165 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
2166 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2167 # winged-cargo-31) and a repo name within that project.
2168 "projectId": "A String", # The ID of the project.
2169 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
2170 },
2171 "uid": "A String", # A server-assigned, globally unique identifier.
2172 },
2173 },
2174 "labels": { # Labels with user defined metadata.
2175 "a_key": "A String",
2176 },
2177 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2178 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2179 "kind": "A String", # The alias kind.
2180 "name": "A String", # The alias name.
2181 },
2182 "revisionId": "A String", # A revision (commit) ID.
2183 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
2184 # "project/subproject" is a valid project name. The "repo name" is
2185 # the hostURI/project.
2186 "hostUri": "A String", # The URI of a running Gerrit instance.
2187 },
2188 },
2189 ],
2190 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
2191 # with a path point to a unique revision of a single file or directory.
2192 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2193 # repository (e.g., GitHub).
2194 "url": "A String", # Git repository URL.
2195 "revisionId": "A String", # Required.
2196 # Git commit hash.
2197 },
2198 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2199 # Source Repo.
2200 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2201 "kind": "A String", # The alias kind.
2202 "name": "A String", # The alias name.
2203 },
2204 "revisionId": "A String", # A revision ID.
2205 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
2206 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2207 # winged-cargo-31) and a repo name within that project.
2208 "projectId": "A String", # The ID of the project.
2209 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
2210 },
2211 "uid": "A String", # A server-assigned, globally unique identifier.
2212 },
2213 },
2214 "labels": { # Labels with user defined metadata.
2215 "a_key": "A String",
2216 },
2217 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2218 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2219 "kind": "A String", # The alias kind.
2220 "name": "A String", # The alias name.
2221 },
2222 "revisionId": "A String", # A revision (commit) ID.
2223 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
2224 # "project/subproject" is a valid project name. The "repo name" is
2225 # the hostURI/project.
2226 "hostUri": "A String", # The URI of a running Gerrit instance.
2227 },
2228 },
2229 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
2230 # Storage.
2231 # Google Cloud Storage.
2232 "generation": "A String", # Google Cloud Storage generation for the object.
2233 "object": "A String", # Google Cloud Storage object containing source.
2234 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
2235 # Requirements]
2236 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
2237 },
2238 },
2239 "buildOptions": { # Special options applied to this build. This is a catch-all field where
2240 # build providers can enter any desired additional details.
2241 "a_key": "A String",
2242 },
2243 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
2244 # user's e-mail address at the time the build was initiated; this address may
2245 # not represent the same end-user for all time.
2246 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
2247 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
2248 "createTime": "A String", # Time at which the build was created.
2249 "builtArtifacts": [ # Output of the build.
2250 { # Artifact describes a build product.
2251 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
2252 # container.
2253 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
2254 # like gcr.io/projectID/imagename@sha256:123456
2255 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
2256 # the case of a container build, the name used to push the container image to
2257 # Google Container Registry, as presented to `docker push`.
2258 #
2259 # This field is deprecated in favor of the plural `names` field; it continues
2260 # to exist here to allow existing BuildProvenance serialized to json in
2261 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
2262 # deserialize back into proto.
2263 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
2264 # the case of a container build, the name used to push the container image to
2265 # Google Container Registry, as presented to `docker push`. Note that a
2266 # single Artifact ID can have multiple names, for example if two tags are
2267 # applied to one image.
2268 "A String",
2269 ],
2270 },
2271 ],
2272 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
2273 "startTime": "A String", # Time at which execution of the build was started.
2274 "projectId": "A String", # ID of the project.
2275 "id": "A String", # Unique identifier of the build.
2276 },
2277 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
2278 # `BuildSignature` in the corresponding Result. After verifying the
2279 # signature, `provenance_bytes` can be unmarshalled and compared to the
2280 # provenance to confirm that it is unchanged. A base64-encoded string
2281 # representation of the provenance bytes is used for the signature in order
2282 # to interoperate with openssl which expects this format for signature
2283 # verification.
2284 #
2285 # The serialized form is captured both to avoid ambiguity in how the
2286 # provenance is marshalled to json as well to prevent incompatibilities with
2287 # future changes.
2288 },
2289 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
2290 "analysisStatus": "A String", # The status of discovery for the resource.
2291 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
2292 # This field is deprecated, do not use.
2293 # network API call.
2294 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
2295 # different programming environments, including REST APIs and RPC APIs. It is
2296 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2297 # three pieces of data: error code, error message, and error details.
2298 #
2299 # You can find out more about this error model and how to work with it in the
2300 # [API Design Guide](https://cloud.google.com/apis/design/errors).
2301 "message": "A String", # A developer-facing error message, which should be in English. Any
2302 # user-facing error message should be localized and sent in the
2303 # google.rpc.Status.details field, or localized by the client.
2304 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
2305 "details": [ # A list of messages that carry the error details. There is a common set of
2306 # message types for APIs to use.
2307 {
2308 "a_key": "", # Properties of the object. Contains field @type with type URL.
2309 },
2310 ],
2311 },
2312 "done": True or False, # If the value is `false`, it means the operation is still in progress.
2313 # If `true`, the operation is completed, and either `error` or `response` is
2314 # available.
2315 "response": { # The normal response of the operation in case of success. If the original
2316 # method returns no data on success, such as `Delete`, the response is
2317 # `google.protobuf.Empty`. If the original method is standard
2318 # `Get`/`Create`/`Update`, the response should be the resource. For other
2319 # methods, the response should have the type `XxxResponse`, where `Xxx`
2320 # is the original method name. For example, if the original method name
2321 # is `TakeSnapshot()`, the inferred response type is
2322 # `TakeSnapshotResponse`.
2323 "a_key": "", # Properties of the object. Contains field @type with type URL.
2324 },
2325 "name": "A String", # The server-assigned name, which is only unique within the same service that
2326 # originally returns it. If you use the default HTTP mapping, the
2327 # `name` should be a resource name ending with `operations/{unique_id}`.
2328 "metadata": { # Service-specific metadata associated with the operation. It typically
2329 # contains progress information and common metadata such as create time.
2330 # Some services might not provide such metadata. Any method that returns a
2331 # long-running operation should document the metadata type, if any.
2332 "a_key": "", # Properties of the object. Contains field @type with type URL.
2333 },
2334 },
2335 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
2336 # details to show to the user. The LocalizedMessage output only and
2337 # populated by the API.
2338 # different programming environments, including REST APIs and RPC APIs. It is
2339 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2340 # three pieces of data: error code, error message, and error details.
2341 #
2342 # You can find out more about this error model and how to work with it in the
2343 # [API Design Guide](https://cloud.google.com/apis/design/errors).
2344 "message": "A String", # A developer-facing error message, which should be in English. Any
2345 # user-facing error message should be localized and sent in the
2346 # google.rpc.Status.details field, or localized by the client.
2347 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
2348 "details": [ # A list of messages that carry the error details. There is a common set of
2349 # message types for APIs to use.
2350 {
2351 "a_key": "", # Properties of the object. Contains field @type with type URL.
2352 },
2353 ],
2354 },
2355 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
2356 },
2357 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
2358 # Attestation can be verified using the attached signature. If the verifier
2359 # trusts the public key of the signer, then verifying the signature is
2360 # sufficient to establish trust. In this circumstance, the
2361 # AttestationAuthority to which this Attestation is attached is primarily
2362 # useful for look-up (how to find this Attestation if you already know the
2363 # Authority and artifact to be verified) and intent (which authority was this
2364 # attestation intended to sign for).
2365 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
2366 # This message only supports `ATTACHED` signatures, where the payload that is
2367 # signed is included alongside the signature itself in the same file.
2368 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
2369 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
2370 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
2371 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
2372 # Implementations may choose to acknowledge "LONG", "SHORT", or other
2373 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
2374 # In gpg, the full fingerprint can be retrieved from the `fpr` field
2375 # returned when calling --list-keys with --with-colons. For example:
2376 # ```
2377 # gpg --with-colons --with-fingerprint --force-v4-certs \
2378 # --list-keys attester@example.com
2379 # tru::1:1513631572:0:3:1:5
2380 # pub:...<SNIP>...
