google-apis-containeranalysis_v1 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,3734 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'date'
16
+ require 'google/apis/core/base_service'
17
+ require 'google/apis/core/json_representation'
18
+ require 'google/apis/core/hashable'
19
+ require 'google/apis/errors'
20
+
21
+ module Google
22
+ module Apis
23
+ module ContaineranalysisV1
24
+
25
+ # An alias to a repo revision.
26
+ class AliasContext
27
+ include Google::Apis::Core::Hashable
28
+
29
+ # The alias kind.
30
+ # Corresponds to the JSON property `kind`
31
+ # @return [String]
32
+ attr_accessor :kind
33
+
34
+ # The alias name.
35
+ # Corresponds to the JSON property `name`
36
+ # @return [String]
37
+ attr_accessor :name
38
+
39
+ def initialize(**args)
40
+ update!(**args)
41
+ end
42
+
43
+ # Update properties of this object
44
+ def update!(**args)
45
+ @kind = args[:kind] if args.key?(:kind)
46
+ @name = args[:name] if args.key?(:name)
47
+ end
48
+ end
49
+
50
+ # Artifact describes a build product.
51
+ class Artifact
52
+ include Google::Apis::Core::Hashable
53
+
54
+ # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
55
+ # container.
56
+ # Corresponds to the JSON property `checksum`
57
+ # @return [String]
58
+ attr_accessor :checksum
59
+
60
+ # Artifact ID, if any; for container images, this will be a URL by digest like `
61
+ # gcr.io/projectID/imagename@sha256:123456`.
62
+ # Corresponds to the JSON property `id`
63
+ # @return [String]
64
+ attr_accessor :id
65
+
66
+ # Related artifact names. This may be the path to a binary or jar file, or in
67
+ # the case of a container build, the name used to push the container image to
68
+ # Google Container Registry, as presented to `docker push`. Note that a single
69
+ # Artifact ID can have multiple names, for example if two tags are applied to
70
+ # one image.
71
+ # Corresponds to the JSON property `names`
72
+ # @return [Array<String>]
73
+ attr_accessor :names
74
+
75
+ def initialize(**args)
76
+ update!(**args)
77
+ end
78
+
79
+ # Update properties of this object
80
+ def update!(**args)
81
+ @checksum = args[:checksum] if args.key?(:checksum)
82
+ @id = args[:id] if args.key?(:id)
83
+ @names = args[:names] if args.key?(:names)
84
+ end
85
+ end
86
+
87
+ # Note kind that represents a logical attestation "role" or "authority". For
88
+ # example, an organization might have one `Authority` for "QA" and one for "
89
+ # build". This note is intended to act strictly as a grouping mechanism for the
90
+ # attached occurrences (Attestations). This grouping mechanism also provides a
91
+ # security boundary, since IAM ACLs gate the ability for a principle to attach
92
+ # an occurrence to a given note. It also provides a single point of lookup to
93
+ # find all attached attestation occurrences, even if they don't all live in the
94
+ # same project.
95
+ class AttestationNote
96
+ include Google::Apis::Core::Hashable
97
+
98
+ # This submessage provides human-readable hints about the purpose of the
99
+ # authority. Because the name of a note acts as its resource reference, it is
100
+ # important to disambiguate the canonical name of the Note (which might be a
101
+ # UUID for security purposes) from "readable" names more suitable for debug
102
+ # output. Note that these hints should not be used to look up authorities in
103
+ # security sensitive contexts, such as when looking up attestations to verify.
104
+ # Corresponds to the JSON property `hint`
105
+ # @return [Google::Apis::ContaineranalysisV1::Hint]
106
+ attr_accessor :hint
107
+
108
+ def initialize(**args)
109
+ update!(**args)
110
+ end
111
+
112
+ # Update properties of this object
113
+ def update!(**args)
114
+ @hint = args[:hint] if args.key?(:hint)
115
+ end
116
+ end
117
+
118
+ # Occurrence that represents a single "attestation". The authenticity of an
119
+ # attestation can be verified using the attached signature. If the verifier
120
+ # trusts the public key of the signer, then verifying the signature is
121
+ # sufficient to establish trust. In this circumstance, the authority to which
122
+ # this attestation is attached is primarily useful for lookup (how to find this
123
+ # attestation if you already know the authority and artifact to be verified) and
124
+ # intent (for which authority this attestation was intended to sign.
125
+ class AttestationOccurrence
126
+ include Google::Apis::Core::Hashable
127
+
128
+ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the
129
+ # payload that it verifies within the JWT itself. Verifier implementation SHOULD
130
+ # ignore the `serialized_payload` field when verifying these JWTs. If only JWTs
131
+ # are present on this AttestationOccurrence, then the `serialized_payload`
132
+ # SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `
133
+ # resource_uri` of this Occurrence, but this is not validated by Grafeas
134
+ # metadata API implementations. The JWT itself is opaque to Grafeas.
135
+ # Corresponds to the JSON property `jwts`
136
+ # @return [Array<Google::Apis::ContaineranalysisV1::Jwt>]
137
+ attr_accessor :jwts
138
+
139
+ # Required. The serialized payload that is verified by one or more `signatures`.
140
+ # Corresponds to the JSON property `serializedPayload`
141
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
142
+ # @return [String]
143
+ attr_accessor :serialized_payload
144
+
145
+ # One or more signatures over `serialized_payload`. Verifier implementations
146
+ # should consider this attestation message verified if at least one `signature`
147
+ # verifies `serialized_payload`. See `Signature` in common.proto for more
148
+ # details on signature structure and verification.
149
+ # Corresponds to the JSON property `signatures`
150
+ # @return [Array<Google::Apis::ContaineranalysisV1::Signature>]
151
+ attr_accessor :signatures
152
+
153
+ def initialize(**args)
154
+ update!(**args)
155
+ end
156
+
157
+ # Update properties of this object
158
+ def update!(**args)
159
+ @jwts = args[:jwts] if args.key?(:jwts)
160
+ @serialized_payload = args[:serialized_payload] if args.key?(:serialized_payload)
161
+ @signatures = args[:signatures] if args.key?(:signatures)
162
+ end
163
+ end
164
+
165
+ # Request to create notes in batch.
166
+ class BatchCreateNotesRequest
167
+ include Google::Apis::Core::Hashable
168
+
169
+ # Required. The notes to create. Max allowed length is 1000.
170
+ # Corresponds to the JSON property `notes`
171
+ # @return [Hash<String,Google::Apis::ContaineranalysisV1::Note>]
172
+ attr_accessor :notes
173
+
174
+ def initialize(**args)
175
+ update!(**args)
176
+ end
177
+
178
+ # Update properties of this object
179
+ def update!(**args)
180
+ @notes = args[:notes] if args.key?(:notes)
181
+ end
182
+ end
183
+
184
+ # Response for creating notes in batch.
185
+ class BatchCreateNotesResponse
186
+ include Google::Apis::Core::Hashable
187
+
188
+ # The notes that were created.
189
+ # Corresponds to the JSON property `notes`
190
+ # @return [Array<Google::Apis::ContaineranalysisV1::Note>]
191
+ attr_accessor :notes
192
+
193
+ def initialize(**args)
194
+ update!(**args)
195
+ end
196
+
197
+ # Update properties of this object
198
+ def update!(**args)
199
+ @notes = args[:notes] if args.key?(:notes)
200
+ end
201
+ end
202
+
203
+ # Request to create occurrences in batch.
