Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / dd49464a6262c0d1f71efcf11f131e2f591fe5f6 / . / docs / dyn / containeranalysis_v1beta1.projects.notes.html
blob: d399823fbb5eca0e16f6d704d638aa6b08111679 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="containeranalysis_v1beta1.html">Container Analysis API</a> . <a href="containeranalysis_v1beta1.projects.html">projects</a> . <a href="containeranalysis_v1beta1.projects.notes.html">notes</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="containeranalysis_v1beta1.projects.notes.occurrences.html">occurrences()</a></code>
79</p>
80<p class="firstline">Returns the occurrences Resource.</p>
81
82<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]83 <code><a href="#batchCreate">batchCreate(parent, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]84<p class="firstline">Creates new notes in batch.</p>
85<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]86 <code><a href="#create">create(parent, body=None, noteId=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]87<p class="firstline">Creates a new note.</p>
88<p class="toc_element">
89 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
90<p class="firstline">Deletes the specified note.</p>
91<p class="toc_element">
92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
93<p class="firstline">Gets the specified note.</p>
94<p class="toc_element">
95 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
96<p class="firstline">Gets the access control policy for a note or an occurrence resource.</p>
97<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]98 <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]99<p class="firstline">Lists notes for the specified project.</p>
100<p class="toc_element">
101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
102<p class="firstline">Retrieves the next page of results.</p>
103<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]104 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]105<p class="firstline">Updates the specified note.</p>
106<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]107 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]108<p class="firstline">Sets the access control policy on the specified note or occurrence.</p>
109<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]110 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]111<p class="firstline">Returns the permissions that a caller has on the specified note or</p>
112<h3>Method Details</h3>
113<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]114 <code class="details" id="batchCreate">batchCreate(parent, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]115 <pre>Creates new notes in batch.
116
117Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]118 parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]119the notes are to be created. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]120 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]121 The object takes the form of:
122
123{ # Request to create notes in batch.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]124 "notes": { # Required. The notes to create. Max allowed length is 1000.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]125 "a_key": { # A type of analysis that can be done for a resource.
126 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
127 # a filter in list requests.
128 "relatedNoteNames": [ # Other notes related to this note.
129 "A String",
130 ],
131 "name": "A String", # Output only. The name of the note in the form of
132 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
133 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
134 # channels. E.g., glibc (aka libc6) is distributed by many, at various
135 # versions.
136 "distribution": [ # The various channels by which a package is distributed.
137 { # This represents a particular channel of distribution for a given package.
138 # E.g., Debian's jessie-backports dpkg mirror.
139 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
140 # denoting the package manager version distributing a package.
141 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
142 "description": "A String", # The distribution channel-specific description of this package.
143 "url": "A String", # The distribution channel-specific homepage for this package.
144 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
145 # built.
146 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
147 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
148 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
149 # versions.
150 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
151 # name.
152 "revision": "A String", # The iteration of the package build from the above version.
153 },
154 },
155 ],
156 "name": "A String", # Required. Immutable. The name of the package.
157 },
158 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
159 "windowsDetails": [ # Windows details get their own format because the information format and
160 # model don't match a normal detail. Specifically Windows updates are done as
161 # patches, thus Windows vulnerabilities really are a missing package, rather
162 # than a package being at an incorrect version.
163 {
164 "cpeUri": "A String", # Required. The CPE URI in
165 # [cpe format](https://cpe.mitre.org/specification/) in which the
166 # vulnerability manifests. Examples include distro or storage location for
167 # vulnerable jar.
168 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
169 # vulnerability. Note that there may be multiple hotfixes (and thus
170 # multiple KBs) that mitigate a given vulnerability. Currently any listed
171 # kb's presence is considered a fix.
172 {
173 "url": "A String", # A link to the KB in the Windows update catalog -
174 # https://www.catalog.update.microsoft.com/
175 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
176 },
177 ],
178 "name": "A String", # Required. The name of the vulnerability.
179 "description": "A String", # The description of the vulnerability.
180 },
181 ],
182 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
183 # For details, see https://www.first.org/cvss/specification-document
184 "attackComplexity": "A String",
185 "attackVector": "A String", # Base Metrics
186 # Represents the intrinsic characteristics of a vulnerability that are
187 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]188 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]189 "userInteraction": "A String",
190 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]191 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]192 "impactScore": 3.14,
193 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]194 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]195 "integrityImpact": "A String",
196 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]197 },
198 "cvssScore": 3.14, # The CVSS score for this vulnerability.
199 "severity": "A String", # Note provider assigned impact of the vulnerability.
200 "details": [ # All information about the package to specifically identify this
201 # vulnerability. One entry per (version range and cpe_uri) the package
202 # vulnerability has manifested in.
203 { # Identifies all appearances of this vulnerability in the package for a
204 # specific distro/location. For example: glibc in
205 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
206 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
207 "cpeUri": "A String", # Required. The CPE URI in
208 # [cpe format](https://cpe.mitre.org/specification/) in which the
209 # vulnerability manifests. Examples include distro or storage location for
210 # vulnerable jar.
211 "description": "A String", # A vendor-specific description of this note.
212 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
213 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
214 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
215 # versions.
216 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
217 # name.
218 "revision": "A String", # The iteration of the package build from the above version.
219 },
220 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]221 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
222 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]223 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
224 # packages etc).
225 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
226 # upstream timestamp from the underlying information source - e.g. Ubuntu
227 # security tracker.
228 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]229 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
230 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
231 # versions.
232 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
233 # name.
234 "revision": "A String", # The iteration of the package build from the above version.
235 },
236 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
237 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
238 # format. Examples include distro or storage location for vulnerable jar.
239 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
240 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
241 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
242 # versions.
243 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
244 # name.
245 "revision": "A String", # The iteration of the package build from the above version.
246 },
247 "package": "A String", # Required. The package being described.
248 },
249 },
250 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]251 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
252 # upstream timestamp from the underlying information source - e.g. Ubuntu
253 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]254 },
255 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
256 # list requests.
257 "relatedUrl": [ # URLs associated with this note.
258 { # Metadata for any related URL information.
259 "url": "A String", # Specific URL associated with the resource.
260 "label": "A String", # Label to describe usage of the URL.
261 },
262 ],
263 "longDescription": "A String", # A detailed description of this note.
264 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
265 # example, an organization might have one `Authority` for "QA" and one for
266 # "build". This note is intended to act strictly as a grouping mechanism for
267 # the attached occurrences (Attestations). This grouping mechanism also
268 # provides a security boundary, since IAM ACLs gate the ability for a principle
269 # to attach an occurrence to a given note. It also provides a single point of
270 # lookup to find all attached attestation occurrences, even if they don't all
271 # live in the same project.
272 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
273 # authority. Because the name of a note acts as its resource reference, it is
274 # important to disambiguate the canonical name of the Note (which might be a
275 # UUID for security purposes) from "readable" names more suitable for debug
276 # output. Note that these hints should not be used to look up authorities in
277 # security sensitive contexts, such as when looking up attestations to
278 # verify.
279 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
280 # example "qa".
281 },
282 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]283 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
284 # chain step in an in-toto layout. This information goes into a Grafeas note.
285 "stepName": "A String", # This field identifies the name of the step in the supply chain.
286 "expectedCommand": [ # This field contains the expected command used to perform the step.
287 "A String",
288 ],
289 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
290 # need to be used to sign the step's in-toto link.
291 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
292 # artifacts that enter this supply chain step, and exit the supply chain
293 # step, i.e. materials and products of the step.
294 { # Defines an object to declare an in-toto artifact rule
295 "artifactRule": [
296 "A String",
297 ],
298 },
299 ],
300 "expectedProducts": [
301 { # Defines an object to declare an in-toto artifact rule
302 "artifactRule": [
303 "A String",
304 ],
305 },
306 ],
307 "signingKeys": [ # This field contains the public keys that can be used to verify the
308 # signatures on the step metadata.
309 { # This defines the format used to record keys used in the software supply
310 # chain. An in-toto link is attested using one or more keys defined in the
311 # in-toto layout. An example of this is:
312 # {
313 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
314 # "key_type": "rsa",
315 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
316 # "key_scheme": "rsassa-pss-sha256"
317 # }
318 # The format for in-toto's key definition can be found in section 4.2 of the
319 # in-toto specification.
320 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
321 # and "ecdsa".
322 "keyId": "A String", # key_id is an identifier for the signing key.
323 "publicKeyValue": "A String", # This field contains the actual public key.
324 "keyScheme": "A String", # This field contains the corresponding signature scheme.
325 # Eg: "rsassa-pss-sha256".
326 },
327 ],
328 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]329 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
330 # provenance message in the build details occurrence.
331 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
332 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
333 # containing build details.
334 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
335 # findings are valid and unchanged. If `key_type` is empty, this defaults
336 # to PEM encoded public keys.
337 #
338 # This field may be empty if `key_id` references an external key.
339 #
340 # For Cloud Build based signatures, this is a PEM encoded public
341 # key. To verify the Cloud Build signature, place the contents of
342 # this field into a file (public.pem). The signature field is base64-decoded
343 # into its binary representation in signature.bin, and the provenance bytes
344 # from `BuildDetails` are base64-decoded into a binary representation in
345 # signed.bin. OpenSSL can then verify the signature:
346 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
347 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
348 # `key_id`.
349 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
350 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
351 # CN for a cert), or a reference to an external key (such as a reference to a
352 # key in Cloud Key Management Service).
353 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
354 # base-64 encoded.
355 },
356 },
357 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
358 # relationship. Linked occurrences are derived from this or an
359 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]360 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]361 # Or an equivalent reference, e.g. a tag of the resource_url.
362 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
363 # basis of associated occurrence images.
364 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
365 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
366 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]367 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
368 "A String",
369 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]370 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
371 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
372 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]373 },
374 },
375 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
376 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
377 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
378 "A String",
379 ],
380 },
381 "shortDescription": "A String", # A one sentence description of this note.
382 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
383 # filter in list requests.
384 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
385 # exists in a provider's project. A `Discovery` occurrence is created in a
386 # consumer's project at the start of analysis.
387 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
388 # discovery.
389 },
390 },
391 },
392 }
393
394 x__xgafv: string, V1 error format.
395 Allowed values
396 1 - v1 error format
397 2 - v2 error format
398
399Returns:
400 An object of the form:
401
402 { # Response for creating notes in batch.
403 "notes": [ # The notes that were created.
404 { # A type of analysis that can be done for a resource.
405 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
406 # a filter in list requests.
407 "relatedNoteNames": [ # Other notes related to this note.
408 "A String",
409 ],
410 "name": "A String", # Output only. The name of the note in the form of
411 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
412 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
413 # channels. E.g., glibc (aka libc6) is distributed by many, at various
414 # versions.
415 "distribution": [ # The various channels by which a package is distributed.
416 { # This represents a particular channel of distribution for a given package.
417 # E.g., Debian's jessie-backports dpkg mirror.
418 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
419 # denoting the package manager version distributing a package.
420 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
421 "description": "A String", # The distribution channel-specific description of this package.
422 "url": "A String", # The distribution channel-specific homepage for this package.
423 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
424 # built.
425 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
426 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
427 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
428 # versions.
429 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
430 # name.
431 "revision": "A String", # The iteration of the package build from the above version.
432 },
433 },
434 ],
435 "name": "A String", # Required. Immutable. The name of the package.
436 },
437 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
438 "windowsDetails": [ # Windows details get their own format because the information format and
439 # model don't match a normal detail. Specifically Windows updates are done as
440 # patches, thus Windows vulnerabilities really are a missing package, rather
441 # than a package being at an incorrect version.
442 {
443 "cpeUri": "A String", # Required. The CPE URI in
444 # [cpe format](https://cpe.mitre.org/specification/) in which the
445 # vulnerability manifests. Examples include distro or storage location for
446 # vulnerable jar.
447 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
448 # vulnerability. Note that there may be multiple hotfixes (and thus
449 # multiple KBs) that mitigate a given vulnerability. Currently any listed
450 # kb's presence is considered a fix.