2381 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
2382 # ```
2383 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
2384 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
2385 # The verifier must ensure that the provided type is one that the verifier
2386 # supports, and that the attestation payload is a valid instantiation of that
2387 # type (for example by validating a JSON schema).
2388 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
2389 # equivalent. Since this message only supports attached signatures, the
2390 # payload that was signed must be attached. While the signature format
2391 # supported is dependent on the verification implementation, currently only
2392 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
2393 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
2394 # --output=signature.gpg payload.json` will create the signature content
2395 # expected in this field in `signature.gpg` for the `payload.json`
2396 # attestation payload.
2397 },
2398 },
2399 "noteName": "A String", # An analysis note associated with this image, in the form
2400 # "providers/{provider_id}/notes/{NOTE_ID}"
2401 # This field can be used as a filter in list requests.
2402 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
2403 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
2404 # deployable field with the same name.
2405 "A String",
2406 ],
2407 "userEmail": "A String", # Identity of the user that triggered this deployment.
2408 "address": "A String", # Address of the runtime element hosting this deployment.
2409 "platform": "A String", # Platform hosting this deployment.
2410 "deployTime": "A String", # Beginning of the lifetime of this deployment.
2411 "undeployTime": "A String", # End of the lifetime of this deployment.
2412 "config": "A String", # Configuration used to create this deployment.
2413 },
2414 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
2415 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
2416 # to fix it.
2417 "packageIssue": [ # The set of affected locations and their fixes (if available) within
2418 # the associated resource.
2419 { # This message wraps a location affected by a vulnerability and its
2420 # associated fix (if one is available).
2421 "severityName": "A String",
2422 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
2423 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2424 # format. Examples include distro or storage location for vulnerable jar.
2425 # This field can be used as a filter in list requests.
2426 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2427 # filter in list requests.
2428 # For a discussion of this in Debian/Ubuntu:
2429 # http://serverfault.com/questions/604541/debian-packages-version-convention
2430 # For a discussion of this in Redhat/Fedora/Centos:
2431 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2432 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2433 # If kind is not NORMAL, then the other fields are ignored.
2434 "revision": "A String", # The iteration of the package build from the above version.
2435 "name": "A String", # The main part of the version name.
2436 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2437 },
2438 "package": "A String", # The package being described.
2439 },
2440 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
2441 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2442 # format. Examples include distro or storage location for vulnerable jar.
2443 # This field can be used as a filter in list requests.
2444 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2445 # filter in list requests.
2446 # For a discussion of this in Debian/Ubuntu:
2447 # http://serverfault.com/questions/604541/debian-packages-version-convention
2448 # For a discussion of this in Redhat/Fedora/Centos:
2449 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2450 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2451 # If kind is not NORMAL, then the other fields are ignored.
2452 "revision": "A String", # The iteration of the package build from the above version.
2453 "name": "A String", # The main part of the version name.
2454 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2455 },
2456 "package": "A String", # The package being described.
2457 },
2458 },
2459 ],
2460 "type": "A String", # The type of package; whether native or non native(ruby gems,
2461 # node.js packages etc)
2462 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
2463 # scale of 0-10 where 0 indicates low severity and 10 indicates high
2464 # severity.
2465 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
2466 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
2467 # available and note provider assigned severity when distro has not yet
2468 # assigned a severity for this vulnerability.
2469 },
2470 "createTime": "A String", # Output only. The time this `Occurrence` was created.
2471 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
2472 # in the associated note.
2473 # DockerImage relationship. This image would be produced from a Dockerfile
2474 # with FROM <DockerImage.Basis in attached Note>.
2475 "distance": 42, # Output only. The number of layers by which this image differs from the
2476 # associated image basis.
2477 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
2478 # occurrence.
2479 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
2480 # "distance" and is ordered with [distance] being the layer immediately
2481 # following the base image and [1] being the final layer.
2482 { # Layer holds metadata specific to a layer of a Docker image.
2483 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
2484 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
2485 },
2486 ],
2487 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
2488 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
2489 # representation.
2490 # This field can be used as a filter in list requests.
2491 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
2492 "A String",
2493 ],
2494 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2495 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2496 # Only the name of the final blob is kept.
2497 # This field can be used as a filter in list requests.
2498 },
2499 },
2500 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
2501 # applies. For example, https://gcr.io/project/image@sha256:foo This field
2502 # can be used as a filter in list requests.
2503 },
2504 ],
2505 }</pre>
2506</div>
2507
2508<div class="method">
2509 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
2510 <pre>Retrieves the next page of results.
2511
2512Args:
2513 previous_request: The request for the previous page. (required)
2514 previous_response: The response from the request for the previous page. (required)
2515
2516Returns:
2517 A request object that you can call 'execute()' on to request the next
2518 page. Returns None if there are no more items in the collection.
2519 </pre>
2520</div>
2521
2522<div class="method">
2523 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
2524 <pre>Updates an existing occurrence.
2525
2526Args:
2527 name: string, The name of the occurrence.
2528Should be of the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}". (required)
2529 body: object, The request body. (required)
2530 The object takes the form of:
2531
2532{ # `Occurrence` includes information about analysis occurrences for an image.
2533 "resource": { # #
2534 # The resource for which the `Occurrence` applies.
2535 # Resource is an entity that can have metadata. E.g., a Docker image.
2536 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
2537 "type": "A String", # The type of hash that was performed.
2538 "value": "A String", # The hash value.
2539 },
2540 "uri": "A String", # The unique URI of the resource. E.g.,
2541 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
2542 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
2543 },
2544 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
2545 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
2546 # a system.
2547 "location": [ # All of the places within the filesystem versions of this package
2548 # have been found.
2549 { # An occurrence of a particular package installation found within a
2550 # system's filesystem.
2551 # e.g. glibc was found in /var/lib/dpkg/status
2552 "path": "A String", # The path from which we gathered that this package/version is installed.
2553 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
2554 # denoting the package manager version distributing a package.
2555 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
2556 # For a discussion of this in Debian/Ubuntu:
2557 # http://serverfault.com/questions/604541/debian-packages-version-convention
2558 # For a discussion of this in Redhat/Fedora/Centos:
2559 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2560 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2561 # If kind is not NORMAL, then the other fields are ignored.
2562 "revision": "A String", # The iteration of the package build from the above version.
2563 "name": "A String", # The main part of the version name.
2564 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2565 },
2566 },
2567 ],
2568 "name": "A String", # Output only. The name of the installed package.
2569 },
2570 "name": "A String", # Output only. The name of the `Occurrence` in the form
2571 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
2572 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
2573 # specified. This field can be used as a filter in list requests.
2574 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
2575 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
2576 # details about the build from source to completion.
2577 "finishTime": "A String", # Time at which execution of the build was finished.
2578 "commands": [ # Commands requested by the build.
2579 { # Command describes a step performed as part of the build pipeline.
2580 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
2581 "A String",
2582 ],
2583 "name": "A String", # Name of the command, as presented on the command line, or if the command is
2584 # packaged as a Docker container, as presented to `docker pull`.
2585 "args": [ # Command-line arguments used when executing this Command.
2586 "A String",
2587 ],
2588 "env": [ # Environment variables set before running this Command.
2589 "A String",
2590 ],
2591 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
2592 # this Command as a dependency.
2593 "dir": "A String", # Working directory (relative to project source root) used when running
2594 # this Command.
2595 },
2596 ],
2597 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
2598 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
2599 # location.
2600 # Google Cloud Storage.
2601 "generation": "A String", # Google Cloud Storage generation for the object.
2602 "object": "A String", # Google Cloud Storage object containing source.
2603 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
2604 # Requirements]
2605 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
2606 },
2607 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
2608 # Repository.