204
+ class BatchCreateOccurrencesRequest
205
+ include Google::Apis::Core::Hashable
206
+
207
+ # Required. The occurrences to create. Max allowed length is 1000.
208
+ # Corresponds to the JSON property `occurrences`
209
+ # @return [Array<Google::Apis::ContaineranalysisV1::Occurrence>]
210
+ attr_accessor :occurrences
211
+
212
+ def initialize(**args)
213
+ update!(**args)
214
+ end
215
+
216
+ # Update properties of this object
217
+ def update!(**args)
218
+ @occurrences = args[:occurrences] if args.key?(:occurrences)
219
+ end
220
+ end
221
+
222
+ # Response for creating occurrences in batch.
223
+ class BatchCreateOccurrencesResponse
224
+ include Google::Apis::Core::Hashable
225
+
226
+ # The occurrences that were created.
227
+ # Corresponds to the JSON property `occurrences`
228
+ # @return [Array<Google::Apis::ContaineranalysisV1::Occurrence>]
229
+ attr_accessor :occurrences
230
+
231
+ def initialize(**args)
232
+ update!(**args)
233
+ end
234
+
235
+ # Update properties of this object
236
+ def update!(**args)
237
+ @occurrences = args[:occurrences] if args.key?(:occurrences)
238
+ end
239
+ end
240
+
241
+ # Associates `members`, or principals, with a `role`.
242
+ class Binding
243
+ include Google::Apis::Core::Hashable
244
+
245
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
246
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
247
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
248
+ # "Summary size limit" description: "Determines if a summary is less than 100
249
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
250
+ # Requestor is owner" description: "Determines if requestor is the document
251
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
252
+ # Logic): title: "Public documents" description: "Determine whether the document
253
+ # should be publicly visible" expression: "document.type != 'private' &&
254
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
255
+ # string" description: "Create a notification string with a timestamp."
256
+ # expression: "'New message received at ' + string(document.create_time)" The
257
+ # exact variables and functions that may be referenced within an expression are
258
+ # determined by the service that evaluates it. See the service documentation for
259
+ # additional information.
260
+ # Corresponds to the JSON property `condition`
261
+ # @return [Google::Apis::ContaineranalysisV1::Expr]
262
+ attr_accessor :condition
263
+
264
+ # Specifies the principals requesting access for a Cloud Platform resource. `
265
+ # members` can have the following values: * `allUsers`: A special identifier
266
+ # that represents anyone who is on the internet; with or without a Google
267
+ # account. * `allAuthenticatedUsers`: A special identifier that represents
268
+ # anyone who is authenticated with a Google account or a service account. * `
269
+ # user:`emailid``: An email address that represents a specific Google account.
270
+ # For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
271
+ # address that represents a service account. For example, `my-other-app@appspot.
272
+ # gserviceaccount.com`. * `group:`emailid``: An email address that represents a
273
+ # Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
274
+ # `uniqueid``: An email address (plus unique identifier) representing a user
275
+ # that has been recently deleted. For example, `alice@example.com?uid=
276
+ # 123456789012345678901`. If the user is recovered, this value reverts to `user:`
277
+ # emailid`` and the recovered user retains the role in the binding. * `deleted:
278
+ # serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
279
+ # identifier) representing a service account that has been recently deleted. For
280
+ # example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
281
+ # If the service account is undeleted, this value reverts to `serviceAccount:`
282
+ # emailid`` and the undeleted service account retains the role in the binding. *
283
+ # `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
284
+ # identifier) representing a Google group that has been recently deleted. For
285
+ # example, `admins@example.com?uid=123456789012345678901`. If the group is
286
+ # recovered, this value reverts to `group:`emailid`` and the recovered group
287
+ # retains the role in the binding. * `domain:`domain``: The G Suite domain (
288
+ # primary) that represents all the users of that domain. For example, `google.
289
+ # com` or `example.com`.
290
+ # Corresponds to the JSON property `members`
291
+ # @return [Array<String>]
292
+ attr_accessor :members
293
+
294
+ # Role that is assigned to the list of `members`, or principals. For example, `
295
+ # roles/viewer`, `roles/editor`, or `roles/owner`.
296
+ # Corresponds to the JSON property `role`
297
+ # @return [String]
298
+ attr_accessor :role
299
+
300
+ def initialize(**args)
301
+ update!(**args)
302
+ end
303
+
304
+ # Update properties of this object
305
+ def update!(**args)
306
+ @condition = args[:condition] if args.key?(:condition)
307
+ @members = args[:members] if args.key?(:members)
308
+ @role = args[:role] if args.key?(:role)
309
+ end
310
+ end
311
+
312
+ # Note holding the version of the provider's builder and the signature of the
313
+ # provenance message in the build details occurrence.
314
+ class BuildNote
315
+ include Google::Apis::Core::Hashable
316
+
317
+ # Required. Immutable. Version of the builder which produced this build.
318
+ # Corresponds to the JSON property `builderVersion`
319
+ # @return [String]
320
+ attr_accessor :builder_version
321
+
322
+ def initialize(**args)
323
+ update!(**args)
324
+ end
325
+
326
+ # Update properties of this object
327
+ def update!(**args)
328
+ @builder_version = args[:builder_version] if args.key?(:builder_version)
329
+ end
330
+ end
331
+
332
+ # Details of a build occurrence.
333
+ class BuildOccurrence
334
+ include Google::Apis::Core::Hashable
335
+
336
+ # In-toto Provenance representation as defined in spec.
337
+ # Corresponds to the JSON property `intotoProvenance`
338
+ # @return [Google::Apis::ContaineranalysisV1::InTotoProvenance]
339
+ attr_accessor :intoto_provenance
340
+
341
+ # Provenance of a build. Contains all information needed to verify the full
342
+ # details about the build from source to completion.
343
+ # Corresponds to the JSON property `provenance`
344
+ # @return [Google::Apis::ContaineranalysisV1::BuildProvenance]
345
+ attr_accessor :provenance
346
+
347
+ # Serialized JSON representation of the provenance, used in generating the build
348
+ # signature in the corresponding build note. After verifying the signature, `
349
+ # provenance_bytes` can be unmarshalled and compared to the provenance to
350
+ # confirm that it is unchanged. A base64-encoded string representation of the
351
+ # provenance bytes is used for the signature in order to interoperate with
352
+ # openssl which expects this format for signature verification. The serialized
353
+ # form is captured both to avoid ambiguity in how the provenance is marshalled
354
+ # to json as well to prevent incompatibilities with future changes.
355
+ # Corresponds to the JSON property `provenanceBytes`
356
+ # @return [String]
357
+ attr_accessor :provenance_bytes
358
+
359
+ def initialize(**args)
360
+ update!(**args)
361
+ end
362
+
363
+ # Update properties of this object
364
+ def update!(**args)
365
+ @intoto_provenance = args[:intoto_provenance] if args.key?(:intoto_provenance)
366
+ @provenance = args[:provenance] if args.key?(:provenance)
367
+ @provenance_bytes = args[:provenance_bytes] if args.key?(:provenance_bytes)
368
+ end
369
+ end
370
+
371
+ # Provenance of a build. Contains all information needed to verify the full
372
+ # details about the build from source to completion.