451 {
452 "url": "A String", # A link to the KB in the Windows update catalog -
453 # https://www.catalog.update.microsoft.com/
454 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
455 },
456 ],
457 "name": "A String", # Required. The name of the vulnerability.
458 "description": "A String", # The description of the vulnerability.
459 },
460 ],
461 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
462 # For details, see https://www.first.org/cvss/specification-document
463 "attackComplexity": "A String",
464 "attackVector": "A String", # Base Metrics
465 # Represents the intrinsic characteristics of a vulnerability that are
466 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]467 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]468 "userInteraction": "A String",
469 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]470 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]471 "impactScore": 3.14,
472 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]473 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]474 "integrityImpact": "A String",
475 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]476 },
477 "cvssScore": 3.14, # The CVSS score for this vulnerability.
478 "severity": "A String", # Note provider assigned impact of the vulnerability.
479 "details": [ # All information about the package to specifically identify this
480 # vulnerability. One entry per (version range and cpe_uri) the package
481 # vulnerability has manifested in.
482 { # Identifies all appearances of this vulnerability in the package for a
483 # specific distro/location. For example: glibc in
484 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
485 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
486 "cpeUri": "A String", # Required. The CPE URI in
487 # [cpe format](https://cpe.mitre.org/specification/) in which the
488 # vulnerability manifests. Examples include distro or storage location for
489 # vulnerable jar.
490 "description": "A String", # A vendor-specific description of this note.
491 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
492 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
493 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
494 # versions.
495 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
496 # name.
497 "revision": "A String", # The iteration of the package build from the above version.
498 },
499 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]500 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
501 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]502 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
503 # packages etc).
504 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
505 # upstream timestamp from the underlying information source - e.g. Ubuntu
506 # security tracker.
507 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]508 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
509 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
510 # versions.
511 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
512 # name.
513 "revision": "A String", # The iteration of the package build from the above version.
514 },
515 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
516 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
517 # format. Examples include distro or storage location for vulnerable jar.
518 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
519 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
520 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
521 # versions.
522 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
523 # name.
524 "revision": "A String", # The iteration of the package build from the above version.
525 },
526 "package": "A String", # Required. The package being described.
527 },
528 },
529 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]530 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
531 # upstream timestamp from the underlying information source - e.g. Ubuntu
532 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]533 },
534 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
535 # list requests.
536 "relatedUrl": [ # URLs associated with this note.
537 { # Metadata for any related URL information.
538 "url": "A String", # Specific URL associated with the resource.
539 "label": "A String", # Label to describe usage of the URL.
540 },
541 ],
542 "longDescription": "A String", # A detailed description of this note.
543 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
544 # example, an organization might have one `Authority` for "QA" and one for
545 # "build". This note is intended to act strictly as a grouping mechanism for
546 # the attached occurrences (Attestations). This grouping mechanism also
547 # provides a security boundary, since IAM ACLs gate the ability for a principle
548 # to attach an occurrence to a given note. It also provides a single point of
549 # lookup to find all attached attestation occurrences, even if they don't all
550 # live in the same project.
551 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
552 # authority. Because the name of a note acts as its resource reference, it is
553 # important to disambiguate the canonical name of the Note (which might be a
554 # UUID for security purposes) from "readable" names more suitable for debug
555 # output. Note that these hints should not be used to look up authorities in
556 # security sensitive contexts, such as when looking up attestations to
557 # verify.
558 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
559 # example "qa".
560 },
561 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]562 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
563 # chain step in an in-toto layout. This information goes into a Grafeas note.
564 "stepName": "A String", # This field identifies the name of the step in the supply chain.
565 "expectedCommand": [ # This field contains the expected command used to perform the step.
566 "A String",
567 ],
568 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
569 # need to be used to sign the step's in-toto link.
570 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
571 # artifacts that enter this supply chain step, and exit the supply chain
572 # step, i.e. materials and products of the step.
573 { # Defines an object to declare an in-toto artifact rule
574 "artifactRule": [
575 "A String",
576 ],
577 },
578 ],
579 "expectedProducts": [
580 { # Defines an object to declare an in-toto artifact rule
581 "artifactRule": [
582 "A String",
583 ],
584 },
585 ],
586 "signingKeys": [ # This field contains the public keys that can be used to verify the
587 # signatures on the step metadata.
588 { # This defines the format used to record keys used in the software supply
589 # chain. An in-toto link is attested using one or more keys defined in the
590 # in-toto layout. An example of this is:
591 # {
592 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
593 # "key_type": "rsa",
594 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
595 # "key_scheme": "rsassa-pss-sha256"
596 # }
597 # The format for in-toto's key definition can be found in section 4.2 of the
598 # in-toto specification.
599 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
600 # and "ecdsa".
601 "keyId": "A String", # key_id is an identifier for the signing key.
602 "publicKeyValue": "A String", # This field contains the actual public key.
603 "keyScheme": "A String", # This field contains the corresponding signature scheme.
604 # Eg: "rsassa-pss-sha256".
605 },
606 ],
607 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]608 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
609 # provenance message in the build details occurrence.
610 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
611 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
612 # containing build details.
613 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
614 # findings are valid and unchanged. If `key_type` is empty, this defaults
615 # to PEM encoded public keys.
616 #
617 # This field may be empty if `key_id` references an external key.
618 #
619 # For Cloud Build based signatures, this is a PEM encoded public
620 # key. To verify the Cloud Build signature, place the contents of
621 # this field into a file (public.pem). The signature field is base64-decoded
622 # into its binary representation in signature.bin, and the provenance bytes
623 # from `BuildDetails` are base64-decoded into a binary representation in
624 # signed.bin. OpenSSL can then verify the signature:
625 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
626 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
627 # `key_id`.
628 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
629 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
630 # CN for a cert), or a reference to an external key (such as a reference to a
631 # key in Cloud Key Management Service).
632 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
633 # base-64 encoded.
634 },
635 },
636 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
637 # relationship. Linked occurrences are derived from this or an
638 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]639 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]640 # Or an equivalent reference, e.g. a tag of the resource_url.
641 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
642 # basis of associated occurrence images.
643 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
644 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
645 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]646 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
647 "A String",
648 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]649 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
650 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
651 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]652 },
653 },
654 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
655 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
656 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
657 "A String",
658 ],
659 },
660 "shortDescription": "A String", # A one sentence description of this note.
661 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
662 # filter in list requests.
663 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
664 # exists in a provider's project. A `Discovery` occurrence is created in a
665 # consumer's project at the start of analysis.
666 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
667 # discovery.
668 },
669 },
670 ],
671 }</pre>
672</div>
673
674<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]675 <code class="details" id="create">create(parent, body=None, noteId=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]676 <pre>Creates a new note.
677
678Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]679 parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]680the note is to be created. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]681 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]682 The object takes the form of:
683
684{ # A type of analysis that can be done for a resource.
685 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
686 # a filter in list requests.
687 "relatedNoteNames": [ # Other notes related to this note.
688 "A String",
689 ],
690 "name": "A String", # Output only. The name of the note in the form of
691 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
692 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
693 # channels. E.g., glibc (aka libc6) is distributed by many, at various
694 # versions.
695 "distribution": [ # The various channels by which a package is distributed.
696 { # This represents a particular channel of distribution for a given package.
697 # E.g., Debian's jessie-backports dpkg mirror.
698 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
699 # denoting the package manager version distributing a package.
700 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
701 "description": "A String", # The distribution channel-specific description of this package.
702 "url": "A String", # The distribution channel-specific homepage for this package.
703 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
704 # built.
705 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
706 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
707 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
708 # versions.
709 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
710 # name.
711 "revision": "A String", # The iteration of the package build from the above version.
712 },
713 },
714 ],
715 "name": "A String", # Required. Immutable. The name of the package.
716 },
717 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
718 "windowsDetails": [ # Windows details get their own format because the information format and
719 # model don't match a normal detail. Specifically Windows updates are done as
720 # patches, thus Windows vulnerabilities really are a missing package, rather
721 # than a package being at an incorrect version.
722 {
723 "cpeUri": "A String", # Required. The CPE URI in
724 # [cpe format](https://cpe.mitre.org/specification/) in which the
725 # vulnerability manifests. Examples include distro or storage location for
726 # vulnerable jar.
727 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
728 # vulnerability. Note that there may be multiple hotfixes (and thus
729 # multiple KBs) that mitigate a given vulnerability. Currently any listed
730 # kb's presence is considered a fix.
731 {
732 "url": "A String", # A link to the KB in the Windows update catalog -
733 # https://www.catalog.update.microsoft.com/
734 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
735 },
736 ],
737 "name": "A String", # Required. The name of the vulnerability.
738 "description": "A String", # The description of the vulnerability.
739 },
740 ],
741 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
742 # For details, see https://www.first.org/cvss/specification-document
743 "attackComplexity": "A String",
744 "attackVector": "A String", # Base Metrics
745 # Represents the intrinsic characteristics of a vulnerability that are
746 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]747 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]748 "userInteraction": "A String",
749 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]750 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]751 "impactScore": 3.14,
752 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]753 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]754 "integrityImpact": "A String",
755 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]756 },
757 "cvssScore": 3.14, # The CVSS score for this vulnerability.
758 "severity": "A String", # Note provider assigned impact of the vulnerability.
759 "details": [ # All information about the package to specifically identify this
760 # vulnerability. One entry per (version range and cpe_uri) the package
761 # vulnerability has manifested in.
762 { # Identifies all appearances of this vulnerability in the package for a
763 # specific distro/location. For example: glibc in
764 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
765 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
766 "cpeUri": "A String", # Required. The CPE URI in
767 # [cpe format](https://cpe.mitre.org/specification/) in which the
768 # vulnerability manifests. Examples include distro or storage location for
769 # vulnerable jar.
770 "description": "A String", # A vendor-specific description of this note.
771 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
772 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
773 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
774 # versions.
775 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
776 # name.
777 "revision": "A String", # The iteration of the package build from the above version.
778 },
779 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]780 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
781 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]782 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
783 # packages etc).
784 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
785 # upstream timestamp from the underlying information source - e.g. Ubuntu
786 # security tracker.
787 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]788 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
789 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
790 # versions.
791 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
792 # name.
793 "revision": "A String", # The iteration of the package build from the above version.
794 },
795 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
796 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
797 # format. Examples include distro or storage location for vulnerable jar.
798 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
799 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
800 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
801 # versions.
802 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
803 # name.
804 "revision": "A String", # The iteration of the package build from the above version.
805 },
806 "package": "A String", # Required. The package being described.
807 },
808 },
809 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]810 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
811 # upstream timestamp from the underlying information source - e.g. Ubuntu
812 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]813 },
814 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
815 # list requests.
816 "relatedUrl": [ # URLs associated with this note.
817 { # Metadata for any related URL information.
818 "url": "A String", # Specific URL associated with the resource.
819 "label": "A String", # Label to describe usage of the URL.
820 },
821 ],
822 "longDescription": "A String", # A detailed description of this note.
823 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
824 # example, an organization might have one `Authority` for "QA" and one for
825 # "build". This note is intended to act strictly as a grouping mechanism for
826 # the attached occurrences (Attestations). This grouping mechanism also
827 # provides a security boundary, since IAM ACLs gate the ability for a principle
828 # to attach an occurrence to a given note. It also provides a single point of
829 # lookup to find all attached attestation occurrences, even if they don't all
830 # live in the same project.
831 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
832 # authority. Because the name of a note acts as its resource reference, it is
833 # important to disambiguate the canonical name of the Note (which might be a
834 # UUID for security purposes) from "readable" names more suitable for debug
835 # output. Note that these hints should not be used to look up authorities in
836 # security sensitive contexts, such as when looking up attestations to
837 # verify.
838 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
839 # example "qa".
840 },
841 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]842 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
843 # chain step in an in-toto layout. This information goes into a Grafeas note.
844 "stepName": "A String", # This field identifies the name of the step in the supply chain.
845 "expectedCommand": [ # This field contains the expected command used to perform the step.
846 "A String",
847 ],
848 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
849 # need to be used to sign the step's in-toto link.
850 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
851 # artifacts that enter this supply chain step, and exit the supply chain
852 # step, i.e. materials and products of the step.