2609 "projectId": "A String", # ID of the project that owns the repo.
2610 "branchName": "A String", # Name of the branch to build.
2611 "repoName": "A String", # Name of the repo.
2612 "tagName": "A String", # Name of the tag to build.
2613 "commitSha": "A String", # Explicit commit SHA to build.
2614 },
2615 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
2616 # source integrity was maintained in the build.
2617 #
2618 # The keys to this map are file paths used as build source and the values
2619 # contain the hash values for those files.
2620 #
2621 # If the build source came in a single package such as a gzipped tarfile
2622 # (.tar.gz), the FileHash will be for the single path to that file.
2623 "a_key": { # Container message for hashes of byte content of files, used in Source
2624 # messages to verify integrity of source input to the build.
2625 "fileHash": [ # Collection of file hashes.
2626 { # Container message for hash values.
2627 "type": "A String", # The type of hash that was performed.
2628 "value": "A String", # The hash value.
2629 },
2630 ],
2631 },
2632 },
2633 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
2634 # these locations, in the case where the source repository had multiple
2635 # remotes or submodules. This list will not include the context specified in
2636 # the context field.
2637 { # A SourceContext is a reference to a tree of files. A SourceContext together
2638 # with a path point to a unique revision of a single file or directory.
2639 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2640 # repository (e.g., GitHub).
2641 "url": "A String", # Git repository URL.
2642 "revisionId": "A String", # Required.
2643 # Git commit hash.
2644 },
2645 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2646 # Source Repo.
2647 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2648 "kind": "A String", # The alias kind.
2649 "name": "A String", # The alias name.
2650 },
2651 "revisionId": "A String", # A revision ID.
2652 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
2653 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2654 # winged-cargo-31) and a repo name within that project.
2655 "projectId": "A String", # The ID of the project.
2656 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
2657 },
2658 "uid": "A String", # A server-assigned, globally unique identifier.
2659 },
2660 },
2661 "labels": { # Labels with user defined metadata.
2662 "a_key": "A String",
2663 },
2664 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2665 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2666 "kind": "A String", # The alias kind.
2667 "name": "A String", # The alias name.
2668 },
2669 "revisionId": "A String", # A revision (commit) ID.
2670 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
2671 # "project/subproject" is a valid project name. The "repo name" is
2672 # the hostURI/project.
2673 "hostUri": "A String", # The URI of a running Gerrit instance.
2674 },
2675 },
2676 ],
2677 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
2678 # with a path point to a unique revision of a single file or directory.
2679 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
2680 # repository (e.g., GitHub).
2681 "url": "A String", # Git repository URL.
2682 "revisionId": "A String", # Required.
2683 # Git commit hash.
2684 },
2685 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
2686 # Source Repo.
2687 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2688 "kind": "A String", # The alias kind.
2689 "name": "A String", # The alias name.
2690 },
2691 "revisionId": "A String", # A revision ID.
2692 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
2693 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
2694 # winged-cargo-31) and a repo name within that project.
2695 "projectId": "A String", # The ID of the project.
2696 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
2697 },
2698 "uid": "A String", # A server-assigned, globally unique identifier.
2699 },
2700 },
2701 "labels": { # Labels with user defined metadata.
2702 "a_key": "A String",
2703 },
2704 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
2705 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
2706 "kind": "A String", # The alias kind.
2707 "name": "A String", # The alias name.
2708 },
2709 "revisionId": "A String", # A revision (commit) ID.
2710 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
2711 # "project/subproject" is a valid project name. The "repo name" is
2712 # the hostURI/project.
2713 "hostUri": "A String", # The URI of a running Gerrit instance.
2714 },
2715 },
2716 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
2717 # Storage.
2718 # Google Cloud Storage.
2719 "generation": "A String", # Google Cloud Storage generation for the object.
2720 "object": "A String", # Google Cloud Storage object containing source.
2721 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
2722 # Requirements]
2723 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
2724 },
2725 },
2726 "buildOptions": { # Special options applied to this build. This is a catch-all field where
2727 # build providers can enter any desired additional details.
2728 "a_key": "A String",
2729 },
2730 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
2731 # user's e-mail address at the time the build was initiated; this address may
2732 # not represent the same end-user for all time.
2733 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
2734 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
2735 "createTime": "A String", # Time at which the build was created.
2736 "builtArtifacts": [ # Output of the build.
2737 { # Artifact describes a build product.
2738 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
2739 # container.
2740 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
2741 # like gcr.io/projectID/imagename@sha256:123456
2742 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
2743 # the case of a container build, the name used to push the container image to
2744 # Google Container Registry, as presented to `docker push`.
2745 #
2746 # This field is deprecated in favor of the plural `names` field; it continues
2747 # to exist here to allow existing BuildProvenance serialized to json in
2748 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
2749 # deserialize back into proto.
2750 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
2751 # the case of a container build, the name used to push the container image to
2752 # Google Container Registry, as presented to `docker push`. Note that a
2753 # single Artifact ID can have multiple names, for example if two tags are
2754 # applied to one image.
2755 "A String",
2756 ],
2757 },
2758 ],
2759 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
2760 "startTime": "A String", # Time at which execution of the build was started.
2761 "projectId": "A String", # ID of the project.
2762 "id": "A String", # Unique identifier of the build.
2763 },
2764 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
2765 # `BuildSignature` in the corresponding Result. After verifying the
2766 # signature, `provenance_bytes` can be unmarshalled and compared to the
2767 # provenance to confirm that it is unchanged. A base64-encoded string
2768 # representation of the provenance bytes is used for the signature in order
2769 # to interoperate with openssl which expects this format for signature
2770 # verification.
2771 #
2772 # The serialized form is captured both to avoid ambiguity in how the
2773 # provenance is marshalled to json as well to prevent incompatibilities with
2774 # future changes.
2775 },
2776 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
2777 "analysisStatus": "A String", # The status of discovery for the resource.
2778 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
2779 # This field is deprecated, do not use.
2780 # network API call.
2781 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
2782 # different programming environments, including REST APIs and RPC APIs. It is
2783 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2784 # three pieces of data: error code, error message, and error details.
2785 #
2786 # You can find out more about this error model and how to work with it in the
2787 # [API Design Guide](https://cloud.google.com/apis/design/errors).
2788 "message": "A String", # A developer-facing error message, which should be in English. Any
2789 # user-facing error message should be localized and sent in the
2790 # google.rpc.Status.details field, or localized by the client.
2791 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
2792 "details": [ # A list of messages that carry the error details. There is a common set of
2793 # message types for APIs to use.
2794 {
2795 "a_key": "", # Properties of the object. Contains field @type with type URL.
2796 },
2797 ],
2798 },
2799 "done": True or False, # If the value is `false`, it means the operation is still in progress.
2800 # If `true`, the operation is completed, and either `error` or `response` is
2801 # available.
2802 "response": { # The normal response of the operation in case of success. If the original
2803 # method returns no data on success, such as `Delete`, the response is
2804 # `google.protobuf.Empty`. If the original method is standard
2805 # `Get`/`Create`/`Update`, the response should be the resource. For other
2806 # methods, the response should have the type `XxxResponse`, where `Xxx`
2807 # is the original method name. For example, if the original method name
2808 # is `TakeSnapshot()`, the inferred response type is
2809 # `TakeSnapshotResponse`.
2810 "a_key": "", # Properties of the object. Contains field @type with type URL.
2811 },
2812 "name": "A String", # The server-assigned name, which is only unique within the same service that
2813 # originally returns it. If you use the default HTTP mapping, the
2814 # `name` should be a resource name ending with `operations/{unique_id}`.
2815 "metadata": { # Service-specific metadata associated with the operation. It typically
2816 # contains progress information and common metadata such as create time.
2817 # Some services might not provide such metadata. Any method that returns a
2818 # long-running operation should document the metadata type, if any.
2819 "a_key": "", # Properties of the object. Contains field @type with type URL.