373
+ class BuildProvenance
374
+ include Google::Apis::Core::Hashable
375
+
376
+ # Special options applied to this build. This is a catch-all field where build
377
+ # providers can enter any desired additional details.
378
+ # Corresponds to the JSON property `buildOptions`
379
+ # @return [Hash<String,String>]
380
+ attr_accessor :build_options
381
+
382
+ # Version string of the builder at the time this build was executed.
383
+ # Corresponds to the JSON property `builderVersion`
384
+ # @return [String]
385
+ attr_accessor :builder_version
386
+
387
+ # Output of the build.
388
+ # Corresponds to the JSON property `builtArtifacts`
389
+ # @return [Array<Google::Apis::ContaineranalysisV1::Artifact>]
390
+ attr_accessor :built_artifacts
391
+
392
+ # Commands requested by the build.
393
+ # Corresponds to the JSON property `commands`
394
+ # @return [Array<Google::Apis::ContaineranalysisV1::Command>]
395
+ attr_accessor :commands
396
+
397
+ # Time at which the build was created.
398
+ # Corresponds to the JSON property `createTime`
399
+ # @return [String]
400
+ attr_accessor :create_time
401
+
402
+ # E-mail address of the user who initiated this build. Note that this was the
403
+ # user's e-mail address at the time the build was initiated; this address may
404
+ # not represent the same end-user for all time.
405
+ # Corresponds to the JSON property `creator`
406
+ # @return [String]
407
+ attr_accessor :creator
408
+
409
+ # Time at which execution of the build was finished.
410
+ # Corresponds to the JSON property `endTime`
411
+ # @return [String]
412
+ attr_accessor :end_time
413
+
414
+ # Required. Unique identifier of the build.
415
+ # Corresponds to the JSON property `id`
416
+ # @return [String]
417
+ attr_accessor :id
418
+
419
+ # URI where any logs for this provenance were written.
420
+ # Corresponds to the JSON property `logsUri`
421
+ # @return [String]
422
+ attr_accessor :logs_uri
423
+
424
+ # ID of the project.
425
+ # Corresponds to the JSON property `projectId`
426
+ # @return [String]
427
+ attr_accessor :project_id
428
+
429
+ # Source describes the location of the source used for the build.
430
+ # Corresponds to the JSON property `sourceProvenance`
431
+ # @return [Google::Apis::ContaineranalysisV1::Source]
432
+ attr_accessor :source_provenance
433
+
434
+ # Time at which execution of the build was started.
435
+ # Corresponds to the JSON property `startTime`
436
+ # @return [String]
437
+ attr_accessor :start_time
438
+
439
+ # Trigger identifier if the build was triggered automatically; empty if not.
440
+ # Corresponds to the JSON property `triggerId`
441
+ # @return [String]
442
+ attr_accessor :trigger_id
443
+
444
+ def initialize(**args)
445
+ update!(**args)
446
+ end
447
+
448
+ # Update properties of this object
449
+ def update!(**args)
450
+ @build_options = args[:build_options] if args.key?(:build_options)
451
+ @builder_version = args[:builder_version] if args.key?(:builder_version)
452
+ @built_artifacts = args[:built_artifacts] if args.key?(:built_artifacts)
453
+ @commands = args[:commands] if args.key?(:commands)
454
+ @create_time = args[:create_time] if args.key?(:create_time)
455
+ @creator = args[:creator] if args.key?(:creator)
456
+ @end_time = args[:end_time] if args.key?(:end_time)
457
+ @id = args[:id] if args.key?(:id)
458
+ @logs_uri = args[:logs_uri] if args.key?(:logs_uri)
459
+ @project_id = args[:project_id] if args.key?(:project_id)
460
+ @source_provenance = args[:source_provenance] if args.key?(:source_provenance)
461
+ @start_time = args[:start_time] if args.key?(:start_time)
462
+ @trigger_id = args[:trigger_id] if args.key?(:trigger_id)
463
+ end
464
+ end
465
+
466
+ # A step in the build pipeline.
467
+ class BuildStep
468
+ include Google::Apis::Core::Hashable
469
+
470
+ # A list of arguments that will be presented to the step when it is started. If
471
+ # the image used to run the step's container has an entrypoint, the `args` are
472
+ # used as arguments to that entrypoint. If the image does not define an
473
+ # entrypoint, the first element in args is used as the entrypoint, and the
474
+ # remainder will be used as arguments.
475
+ # Corresponds to the JSON property `args`
476
+ # @return [Array<String>]
477
+ attr_accessor :args
478
+
479
+ # Working directory to use when running this step's container. If this value is
480
+ # a relative path, it is relative to the build's working directory. If this
481
+ # value is absolute, it may be outside the build's working directory, in which
482
+ # case the contents of the path may not be persisted across build step
483
+ # executions, unless a `volume` for that path is specified. If the build
484
+ # specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies
485
+ # an absolute path, the `RepoSource` `dir` is ignored for the step's execution.
486
+ # Corresponds to the JSON property `dir`
487
+ # @return [String]
488
+ attr_accessor :dir
489
+
490
+ # Entrypoint to be used instead of the build step image's default entrypoint. If
491
+ # unset, the image's default entrypoint is used.
492
+ # Corresponds to the JSON property `entrypoint`
493
+ # @return [String]
494
+ attr_accessor :entrypoint
495
+
496
+ # A list of environment variable definitions to be used when running a step. The
497
+ # elements are of the form "KEY=VALUE" for the environment variable "KEY" being
498
+ # given the value "VALUE".
499
+ # Corresponds to the JSON property `env`
500
+ # @return [Array<String>]
501
+ attr_accessor :env
502
+
503
+ # Unique identifier for this build step, used in `wait_for` to reference this
504
+ # build step as a dependency.
505
+ # Corresponds to the JSON property `id`
506
+ # @return [String]
507
+ attr_accessor :id
508
+
509
+ # Required. The name of the container image that will run this particular build
510
+ # step. If the image is available in the host's Docker daemon's cache, it will
511
+ # be run directly. If not, the host will attempt to pull the image first, using
512
+ # the builder service account's credentials if necessary. The Docker daemon's
513
+ # cache will already have the latest versions of all of the officially supported
514
+ # build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://
515
+ # github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also
516
+ # have cached many of the layers for some popular images, like "ubuntu", "debian"
517
+ # , but they will be refreshed at the time you attempt to use them. If you built
518
+ # an image in a previous build step, it will be stored in the host's Docker
519
+ # daemon's cache and is available to use as the name for a later build step.
520
+ # Corresponds to the JSON property `name`
521
+ # @return [String]
522
+ attr_accessor :name
523
+
524
+ # Start and end times for a build execution phase.
525
+ # Corresponds to the JSON property `pullTiming`
526
+ # @return [Google::Apis::ContaineranalysisV1::TimeSpan]
527
+ attr_accessor :pull_timing
528
+
529
+ # A shell script to be executed in the step. When script is provided, the user
530
+ # cannot specify the entrypoint or args.