853 { # Defines an object to declare an in-toto artifact rule
854 "artifactRule": [
855 "A String",
856 ],
857 },
858 ],
859 "expectedProducts": [
860 { # Defines an object to declare an in-toto artifact rule
861 "artifactRule": [
862 "A String",
863 ],
864 },
865 ],
866 "signingKeys": [ # This field contains the public keys that can be used to verify the
867 # signatures on the step metadata.
868 { # This defines the format used to record keys used in the software supply
869 # chain. An in-toto link is attested using one or more keys defined in the
870 # in-toto layout. An example of this is:
871 # {
872 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
873 # "key_type": "rsa",
874 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
875 # "key_scheme": "rsassa-pss-sha256"
876 # }
877 # The format for in-toto's key definition can be found in section 4.2 of the
878 # in-toto specification.
879 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
880 # and "ecdsa".
881 "keyId": "A String", # key_id is an identifier for the signing key.
882 "publicKeyValue": "A String", # This field contains the actual public key.
883 "keyScheme": "A String", # This field contains the corresponding signature scheme.
884 # Eg: "rsassa-pss-sha256".
885 },
886 ],
887 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]888 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
889 # provenance message in the build details occurrence.
890 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
891 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
892 # containing build details.
893 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
894 # findings are valid and unchanged. If `key_type` is empty, this defaults
895 # to PEM encoded public keys.
896 #
897 # This field may be empty if `key_id` references an external key.
898 #
899 # For Cloud Build based signatures, this is a PEM encoded public
900 # key. To verify the Cloud Build signature, place the contents of
901 # this field into a file (public.pem). The signature field is base64-decoded
902 # into its binary representation in signature.bin, and the provenance bytes
903 # from `BuildDetails` are base64-decoded into a binary representation in
904 # signed.bin. OpenSSL can then verify the signature:
905 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
906 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
907 # `key_id`.
908 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
909 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
910 # CN for a cert), or a reference to an external key (such as a reference to a
911 # key in Cloud Key Management Service).
912 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
913 # base-64 encoded.
914 },
915 },
916 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
917 # relationship. Linked occurrences are derived from this or an
918 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]919 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]920 # Or an equivalent reference, e.g. a tag of the resource_url.
921 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
922 # basis of associated occurrence images.
923 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
924 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
925 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]926 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
927 "A String",
928 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]929 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
930 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
931 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]932 },
933 },
934 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
935 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
936 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
937 "A String",
938 ],
939 },
940 "shortDescription": "A String", # A one sentence description of this note.
941 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
942 # filter in list requests.
943 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
944 # exists in a provider's project. A `Discovery` occurrence is created in a
945 # consumer's project at the start of analysis.
946 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
947 # discovery.
948 },
949}
950
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]951 noteId: string, Required. The ID to use for this note.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]952 x__xgafv: string, V1 error format.
953 Allowed values
954 1 - v1 error format
955 2 - v2 error format
956
957Returns:
958 An object of the form:
959
960 { # A type of analysis that can be done for a resource.
961 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
962 # a filter in list requests.
963 "relatedNoteNames": [ # Other notes related to this note.
964 "A String",
965 ],
966 "name": "A String", # Output only. The name of the note in the form of
967 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
968 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
969 # channels. E.g., glibc (aka libc6) is distributed by many, at various
970 # versions.
971 "distribution": [ # The various channels by which a package is distributed.
972 { # This represents a particular channel of distribution for a given package.
973 # E.g., Debian's jessie-backports dpkg mirror.
974 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
975 # denoting the package manager version distributing a package.
976 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
977 "description": "A String", # The distribution channel-specific description of this package.
978 "url": "A String", # The distribution channel-specific homepage for this package.
979 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
980 # built.
981 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
982 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
983 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
984 # versions.
985 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
986 # name.
987 "revision": "A String", # The iteration of the package build from the above version.
988 },
989 },
990 ],
991 "name": "A String", # Required. Immutable. The name of the package.
992 },
993 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
994 "windowsDetails": [ # Windows details get their own format because the information format and
995 # model don't match a normal detail. Specifically Windows updates are done as
996 # patches, thus Windows vulnerabilities really are a missing package, rather
997 # than a package being at an incorrect version.
998 {
999 "cpeUri": "A String", # Required. The CPE URI in
1000 # [cpe format](https://cpe.mitre.org/specification/) in which the
1001 # vulnerability manifests. Examples include distro or storage location for
1002 # vulnerable jar.
1003 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1004 # vulnerability. Note that there may be multiple hotfixes (and thus
1005 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1006 # kb's presence is considered a fix.
1007 {
1008 "url": "A String", # A link to the KB in the Windows update catalog -
1009 # https://www.catalog.update.microsoft.com/
1010 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1011 },
1012 ],
1013 "name": "A String", # Required. The name of the vulnerability.
1014 "description": "A String", # The description of the vulnerability.
1015 },
1016 ],
1017 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1018 # For details, see https://www.first.org/cvss/specification-document
1019 "attackComplexity": "A String",
1020 "attackVector": "A String", # Base Metrics
1021 # Represents the intrinsic characteristics of a vulnerability that are
1022 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1023 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1024 "userInteraction": "A String",
1025 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1026 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1027 "impactScore": 3.14,
1028 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1029 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1030 "integrityImpact": "A String",
1031 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1032 },
1033 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1034 "severity": "A String", # Note provider assigned impact of the vulnerability.
1035 "details": [ # All information about the package to specifically identify this
1036 # vulnerability. One entry per (version range and cpe_uri) the package
1037 # vulnerability has manifested in.
1038 { # Identifies all appearances of this vulnerability in the package for a
1039 # specific distro/location. For example: glibc in
1040 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1041 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1042 "cpeUri": "A String", # Required. The CPE URI in
1043 # [cpe format](https://cpe.mitre.org/specification/) in which the
1044 # vulnerability manifests. Examples include distro or storage location for
1045 # vulnerable jar.
1046 "description": "A String", # A vendor-specific description of this note.
1047 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1048 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1049 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1050 # versions.
1051 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1052 # name.
1053 "revision": "A String", # The iteration of the package build from the above version.
1054 },
1055 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1056 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1057 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1058 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1059 # packages etc).
1060 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1061 # upstream timestamp from the underlying information source - e.g. Ubuntu
1062 # security tracker.
1063 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1064 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1065 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1066 # versions.
1067 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1068 # name.
1069 "revision": "A String", # The iteration of the package build from the above version.
1070 },
1071 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1072 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1073 # format. Examples include distro or storage location for vulnerable jar.
1074 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1075 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1076 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1077 # versions.
1078 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1079 # name.
1080 "revision": "A String", # The iteration of the package build from the above version.
1081 },
1082 "package": "A String", # Required. The package being described.
1083 },
1084 },
1085 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1086 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1087 # upstream timestamp from the underlying information source - e.g. Ubuntu
1088 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1089 },
1090 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1091 # list requests.
1092 "relatedUrl": [ # URLs associated with this note.
1093 { # Metadata for any related URL information.
1094 "url": "A String", # Specific URL associated with the resource.
1095 "label": "A String", # Label to describe usage of the URL.
1096 },
1097 ],
1098 "longDescription": "A String", # A detailed description of this note.
1099 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1100 # example, an organization might have one `Authority` for "QA" and one for
1101 # "build". This note is intended to act strictly as a grouping mechanism for
1102 # the attached occurrences (Attestations). This grouping mechanism also
1103 # provides a security boundary, since IAM ACLs gate the ability for a principle
1104 # to attach an occurrence to a given note. It also provides a single point of
1105 # lookup to find all attached attestation occurrences, even if they don't all
1106 # live in the same project.
1107 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1108 # authority. Because the name of a note acts as its resource reference, it is
1109 # important to disambiguate the canonical name of the Note (which might be a
1110 # UUID for security purposes) from "readable" names more suitable for debug
1111 # output. Note that these hints should not be used to look up authorities in
1112 # security sensitive contexts, such as when looking up attestations to
1113 # verify.
1114 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1115 # example "qa".
1116 },
1117 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1118 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
1119 # chain step in an in-toto layout. This information goes into a Grafeas note.
1120 "stepName": "A String", # This field identifies the name of the step in the supply chain.
1121 "expectedCommand": [ # This field contains the expected command used to perform the step.
1122 "A String",
1123 ],
1124 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
1125 # need to be used to sign the step's in-toto link.
1126 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
1127 # artifacts that enter this supply chain step, and exit the supply chain
1128 # step, i.e. materials and products of the step.
1129 { # Defines an object to declare an in-toto artifact rule
1130 "artifactRule": [
1131 "A String",
1132 ],
1133 },
1134 ],
1135 "expectedProducts": [
1136 { # Defines an object to declare an in-toto artifact rule
1137 "artifactRule": [
1138 "A String",
1139 ],
1140 },
1141 ],
1142 "signingKeys": [ # This field contains the public keys that can be used to verify the
1143 # signatures on the step metadata.
1144 { # This defines the format used to record keys used in the software supply
1145 # chain. An in-toto link is attested using one or more keys defined in the
1146 # in-toto layout. An example of this is:
1147 # {
1148 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
1149 # "key_type": "rsa",
1150 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
1151 # "key_scheme": "rsassa-pss-sha256"
1152 # }
1153 # The format for in-toto's key definition can be found in section 4.2 of the
1154 # in-toto specification.
1155 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
1156 # and "ecdsa".
1157 "keyId": "A String", # key_id is an identifier for the signing key.
1158 "publicKeyValue": "A String", # This field contains the actual public key.
1159 "keyScheme": "A String", # This field contains the corresponding signature scheme.
1160 # Eg: "rsassa-pss-sha256".
1161 },
1162 ],
1163 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1164 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
1165 # provenance message in the build details occurrence.
1166 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
1167 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
1168 # containing build details.
1169 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1170 # findings are valid and unchanged. If `key_type` is empty, this defaults
1171 # to PEM encoded public keys.
1172 #
1173 # This field may be empty if `key_id` references an external key.
1174 #
1175 # For Cloud Build based signatures, this is a PEM encoded public
1176 # key. To verify the Cloud Build signature, place the contents of
1177 # this field into a file (public.pem). The signature field is base64-decoded
1178 # into its binary representation in signature.bin, and the provenance bytes
1179 # from `BuildDetails` are base64-decoded into a binary representation in
1180 # signed.bin. OpenSSL can then verify the signature:
1181 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1182 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1183 # `key_id`.
1184 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
1185 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
1186 # CN for a cert), or a reference to an external key (such as a reference to a
1187 # key in Cloud Key Management Service).
1188 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
1189 # base-64 encoded.
1190 },
1191 },
1192 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1193 # relationship. Linked occurrences are derived from this or an
1194 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1195 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1196 # Or an equivalent reference, e.g. a tag of the resource_url.
1197 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
1198 # basis of associated occurrence images.
1199 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1200 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1201 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1202 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1203 "A String",
1204 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1205 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1206 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1207 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1208 },
1209 },
1210 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1211 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1212 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1213 "A String",
1214 ],
1215 },
1216 "shortDescription": "A String", # A one sentence description of this note.
1217 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1218 # filter in list requests.
1219 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1220 # exists in a provider's project. A `Discovery` occurrence is created in a
1221 # consumer's project at the start of analysis.
1222 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1223 # discovery.
1224 },
1225 }</pre>
1226</div>
1227
1228<div class="method">
1229 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
1230 <pre>Deletes the specified note.
1231
1232Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1233 name: string, Required. The name of the note in the form of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1234`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
1235 x__xgafv: string, V1 error format.
1236 Allowed values
1237 1 - v1 error format
1238 2 - v2 error format
1239
1240Returns:
1241 An object of the form:
1242
1243 { # A generic empty message that you can re-use to avoid defining duplicated
1244 # empty messages in your APIs. A typical example is to use it as the request
1245 # or the response type of an API method. For instance:
1246 #
1247 # service Foo {
1248 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
1249 # }
1250 #
1251 # The JSON representation for `Empty` is empty JSON object `{}`.
1252 }</pre>
1253</div>
1254
1255<div class="method">
1256 <code class="details" id="get">get(name, x__xgafv=None)</code>
1257 <pre>Gets the specified note.