2820 },
2821 },
2822 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
2823 # details to show to the user. The LocalizedMessage output only and
2824 # populated by the API.
2825 # different programming environments, including REST APIs and RPC APIs. It is
2826 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
2827 # three pieces of data: error code, error message, and error details.
2828 #
2829 # You can find out more about this error model and how to work with it in the
2830 # [API Design Guide](https://cloud.google.com/apis/design/errors).
2831 "message": "A String", # A developer-facing error message, which should be in English. Any
2832 # user-facing error message should be localized and sent in the
2833 # google.rpc.Status.details field, or localized by the client.
2834 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
2835 "details": [ # A list of messages that carry the error details. There is a common set of
2836 # message types for APIs to use.
2837 {
2838 "a_key": "", # Properties of the object. Contains field @type with type URL.
2839 },
2840 ],
2841 },
2842 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
2843 },
2844 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
2845 # Attestation can be verified using the attached signature. If the verifier
2846 # trusts the public key of the signer, then verifying the signature is
2847 # sufficient to establish trust. In this circumstance, the
2848 # AttestationAuthority to which this Attestation is attached is primarily
2849 # useful for look-up (how to find this Attestation if you already know the
2850 # Authority and artifact to be verified) and intent (which authority was this
2851 # attestation intended to sign for).
2852 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
2853 # This message only supports `ATTACHED` signatures, where the payload that is
2854 # signed is included alongside the signature itself in the same file.
2855 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
2856 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
2857 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
2858 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
2859 # Implementations may choose to acknowledge "LONG", "SHORT", or other
2860 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
2861 # In gpg, the full fingerprint can be retrieved from the `fpr` field
2862 # returned when calling --list-keys with --with-colons. For example:
2863 # ```
2864 # gpg --with-colons --with-fingerprint --force-v4-certs \
2865 # --list-keys attester@example.com
2866 # tru::1:1513631572:0:3:1:5
2867 # pub:...<SNIP>...
2868 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
2869 # ```
2870 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
2871 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
2872 # The verifier must ensure that the provided type is one that the verifier
2873 # supports, and that the attestation payload is a valid instantiation of that
2874 # type (for example by validating a JSON schema).
2875 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
2876 # equivalent. Since this message only supports attached signatures, the
2877 # payload that was signed must be attached. While the signature format
2878 # supported is dependent on the verification implementation, currently only
2879 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
2880 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
2881 # --output=signature.gpg payload.json` will create the signature content
2882 # expected in this field in `signature.gpg` for the `payload.json`
2883 # attestation payload.
2884 },
2885 },
2886 "noteName": "A String", # An analysis note associated with this image, in the form
2887 # "providers/{provider_id}/notes/{NOTE_ID}"
2888 # This field can be used as a filter in list requests.
2889 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
2890 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
2891 # deployable field with the same name.
2892 "A String",
2893 ],
2894 "userEmail": "A String", # Identity of the user that triggered this deployment.
2895 "address": "A String", # Address of the runtime element hosting this deployment.
2896 "platform": "A String", # Platform hosting this deployment.
2897 "deployTime": "A String", # Beginning of the lifetime of this deployment.
2898 "undeployTime": "A String", # End of the lifetime of this deployment.
2899 "config": "A String", # Configuration used to create this deployment.
2900 },
2901 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
2902 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
2903 # to fix it.
2904 "packageIssue": [ # The set of affected locations and their fixes (if available) within
2905 # the associated resource.
2906 { # This message wraps a location affected by a vulnerability and its
2907 # associated fix (if one is available).
2908 "severityName": "A String",
2909 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
2910 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2911 # format. Examples include distro or storage location for vulnerable jar.
2912 # This field can be used as a filter in list requests.
2913 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2914 # filter in list requests.
2915 # For a discussion of this in Debian/Ubuntu:
2916 # http://serverfault.com/questions/604541/debian-packages-version-convention
2917 # For a discussion of this in Redhat/Fedora/Centos:
2918 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2919 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2920 # If kind is not NORMAL, then the other fields are ignored.
2921 "revision": "A String", # The iteration of the package build from the above version.
2922 "name": "A String", # The main part of the version name.
2923 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2924 },
2925 "package": "A String", # The package being described.
2926 },
2927 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
2928 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
2929 # format. Examples include distro or storage location for vulnerable jar.
2930 # This field can be used as a filter in list requests.
2931 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
2932 # filter in list requests.
2933 # For a discussion of this in Debian/Ubuntu:
2934 # http://serverfault.com/questions/604541/debian-packages-version-convention
2935 # For a discussion of this in Redhat/Fedora/Centos:
2936 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
2937 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
2938 # If kind is not NORMAL, then the other fields are ignored.
2939 "revision": "A String", # The iteration of the package build from the above version.
2940 "name": "A String", # The main part of the version name.
2941 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2942 },
2943 "package": "A String", # The package being described.
2944 },
2945 },
2946 ],
2947 "type": "A String", # The type of package; whether native or non native(ruby gems,
2948 # node.js packages etc)
2949 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
2950 # scale of 0-10 where 0 indicates low severity and 10 indicates high
2951 # severity.
2952 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
2953 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
2954 # available and note provider assigned severity when distro has not yet
2955 # assigned a severity for this vulnerability.
2956 },
2957 "createTime": "A String", # Output only. The time this `Occurrence` was created.
2958 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
2959 # in the associated note.
2960 # DockerImage relationship. This image would be produced from a Dockerfile
2961 # with FROM <DockerImage.Basis in attached Note>.
2962 "distance": 42, # Output only. The number of layers by which this image differs from the
2963 # associated image basis.
2964 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
2965 # occurrence.
2966 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
2967 # "distance" and is ordered with [distance] being the layer immediately
2968 # following the base image and [1] being the final layer.
2969 { # Layer holds metadata specific to a layer of a Docker image.
2970 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
2971 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
2972 },
2973 ],
2974 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
2975 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
2976 # representation.
2977 # This field can be used as a filter in list requests.
2978 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
2979 "A String",
2980 ],
2981 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2982 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2983 # Only the name of the final blob is kept.
2984 # This field can be used as a filter in list requests.
2985 },
2986 },
2987 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
2988 # applies. For example, https://gcr.io/project/image@sha256:foo This field
2989 # can be used as a filter in list requests.
2990}
2991
2992 updateMask: string, The fields to update.
2993 x__xgafv: string, V1 error format.
2994 Allowed values
2995 1 - v1 error format
2996 2 - v2 error format
2997
2998Returns:
2999 An object of the form:
3000
3001 { # `Occurrence` includes information about analysis occurrences for an image.
3002 "resource": { # #
3003 # The resource for which the `Occurrence` applies.
3004 # Resource is an entity that can have metadata. E.g., a Docker image.
3005 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest.
3006 "type": "A String", # The type of hash that was performed.
3007 "value": "A String", # The hash value.
3008 },
3009 "uri": "A String", # The unique URI of the resource. E.g.,
3010 # "https://gcr.io/project/image@sha256:foo" for a Docker image.
3011 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian".
3012 },
3013 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated.
3014 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource.
3015 # a system.
3016 "location": [ # All of the places within the filesystem versions of this package
3017 # have been found.
3018 { # An occurrence of a particular package installation found within a
3019 # system's filesystem.
3020 # e.g. glibc was found in /var/lib/dpkg/status
3021 "path": "A String", # The path from which we gathered that this package/version is installed.
3022 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
3023 # denoting the package manager version distributing a package.
3024 "version": { # Version contains structured information about the version of the package. # The version installed at this location.
3025 # For a discussion of this in Debian/Ubuntu:
3026 # http://serverfault.com/questions/604541/debian-packages-version-convention
3027 # For a discussion of this in Redhat/Fedora/Centos:
3028 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3029 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
3030 # If kind is not NORMAL, then the other fields are ignored.
3031 "revision": "A String", # The iteration of the package build from the above version.
3032 "name": "A String", # The main part of the version name.