531
+ # Corresponds to the JSON property `script`
532
+ # @return [String]
533
+ attr_accessor :script
534
+
535
+ # A list of environment variables which are encrypted using a Cloud Key
536
+ # Management Service crypto key. These values must be specified in the build's `
537
+ # Secret`.
538
+ # Corresponds to the JSON property `secretEnv`
539
+ # @return [Array<String>]
540
+ attr_accessor :secret_env
541
+
542
+ # Output only. Status of the build step. At this time, build step status is only
543
+ # updated on build completion; step status is not updated in real-time as the
544
+ # build progresses.
545
+ # Corresponds to the JSON property `status`
546
+ # @return [String]
547
+ attr_accessor :status
548
+
549
+ # Time limit for executing this build step. If not defined, the step has no time
550
+ # limit and will be allowed to continue to run until either it completes or the
551
+ # build itself times out.
552
+ # Corresponds to the JSON property `timeout`
553
+ # @return [String]
554
+ attr_accessor :timeout
555
+
556
+ # Start and end times for a build execution phase.
557
+ # Corresponds to the JSON property `timing`
558
+ # @return [Google::Apis::ContaineranalysisV1::TimeSpan]
559
+ attr_accessor :timing
560
+
561
+ # List of volumes to mount into the build step. Each volume is created as an
562
+ # empty volume prior to execution of the build step. Upon completion of the
563
+ # build, volumes and their contents are discarded. Using a named volume in only
564
+ # one step is not valid as it is indicative of a build request with an incorrect
565
+ # configuration.
566
+ # Corresponds to the JSON property `volumes`
567
+ # @return [Array<Google::Apis::ContaineranalysisV1::Volume>]
568
+ attr_accessor :volumes
569
+
570
+ # The ID(s) of the step(s) that this build step depends on. This build step will
571
+ # not start until all the build steps in `wait_for` have completed successfully.
572
+ # If `wait_for` is empty, this build step will start when all previous build
573
+ # steps in the `Build.Steps` list have completed successfully.
574
+ # Corresponds to the JSON property `waitFor`
575
+ # @return [Array<String>]
576
+ attr_accessor :wait_for
577
+
578
+ def initialize(**args)
579
+ update!(**args)
580
+ end
581
+
582
+ # Update properties of this object
583
+ def update!(**args)
584
+ @args = args[:args] if args.key?(:args)
585
+ @dir = args[:dir] if args.key?(:dir)
586
+ @entrypoint = args[:entrypoint] if args.key?(:entrypoint)
587
+ @env = args[:env] if args.key?(:env)
588
+ @id = args[:id] if args.key?(:id)
589
+ @name = args[:name] if args.key?(:name)
590
+ @pull_timing = args[:pull_timing] if args.key?(:pull_timing)
591
+ @script = args[:script] if args.key?(:script)
592
+ @secret_env = args[:secret_env] if args.key?(:secret_env)
593
+ @status = args[:status] if args.key?(:status)
594
+ @timeout = args[:timeout] if args.key?(:timeout)
595
+ @timing = args[:timing] if args.key?(:timing)
596
+ @volumes = args[:volumes] if args.key?(:volumes)
597
+ @wait_for = args[:wait_for] if args.key?(:wait_for)
598
+ end
599
+ end
600
+
601
+ #
602
+ class BuilderConfig
603
+ include Google::Apis::Core::Hashable
604
+
605
+ #
606
+ # Corresponds to the JSON property `id`
607
+ # @return [String]
608
+ attr_accessor :id
609
+
610
+ def initialize(**args)
611
+ update!(**args)
612
+ end
613
+
614
+ # Update properties of this object
615
+ def update!(**args)
616
+ @id = args[:id] if args.key?(:id)
617
+ end
618
+ end
619
+
620
+ # Common Vulnerability Scoring System version 3. For details, see https://www.
621
+ # first.org/cvss/specification-document
622
+ class CvsSv3
623
+ include Google::Apis::Core::Hashable
624
+
625
+ #
626
+ # Corresponds to the JSON property `attackComplexity`
627
+ # @return [String]
628
+ attr_accessor :attack_complexity
629
+
630
+ # Base Metrics Represents the intrinsic characteristics of a vulnerability that
631
+ # are constant over time and across user environments.
632
+ # Corresponds to the JSON property `attackVector`
633
+ # @return [String]
634
+ attr_accessor :attack_vector
635
+
636
+ #
637
+ # Corresponds to the JSON property `availabilityImpact`
638
+ # @return [String]
639
+ attr_accessor :availability_impact
640
+
641
+ # The base score is a function of the base metric scores.
642
+ # Corresponds to the JSON property `baseScore`
643
+ # @return [Float]
644
+ attr_accessor :base_score
645
+
646
+ #
647
+ # Corresponds to the JSON property `confidentialityImpact`
648
+ # @return [String]
649
+ attr_accessor :confidentiality_impact
650
+
651
+ #
652
+ # Corresponds to the JSON property `exploitabilityScore`
653
+ # @return [Float]
654
+ attr_accessor :exploitability_score
655
+
656
+ #
657
+ # Corresponds to the JSON property `impactScore`
658
+ # @return [Float]
659
+ attr_accessor :impact_score
660
+
661
+ #
662
+ # Corresponds to the JSON property `integrityImpact`
663
+ # @return [String]
664
+ attr_accessor :integrity_impact
665
+
666
+ #
667
+ # Corresponds to the JSON property `privilegesRequired`
668
+ # @return [String]
669
+ attr_accessor :privileges_required
670
+
671
+ #
672
+ # Corresponds to the JSON property `scope`
673
+ # @return [String]
674
+ attr_accessor :scope
675
+
676
+ #
677
+ # Corresponds to the JSON property `userInteraction`
678
+ # @return [String]
679
+ attr_accessor :user_interaction
680
+
681
+ def initialize(**args)
682
+ update!(**args)
683
+ end
684
+
685
+ # Update properties of this object
686
+ def update!(**args)
687
+ @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
688
+ @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
689
+ @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
690
+ @base_score = args[:base_score] if args.key?(:base_score)
691
+ @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
692
+ @exploitability_score = args[:exploitability_score] if args.key?(:exploitability_score)
693
+ @impact_score = args[:impact_score] if args.key?(:impact_score)
694
+ @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
695
+ @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
696
+ @scope = args[:scope] if args.key?(:scope)
697
+ @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
698
+ end
699
+ end
700
+
701
+ # The request message for Operations.CancelOperation.
702
+ class CancelOperationRequest
703
+ include Google::Apis::Core::Hashable
704
+
705
+ def initialize(**args)
706
+ update!(**args)
707
+ end
708
+
709
+ # Update properties of this object
710
+ def update!(**args)
711
+ end
712
+ end
713
+
714
+ # The category to which the update belongs.
715
+ class Category
716
+ include Google::Apis::Core::Hashable
717
+
718
+ # The identifier of the category.
719
+ # Corresponds to the JSON property `categoryId`
720
+ # @return [String]
721
+ attr_accessor :category_id
722
+
723
+ # The localized name of the category.
724
+ # Corresponds to the JSON property `name`
725
+ # @return [String]
726
+ attr_accessor :name
727
+
728
+ def initialize(**args)
729
+ update!(**args)
730
+ end
731
+
732
+ # Update properties of this object
733
+ def update!(**args)
734
+ @category_id = args[:category_id] if args.key?(:category_id)
735
+ @name = args[:name] if args.key?(:name)
736
+ end
737
+ end
738
+
739
+ # A compliance check that is a CIS benchmark.