1258
1259Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1260 name: string, Required. The name of the note in the form of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1261`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
1262 x__xgafv: string, V1 error format.
1263 Allowed values
1264 1 - v1 error format
1265 2 - v2 error format
1266
1267Returns:
1268 An object of the form:
1269
1270 { # A type of analysis that can be done for a resource.
1271 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1272 # a filter in list requests.
1273 "relatedNoteNames": [ # Other notes related to this note.
1274 "A String",
1275 ],
1276 "name": "A String", # Output only. The name of the note in the form of
1277 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
1278 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
1279 # channels. E.g., glibc (aka libc6) is distributed by many, at various
1280 # versions.
1281 "distribution": [ # The various channels by which a package is distributed.
1282 { # This represents a particular channel of distribution for a given package.
1283 # E.g., Debian's jessie-backports dpkg mirror.
1284 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1285 # denoting the package manager version distributing a package.
1286 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1287 "description": "A String", # The distribution channel-specific description of this package.
1288 "url": "A String", # The distribution channel-specific homepage for this package.
1289 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
1290 # built.
1291 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
1292 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1293 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1294 # versions.
1295 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1296 # name.
1297 "revision": "A String", # The iteration of the package build from the above version.
1298 },
1299 },
1300 ],
1301 "name": "A String", # Required. Immutable. The name of the package.
1302 },
1303 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
1304 "windowsDetails": [ # Windows details get their own format because the information format and
1305 # model don't match a normal detail. Specifically Windows updates are done as
1306 # patches, thus Windows vulnerabilities really are a missing package, rather
1307 # than a package being at an incorrect version.
1308 {
1309 "cpeUri": "A String", # Required. The CPE URI in
1310 # [cpe format](https://cpe.mitre.org/specification/) in which the
1311 # vulnerability manifests. Examples include distro or storage location for
1312 # vulnerable jar.
1313 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1314 # vulnerability. Note that there may be multiple hotfixes (and thus
1315 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1316 # kb's presence is considered a fix.
1317 {
1318 "url": "A String", # A link to the KB in the Windows update catalog -
1319 # https://www.catalog.update.microsoft.com/
1320 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1321 },
1322 ],
1323 "name": "A String", # Required. The name of the vulnerability.
1324 "description": "A String", # The description of the vulnerability.
1325 },
1326 ],
1327 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1328 # For details, see https://www.first.org/cvss/specification-document
1329 "attackComplexity": "A String",
1330 "attackVector": "A String", # Base Metrics
1331 # Represents the intrinsic characteristics of a vulnerability that are
1332 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1333 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1334 "userInteraction": "A String",
1335 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1336 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1337 "impactScore": 3.14,
1338 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1339 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1340 "integrityImpact": "A String",
1341 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1342 },
1343 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1344 "severity": "A String", # Note provider assigned impact of the vulnerability.
1345 "details": [ # All information about the package to specifically identify this
1346 # vulnerability. One entry per (version range and cpe_uri) the package
1347 # vulnerability has manifested in.
1348 { # Identifies all appearances of this vulnerability in the package for a
1349 # specific distro/location. For example: glibc in
1350 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1351 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1352 "cpeUri": "A String", # Required. The CPE URI in
1353 # [cpe format](https://cpe.mitre.org/specification/) in which the
1354 # vulnerability manifests. Examples include distro or storage location for
1355 # vulnerable jar.
1356 "description": "A String", # A vendor-specific description of this note.
1357 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1358 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1359 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1360 # versions.
1361 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1362 # name.
1363 "revision": "A String", # The iteration of the package build from the above version.
1364 },
1365 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1366 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1367 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1368 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1369 # packages etc).
1370 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1371 # upstream timestamp from the underlying information source - e.g. Ubuntu
1372 # security tracker.
1373 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1374 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1375 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1376 # versions.
1377 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1378 # name.
1379 "revision": "A String", # The iteration of the package build from the above version.
1380 },
1381 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1382 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1383 # format. Examples include distro or storage location for vulnerable jar.
1384 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1385 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1386 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1387 # versions.
1388 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1389 # name.
1390 "revision": "A String", # The iteration of the package build from the above version.
1391 },
1392 "package": "A String", # Required. The package being described.
1393 },
1394 },
1395 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1396 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1397 # upstream timestamp from the underlying information source - e.g. Ubuntu
1398 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1399 },
1400 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1401 # list requests.
1402 "relatedUrl": [ # URLs associated with this note.
1403 { # Metadata for any related URL information.
1404 "url": "A String", # Specific URL associated with the resource.
1405 "label": "A String", # Label to describe usage of the URL.
1406 },
1407 ],
1408 "longDescription": "A String", # A detailed description of this note.
1409 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1410 # example, an organization might have one `Authority` for "QA" and one for
1411 # "build". This note is intended to act strictly as a grouping mechanism for
1412 # the attached occurrences (Attestations). This grouping mechanism also
1413 # provides a security boundary, since IAM ACLs gate the ability for a principle
1414 # to attach an occurrence to a given note. It also provides a single point of
1415 # lookup to find all attached attestation occurrences, even if they don't all
1416 # live in the same project.
1417 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1418 # authority. Because the name of a note acts as its resource reference, it is
1419 # important to disambiguate the canonical name of the Note (which might be a
1420 # UUID for security purposes) from "readable" names more suitable for debug
1421 # output. Note that these hints should not be used to look up authorities in
1422 # security sensitive contexts, such as when looking up attestations to
1423 # verify.
1424 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1425 # example "qa".
1426 },
1427 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1428 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
1429 # chain step in an in-toto layout. This information goes into a Grafeas note.
1430 "stepName": "A String", # This field identifies the name of the step in the supply chain.
1431 "expectedCommand": [ # This field contains the expected command used to perform the step.
1432 "A String",
1433 ],
1434 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
1435 # need to be used to sign the step's in-toto link.
1436 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
1437 # artifacts that enter this supply chain step, and exit the supply chain
1438 # step, i.e. materials and products of the step.
1439 { # Defines an object to declare an in-toto artifact rule
1440 "artifactRule": [
1441 "A String",
1442 ],
1443 },
1444 ],
1445 "expectedProducts": [
1446 { # Defines an object to declare an in-toto artifact rule
1447 "artifactRule": [
1448 "A String",
1449 ],
1450 },
1451 ],
1452 "signingKeys": [ # This field contains the public keys that can be used to verify the
1453 # signatures on the step metadata.
1454 { # This defines the format used to record keys used in the software supply
1455 # chain. An in-toto link is attested using one or more keys defined in the
1456 # in-toto layout. An example of this is:
1457 # {
1458 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
1459 # "key_type": "rsa",
1460 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
1461 # "key_scheme": "rsassa-pss-sha256"
1462 # }
1463 # The format for in-toto's key definition can be found in section 4.2 of the
1464 # in-toto specification.
1465 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
1466 # and "ecdsa".
1467 "keyId": "A String", # key_id is an identifier for the signing key.
1468 "publicKeyValue": "A String", # This field contains the actual public key.
1469 "keyScheme": "A String", # This field contains the corresponding signature scheme.
1470 # Eg: "rsassa-pss-sha256".
1471 },
1472 ],
1473 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1474 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
1475 # provenance message in the build details occurrence.
1476 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
1477 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
1478 # containing build details.
1479 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1480 # findings are valid and unchanged. If `key_type` is empty, this defaults
1481 # to PEM encoded public keys.
1482 #
1483 # This field may be empty if `key_id` references an external key.
1484 #
1485 # For Cloud Build based signatures, this is a PEM encoded public
1486 # key. To verify the Cloud Build signature, place the contents of
1487 # this field into a file (public.pem). The signature field is base64-decoded
1488 # into its binary representation in signature.bin, and the provenance bytes
1489 # from `BuildDetails` are base64-decoded into a binary representation in
1490 # signed.bin. OpenSSL can then verify the signature:
1491 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1492 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1493 # `key_id`.
1494 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
1495 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
1496 # CN for a cert), or a reference to an external key (such as a reference to a
1497 # key in Cloud Key Management Service).
1498 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
1499 # base-64 encoded.
1500 },
1501 },
1502 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1503 # relationship. Linked occurrences are derived from this or an
1504 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1505 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1506 # Or an equivalent reference, e.g. a tag of the resource_url.
1507 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
1508 # basis of associated occurrence images.
1509 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
1510 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
1511 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1512 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
1513 "A String",
1514 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1515 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1516 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1517 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1518 },
1519 },
1520 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
1521 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1522 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
1523 "A String",
1524 ],
1525 },
1526 "shortDescription": "A String", # A one sentence description of this note.
1527 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1528 # filter in list requests.
1529 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
1530 # exists in a provider's project. A `Discovery` occurrence is created in a
1531 # consumer's project at the start of analysis.
1532 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
1533 # discovery.
1534 },
1535 }</pre>
1536</div>
1537
1538<div class="method">
1539 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
1540 <pre>Gets the access control policy for a note or an occurrence resource.
1541Requires `containeranalysis.notes.setIamPolicy` or
1542`containeranalysis.occurrences.setIamPolicy` permission if the resource is
1543a note or occurrence, respectively.
1544
1545The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
1546notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
1547occurrences.
1548
1549Args:
1550 resource: string, REQUIRED: The resource for which the policy is being requested.
1551See the operation documentation for the appropriate value for this field. (required)
1552 body: object, The request body.
1553 The object takes the form of:
1554
1555{ # Request message for `GetIamPolicy` method.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1556 "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
1557 # `GetIamPolicy`.
1558 "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
1559 #
1560 # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
1561 # rejected.
1562 #
1563 # Requests for policies with any conditional bindings must specify version 3.
1564 # Policies without any conditional bindings may specify any valid value or
1565 # leave the field unset.
1566 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1567 }
1568
1569 x__xgafv: string, V1 error format.
1570 Allowed values
1571 1 - v1 error format
1572 2 - v2 error format
1573
1574Returns:
1575 An object of the form:
1576
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1577 { # An Identity and Access Management (IAM) policy, which specifies access
1578 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1579 #
1580 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1581 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1582 # `members` to a single `role`. Members can be user accounts, service accounts,
1583 # Google groups, and domains (such as G Suite). A `role` is a named list of
1584 # permissions; each `role` can be an IAM predefined role or a user-created
1585 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1586 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1587 # Optionally, a `binding` can specify a `condition`, which is a logical
1588 # expression that allows access to a resource only if the expression evaluates
1589 # to `true`. A condition can add constraints based on attributes of the
1590 # request, the resource, or both.
1591 #
1592 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1593 #
1594 # {
1595 # "bindings": [
1596 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1597 # "role": "roles/resourcemanager.organizationAdmin",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1598 # "members": [
1599 # "user:mike@example.com",
1600 # "group:admins@example.com",
1601 # "domain:google.com",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1602 # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1603 # ]
1604 # },
1605 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1606 # "role": "roles/resourcemanager.organizationViewer",
1607 # "members": ["user:eve@example.com"],
1608 # "condition": {
1609 # "title": "expirable access",
1610 # "description": "Does not grant access after Sep 2020",
1611 # "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
1612 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1613 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1614 # ],
1615 # "etag": "BwWWja0YfJA=",
1616 # "version": 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1617 # }
1618 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1619 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1620 #
1621 # bindings:
1622 # - members:
1623 # - user:mike@example.com
1624 # - group:admins@example.com
1625 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1626 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1627 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1628 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1629 # - user:eve@example.com
1630 # role: roles/resourcemanager.organizationViewer
1631 # condition:
1632 # title: expirable access
1633 # description: Does not grant access after Sep 2020
1634 # expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
1635 # - etag: BwWWja0YfJA=
1636 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1637 #
1638 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1639 # [IAM documentation](https://cloud.google.com/iam/docs/).
1640 "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
1641 # `condition` that determines how and when the `bindings` are applied. Each
1642 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1643 { # Associates `members` with a `role`.
1644 "role": "A String", # Role that is assigned to `members`.
1645 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1646 "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1647 # NOTE: An unsatisfied condition will not allow user access via current
1648 # binding. Different bindings, including their conditions, are examined
1649 # independently.