3033 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
3034 },
3035 },
3036 ],
3037 "name": "A String", # Output only. The name of the installed package.
3038 },
3039 "name": "A String", # Output only. The name of the `Occurrence` in the form
3040 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
3041 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are
3042 # specified. This field can be used as a filter in list requests.
3043 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build.
3044 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance
3045 # details about the build from source to completion.
3046 "finishTime": "A String", # Time at which execution of the build was finished.
3047 "commands": [ # Commands requested by the build.
3048 { # Command describes a step performed as part of the build pipeline.
3049 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on.
3050 "A String",
3051 ],
3052 "name": "A String", # Name of the command, as presented on the command line, or if the command is
3053 # packaged as a Docker container, as presented to `docker pull`.
3054 "args": [ # Command-line arguments used when executing this Command.
3055 "A String",
3056 ],
3057 "env": [ # Environment variables set before running this Command.
3058 "A String",
3059 ],
3060 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference
3061 # this Command as a dependency.
3062 "dir": "A String", # Working directory (relative to project source root) used when running
3063 # this Command.
3064 },
3065 ],
3066 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
3067 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this
3068 # location.
3069 # Google Cloud Storage.
3070 "generation": "A String", # Google Cloud Storage generation for the object.
3071 "object": "A String", # Google Cloud Storage object containing source.
3072 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
3073 # Requirements]
3074 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
3075 },
3076 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo.
3077 # Repository.
3078 "projectId": "A String", # ID of the project that owns the repo.
3079 "branchName": "A String", # Name of the branch to build.
3080 "repoName": "A String", # Name of the repo.
3081 "tagName": "A String", # Name of the tag to build.
3082 "commitSha": "A String", # Explicit commit SHA to build.
3083 },
3084 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original
3085 # source integrity was maintained in the build.
3086 #
3087 # The keys to this map are file paths used as build source and the values
3088 # contain the hash values for those files.
3089 #
3090 # If the build source came in a single package such as a gzipped tarfile
3091 # (.tar.gz), the FileHash will be for the single path to that file.
3092 "a_key": { # Container message for hashes of byte content of files, used in Source
3093 # messages to verify integrity of source input to the build.
3094 "fileHash": [ # Collection of file hashes.
3095 { # Container message for hash values.
3096 "type": "A String", # The type of hash that was performed.
3097 "value": "A String", # The hash value.
3098 },
3099 ],
3100 },
3101 },
3102 "additionalContexts": [ # If provided, some of the source code used for the build may be found in
3103 # these locations, in the case where the source repository had multiple
3104 # remotes or submodules. This list will not include the context specified in
3105 # the context field.
3106 { # A SourceContext is a reference to a tree of files. A SourceContext together
3107 # with a path point to a unique revision of a single file or directory.
3108 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
3109 # repository (e.g., GitHub).
3110 "url": "A String", # Git repository URL.
3111 "revisionId": "A String", # Required.
3112 # Git commit hash.
3113 },
3114 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
3115 # Source Repo.
3116 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
3117 "kind": "A String", # The alias kind.
3118 "name": "A String", # The alias name.
3119 },
3120 "revisionId": "A String", # A revision ID.
3121 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
3122 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
3123 # winged-cargo-31) and a repo name within that project.
3124 "projectId": "A String", # The ID of the project.
3125 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
3126 },
3127 "uid": "A String", # A server-assigned, globally unique identifier.
3128 },
3129 },
3130 "labels": { # Labels with user defined metadata.
3131 "a_key": "A String",
3132 },
3133 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
3134 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
3135 "kind": "A String", # The alias kind.
3136 "name": "A String", # The alias name.
3137 },
3138 "revisionId": "A String", # A revision (commit) ID.
3139 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
3140 # "project/subproject" is a valid project name. The "repo name" is
3141 # the hostURI/project.
3142 "hostUri": "A String", # The URI of a running Gerrit instance.
3143 },
3144 },
3145 ],
3146 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location.
3147 # with a path point to a unique revision of a single file or directory.
3148 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub).
3149 # repository (e.g., GitHub).
3150 "url": "A String", # Git repository URL.
3151 "revisionId": "A String", # Required.
3152 # Git commit hash.
3153 },
3154 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo.
3155 # Source Repo.
3156 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
3157 "kind": "A String", # The alias kind.
3158 "name": "A String", # The alias name.
3159 },
3160 "revisionId": "A String", # A revision ID.
3161 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
3162 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name.
3163 # winged-cargo-31) and a repo name within that project.
3164 "projectId": "A String", # The ID of the project.
3165 "repoName": "A String", # The name of the repo. Leave empty for the default repo.
3166 },
3167 "uid": "A String", # A server-assigned, globally unique identifier.
3168 },
3169 },
3170 "labels": { # Labels with user defined metadata.
3171 "a_key": "A String",
3172 },
3173 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
3174 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
3175 "kind": "A String", # The alias kind.
3176 "name": "A String", # The alias name.
3177 },
3178 "revisionId": "A String", # A revision (commit) ID.
3179 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so
3180 # "project/subproject" is a valid project name. The "repo name" is
3181 # the hostURI/project.
3182 "hostUri": "A String", # The URI of a running Gerrit instance.
3183 },
3184 },
3185 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud
3186 # Storage.
3187 # Google Cloud Storage.
3188 "generation": "A String", # Google Cloud Storage generation for the object.
3189 "object": "A String", # Google Cloud Storage object containing source.
3190 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name
3191 # Requirements]
3192 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
3193 },
3194 },
3195 "buildOptions": { # Special options applied to this build. This is a catch-all field where
3196 # build providers can enter any desired additional details.
3197 "a_key": "A String",
3198 },
3199 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the
3200 # user's e-mail address at the time the build was initiated; this address may
3201 # not represent the same end-user for all time.
3202 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written.
3203 "builderVersion": "A String", # Version string of the builder at the time this build was executed.
3204 "createTime": "A String", # Time at which the build was created.
3205 "builtArtifacts": [ # Output of the build.
3206 { # Artifact describes a build product.
3207 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
3208 # container.
3209 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest
3210 # like gcr.io/projectID/imagename@sha256:123456
3211 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in
3212 # the case of a container build, the name used to push the container image to
3213 # Google Container Registry, as presented to `docker push`.
3214 #
3215 # This field is deprecated in favor of the plural `names` field; it continues
3216 # to exist here to allow existing BuildProvenance serialized to json in
3217 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
3218 # deserialize back into proto.
3219 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in
3220 # the case of a container build, the name used to push the container image to
3221 # Google Container Registry, as presented to `docker push`. Note that a
3222 # single Artifact ID can have multiple names, for example if two tags are
3223 # applied to one image.
3224 "A String",
3225 ],
3226 },
3227 ],
3228 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
3229 "startTime": "A String", # Time at which execution of the build was started.
3230 "projectId": "A String", # ID of the project.
3231 "id": "A String", # Unique identifier of the build.
3232 },
3233 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the
3234 # `BuildSignature` in the corresponding Result. After verifying the
3235 # signature, `provenance_bytes` can be unmarshalled and compared to the
3236 # provenance to confirm that it is unchanged. A base64-encoded string
3237 # representation of the provenance bytes is used for the signature in order
3238 # to interoperate with openssl which expects this format for signature
3239 # verification.
3240 #
3241 # The serialized form is captured both to avoid ambiguity in how the
3242 # provenance is marshalled to json as well to prevent incompatibilities with
3243 # future changes.
3244 },
3245 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource.
3246 "analysisStatus": "A String", # The status of discovery for the resource.
3247 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan.
3248 # This field is deprecated, do not use.
3249 # network API call.
3250 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
3251 # different programming environments, including REST APIs and RPC APIs. It is
3252 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3253 # three pieces of data: error code, error message, and error details.
3254 #
3255 # You can find out more about this error model and how to work with it in the
3256 # [API Design Guide](https://cloud.google.com/apis/design/errors).