740
+ class CisBenchmark
741
+ include Google::Apis::Core::Hashable
742
+
743
+ #
744
+ # Corresponds to the JSON property `profileLevel`
745
+ # @return [Fixnum]
746
+ attr_accessor :profile_level
747
+
748
+ #
749
+ # Corresponds to the JSON property `severity`
750
+ # @return [String]
751
+ attr_accessor :severity
752
+
753
+ def initialize(**args)
754
+ update!(**args)
755
+ end
756
+
757
+ # Update properties of this object
758
+ def update!(**args)
759
+ @profile_level = args[:profile_level] if args.key?(:profile_level)
760
+ @severity = args[:severity] if args.key?(:severity)
761
+ end
762
+ end
763
+
764
+ # A CloudRepoSourceContext denotes a particular revision in a Google Cloud
765
+ # Source Repo.
766
+ class CloudRepoSourceContext
767
+ include Google::Apis::Core::Hashable
768
+
769
+ # An alias to a repo revision.
770
+ # Corresponds to the JSON property `aliasContext`
771
+ # @return [Google::Apis::ContaineranalysisV1::AliasContext]
772
+ attr_accessor :alias_context
773
+
774
+ # A unique identifier for a Cloud Repo.
775
+ # Corresponds to the JSON property `repoId`
776
+ # @return [Google::Apis::ContaineranalysisV1::RepoId]
777
+ attr_accessor :repo_id
778
+
779
+ # A revision ID.
780
+ # Corresponds to the JSON property `revisionId`
781
+ # @return [String]
782
+ attr_accessor :revision_id
783
+
784
+ def initialize(**args)
785
+ update!(**args)
786
+ end
787
+
788
+ # Update properties of this object
789
+ def update!(**args)
790
+ @alias_context = args[:alias_context] if args.key?(:alias_context)
791
+ @repo_id = args[:repo_id] if args.key?(:repo_id)
792
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
793
+ end
794
+ end
795
+
796
+ # Command describes a step performed as part of the build pipeline.
797
+ class Command
798
+ include Google::Apis::Core::Hashable
799
+
800
+ # Command-line arguments used when executing this command.
801
+ # Corresponds to the JSON property `args`
802
+ # @return [Array<String>]
803
+ attr_accessor :args
804
+
805
+ # Working directory (relative to project source root) used when running this
806
+ # command.
807
+ # Corresponds to the JSON property `dir`
808
+ # @return [String]
809
+ attr_accessor :dir
810
+
811
+ # Environment variables set before running this command.
812
+ # Corresponds to the JSON property `env`
813
+ # @return [Array<String>]
814
+ attr_accessor :env
815
+
816
+ # Optional unique identifier for this command, used in wait_for to reference
817
+ # this command as a dependency.
818
+ # Corresponds to the JSON property `id`
819
+ # @return [String]
820
+ attr_accessor :id
821
+
822
+ # Required. Name of the command, as presented on the command line, or if the
823
+ # command is packaged as a Docker container, as presented to `docker pull`.
824
+ # Corresponds to the JSON property `name`
825
+ # @return [String]
826
+ attr_accessor :name
827
+
828
+ # The ID(s) of the command(s) that this command depends on.
829
+ # Corresponds to the JSON property `waitFor`
830
+ # @return [Array<String>]
831
+ attr_accessor :wait_for
832
+
833
+ def initialize(**args)
834
+ update!(**args)
835
+ end
836
+
837
+ # Update properties of this object
838
+ def update!(**args)
839
+ @args = args[:args] if args.key?(:args)
840
+ @dir = args[:dir] if args.key?(:dir)
841
+ @env = args[:env] if args.key?(:env)
842
+ @id = args[:id] if args.key?(:id)
843
+ @name = args[:name] if args.key?(:name)
844
+ @wait_for = args[:wait_for] if args.key?(:wait_for)
845
+ end
846
+ end
847
+
848
+ # Indicates that the builder claims certain fields in this message to be
849
+ # complete.
850
+ class Completeness
851
+ include Google::Apis::Core::Hashable
852
+
853
+ # If true, the builder claims that recipe.arguments is complete, meaning that
854
+ # all external inputs are properly captured in the recipe.
855
+ # Corresponds to the JSON property `arguments`
856
+ # @return [Boolean]
857
+ attr_accessor :arguments
858
+ alias_method :arguments?, :arguments
859
+
860
+ # If true, the builder claims that recipe.environment is claimed to be complete.
861
+ # Corresponds to the JSON property `environment`
862
+ # @return [Boolean]
863
+ attr_accessor :environment
864
+ alias_method :environment?, :environment
865
+
866
+ # If true, the builder claims that materials are complete, usually through some
867
+ # controls to prevent network access. Sometimes called "hermetic".
868
+ # Corresponds to the JSON property `materials`
869
+ # @return [Boolean]
870
+ attr_accessor :materials
871
+ alias_method :materials?, :materials
872
+
873
+ def initialize(**args)
874
+ update!(**args)
875
+ end
876
+
877
+ # Update properties of this object
878
+ def update!(**args)
879
+ @arguments = args[:arguments] if args.key?(:arguments)
880
+ @environment = args[:environment] if args.key?(:environment)
881
+ @materials = args[:materials] if args.key?(:materials)
882
+ end
883
+ end
884
+
885
+ #
886
+ class ComplianceNote
887
+ include Google::Apis::Core::Hashable
888
+
889
+ # A compliance check that is a CIS benchmark.
890
+ # Corresponds to the JSON property `cisBenchmark`
891
+ # @return [Google::Apis::ContaineranalysisV1::CisBenchmark]
892
+ attr_accessor :cis_benchmark
893
+
894
+ # A description about this compliance check.
895
+ # Corresponds to the JSON property `description`
896
+ # @return [String]
897
+ attr_accessor :description
898
+
899
+ # A rationale for the existence of this compliance check.
900
+ # Corresponds to the JSON property `rationale`
901
+ # @return [String]
902
+ attr_accessor :rationale
903
+
904
+ # A description of remediation steps if the compliance check fails.
905
+ # Corresponds to the JSON property `remediation`
906
+ # @return [String]
907
+ attr_accessor :remediation
908
+
909
+ # Serialized scan instructions with a predefined format.
910
+ # Corresponds to the JSON property `scanInstructions`
911
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
912
+ # @return [String]
913
+ attr_accessor :scan_instructions
914
+
915
+ # The title that identifies this compliance check.
916
+ # Corresponds to the JSON property `title`
917
+ # @return [String]
918
+ attr_accessor :title
919
+
920
+ # The OS and config versions the benchmark applies to.