1650 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1651 # are documented at https://github.com/google/cel-spec.
1652 #
1653 # Example (Comparison):
1654 #
1655 # title: "Summary size limit"
1656 # description: "Determines if a summary is less than 100 chars"
1657 # expression: "document.summary.size() &lt; 100"
1658 #
1659 # Example (Equality):
1660 #
1661 # title: "Requestor is owner"
1662 # description: "Determines if requestor is the document owner"
1663 # expression: "document.owner == request.auth.claims.email"
1664 #
1665 # Example (Logic):
1666 #
1667 # title: "Public documents"
1668 # description: "Determine whether the document should be publicly visible"
1669 # expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
1670 #
1671 # Example (Data Manipulation):
1672 #
1673 # title: "Notification string"
1674 # description: "Create a notification string with a timestamp."
1675 # expression: "'New message received at ' + string(document.create_time)"
1676 #
1677 # The exact variables and functions that may be referenced within an expression
1678 # are determined by the service that evaluates it. See the service
1679 # documentation for additional information.
1680 "description": "A String", # Optional. Description of the expression. This is a longer text which
1681 # describes the expression, e.g. when hovered over it in a UI.
1682 "expression": "A String", # Textual representation of an expression in Common Expression Language
1683 # syntax.
1684 "location": "A String", # Optional. String indicating the location of the expression for error
1685 # reporting, e.g. a file name and a position in the file.
1686 "title": "A String", # Optional. Title for the expression, i.e. a short string describing
1687 # its purpose. This can be used e.g. in UIs which allow to enter the
1688 # expression.
1689 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1690 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1691 # `members` can have the following values:
1692 #
1693 # * `allUsers`: A special identifier that represents anyone who is
1694 # on the internet; with or without a Google account.
1695 #
1696 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1697 # who is authenticated with a Google account or a service account.
1698 #
1699 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1700 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1701 #
1702 #
1703 # * `serviceAccount:{emailid}`: An email address that represents a service
1704 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1705 #
1706 # * `group:{emailid}`: An email address that represents a Google group.
1707 # For example, `admins@example.com`.
1708 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1709 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1710 # identifier) representing a user that has been recently deleted. For
1711 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1712 # recovered, this value reverts to `user:{emailid}` and the recovered user
1713 # retains the role in the binding.
1714 #
1715 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1716 # unique identifier) representing a service account that has been recently
1717 # deleted. For example,
1718 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1719 # If the service account is undeleted, this value reverts to
1720 # `serviceAccount:{emailid}` and the undeleted service account retains the
1721 # role in the binding.
1722 #
1723 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1724 # identifier) representing a Google group that has been recently
1725 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1726 # the group is recovered, this value reverts to `group:{emailid}` and the
1727 # recovered group retains the role in the binding.
1728 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1729 #
1730 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1731 # users of that domain. For example, `google.com` or `example.com`.
1732 #
1733 "A String",
1734 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1735 },
1736 ],
1737 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1738 # prevent simultaneous updates of a policy from overwriting each other.
1739 # It is strongly suggested that systems make use of the `etag` in the
1740 # read-modify-write cycle to perform policy updates in order to avoid race
1741 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1742 # systems are expected to put that etag in the request to `setIamPolicy` to
1743 # ensure that their change will be applied to the same version of the policy.
1744 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1745 # **Important:** If you use IAM Conditions, you must include the `etag` field
1746 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1747 # you to overwrite a version `3` policy with a version `1` policy, and all of
1748 # the conditions in the version `3` policy are lost.
1749 "version": 42, # Specifies the format of the policy.
1750 #
1751 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1752 # are rejected.
1753 #
1754 # Any operation that affects conditional role bindings must specify version
1755 # `3`. This requirement applies to the following operations:
1756 #
1757 # * Getting a policy that includes a conditional role binding
1758 # * Adding a conditional role binding to a policy
1759 # * Changing a conditional role binding in a policy
1760 # * Removing any role binding, with or without a condition, from a policy
1761 # that includes conditions
1762 #
1763 # **Important:** If you use IAM Conditions, you must include the `etag` field
1764 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1765 # you to overwrite a version `3` policy with a version `1` policy, and all of
1766 # the conditions in the version `3` policy are lost.
1767 #
1768 # If a policy does not include any conditions, operations on that policy may
1769 # specify any valid version or leave the field unset.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1770 }</pre>
1771</div>
1772
1773<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1774 <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1775 <pre>Lists notes for the specified project.
1776
1777Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1778 parent: string, Required. The name of the project to list notes for in the form of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1779`projects/[PROJECT_ID]`. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1780 pageToken: string, Token to provide to skip to a particular spot in the list.
1781 x__xgafv: string, V1 error format.
1782 Allowed values
1783 1 - v1 error format
1784 2 - v2 error format
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1785 pageSize: integer, Number of notes to return in the list. Must be positive. Max allowed page
1786size is 1000. If not specified, page size defaults to 20.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1787 filter: string, The filter expression.
1788
1789Returns:
1790 An object of the form:
1791
1792 { # Response for listing notes.
1793 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as
1794 # `page_token` for the following request. An empty value means no more
1795 # results.
1796 "notes": [ # The notes requested.
1797 { # A type of analysis that can be done for a resource.
1798 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1799 # a filter in list requests.
1800 "relatedNoteNames": [ # Other notes related to this note.
1801 "A String",
1802 ],
1803 "name": "A String", # Output only. The name of the note in the form of
1804 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
1805 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
1806 # channels. E.g., glibc (aka libc6) is distributed by many, at various
1807 # versions.
1808 "distribution": [ # The various channels by which a package is distributed.
1809 { # This represents a particular channel of distribution for a given package.
1810 # E.g., Debian's jessie-backports dpkg mirror.
1811 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1812 # denoting the package manager version distributing a package.
1813 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1814 "description": "A String", # The distribution channel-specific description of this package.
1815 "url": "A String", # The distribution channel-specific homepage for this package.
1816 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
1817 # built.
1818 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
1819 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1820 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1821 # versions.
1822 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1823 # name.
1824 "revision": "A String", # The iteration of the package build from the above version.
1825 },
1826 },
1827 ],
1828 "name": "A String", # Required. Immutable. The name of the package.
1829 },
1830 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
1831 "windowsDetails": [ # Windows details get their own format because the information format and
1832 # model don't match a normal detail. Specifically Windows updates are done as
1833 # patches, thus Windows vulnerabilities really are a missing package, rather
1834 # than a package being at an incorrect version.
1835 {
1836 "cpeUri": "A String", # Required. The CPE URI in
1837 # [cpe format](https://cpe.mitre.org/specification/) in which the
1838 # vulnerability manifests. Examples include distro or storage location for
1839 # vulnerable jar.
1840 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
1841 # vulnerability. Note that there may be multiple hotfixes (and thus
1842 # multiple KBs) that mitigate a given vulnerability. Currently any listed
1843 # kb's presence is considered a fix.
1844 {
1845 "url": "A String", # A link to the KB in the Windows update catalog -
1846 # https://www.catalog.update.microsoft.com/
1847 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
1848 },
1849 ],
1850 "name": "A String", # Required. The name of the vulnerability.
1851 "description": "A String", # The description of the vulnerability.
1852 },
1853 ],
1854 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
1855 # For details, see https://www.first.org/cvss/specification-document
1856 "attackComplexity": "A String",
1857 "attackVector": "A String", # Base Metrics
1858 # Represents the intrinsic characteristics of a vulnerability that are
1859 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1860 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1861 "userInteraction": "A String",
1862 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1863 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1864 "impactScore": 3.14,
1865 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1866 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1867 "integrityImpact": "A String",
1868 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1869 },
1870 "cvssScore": 3.14, # The CVSS score for this vulnerability.
1871 "severity": "A String", # Note provider assigned impact of the vulnerability.
1872 "details": [ # All information about the package to specifically identify this
1873 # vulnerability. One entry per (version range and cpe_uri) the package
1874 # vulnerability has manifested in.
1875 { # Identifies all appearances of this vulnerability in the package for a
1876 # specific distro/location. For example: glibc in
1877 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1878 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1879 "cpeUri": "A String", # Required. The CPE URI in
1880 # [cpe format](https://cpe.mitre.org/specification/) in which the
1881 # vulnerability manifests. Examples include distro or storage location for
1882 # vulnerable jar.
1883 "description": "A String", # A vendor-specific description of this note.
1884 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
1885 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1886 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1887 # versions.
1888 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1889 # name.
1890 "revision": "A String", # The iteration of the package build from the above version.
1891 },
1892 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1893 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
1894 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1895 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
1896 # packages etc).
1897 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1898 # upstream timestamp from the underlying information source - e.g. Ubuntu
1899 # security tracker.
1900 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1901 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1902 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1903 # versions.
1904 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1905 # name.
1906 "revision": "A String", # The iteration of the package build from the above version.
1907 },
1908 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
1909 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
1910 # format. Examples include distro or storage location for vulnerable jar.
1911 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
1912 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1913 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
1914 # versions.
1915 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
1916 # name.
1917 "revision": "A String", # The iteration of the package build from the above version.
1918 },
1919 "package": "A String", # Required. The package being described.
1920 },
1921 },
1922 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1923 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
1924 # upstream timestamp from the underlying information source - e.g. Ubuntu
1925 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1926 },
1927 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
1928 # list requests.
1929 "relatedUrl": [ # URLs associated with this note.
1930 { # Metadata for any related URL information.
1931 "url": "A String", # Specific URL associated with the resource.
1932 "label": "A String", # Label to describe usage of the URL.
1933 },
1934 ],
1935 "longDescription": "A String", # A detailed description of this note.
1936 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1937 # example, an organization might have one `Authority` for "QA" and one for
1938 # "build". This note is intended to act strictly as a grouping mechanism for
1939 # the attached occurrences (Attestations). This grouping mechanism also
1940 # provides a security boundary, since IAM ACLs gate the ability for a principle
1941 # to attach an occurrence to a given note. It also provides a single point of
1942 # lookup to find all attached attestation occurrences, even if they don't all
1943 # live in the same project.
1944 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
1945 # authority. Because the name of a note acts as its resource reference, it is
1946 # important to disambiguate the canonical name of the Note (which might be a
1947 # UUID for security purposes) from "readable" names more suitable for debug
1948 # output. Note that these hints should not be used to look up authorities in
1949 # security sensitive contexts, such as when looking up attestations to
1950 # verify.
1951 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
1952 # example "qa".
1953 },
1954 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]1955 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
1956 # chain step in an in-toto layout. This information goes into a Grafeas note.
1957 "stepName": "A String", # This field identifies the name of the step in the supply chain.
1958 "expectedCommand": [ # This field contains the expected command used to perform the step.
1959 "A String",
1960 ],
1961 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
1962 # need to be used to sign the step's in-toto link.
1963 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
1964 # artifacts that enter this supply chain step, and exit the supply chain
1965 # step, i.e. materials and products of the step.
1966 { # Defines an object to declare an in-toto artifact rule
1967 "artifactRule": [
1968 "A String",
1969 ],
1970 },
1971 ],
1972 "expectedProducts": [
1973 { # Defines an object to declare an in-toto artifact rule
1974 "artifactRule": [
1975 "A String",
1976 ],
1977 },
1978 ],
1979 "signingKeys": [ # This field contains the public keys that can be used to verify the
1980 # signatures on the step metadata.
1981 { # This defines the format used to record keys used in the software supply
1982 # chain. An in-toto link is attested using one or more keys defined in the
1983 # in-toto layout. An example of this is:
1984 # {
1985 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
1986 # "key_type": "rsa",
1987 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
1988 # "key_scheme": "rsassa-pss-sha256"
1989 # }
1990 # The format for in-toto's key definition can be found in section 4.2 of the
1991 # in-toto specification.
1992 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
1993 # and "ecdsa".
1994 "keyId": "A String", # key_id is an identifier for the signing key.
1995 "publicKeyValue": "A String", # This field contains the actual public key.
1996 "keyScheme": "A String", # This field contains the corresponding signature scheme.
1997 # Eg: "rsassa-pss-sha256".