3257 "message": "A String", # A developer-facing error message, which should be in English. Any
3258 # user-facing error message should be localized and sent in the
3259 # google.rpc.Status.details field, or localized by the client.
3260 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
3261 "details": [ # A list of messages that carry the error details. There is a common set of
3262 # message types for APIs to use.
3263 {
3264 "a_key": "", # Properties of the object. Contains field @type with type URL.
3265 },
3266 ],
3267 },
3268 "done": True or False, # If the value is `false`, it means the operation is still in progress.
3269 # If `true`, the operation is completed, and either `error` or `response` is
3270 # available.
3271 "response": { # The normal response of the operation in case of success. If the original
3272 # method returns no data on success, such as `Delete`, the response is
3273 # `google.protobuf.Empty`. If the original method is standard
3274 # `Get`/`Create`/`Update`, the response should be the resource. For other
3275 # methods, the response should have the type `XxxResponse`, where `Xxx`
3276 # is the original method name. For example, if the original method name
3277 # is `TakeSnapshot()`, the inferred response type is
3278 # `TakeSnapshotResponse`.
3279 "a_key": "", # Properties of the object. Contains field @type with type URL.
3280 },
3281 "name": "A String", # The server-assigned name, which is only unique within the same service that
3282 # originally returns it. If you use the default HTTP mapping, the
3283 # `name` should be a resource name ending with `operations/{unique_id}`.
3284 "metadata": { # Service-specific metadata associated with the operation. It typically
3285 # contains progress information and common metadata such as create time.
3286 # Some services might not provide such metadata. Any method that returns a
3287 # long-running operation should document the metadata type, if any.
3288 "a_key": "", # Properties of the object. Contains field @type with type URL.
3289 },
3290 },
3291 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under
3292 # details to show to the user. The LocalizedMessage output only and
3293 # populated by the API.
3294 # different programming environments, including REST APIs and RPC APIs. It is
3295 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
3296 # three pieces of data: error code, error message, and error details.
3297 #
3298 # You can find out more about this error model and how to work with it in the
3299 # [API Design Guide](https://cloud.google.com/apis/design/errors).
3300 "message": "A String", # A developer-facing error message, which should be in English. Any
3301 # user-facing error message should be localized and sent in the
3302 # google.rpc.Status.details field, or localized by the client.
3303 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
3304 "details": [ # A list of messages that carry the error details. There is a common set of
3305 # message types for APIs to use.
3306 {
3307 "a_key": "", # Properties of the object. Contains field @type with type URL.
3308 },
3309 ],
3310 },
3311 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
3312 },
3313 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact.
3314 # Attestation can be verified using the attached signature. If the verifier
3315 # trusts the public key of the signer, then verifying the signature is
3316 # sufficient to establish trust. In this circumstance, the
3317 # AttestationAuthority to which this Attestation is attached is primarily
3318 # useful for look-up (how to find this Attestation if you already know the
3319 # Authority and artifact to be verified) and intent (which authority was this
3320 # attestation intended to sign for).
3321 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature.
3322 # This message only supports `ATTACHED` signatures, where the payload that is
3323 # signed is included alongside the signature itself in the same file.
3324 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature,
3325 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full
3326 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See
3327 # https://tools.ietf.org/html/rfc4880#section-12.2 for details.
3328 # Implementations may choose to acknowledge "LONG", "SHORT", or other
3329 # abbreviated key IDs, but only the full fingerprint is guaranteed to work.
3330 # In gpg, the full fingerprint can be retrieved from the `fpr` field
3331 # returned when calling --list-keys with --with-colons. For example:
3332 # ```
3333 # gpg --with-colons --with-fingerprint --force-v4-certs \
3334 # --list-keys attester@example.com
3335 # tru::1:1513631572:0:3:1:5
3336 # pub:...<SNIP>...
3337 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
3338 # ```
3339 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
3340 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed.
3341 # The verifier must ensure that the provided type is one that the verifier
3342 # supports, and that the attestation payload is a valid instantiation of that
3343 # type (for example by validating a JSON schema).
3344 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or
3345 # equivalent. Since this message only supports attached signatures, the
3346 # payload that was signed must be attached. While the signature format
3347 # supported is dependent on the verification implementation, currently only
3348 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
3349 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
3350 # --output=signature.gpg payload.json` will create the signature content
3351 # expected in this field in `signature.gpg` for the `payload.json`
3352 # attestation payload.
3353 },
3354 },
3355 "noteName": "A String", # An analysis note associated with this image, in the form
3356 # "providers/{provider_id}/notes/{NOTE_ID}"
3357 # This field can be used as a filter in list requests.
3358 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
3359 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the
3360 # deployable field with the same name.
3361 "A String",
3362 ],
3363 "userEmail": "A String", # Identity of the user that triggered this deployment.
3364 "address": "A String", # Address of the runtime element hosting this deployment.
3365 "platform": "A String", # Platform hosting this deployment.
3366 "deployTime": "A String", # Beginning of the lifetime of this deployment.
3367 "undeployTime": "A String", # End of the lifetime of this deployment.
3368 "config": "A String", # Configuration used to create this deployment.
3369 },
3370 "remediation": "A String", # A description of actions that can be taken to remedy the `Note`
3371 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note.
3372 # to fix it.
3373 "packageIssue": [ # The set of affected locations and their fixes (if available) within
3374 # the associated resource.
3375 { # This message wraps a location affected by a vulnerability and its
3376 # associated fix (if one is available).
3377 "severityName": "A String",
3378 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
3379 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
3380 # format. Examples include distro or storage location for vulnerable jar.
3381 # This field can be used as a filter in list requests.
3382 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
3383 # filter in list requests.
3384 # For a discussion of this in Debian/Ubuntu:
3385 # http://serverfault.com/questions/604541/debian-packages-version-convention
3386 # For a discussion of this in Redhat/Fedora/Centos:
3387 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3388 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
3389 # If kind is not NORMAL, then the other fields are ignored.
3390 "revision": "A String", # The iteration of the package build from the above version.
3391 "name": "A String", # The main part of the version name.
3392 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
3393 },
3394 "package": "A String", # The package being described.
3395 },
3396 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
3397 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
3398 # format. Examples include distro or storage location for vulnerable jar.
3399 # This field can be used as a filter in list requests.
3400 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
3401 # filter in list requests.
3402 # For a discussion of this in Debian/Ubuntu:
3403 # http://serverfault.com/questions/604541/debian-packages-version-convention
3404 # For a discussion of this in Redhat/Fedora/Centos:
3405 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
3406 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
3407 # If kind is not NORMAL, then the other fields are ignored.
3408 "revision": "A String", # The iteration of the package build from the above version.
3409 "name": "A String", # The main part of the version name.
3410 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
3411 },
3412 "package": "A String", # The package being described.
3413 },
3414 },
3415 ],
3416 "type": "A String", # The type of package; whether native or non native(ruby gems,
3417 # node.js packages etc)
3418 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a
3419 # scale of 0-10 where 0 indicates low severity and 10 indicates high
3420 # severity.
3421 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
3422 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is
3423 # available and note provider assigned severity when distro has not yet
3424 # assigned a severity for this vulnerability.
3425 },
3426 "createTime": "A String", # Output only. The time this `Occurrence` was created.
3427 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis
3428 # in the associated note.
3429 # DockerImage relationship. This image would be produced from a Dockerfile
3430 # with FROM <DockerImage.Basis in attached Note>.
3431 "distance": 42, # Output only. The number of layers by which this image differs from the
3432 # associated image basis.
3433 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image
3434 # occurrence.
3435 "layerInfo": [ # This contains layer-specific metadata, if populated it has length
3436 # "distance" and is ordered with [distance] being the layer immediately
3437 # following the base image and [1] being the final layer.
3438 { # Layer holds metadata specific to a layer of a Docker image.
3439 "arguments": "A String", # The recovered arguments to the Dockerfile directive.
3440 "directive": "A String", # The recovered Dockerfile directive used to construct this layer.