921
+ # Corresponds to the JSON property `version`
922
+ # @return [Array<Google::Apis::ContaineranalysisV1::ComplianceVersion>]
923
+ attr_accessor :version
924
+
925
+ def initialize(**args)
926
+ update!(**args)
927
+ end
928
+
929
+ # Update properties of this object
930
+ def update!(**args)
931
+ @cis_benchmark = args[:cis_benchmark] if args.key?(:cis_benchmark)
932
+ @description = args[:description] if args.key?(:description)
933
+ @rationale = args[:rationale] if args.key?(:rationale)
934
+ @remediation = args[:remediation] if args.key?(:remediation)
935
+ @scan_instructions = args[:scan_instructions] if args.key?(:scan_instructions)
936
+ @title = args[:title] if args.key?(:title)
937
+ @version = args[:version] if args.key?(:version)
938
+ end
939
+ end
940
+
941
+ # An indication that the compliance checks in the associated ComplianceNote were
942
+ # not satisfied for particular resources or a specified reason.
943
+ class ComplianceOccurrence
944
+ include Google::Apis::Core::Hashable
945
+
946
+ #
947
+ # Corresponds to the JSON property `nonComplianceReason`
948
+ # @return [String]
949
+ attr_accessor :non_compliance_reason
950
+
951
+ #
952
+ # Corresponds to the JSON property `nonCompliantFiles`
953
+ # @return [Array<Google::Apis::ContaineranalysisV1::NonCompliantFile>]
954
+ attr_accessor :non_compliant_files
955
+
956
+ def initialize(**args)
957
+ update!(**args)
958
+ end
959
+
960
+ # Update properties of this object
961
+ def update!(**args)
962
+ @non_compliance_reason = args[:non_compliance_reason] if args.key?(:non_compliance_reason)
963
+ @non_compliant_files = args[:non_compliant_files] if args.key?(:non_compliant_files)
964
+ end
965
+ end
966
+
967
+ # Describes the CIS benchmark version that is applicable to a given OS and os
968
+ # version.
969
+ class ComplianceVersion
970
+ include Google::Apis::Core::Hashable
971
+
972
+ # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
973
+ # applicable to.
974
+ # Corresponds to the JSON property `cpeUri`
975
+ # @return [String]
976
+ attr_accessor :cpe_uri
977
+
978
+ # The version of the benchmark. This is set to the version of the OS-specific
979
+ # CIS document the benchmark is defined in.
980
+ # Corresponds to the JSON property `version`
981
+ # @return [String]
982
+ attr_accessor :version
983
+
984
+ def initialize(**args)
985
+ update!(**args)
986
+ end
987
+
988
+ # Update properties of this object
989
+ def update!(**args)
990
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
991
+ @version = args[:version] if args.key?(:version)
992
+ end
993
+ end
994
+
995
+ #
996
+ class DsseAttestationNote
997
+ include Google::Apis::Core::Hashable
998
+
999
+ # This submessage provides human-readable hints about the purpose of the
1000
+ # authority. Because the name of a note acts as its resource reference, it is
1001
+ # important to disambiguate the canonical name of the Note (which might be a
1002
+ # UUID for security purposes) from "readable" names more suitable for debug
1003
+ # output. Note that these hints should not be used to look up authorities in
1004
+ # security sensitive contexts, such as when looking up attestations to verify.
1005
+ # Corresponds to the JSON property `hint`
1006
+ # @return [Google::Apis::ContaineranalysisV1::DsseHint]
1007
+ attr_accessor :hint
1008
+
1009
+ def initialize(**args)
1010
+ update!(**args)
1011
+ end
1012
+
1013
+ # Update properties of this object
1014
+ def update!(**args)
1015
+ @hint = args[:hint] if args.key?(:hint)
1016
+ end
1017
+ end
1018
+
1019
+ #
1020
+ class DsseAttestationOccurrence
1021
+ include Google::Apis::Core::Hashable
1022
+
1023
+ # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
1024
+ # proto. An authenticated message of arbitrary type.
1025
+ # Corresponds to the JSON property `envelope`
1026
+ # @return [Google::Apis::ContaineranalysisV1::Envelope]
1027
+ attr_accessor :envelope
1028
+
1029
+ # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#
1030
+ # statement The serialized InTotoStatement will be stored as Envelope.payload.
1031
+ # Envelope.payloadType is always "application/vnd.in-toto+json".
1032
+ # Corresponds to the JSON property `statement`
1033
+ # @return [Google::Apis::ContaineranalysisV1::InTotoStatement]
1034
+ attr_accessor :statement
1035
+
1036
+ def initialize(**args)
1037
+ update!(**args)
1038
+ end
1039
+
1040
+ # Update properties of this object
1041
+ def update!(**args)
1042
+ @envelope = args[:envelope] if args.key?(:envelope)
1043
+ @statement = args[:statement] if args.key?(:statement)
1044
+ end
1045
+ end
1046
+
1047
+ # This submessage provides human-readable hints about the purpose of the
1048
+ # authority. Because the name of a note acts as its resource reference, it is
1049
+ # important to disambiguate the canonical name of the Note (which might be a
1050
+ # UUID for security purposes) from "readable" names more suitable for debug
1051
+ # output. Note that these hints should not be used to look up authorities in
1052
+ # security sensitive contexts, such as when looking up attestations to verify.
1053
+ class DsseHint
1054
+ include Google::Apis::Core::Hashable
1055
+
1056
+ # Required. The human readable name of this attestation authority, for example "
1057
+ # cloudbuild-prod".
1058
+ # Corresponds to the JSON property `humanReadableName`
1059
+ # @return [String]
1060
+ attr_accessor :human_readable_name
1061
+
1062
+ def initialize(**args)
1063
+ update!(**args)
1064
+ end
1065
+
1066
+ # Update properties of this object
1067
+ def update!(**args)
1068
+ @human_readable_name = args[:human_readable_name] if args.key?(:human_readable_name)
1069
+ end
1070
+ end
1071
+
1072
+ # An artifact that can be deployed in some runtime.
1073
+ class DeploymentNote
1074
+ include Google::Apis::Core::Hashable
1075
+
1076
+ # Required. Resource URI for the artifact being deployed.
1077
+ # Corresponds to the JSON property `resourceUri`
1078
+ # @return [Array<String>]
1079
+ attr_accessor :resource_uri
1080
+
1081
+ def initialize(**args)
1082
+ update!(**args)
1083
+ end
1084
+
1085
+ # Update properties of this object
1086
+ def update!(**args)
1087
+ @resource_uri = args[:resource_uri] if args.key?(:resource_uri)
1088
+ end
1089
+ end
1090
+
1091
+ # The period during which some deployable was active in a runtime.
1092
+ class DeploymentOccurrence
1093
+ include Google::Apis::Core::Hashable
1094
+
1095
+ # Address of the runtime element hosting this deployment.
1096
+ # Corresponds to the JSON property `address`
1097
+ # @return [String]
1098
+ attr_accessor :address
1099
+
1100
+ # Configuration used to create this deployment.
1101
+ # Corresponds to the JSON property `config`
1102
+ # @return [String]
1103
+ attr_accessor :config
1104
+
1105
+ # Required. Beginning of the lifetime of this deployment.
1106
+ # Corresponds to the JSON property `deployTime`
1107
+ # @return [String]
1108
+ attr_accessor :deploy_time
1109
+
1110
+ # Platform hosting this deployment.
1111
+ # Corresponds to the JSON property `platform`
1112
+ # @return [String]
1113
+ attr_accessor :platform
1114
+
1115
+ # Output only. Resource URI for the artifact being deployed taken from the
1116
+ # deployable field with the same name.