1998 },
1999 ],
2000 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2001 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
2002 # provenance message in the build details occurrence.
2003 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
2004 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
2005 # containing build details.
2006 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
2007 # findings are valid and unchanged. If `key_type` is empty, this defaults
2008 # to PEM encoded public keys.
2009 #
2010 # This field may be empty if `key_id` references an external key.
2011 #
2012 # For Cloud Build based signatures, this is a PEM encoded public
2013 # key. To verify the Cloud Build signature, place the contents of
2014 # this field into a file (public.pem). The signature field is base64-decoded
2015 # into its binary representation in signature.bin, and the provenance bytes
2016 # from `BuildDetails` are base64-decoded into a binary representation in
2017 # signed.bin. OpenSSL can then verify the signature:
2018 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
2019 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
2020 # `key_id`.
2021 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
2022 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
2023 # CN for a cert), or a reference to an external key (such as a reference to a
2024 # key in Cloud Key Management Service).
2025 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
2026 # base-64 encoded.
2027 },
2028 },
2029 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
2030 # relationship. Linked occurrences are derived from this or an
2031 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2032 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2033 # Or an equivalent reference, e.g. a tag of the resource_url.
2034 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
2035 # basis of associated occurrence images.
2036 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
2037 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
2038 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2039 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
2040 "A String",
2041 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2042 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2043 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2044 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2045 },
2046 },
2047 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
2048 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
2049 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
2050 "A String",
2051 ],
2052 },
2053 "shortDescription": "A String", # A one sentence description of this note.
2054 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
2055 # filter in list requests.
2056 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
2057 # exists in a provider's project. A `Discovery` occurrence is created in a
2058 # consumer's project at the start of analysis.
2059 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
2060 # discovery.
2061 },
2062 },
2063 ],
2064 }</pre>
2065</div>
2066
2067<div class="method">
2068 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
2069 <pre>Retrieves the next page of results.
2070
2071Args:
2072 previous_request: The request for the previous page. (required)
2073 previous_response: The response from the request for the previous page. (required)
2074
2075Returns:
2076 A request object that you can call 'execute()' on to request the next
2077 page. Returns None if there are no more items in the collection.
2078 </pre>
2079</div>
2080
2081<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2082 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2083 <pre>Updates the specified note.
2084
2085Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2086 name: string, Required. The name of the note in the form of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2087`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2088 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2089 The object takes the form of:
2090
2091{ # A type of analysis that can be done for a resource.
2092 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
2093 # a filter in list requests.
2094 "relatedNoteNames": [ # Other notes related to this note.
2095 "A String",
2096 ],
2097 "name": "A String", # Output only. The name of the note in the form of
2098 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
2099 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
2100 # channels. E.g., glibc (aka libc6) is distributed by many, at various
2101 # versions.
2102 "distribution": [ # The various channels by which a package is distributed.
2103 { # This represents a particular channel of distribution for a given package.
2104 # E.g., Debian's jessie-backports dpkg mirror.
2105 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
2106 # denoting the package manager version distributing a package.
2107 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
2108 "description": "A String", # The distribution channel-specific description of this package.
2109 "url": "A String", # The distribution channel-specific homepage for this package.
2110 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
2111 # built.
2112 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
2113 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2114 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2115 # versions.
2116 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2117 # name.
2118 "revision": "A String", # The iteration of the package build from the above version.
2119 },
2120 },
2121 ],
2122 "name": "A String", # Required. Immutable. The name of the package.
2123 },
2124 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
2125 "windowsDetails": [ # Windows details get their own format because the information format and
2126 # model don't match a normal detail. Specifically Windows updates are done as
2127 # patches, thus Windows vulnerabilities really are a missing package, rather
2128 # than a package being at an incorrect version.
2129 {
2130 "cpeUri": "A String", # Required. The CPE URI in
2131 # [cpe format](https://cpe.mitre.org/specification/) in which the
2132 # vulnerability manifests. Examples include distro or storage location for
2133 # vulnerable jar.
2134 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
2135 # vulnerability. Note that there may be multiple hotfixes (and thus
2136 # multiple KBs) that mitigate a given vulnerability. Currently any listed
2137 # kb's presence is considered a fix.
2138 {
2139 "url": "A String", # A link to the KB in the Windows update catalog -
2140 # https://www.catalog.update.microsoft.com/
2141 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
2142 },
2143 ],
2144 "name": "A String", # Required. The name of the vulnerability.
2145 "description": "A String", # The description of the vulnerability.
2146 },
2147 ],
2148 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
2149 # For details, see https://www.first.org/cvss/specification-document
2150 "attackComplexity": "A String",
2151 "attackVector": "A String", # Base Metrics
2152 # Represents the intrinsic characteristics of a vulnerability that are
2153 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2154 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2155 "userInteraction": "A String",
2156 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2157 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2158 "impactScore": 3.14,
2159 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2160 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2161 "integrityImpact": "A String",
2162 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2163 },
2164 "cvssScore": 3.14, # The CVSS score for this vulnerability.
2165 "severity": "A String", # Note provider assigned impact of the vulnerability.
2166 "details": [ # All information about the package to specifically identify this
2167 # vulnerability. One entry per (version range and cpe_uri) the package
2168 # vulnerability has manifested in.
2169 { # Identifies all appearances of this vulnerability in the package for a
2170 # specific distro/location. For example: glibc in
2171 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
2172 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
2173 "cpeUri": "A String", # Required. The CPE URI in
2174 # [cpe format](https://cpe.mitre.org/specification/) in which the
2175 # vulnerability manifests. Examples include distro or storage location for
2176 # vulnerable jar.
2177 "description": "A String", # A vendor-specific description of this note.
2178 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
2179 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2180 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2181 # versions.
2182 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2183 # name.
2184 "revision": "A String", # The iteration of the package build from the above version.
2185 },
2186 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2187 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
2188 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2189 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
2190 # packages etc).
2191 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
2192 # upstream timestamp from the underlying information source - e.g. Ubuntu
2193 # security tracker.
2194 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2195 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2196 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2197 # versions.
2198 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2199 # name.
2200 "revision": "A String", # The iteration of the package build from the above version.
2201 },
2202 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
2203 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
2204 # format. Examples include distro or storage location for vulnerable jar.
2205 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
2206 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2207 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2208 # versions.
2209 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2210 # name.
2211 "revision": "A String", # The iteration of the package build from the above version.
2212 },
2213 "package": "A String", # Required. The package being described.
2214 },
2215 },
2216 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2217 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
2218 # upstream timestamp from the underlying information source - e.g. Ubuntu
2219 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2220 },
2221 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
2222 # list requests.
2223 "relatedUrl": [ # URLs associated with this note.
2224 { # Metadata for any related URL information.
2225 "url": "A String", # Specific URL associated with the resource.
2226 "label": "A String", # Label to describe usage of the URL.
2227 },
2228 ],
2229 "longDescription": "A String", # A detailed description of this note.
2230 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
2231 # example, an organization might have one `Authority` for "QA" and one for
2232 # "build". This note is intended to act strictly as a grouping mechanism for
2233 # the attached occurrences (Attestations). This grouping mechanism also
2234 # provides a security boundary, since IAM ACLs gate the ability for a principle
2235 # to attach an occurrence to a given note. It also provides a single point of
2236 # lookup to find all attached attestation occurrences, even if they don't all
2237 # live in the same project.
2238 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
2239 # authority. Because the name of a note acts as its resource reference, it is
2240 # important to disambiguate the canonical name of the Note (which might be a
2241 # UUID for security purposes) from "readable" names more suitable for debug
2242 # output. Note that these hints should not be used to look up authorities in
2243 # security sensitive contexts, such as when looking up attestations to
2244 # verify.
2245 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
2246 # example "qa".
2247 },
2248 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2249 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
2250 # chain step in an in-toto layout. This information goes into a Grafeas note.
2251 "stepName": "A String", # This field identifies the name of the step in the supply chain.
2252 "expectedCommand": [ # This field contains the expected command used to perform the step.
2253 "A String",
2254 ],
2255 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
2256 # need to be used to sign the step's in-toto link.
2257 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
2258 # artifacts that enter this supply chain step, and exit the supply chain
2259 # step, i.e. materials and products of the step.
2260 { # Defines an object to declare an in-toto artifact rule
2261 "artifactRule": [
2262 "A String",
2263 ],
2264 },
2265 ],
2266 "expectedProducts": [
2267 { # Defines an object to declare an in-toto artifact rule
2268 "artifactRule": [
2269 "A String",
2270 ],
2271 },
2272 ],
2273 "signingKeys": [ # This field contains the public keys that can be used to verify the
2274 # signatures on the step metadata.
2275 { # This defines the format used to record keys used in the software supply
2276 # chain. An in-toto link is attested using one or more keys defined in the
2277 # in-toto layout. An example of this is:
2278 # {
2279 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
2280 # "key_type": "rsa",
2281 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
2282 # "key_scheme": "rsassa-pss-sha256"
2283 # }
2284 # The format for in-toto's key definition can be found in section 4.2 of the
2285 # in-toto specification.
2286 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
2287 # and "ecdsa".
2288 "keyId": "A String", # key_id is an identifier for the signing key.
2289 "publicKeyValue": "A String", # This field contains the actual public key.
2290 "keyScheme": "A String", # This field contains the corresponding signature scheme.
2291 # Eg: "rsassa-pss-sha256".
2292 },
2293 ],
2294 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2295 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
2296 # provenance message in the build details occurrence.
2297 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
2298 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
2299 # containing build details.
2300 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
2301 # findings are valid and unchanged. If `key_type` is empty, this defaults
2302 # to PEM encoded public keys.
2303 #
2304 # This field may be empty if `key_id` references an external key.
2305 #
2306 # For Cloud Build based signatures, this is a PEM encoded public
2307 # key. To verify the Cloud Build signature, place the contents of
2308 # this field into a file (public.pem). The signature field is base64-decoded
2309 # into its binary representation in signature.bin, and the provenance bytes
2310 # from `BuildDetails` are base64-decoded into a binary representation in
2311 # signed.bin. OpenSSL can then verify the signature:
2312 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
2313 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
2314 # `key_id`.
2315 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
2316 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
2317 # CN for a cert), or a reference to an external key (such as a reference to a
2318 # key in Cloud Key Management Service).
2319 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
2320 # base-64 encoded.
2321 },
2322 },
2323 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
2324 # relationship. Linked occurrences are derived from this or an
2325 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2326 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2327 # Or an equivalent reference, e.g. a tag of the resource_url.
2328 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
2329 # basis of associated occurrence images.
2330 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
2331 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
2332 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2333 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
2334 "A String",
2335 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2336 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2337 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2338 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2339 },
2340 },
2341 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
2342 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
2343 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
2344 "A String",
2345 ],
2346 },
2347 "shortDescription": "A String", # A one sentence description of this note.
2348 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
2349 # filter in list requests.
2350 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
2351 # exists in a provider's project. A `Discovery` occurrence is created in a
2352 # consumer's project at the start of analysis.
2353 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
2354 # discovery.
2355 },
2356}
2357
2358 updateMask: string, The fields to update.
2359 x__xgafv: string, V1 error format.
2360 Allowed values
2361 1 - v1 error format
2362 2 - v2 error format
2363
2364Returns:
2365 An object of the form:
2366
2367 { # A type of analysis that can be done for a resource.
2368 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
2369 # a filter in list requests.
2370 "relatedNoteNames": [ # Other notes related to this note.
2371 "A String",
2372 ],
2373 "name": "A String", # Output only. The name of the note in the form of
2374 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
2375 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers.
2376 # channels. E.g., glibc (aka libc6) is distributed by many, at various
2377 # versions.
2378 "distribution": [ # The various channels by which a package is distributed.
2379 { # This represents a particular channel of distribution for a given package.
2380 # E.g., Debian's jessie-backports dpkg mirror.
2381 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
2382 # denoting the package manager version distributing a package.
2383 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
2384 "description": "A String", # The distribution channel-specific description of this package.
2385 "url": "A String", # The distribution channel-specific homepage for this package.
2386 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were
2387 # built.