3441 },
3442 ],
3443 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image.
3444 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
3445 # representation.
3446 # This field can be used as a filter in list requests.
3447 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
3448 "A String",
3449 ],
3450 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
3451 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
3452 # Only the name of the final blob is kept.
3453 # This field can be used as a filter in list requests.
3454 },
3455 },
3456 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence`
3457 # applies. For example, https://gcr.io/project/image@sha256:foo This field
3458 # can be used as a filter in list requests.
3459 }</pre>
3460</div>
3461
3462<div class="method">
3463 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
3464 <pre>Sets the access control policy on the specified `Note` or `Occurrence`.
3465Requires `containeranalysis.notes.setIamPolicy` or
3466`containeranalysis.occurrences.setIamPolicy` permission if the resource is
3467a `Note` or an `Occurrence`, respectively.
3468Attempting to call this method without these permissions will result in a `
3469`PERMISSION_DENIED` error.
3470Attempting to call this method on a non-existent resource will result in a
3471`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission
3472on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or
3473a `PERMISSION_DENIED` error otherwise. The resource takes the following
3474formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences
3475and projects/{projectid}/notes/{noteid} for notes
3476
3477Args:
3478 resource: string, REQUIRED: The resource for which the policy is being specified.
3479See the operation documentation for the appropriate value for this field. (required)
3480 body: object, The request body. (required)
3481 The object takes the form of:
3482
3483{ # Request message for `SetIamPolicy` method.
3484 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
3485 # the policy is limited to a few 10s of KB. An empty policy is a
3486 # valid policy but certain Cloud Platform services (such as Projects)
3487 # might reject them.
3488 # specify access control policies for Cloud Platform resources.
3489 #
3490 #
3491 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
3492 # `members` to a `role`, where the members can be user accounts, Google groups,
3493 # Google domains, and service accounts. A `role` is a named list of permissions
3494 # defined by IAM.
3495 #
3496 # **JSON Example**
3497 #
3498 # {
3499 # "bindings": [
3500 # {
3501 # "role": "roles/owner",
3502 # "members": [
3503 # "user:mike@example.com",
3504 # "group:admins@example.com",
3505 # "domain:google.com",
3506 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
3507 # ]
3508 # },
3509 # {
3510 # "role": "roles/viewer",
3511 # "members": ["user:sean@example.com"]
3512 # }
3513 # ]
3514 # }
3515 #
3516 # **YAML Example**
3517 #
3518 # bindings:
3519 # - members:
3520 # - user:mike@example.com
3521 # - group:admins@example.com
3522 # - domain:google.com
3523 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
3524 # role: roles/owner
3525 # - members:
3526 # - user:sean@example.com
3527 # role: roles/viewer
3528 #
3529 #
3530 # For a description of IAM and its features, see the
3531 # [IAM developer's guide](https://cloud.google.com/iam/docs).
3532 "bindings": [ # Associates a list of `members` to a `role`.
3533 # `bindings` with no members will result in an error.
3534 { # Associates `members` with a `role`.
3535 "role": "A String", # Role that is assigned to `members`.
3536 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
3537 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
3538 # `members` can have the following values:
3539 #
3540 # * `allUsers`: A special identifier that represents anyone who is
3541 # on the internet; with or without a Google account.
3542 #
3543 # * `allAuthenticatedUsers`: A special identifier that represents anyone
3544 # who is authenticated with a Google account or a service account.
3545 #
3546 # * `user:{emailid}`: An email address that represents a specific Google
3547 # account. For example, `alice@gmail.com` .
3548 #
3549 #
3550 # * `serviceAccount:{emailid}`: An email address that represents a service
3551 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
3552 #
3553 # * `group:{emailid}`: An email address that represents a Google group.
3554 # For example, `admins@example.com`.
3555 #
3556 #
3557 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
3558 # users of that domain. For example, `google.com` or `example.com`.
3559 #
3560 "A String",
3561 ],
3562 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
3563 # NOTE: An unsatisfied condition will not allow user access via current
3564 # binding. Different bindings, including their conditions, are examined
3565 # independently.
3566 #
3567 # title: "User account presence"
3568 # description: "Determines whether the request has a user account"
3569 # expression: "size(request.user) > 0"
3570 "description": "A String", # An optional description of the expression. This is a longer text which
3571 # describes the expression, e.g. when hovered over it in a UI.
3572 "expression": "A String", # Textual representation of an expression in
3573 # Common Expression Language syntax.
3574 #
3575 # The application context of the containing message determines which
3576 # well-known feature set of CEL is supported.
3577 "location": "A String", # An optional string indicating the location of the expression for error
3578 # reporting, e.g. a file name and a position in the file.
3579 "title": "A String", # An optional title for the expression, i.e. a short string describing
3580 # its purpose. This can be used e.g. in UIs which allow to enter the
3581 # expression.
3582 },
3583 },
3584 ],
3585 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
3586 { # Specifies the audit configuration for a service.
3587 # The configuration determines which permission types are logged, and what
3588 # identities, if any, are exempted from logging.
3589 # An AuditConfig must have one or more AuditLogConfigs.
3590 #
3591 # If there are AuditConfigs for both `allServices` and a specific service,
3592 # the union of the two AuditConfigs is used for that service: the log_types
3593 # specified in each AuditConfig are enabled, and the exempted_members in each
3594 # AuditLogConfig are exempted.
3595 #
3596 # Example Policy with multiple AuditConfigs:
3597 #
3598 # {
3599 # "audit_configs": [
3600 # {
3601 # "service": "allServices"
3602 # "audit_log_configs": [
3603 # {
3604 # "log_type": "DATA_READ",
3605 # "exempted_members": [
3606 # "user:foo@gmail.com"
3607 # ]
3608 # },
3609 # {
3610 # "log_type": "DATA_WRITE",
3611 # },
3612 # {
3613 # "log_type": "ADMIN_READ",
3614 # }
3615 # ]
3616 # },
3617 # {
3618 # "service": "fooservice.googleapis.com"
3619 # "audit_log_configs": [
3620 # {
3621 # "log_type": "DATA_READ",
3622 # },
3623 # {
3624 # "log_type": "DATA_WRITE",
3625 # "exempted_members": [
3626 # "user:bar@gmail.com"
3627 # ]
3628 # }
3629 # ]
3630 # }
3631 # ]
3632 # }
3633 #
3634 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
3635 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
3636 # bar@gmail.com from DATA_WRITE logging.
3637 "auditLogConfigs": [ # The configuration for logging of each type of permission.
3638 { # Provides the configuration for logging a type of permissions.
3639 # Example:
3640 #
3641 # {
3642 # "audit_log_configs": [
3643 # {
3644 # "log_type": "DATA_READ",
3645 # "exempted_members": [
3646 # "user:foo@gmail.com"
3647 # ]
3648 # },
3649 # {
3650 # "log_type": "DATA_WRITE",
3651 # }
3652 # ]
3653 # }
3654 #
3655 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
3656 # foo@gmail.com from DATA_READ logging.
3657 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
3658 # permission.
3659 # Follows the same format of Binding.members.
3660 "A String",
3661 ],
3662 "logType": "A String", # The log type that this config enables.
3663 },
3664 ],
3665 "service": "A String", # Specifies a service that will be enabled for audit logging.
3666 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
3667 # `allServices` is a special value that covers all services.
3668 },
3669 ],
3670 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
3671 # prevent simultaneous updates of a policy from overwriting each other.
3672 # It is strongly suggested that systems make use of the `etag` in the
3673 # read-modify-write cycle to perform policy updates in order to avoid race
3674 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
3675 # systems are expected to put that etag in the request to `setIamPolicy` to
3676 # ensure that their change will be applied to the same version of the policy.
3677 #
3678 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
3679 # policy is overwritten blindly.
3680 "version": 42, # Deprecated.