1117
+ # Corresponds to the JSON property `resourceUri`
1118
+ # @return [Array<String>]
1119
+ attr_accessor :resource_uri
1120
+
1121
+ # End of the lifetime of this deployment.
1122
+ # Corresponds to the JSON property `undeployTime`
1123
+ # @return [String]
1124
+ attr_accessor :undeploy_time
1125
+
1126
+ # Identity of the user that triggered this deployment.
1127
+ # Corresponds to the JSON property `userEmail`
1128
+ # @return [String]
1129
+ attr_accessor :user_email
1130
+
1131
+ def initialize(**args)
1132
+ update!(**args)
1133
+ end
1134
+
1135
+ # Update properties of this object
1136
+ def update!(**args)
1137
+ @address = args[:address] if args.key?(:address)
1138
+ @config = args[:config] if args.key?(:config)
1139
+ @deploy_time = args[:deploy_time] if args.key?(:deploy_time)
1140
+ @platform = args[:platform] if args.key?(:platform)
1141
+ @resource_uri = args[:resource_uri] if args.key?(:resource_uri)
1142
+ @undeploy_time = args[:undeploy_time] if args.key?(:undeploy_time)
1143
+ @user_email = args[:user_email] if args.key?(:user_email)
1144
+ end
1145
+ end
1146
+
1147
+ # A detail for a distro and package affected by this vulnerability and its
1148
+ # associated fix (if one is available).
1149
+ class Detail
1150
+ include Google::Apis::Core::Hashable
1151
+
1152
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
1153
+ # vulnerability affects.
1154
+ # Corresponds to the JSON property `affectedCpeUri`
1155
+ # @return [String]
1156
+ attr_accessor :affected_cpe_uri
1157
+
1158
+ # Required. The package this vulnerability affects.
1159
+ # Corresponds to the JSON property `affectedPackage`
1160
+ # @return [String]
1161
+ attr_accessor :affected_package
1162
+
1163
+ # Version contains structured information about the version of a package.
1164
+ # Corresponds to the JSON property `affectedVersionEnd`
1165
+ # @return [Google::Apis::ContaineranalysisV1::Version]
1166
+ attr_accessor :affected_version_end
1167
+
1168
+ # Version contains structured information about the version of a package.
1169
+ # Corresponds to the JSON property `affectedVersionStart`
1170
+ # @return [Google::Apis::ContaineranalysisV1::Version]
1171
+ attr_accessor :affected_version_start
1172
+
1173
+ # A vendor-specific description of this vulnerability.
1174
+ # Corresponds to the JSON property `description`
1175
+ # @return [String]
1176
+ attr_accessor :description
1177
+
1178
+ # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to
1179
+ # update to that contains a fix for this vulnerability. It is possible for this
1180
+ # to be different from the affected_cpe_uri.
1181
+ # Corresponds to the JSON property `fixedCpeUri`
1182
+ # @return [String]
1183
+ attr_accessor :fixed_cpe_uri
1184
+
1185
+ # The distro recommended package to update to that contains a fix for this
1186
+ # vulnerability. It is possible for this to be different from the
1187
+ # affected_package.
1188
+ # Corresponds to the JSON property `fixedPackage`
1189
+ # @return [String]
1190
+ attr_accessor :fixed_package
1191
+
1192
+ # Version contains structured information about the version of a package.
1193
+ # Corresponds to the JSON property `fixedVersion`
1194
+ # @return [Google::Apis::ContaineranalysisV1::Version]
1195
+ attr_accessor :fixed_version
1196
+
1197
+ # Whether this detail is obsolete. Occurrences are expected not to point to
1198
+ # obsolete details.
1199
+ # Corresponds to the JSON property `isObsolete`
1200
+ # @return [Boolean]
1201
+ attr_accessor :is_obsolete
1202
+ alias_method :is_obsolete?, :is_obsolete
1203
+
1204
+ # The type of package; whether native or non native (e.g., ruby gems, node.js
1205
+ # packages, etc.).
1206
+ # Corresponds to the JSON property `packageType`
1207
+ # @return [String]
1208
+ attr_accessor :package_type
1209
+
1210
+ # The distro assigned severity of this vulnerability.
1211
+ # Corresponds to the JSON property `severityName`
1212
+ # @return [String]
1213
+ attr_accessor :severity_name
1214
+
1215
+ # The source from which the information in this Detail was obtained.
1216
+ # Corresponds to the JSON property `source`
1217
+ # @return [String]
1218
+ attr_accessor :source
1219
+
1220
+ # The time this information was last changed at the source. This is an upstream
1221
+ # timestamp from the underlying information source - e.g. Ubuntu security
1222
+ # tracker.
1223
+ # Corresponds to the JSON property `sourceUpdateTime`
1224
+ # @return [String]
1225
+ attr_accessor :source_update_time
1226
+
1227
+ # The name of the vendor of the product.
1228
+ # Corresponds to the JSON property `vendor`
1229
+ # @return [String]
1230
+ attr_accessor :vendor
1231
+
1232
+ def initialize(**args)
1233
+ update!(**args)
1234
+ end
1235
+
1236
+ # Update properties of this object
1237
+ def update!(**args)
1238
+ @affected_cpe_uri = args[:affected_cpe_uri] if args.key?(:affected_cpe_uri)
1239
+ @affected_package = args[:affected_package] if args.key?(:affected_package)
1240
+ @affected_version_end = args[:affected_version_end] if args.key?(:affected_version_end)
1241
+ @affected_version_start = args[:affected_version_start] if args.key?(:affected_version_start)
1242
+ @description = args[:description] if args.key?(:description)
1243
+ @fixed_cpe_uri = args[:fixed_cpe_uri] if args.key?(:fixed_cpe_uri)
1244
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
1245
+ @fixed_version = args[:fixed_version] if args.key?(:fixed_version)
1246
+ @is_obsolete = args[:is_obsolete] if args.key?(:is_obsolete)
1247
+ @package_type = args[:package_type] if args.key?(:package_type)
1248
+ @severity_name = args[:severity_name] if args.key?(:severity_name)
1249
+ @source = args[:source] if args.key?(:source)
1250
+ @source_update_time = args[:source_update_time] if args.key?(:source_update_time)
1251
+ @vendor = args[:vendor] if args.key?(:vendor)
1252
+ end
1253
+ end
1254
+
1255
+ # A note that indicates a type of analysis a provider would perform. This note
1256
+ # exists in a provider's project. A `Discovery` occurrence is created in a
1257
+ # consumer's project at the start of analysis.
1258
+ class DiscoveryNote
1259
+ include Google::Apis::Core::Hashable
1260
+
1261
+ # Required. Immutable. The kind of analysis that is handled by this discovery.
1262
+ # Corresponds to the JSON property `analysisKind`
1263
+ # @return [String]
1264
+ attr_accessor :analysis_kind
1265
+
1266
+ def initialize(**args)
1267
+ update!(**args)
1268
+ end
1269
+
1270
+ # Update properties of this object
1271
+ def update!(**args)
1272
+ @analysis_kind = args[:analysis_kind] if args.key?(:analysis_kind)
1273
+ end
1274
+ end
1275
+
1276
+ # Provides information about the analysis status of a discovered resource.