2388 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
2389 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2390 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2391 # versions.
2392 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2393 # name.
2394 "revision": "A String", # The iteration of the package build from the above version.
2395 },
2396 },
2397 ],
2398 "name": "A String", # Required. Immutable. The name of the package.
2399 },
2400 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability.
2401 "windowsDetails": [ # Windows details get their own format because the information format and
2402 # model don't match a normal detail. Specifically Windows updates are done as
2403 # patches, thus Windows vulnerabilities really are a missing package, rather
2404 # than a package being at an incorrect version.
2405 {
2406 "cpeUri": "A String", # Required. The CPE URI in
2407 # [cpe format](https://cpe.mitre.org/specification/) in which the
2408 # vulnerability manifests. Examples include distro or storage location for
2409 # vulnerable jar.
2410 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this
2411 # vulnerability. Note that there may be multiple hotfixes (and thus
2412 # multiple KBs) that mitigate a given vulnerability. Currently any listed
2413 # kb's presence is considered a fix.
2414 {
2415 "url": "A String", # A link to the KB in the Windows update catalog -
2416 # https://www.catalog.update.microsoft.com/
2417 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456).
2418 },
2419 ],
2420 "name": "A String", # Required. The name of the vulnerability.
2421 "description": "A String", # The description of the vulnerability.
2422 },
2423 ],
2424 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3.
2425 # For details, see https://www.first.org/cvss/specification-document
2426 "attackComplexity": "A String",
2427 "attackVector": "A String", # Base Metrics
2428 # Represents the intrinsic characteristics of a vulnerability that are
2429 # constant over time and across user environments.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2430 "privilegesRequired": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2431 "userInteraction": "A String",
2432 "baseScore": 3.14, # The base score is a function of the base metric scores.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2433 "availabilityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2434 "impactScore": 3.14,
2435 "exploitabilityScore": 3.14,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2436 "scope": "A String",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2437 "integrityImpact": "A String",
2438 "confidentialityImpact": "A String",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2439 },
2440 "cvssScore": 3.14, # The CVSS score for this vulnerability.
2441 "severity": "A String", # Note provider assigned impact of the vulnerability.
2442 "details": [ # All information about the package to specifically identify this
2443 # vulnerability. One entry per (version range and cpe_uri) the package
2444 # vulnerability has manifested in.
2445 { # Identifies all appearances of this vulnerability in the package for a
2446 # specific distro/location. For example: glibc in
2447 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
2448 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
2449 "cpeUri": "A String", # Required. The CPE URI in
2450 # [cpe format](https://cpe.mitre.org/specification/) in which the
2451 # vulnerability manifests. Examples include distro or storage location for
2452 # vulnerable jar.
2453 "description": "A String", # A vendor-specific description of this note.
2454 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists.
2455 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2456 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2457 # versions.
2458 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2459 # name.
2460 "revision": "A String", # The iteration of the package build from the above version.
2461 },
2462 "package": "A String", # Required. The name of the package where the vulnerability was found.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2463 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to
2464 # obsolete details.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2465 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js
2466 # packages etc).
2467 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
2468 # upstream timestamp from the underlying information source - e.g. Ubuntu
2469 # security tracker.
2470 "maxAffectedVersion": { # Version contains structured information about the version of a package. # The max version of the package in which the vulnerability exists.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2471 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2472 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2473 # versions.
2474 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2475 # name.
2476 "revision": "A String", # The iteration of the package build from the above version.
2477 },
2478 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version.
2479 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
2480 # format. Examples include distro or storage location for vulnerable jar.
2481 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described.
2482 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
2483 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal
2484 # versions.
2485 "name": "A String", # Required only when version kind is NORMAL. The main part of the version
2486 # name.
2487 "revision": "A String", # The iteration of the package build from the above version.
2488 },
2489 "package": "A String", # Required. The package being described.
2490 },
2491 },
2492 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2493 "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an
2494 # upstream timestamp from the underlying information source - e.g. Ubuntu
2495 # security tracker.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2496 },
2497 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in
2498 # list requests.
2499 "relatedUrl": [ # URLs associated with this note.
2500 { # Metadata for any related URL information.
2501 "url": "A String", # Specific URL associated with the resource.
2502 "label": "A String", # Label to describe usage of the URL.
2503 },
2504 ],
2505 "longDescription": "A String", # A detailed description of this note.
2506 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
2507 # example, an organization might have one `Authority` for "QA" and one for
2508 # "build". This note is intended to act strictly as a grouping mechanism for
2509 # the attached occurrences (Attestations). This grouping mechanism also
2510 # provides a security boundary, since IAM ACLs gate the ability for a principle
2511 # to attach an occurrence to a given note. It also provides a single point of
2512 # lookup to find all attached attestation occurrences, even if they don't all
2513 # live in the same project.
2514 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority.
2515 # authority. Because the name of a note acts as its resource reference, it is
2516 # important to disambiguate the canonical name of the Note (which might be a
2517 # UUID for security purposes) from "readable" names more suitable for debug
2518 # output. Note that these hints should not be used to look up authorities in
2519 # security sensitive contexts, such as when looking up attestations to
2520 # verify.
2521 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for
2522 # example "qa".
2523 },
2524 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2525 "intoto": { # This contains the fields corresponding to the definition of a software supply # A note describing an in-toto link.
2526 # chain step in an in-toto layout. This information goes into a Grafeas note.
2527 "stepName": "A String", # This field identifies the name of the step in the supply chain.
2528 "expectedCommand": [ # This field contains the expected command used to perform the step.
2529 "A String",
2530 ],
2531 "threshold": "A String", # This field contains a value that indicates the minimum number of keys that
2532 # need to be used to sign the step's in-toto link.
2533 "expectedMaterials": [ # The following fields contain in-toto artifact rules identifying the
2534 # artifacts that enter this supply chain step, and exit the supply chain
2535 # step, i.e. materials and products of the step.
2536 { # Defines an object to declare an in-toto artifact rule
2537 "artifactRule": [
2538 "A String",
2539 ],
2540 },
2541 ],
2542 "expectedProducts": [
2543 { # Defines an object to declare an in-toto artifact rule
2544 "artifactRule": [
2545 "A String",
2546 ],
2547 },
2548 ],
2549 "signingKeys": [ # This field contains the public keys that can be used to verify the
2550 # signatures on the step metadata.
2551 { # This defines the format used to record keys used in the software supply
2552 # chain. An in-toto link is attested using one or more keys defined in the
2553 # in-toto layout. An example of this is:
2554 # {
2555 # "key_id": "776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...",
2556 # "key_type": "rsa",
2557 # "public_key_value": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0B...",
2558 # "key_scheme": "rsassa-pss-sha256"
2559 # }
2560 # The format for in-toto's key definition can be found in section 4.2 of the
2561 # in-toto specification.
2562 "keyType": "A String", # This field identifies the specific signing method. Eg: "rsa", "ed25519",
2563 # and "ecdsa".
2564 "keyId": "A String", # key_id is an identifier for the signing key.
2565 "publicKeyValue": "A String", # This field contains the actual public key.
2566 "keyScheme": "A String", # This field contains the corresponding signature scheme.
2567 # Eg: "rsassa-pss-sha256".
2568 },
2569 ],
2570 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2571 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build.
2572 # provenance message in the build details occurrence.
2573 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
2574 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note
2575 # containing build details.
2576 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
2577 # findings are valid and unchanged. If `key_type` is empty, this defaults
2578 # to PEM encoded public keys.
2579 #
2580 # This field may be empty if `key_id` references an external key.
2581 #
2582 # For Cloud Build based signatures, this is a PEM encoded public
2583 # key. To verify the Cloud Build signature, place the contents of
2584 # this field into a file (public.pem). The signature field is base64-decoded
2585 # into its binary representation in signature.bin, and the provenance bytes
2586 # from `BuildDetails` are base64-decoded into a binary representation in
2587 # signed.bin. OpenSSL can then verify the signature:
2588 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
2589 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
2590 # `key_id`.
2591 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key
2592 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
2593 # CN for a cert), or a reference to an external key (such as a reference to a
2594 # key in Cloud Key Management Service).
2595 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is
2596 # base-64 encoded.
2597 },
2598 },
2599 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
2600 # relationship. Linked occurrences are derived from this or an
2601 # equivalent image via:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2602 # FROM &lt;Basis.resource_url&gt;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2603 # Or an equivalent reference, e.g. a tag of the resource_url.
2604 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the
2605 # basis of associated occurrence images.
2606 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
2607 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1
2608 # representation.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2609 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
2610 "A String",
2611 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2612 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
2613 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
2614 # Only the name of the final blob is kept.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2615 },
2616 },
2617 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
2618 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
2619 "resourceUri": [ # Required. Resource URI for the artifact being deployed.
2620 "A String",
2621 ],
2622 },
2623 "shortDescription": "A String", # A one sentence description of this note.
2624 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
2625 # filter in list requests.
2626 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource.
2627 # exists in a provider's project. A `Discovery` occurrence is created in a
2628 # consumer's project at the start of analysis.
2629 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this
2630 # discovery.
2631 },
2632 }</pre>
2633</div>
2634
2635<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2636 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2637 <pre>Sets the access control policy on the specified note or occurrence.
2638Requires `containeranalysis.notes.setIamPolicy` or
2639`containeranalysis.occurrences.setIamPolicy` permission if the resource is
2640a note or an occurrence, respectively.
2641
2642The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
2643notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
2644occurrences.
2645
2646Args:
2647 resource: string, REQUIRED: The resource for which the policy is being specified.
2648See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2649 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2650 The object takes the form of:
2651
2652{ # Request message for `SetIamPolicy` method.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2653 "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2654 # the policy is limited to a few 10s of KB. An empty policy is a
2655 # valid policy but certain Cloud Platform services (such as Projects)
2656 # might reject them.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2657 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2658 #
2659 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2660 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
2661 # `members` to a single `role`. Members can be user accounts, service accounts,
2662 # Google groups, and domains (such as G Suite). A `role` is a named list of
2663 # permissions; each `role` can be an IAM predefined role or a user-created
2664 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2665 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2666 # Optionally, a `binding` can specify a `condition`, which is a logical
2667 # expression that allows access to a resource only if the expression evaluates
2668 # to `true`. A condition can add constraints based on attributes of the
2669 # request, the resource, or both.
2670 #
2671 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2672 #
2673 # {
2674 # "bindings": [
2675 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2676 # "role": "roles/resourcemanager.organizationAdmin",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2677 # "members": [
2678 # "user:mike@example.com",
2679 # "group:admins@example.com",
2680 # "domain:google.com",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2681 # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2682 # ]
2683 # },
2684 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2685 # "role": "roles/resourcemanager.organizationViewer",
2686 # "members": ["user:eve@example.com"],
2687 # "condition": {
2688 # "title": "expirable access",
2689 # "description": "Does not grant access after Sep 2020",
2690 # "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
2691 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2692 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2693 # ],
2694 # "etag": "BwWWja0YfJA=",
2695 # "version": 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2696 # }
2697 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2698 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2699 #
2700 # bindings:
2701 # - members:
2702 # - user:mike@example.com
2703 # - group:admins@example.com
2704 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2705 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
2706 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2707 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2708 # - user:eve@example.com
2709 # role: roles/resourcemanager.organizationViewer
2710 # condition:
2711 # title: expirable access
2712 # description: Does not grant access after Sep 2020
2713 # expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
2714 # - etag: BwWWja0YfJA=
2715 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2716 #
2717 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2718 # [IAM documentation](https://cloud.google.com/iam/docs/).
2719 "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
2720 # `condition` that determines how and when the `bindings` are applied. Each
2721 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2722 { # Associates `members` with a `role`.
2723 "role": "A String", # Role that is assigned to `members`.
2724 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2725 "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
2726 # NOTE: An unsatisfied condition will not allow user access via current
2727 # binding. Different bindings, including their conditions, are examined
2728 # independently.
2729 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
2730 # are documented at https://github.com/google/cel-spec.