3681 },
3682 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
3683 # the fields in the mask will be modified. If no mask is provided, the
3684 # following default mask is used:
3685 # paths: "bindings, etag"
3686 # This field is only used by Cloud IAM.
3687 }
3688
3689 x__xgafv: string, V1 error format.
3690 Allowed values
3691 1 - v1 error format
3692 2 - v2 error format
3693
3694Returns:
3695 An object of the form:
3696
3697 { # Defines an Identity and Access Management (IAM) policy. It is used to
3698 # specify access control policies for Cloud Platform resources.
3699 #
3700 #
3701 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
3702 # `members` to a `role`, where the members can be user accounts, Google groups,
3703 # Google domains, and service accounts. A `role` is a named list of permissions
3704 # defined by IAM.
3705 #
3706 # **JSON Example**
3707 #
3708 # {
3709 # "bindings": [
3710 # {
3711 # "role": "roles/owner",
3712 # "members": [
3713 # "user:mike@example.com",
3714 # "group:admins@example.com",
3715 # "domain:google.com",
3716 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
3717 # ]
3718 # },
3719 # {
3720 # "role": "roles/viewer",
3721 # "members": ["user:sean@example.com"]
3722 # }
3723 # ]
3724 # }
3725 #
3726 # **YAML Example**
3727 #
3728 # bindings:
3729 # - members:
3730 # - user:mike@example.com
3731 # - group:admins@example.com
3732 # - domain:google.com
3733 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
3734 # role: roles/owner
3735 # - members:
3736 # - user:sean@example.com
3737 # role: roles/viewer
3738 #
3739 #
3740 # For a description of IAM and its features, see the
3741 # [IAM developer's guide](https://cloud.google.com/iam/docs).
3742 "bindings": [ # Associates a list of `members` to a `role`.
3743 # `bindings` with no members will result in an error.
3744 { # Associates `members` with a `role`.
3745 "role": "A String", # Role that is assigned to `members`.
3746 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
3747 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
3748 # `members` can have the following values:
3749 #
3750 # * `allUsers`: A special identifier that represents anyone who is
3751 # on the internet; with or without a Google account.
3752 #
3753 # * `allAuthenticatedUsers`: A special identifier that represents anyone
3754 # who is authenticated with a Google account or a service account.
3755 #
3756 # * `user:{emailid}`: An email address that represents a specific Google
3757 # account. For example, `alice@gmail.com` .
3758 #
3759 #
3760 # * `serviceAccount:{emailid}`: An email address that represents a service
3761 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
3762 #
3763 # * `group:{emailid}`: An email address that represents a Google group.
3764 # For example, `admins@example.com`.
3765 #
3766 #
3767 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
3768 # users of that domain. For example, `google.com` or `example.com`.
3769 #
3770 "A String",
3771 ],
3772 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
3773 # NOTE: An unsatisfied condition will not allow user access via current
3774 # binding. Different bindings, including their conditions, are examined
3775 # independently.
3776 #
3777 # title: "User account presence"
3778 # description: "Determines whether the request has a user account"
3779 # expression: "size(request.user) > 0"
3780 "description": "A String", # An optional description of the expression. This is a longer text which
3781 # describes the expression, e.g. when hovered over it in a UI.
3782 "expression": "A String", # Textual representation of an expression in
3783 # Common Expression Language syntax.
3784 #
3785 # The application context of the containing message determines which
3786 # well-known feature set of CEL is supported.
3787 "location": "A String", # An optional string indicating the location of the expression for error
3788 # reporting, e.g. a file name and a position in the file.
3789 "title": "A String", # An optional title for the expression, i.e. a short string describing
3790 # its purpose. This can be used e.g. in UIs which allow to enter the
3791 # expression.
3792 },
3793 },
3794 ],
3795 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
3796 { # Specifies the audit configuration for a service.
3797 # The configuration determines which permission types are logged, and what
3798 # identities, if any, are exempted from logging.
3799 # An AuditConfig must have one or more AuditLogConfigs.
3800 #
3801 # If there are AuditConfigs for both `allServices` and a specific service,
3802 # the union of the two AuditConfigs is used for that service: the log_types
3803 # specified in each AuditConfig are enabled, and the exempted_members in each
3804 # AuditLogConfig are exempted.
3805 #
3806 # Example Policy with multiple AuditConfigs:
3807 #
3808 # {
3809 # "audit_configs": [
3810 # {
3811 # "service": "allServices"
3812 # "audit_log_configs": [
3813 # {
3814 # "log_type": "DATA_READ",
3815 # "exempted_members": [
3816 # "user:foo@gmail.com"
3817 # ]
3818 # },
3819 # {
3820 # "log_type": "DATA_WRITE",
3821 # },
3822 # {
3823 # "log_type": "ADMIN_READ",
3824 # }
3825 # ]
3826 # },
3827 # {
3828 # "service": "fooservice.googleapis.com"
3829 # "audit_log_configs": [
3830 # {
3831 # "log_type": "DATA_READ",
3832 # },
3833 # {
3834 # "log_type": "DATA_WRITE",
3835 # "exempted_members": [
3836 # "user:bar@gmail.com"
3837 # ]
3838 # }
3839 # ]
3840 # }
3841 # ]
3842 # }
3843 #
3844 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
3845 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
3846 # bar@gmail.com from DATA_WRITE logging.
3847 "auditLogConfigs": [ # The configuration for logging of each type of permission.
3848 { # Provides the configuration for logging a type of permissions.
3849 # Example:
3850 #
3851 # {
3852 # "audit_log_configs": [
3853 # {
3854 # "log_type": "DATA_READ",
3855 # "exempted_members": [
3856 # "user:foo@gmail.com"
3857 # ]
3858 # },
3859 # {
3860 # "log_type": "DATA_WRITE",
3861 # }
3862 # ]
3863 # }
3864 #
3865 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
3866 # foo@gmail.com from DATA_READ logging.
3867 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
3868 # permission.
3869 # Follows the same format of Binding.members.
3870 "A String",
3871 ],
3872 "logType": "A String", # The log type that this config enables.
3873 },
3874 ],
3875 "service": "A String", # Specifies a service that will be enabled for audit logging.
3876 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
3877 # `allServices` is a special value that covers all services.
3878 },
3879 ],
3880 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
3881 # prevent simultaneous updates of a policy from overwriting each other.
3882 # It is strongly suggested that systems make use of the `etag` in the
3883 # read-modify-write cycle to perform policy updates in order to avoid race
3884 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
3885 # systems are expected to put that etag in the request to `setIamPolicy` to
3886 # ensure that their change will be applied to the same version of the policy.
3887 #
3888 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
3889 # policy is overwritten blindly.
3890 "version": 42, # Deprecated.
3891 }</pre>
3892</div>
3893
3894<div class="method">
3895 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
3896 <pre>Returns the permissions that a caller has on the specified note or
3897occurrence resource. Requires list permission on the project (for example,
3898"storage.objects.list" on the containing bucket for testing permission of
3899an object). Attempting to call this method on a non-existent resource will
3900result in a `NOT_FOUND` error if the user has list permission on the
3901project, or a `PERMISSION_DENIED` error otherwise. The resource takes the
3902following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for
3903`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes`
3904
3905Args:
3906 resource: string, REQUIRED: The resource for which the policy detail is being requested.
3907See the operation documentation for the appropriate value for this field. (required)
3908 body: object, The request body. (required)
3909 The object takes the form of:
3910
3911{ # Request message for `TestIamPermissions` method.
3912 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
3913 # wildcards (such as '*' or 'storage.*') are not allowed. For more
3914 # information see
3915 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
3916 "A String",
3917 ],
3918 }
3919
3920 x__xgafv: string, V1 error format.
3921 Allowed values
3922 1 - v1 error format
3923 2 - v2 error format
3924
3925Returns:
3926 An object of the form:
3927
3928 { # Response message for `TestIamPermissions` method.
3929 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
3930 # allowed.
3931 "A String",
3932 ],
3933 }</pre>
3934</div>
3935
3936</body></html>