2731 #
2732 # Example (Comparison):
2733 #
2734 # title: "Summary size limit"
2735 # description: "Determines if a summary is less than 100 chars"
2736 # expression: "document.summary.size() &lt; 100"
2737 #
2738 # Example (Equality):
2739 #
2740 # title: "Requestor is owner"
2741 # description: "Determines if requestor is the document owner"
2742 # expression: "document.owner == request.auth.claims.email"
2743 #
2744 # Example (Logic):
2745 #
2746 # title: "Public documents"
2747 # description: "Determine whether the document should be publicly visible"
2748 # expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
2749 #
2750 # Example (Data Manipulation):
2751 #
2752 # title: "Notification string"
2753 # description: "Create a notification string with a timestamp."
2754 # expression: "'New message received at ' + string(document.create_time)"
2755 #
2756 # The exact variables and functions that may be referenced within an expression
2757 # are determined by the service that evaluates it. See the service
2758 # documentation for additional information.
2759 "description": "A String", # Optional. Description of the expression. This is a longer text which
2760 # describes the expression, e.g. when hovered over it in a UI.
2761 "expression": "A String", # Textual representation of an expression in Common Expression Language
2762 # syntax.
2763 "location": "A String", # Optional. String indicating the location of the expression for error
2764 # reporting, e.g. a file name and a position in the file.
2765 "title": "A String", # Optional. Title for the expression, i.e. a short string describing
2766 # its purpose. This can be used e.g. in UIs which allow to enter the
2767 # expression.
2768 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2769 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
2770 # `members` can have the following values:
2771 #
2772 # * `allUsers`: A special identifier that represents anyone who is
2773 # on the internet; with or without a Google account.
2774 #
2775 # * `allAuthenticatedUsers`: A special identifier that represents anyone
2776 # who is authenticated with a Google account or a service account.
2777 #
2778 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2779 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2780 #
2781 #
2782 # * `serviceAccount:{emailid}`: An email address that represents a service
2783 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
2784 #
2785 # * `group:{emailid}`: An email address that represents a Google group.
2786 # For example, `admins@example.com`.
2787 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2788 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
2789 # identifier) representing a user that has been recently deleted. For
2790 # example, `alice@example.com?uid=123456789012345678901`. If the user is
2791 # recovered, this value reverts to `user:{emailid}` and the recovered user
2792 # retains the role in the binding.
2793 #
2794 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
2795 # unique identifier) representing a service account that has been recently
2796 # deleted. For example,
2797 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
2798 # If the service account is undeleted, this value reverts to
2799 # `serviceAccount:{emailid}` and the undeleted service account retains the
2800 # role in the binding.
2801 #
2802 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
2803 # identifier) representing a Google group that has been recently
2804 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
2805 # the group is recovered, this value reverts to `group:{emailid}` and the
2806 # recovered group retains the role in the binding.
2807 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2808 #
2809 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
2810 # users of that domain. For example, `google.com` or `example.com`.
2811 #
2812 "A String",
2813 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2814 },
2815 ],
2816 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
2817 # prevent simultaneous updates of a policy from overwriting each other.
2818 # It is strongly suggested that systems make use of the `etag` in the
2819 # read-modify-write cycle to perform policy updates in order to avoid race
2820 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
2821 # systems are expected to put that etag in the request to `setIamPolicy` to
2822 # ensure that their change will be applied to the same version of the policy.
2823 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2824 # **Important:** If you use IAM Conditions, you must include the `etag` field
2825 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
2826 # you to overwrite a version `3` policy with a version `1` policy, and all of
2827 # the conditions in the version `3` policy are lost.
2828 "version": 42, # Specifies the format of the policy.
2829 #
2830 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
2831 # are rejected.
2832 #
2833 # Any operation that affects conditional role bindings must specify version
2834 # `3`. This requirement applies to the following operations:
2835 #
2836 # * Getting a policy that includes a conditional role binding
2837 # * Adding a conditional role binding to a policy
2838 # * Changing a conditional role binding in a policy
2839 # * Removing any role binding, with or without a condition, from a policy
2840 # that includes conditions
2841 #
2842 # **Important:** If you use IAM Conditions, you must include the `etag` field
2843 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
2844 # you to overwrite a version `3` policy with a version `1` policy, and all of
2845 # the conditions in the version `3` policy are lost.
2846 #
2847 # If a policy does not include any conditions, operations on that policy may
2848 # specify any valid version or leave the field unset.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2849 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2850 }
2851
2852 x__xgafv: string, V1 error format.
2853 Allowed values
2854 1 - v1 error format
2855 2 - v2 error format
2856
2857Returns:
2858 An object of the form:
2859
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2860 { # An Identity and Access Management (IAM) policy, which specifies access
2861 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2862 #
2863 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2864 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
2865 # `members` to a single `role`. Members can be user accounts, service accounts,
2866 # Google groups, and domains (such as G Suite). A `role` is a named list of
2867 # permissions; each `role` can be an IAM predefined role or a user-created
2868 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2869 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2870 # Optionally, a `binding` can specify a `condition`, which is a logical
2871 # expression that allows access to a resource only if the expression evaluates
2872 # to `true`. A condition can add constraints based on attributes of the
2873 # request, the resource, or both.
2874 #
2875 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2876 #
2877 # {
2878 # "bindings": [
2879 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2880 # "role": "roles/resourcemanager.organizationAdmin",
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2881 # "members": [
2882 # "user:mike@example.com",
2883 # "group:admins@example.com",
2884 # "domain:google.com",
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2885 # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2886 # ]
2887 # },
2888 # {
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2889 # "role": "roles/resourcemanager.organizationViewer",
2890 # "members": ["user:eve@example.com"],
2891 # "condition": {
2892 # "title": "expirable access",
2893 # "description": "Does not grant access after Sep 2020",
2894 # "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
2895 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2896 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2897 # ],
2898 # "etag": "BwWWja0YfJA=",
2899 # "version": 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2900 # }
2901 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2902 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2903 #
2904 # bindings:
2905 # - members:
2906 # - user:mike@example.com
2907 # - group:admins@example.com
2908 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2909 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
2910 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2911 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2912 # - user:eve@example.com
2913 # role: roles/resourcemanager.organizationViewer
2914 # condition:
2915 # title: expirable access
2916 # description: Does not grant access after Sep 2020
2917 # expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
2918 # - etag: BwWWja0YfJA=
2919 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2920 #
2921 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2922 # [IAM documentation](https://cloud.google.com/iam/docs/).
2923 "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
2924 # `condition` that determines how and when the `bindings` are applied. Each
2925 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2926 { # Associates `members` with a `role`.
2927 "role": "A String", # Role that is assigned to `members`.
2928 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2929 "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
2930 # NOTE: An unsatisfied condition will not allow user access via current
2931 # binding. Different bindings, including their conditions, are examined
2932 # independently.
2933 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
2934 # are documented at https://github.com/google/cel-spec.
2935 #
2936 # Example (Comparison):
2937 #
2938 # title: "Summary size limit"
2939 # description: "Determines if a summary is less than 100 chars"
2940 # expression: "document.summary.size() &lt; 100"
2941 #
2942 # Example (Equality):
2943 #
2944 # title: "Requestor is owner"
2945 # description: "Determines if requestor is the document owner"
2946 # expression: "document.owner == request.auth.claims.email"
2947 #
2948 # Example (Logic):
2949 #
2950 # title: "Public documents"
2951 # description: "Determine whether the document should be publicly visible"
2952 # expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
2953 #
2954 # Example (Data Manipulation):
2955 #
2956 # title: "Notification string"
2957 # description: "Create a notification string with a timestamp."
2958 # expression: "'New message received at ' + string(document.create_time)"
2959 #
2960 # The exact variables and functions that may be referenced within an expression
2961 # are determined by the service that evaluates it. See the service
2962 # documentation for additional information.
2963 "description": "A String", # Optional. Description of the expression. This is a longer text which
2964 # describes the expression, e.g. when hovered over it in a UI.
2965 "expression": "A String", # Textual representation of an expression in Common Expression Language
2966 # syntax.
2967 "location": "A String", # Optional. String indicating the location of the expression for error
2968 # reporting, e.g. a file name and a position in the file.
2969 "title": "A String", # Optional. Title for the expression, i.e. a short string describing
2970 # its purpose. This can be used e.g. in UIs which allow to enter the
2971 # expression.
2972 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2973 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
2974 # `members` can have the following values:
2975 #
2976 # * `allUsers`: A special identifier that represents anyone who is
2977 # on the internet; with or without a Google account.
2978 #
2979 # * `allAuthenticatedUsers`: A special identifier that represents anyone
2980 # who is authenticated with a Google account or a service account.
2981 #
2982 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2983 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]2984 #
2985 #
2986 # * `serviceAccount:{emailid}`: An email address that represents a service
2987 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
2988 #
2989 # * `group:{emailid}`: An email address that represents a Google group.
2990 # For example, `admins@example.com`.
2991 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]2992 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
2993 # identifier) representing a user that has been recently deleted. For
2994 # example, `alice@example.com?uid=123456789012345678901`. If the user is
2995 # recovered, this value reverts to `user:{emailid}` and the recovered user
2996 # retains the role in the binding.
2997 #
2998 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
2999 # unique identifier) representing a service account that has been recently
3000 # deleted. For example,
3001 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
3002 # If the service account is undeleted, this value reverts to
3003 # `serviceAccount:{emailid}` and the undeleted service account retains the
3004 # role in the binding.
3005 #
3006 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
3007 # identifier) representing a Google group that has been recently
3008 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
3009 # the group is recovered, this value reverts to `group:{emailid}` and the
3010 # recovered group retains the role in the binding.
3011 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]3012 #
3013 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
3014 # users of that domain. For example, `google.com` or `example.com`.
3015 #
3016 "A String",
3017 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]3018 },
3019 ],
3020 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
3021 # prevent simultaneous updates of a policy from overwriting each other.
3022 # It is strongly suggested that systems make use of the `etag` in the
3023 # read-modify-write cycle to perform policy updates in order to avoid race
3024 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
3025 # systems are expected to put that etag in the request to `setIamPolicy` to
3026 # ensure that their change will be applied to the same version of the policy.
3027 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]3028 # **Important:** If you use IAM Conditions, you must include the `etag` field
3029 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
3030 # you to overwrite a version `3` policy with a version `1` policy, and all of
3031 # the conditions in the version `3` policy are lost.
3032 "version": 42, # Specifies the format of the policy.
3033 #
3034 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
3035 # are rejected.
3036 #
3037 # Any operation that affects conditional role bindings must specify version
3038 # `3`. This requirement applies to the following operations:
3039 #
3040 # * Getting a policy that includes a conditional role binding
3041 # * Adding a conditional role binding to a policy
3042 # * Changing a conditional role binding in a policy
3043 # * Removing any role binding, with or without a condition, from a policy
3044 # that includes conditions
3045 #
3046 # **Important:** If you use IAM Conditions, you must include the `etag` field
3047 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
3048 # you to overwrite a version `3` policy with a version `1` policy, and all of
3049 # the conditions in the version `3` policy are lost.
3050 #
3051 # If a policy does not include any conditions, operations on that policy may
3052 # specify any valid version or leave the field unset.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]3053 }</pre>
3054</div>
3055
3056<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]3057 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]3058 <pre>Returns the permissions that a caller has on the specified note or
3059occurrence. Requires list permission on the project (for example,
3060`containeranalysis.notes.list`).
3061
3062The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
3063notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
3064occurrences.
3065
3066Args:
3067 resource: string, REQUIRED: The resource for which the policy detail is being requested.
3068See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700[diff] [blame^]3069 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]3070 The object takes the form of:
3071
3072{ # Request message for `TestIamPermissions` method.
3073 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
3074 # wildcards (such as '*' or 'storage.*') are not allowed. For more
3075 # information see
3076 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
3077 "A String",
3078 ],
3079 }
3080
3081 x__xgafv: string, V1 error format.
3082 Allowed values
3083 1 - v1 error format
3084 2 - v2 error format
3085
3086Returns:
3087 An object of the form:
3088
3089 { # Response message for `TestIamPermissions` method.
3090 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
3091 # allowed.
3092 "A String",
3093 ],
3094 }</pre>
3095</div>
3096
3097</body></html>