1277
+ class DiscoveryOccurrence
1278
+ include Google::Apis::Core::Hashable
1279
+
1280
+ # The status of discovery for the resource.
1281
+ # Corresponds to the JSON property `analysisStatus`
1282
+ # @return [String]
1283
+ attr_accessor :analysis_status
1284
+
1285
+ # The `Status` type defines a logical error model that is suitable for different
1286
+ # programming environments, including REST APIs and RPC APIs. It is used by [
1287
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
1288
+ # data: error code, error message, and error details. You can find out more
1289
+ # about this error model and how to work with it in the [API Design Guide](https:
1290
+ # //cloud.google.com/apis/design/errors).
1291
+ # Corresponds to the JSON property `analysisStatusError`
1292
+ # @return [Google::Apis::ContaineranalysisV1::Status]
1293
+ attr_accessor :analysis_status_error
1294
+
1295
+ # Whether the resource is continuously analyzed.
1296
+ # Corresponds to the JSON property `continuousAnalysis`
1297
+ # @return [String]
1298
+ attr_accessor :continuous_analysis
1299
+
1300
+ # The CPE of the resource being scanned.
1301
+ # Corresponds to the JSON property `cpe`
1302
+ # @return [String]
1303
+ attr_accessor :cpe
1304
+
1305
+ # The last time this resource was scanned.
1306
+ # Corresponds to the JSON property `lastScanTime`
1307
+ # @return [String]
1308
+ attr_accessor :last_scan_time
1309
+
1310
+ def initialize(**args)
1311
+ update!(**args)
1312
+ end
1313
+
1314
+ # Update properties of this object
1315
+ def update!(**args)
1316
+ @analysis_status = args[:analysis_status] if args.key?(:analysis_status)
1317
+ @analysis_status_error = args[:analysis_status_error] if args.key?(:analysis_status_error)
1318
+ @continuous_analysis = args[:continuous_analysis] if args.key?(:continuous_analysis)
1319
+ @cpe = args[:cpe] if args.key?(:cpe)
1320
+ @last_scan_time = args[:last_scan_time] if args.key?(:last_scan_time)
1321
+ end
1322
+ end
1323
+
1324
+ # This represents a particular channel of distribution for a given package. E.g.,
1325
+ # Debian's jessie-backports dpkg mirror.
1326
+ class Distribution
1327
+ include Google::Apis::Core::Hashable
1328
+
1329
+ # The CPU architecture for which packages in this distribution channel were
1330
+ # built.
1331
+ # Corresponds to the JSON property `architecture`
1332
+ # @return [String]
1333
+ attr_accessor :architecture
1334
+
1335
+ # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
1336
+ # denoting the package manager version distributing a package.
1337
+ # Corresponds to the JSON property `cpeUri`
1338
+ # @return [String]
1339
+ attr_accessor :cpe_uri
1340
+
1341
+ # The distribution channel-specific description of this package.
1342
+ # Corresponds to the JSON property `description`
1343
+ # @return [String]
1344
+ attr_accessor :description
1345
+
1346
+ # Version contains structured information about the version of a package.
1347
+ # Corresponds to the JSON property `latestVersion`
1348
+ # @return [Google::Apis::ContaineranalysisV1::Version]
1349
+ attr_accessor :latest_version
1350
+
1351
+ # A freeform string denoting the maintainer of this package.
1352
+ # Corresponds to the JSON property `maintainer`
1353
+ # @return [String]
1354
+ attr_accessor :maintainer
1355
+
1356
+ # The distribution channel-specific homepage for this package.
1357
+ # Corresponds to the JSON property `url`
1358
+ # @return [String]
1359
+ attr_accessor :url
1360
+
1361
+ def initialize(**args)
1362
+ update!(**args)
1363
+ end
1364
+
1365
+ # Update properties of this object
1366
+ def update!(**args)
1367
+ @architecture = args[:architecture] if args.key?(:architecture)
1368
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
1369
+ @description = args[:description] if args.key?(:description)
1370
+ @latest_version = args[:latest_version] if args.key?(:latest_version)
1371
+ @maintainer = args[:maintainer] if args.key?(:maintainer)
1372
+ @url = args[:url] if args.key?(:url)
1373
+ end
1374
+ end
1375
+
1376
+ # A generic empty message that you can re-use to avoid defining duplicated empty
1377
+ # messages in your APIs. A typical example is to use it as the request or the
1378
+ # response type of an API method. For instance: service Foo ` rpc Bar(google.
1379
+ # protobuf.Empty) returns (google.protobuf.Empty); ` The JSON representation for
1380
+ # `Empty` is empty JSON object ````.
1381
+ class Empty
1382
+ include Google::Apis::Core::Hashable
1383
+
1384
+ def initialize(**args)
1385
+ update!(**args)
1386
+ end
1387
+
1388
+ # Update properties of this object
1389
+ def update!(**args)
1390
+ end
1391
+ end
1392
+
1393
+ # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
1394
+ # proto. An authenticated message of arbitrary type.
1395
+ class Envelope
1396
+ include Google::Apis::Core::Hashable
1397
+
1398
+ #
1399
+ # Corresponds to the JSON property `payload`
1400
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1401
+ # @return [String]
1402
+ attr_accessor :payload
1403
+
1404
+ #
1405
+ # Corresponds to the JSON property `payloadType`
1406
+ # @return [String]
1407
+ attr_accessor :payload_type
1408
+
1409
+ #
1410
+ # Corresponds to the JSON property `signatures`
1411
+ # @return [Array<Google::Apis::ContaineranalysisV1::EnvelopeSignature>]
1412
+ attr_accessor :signatures
1413
+
1414
+ def initialize(**args)
1415
+ update!(**args)
1416
+ end
1417
+
1418
+ # Update properties of this object
1419
+ def update!(**args)
1420
+ @payload = args[:payload] if args.key?(:payload)
1421
+ @payload_type = args[:payload_type] if args.key?(:payload_type)
1422
+ @signatures = args[:signatures] if args.key?(:signatures)
1423
+ end
1424
+ end
1425
+
1426
+ #
1427
+ class EnvelopeSignature
1428
+ include Google::Apis::Core::Hashable
1429
+
1430
+ #
1431
+ # Corresponds to the JSON property `keyid`
1432
+ # @return [String]
1433
+ attr_accessor :keyid
1434
+
1435
+ #
1436
+ # Corresponds to the JSON property `sig`
1437
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1438
+ # @return [String]
1439
+ attr_accessor :sig
1440
+
1441
+ def initialize(**args)
1442
+ update!(**args)
1443
+ end
1444
+
1445
+ # Update properties of this object
1446
+ def update!(**args)
1447
+ @keyid = args[:keyid] if args.key?(:keyid)
1448
+ @sig = args[:sig] if args.key?(:sig)
1449
+ end
1450
+ end
1451
+
1452
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
1453
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
1454
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
1455
+ # "Summary size limit" description: "Determines if a summary is less than 100
1456
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
1457
+ # Requestor is owner" description: "Determines if requestor is the document
1458
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
1459
+ # Logic): title: "Public documents" description: "Determine whether the document
1460
+ # should be publicly visible" expression: "document.type != 'private' &&
1461
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
1462
+ # string" description: "Create a notification string with a timestamp."
1463
+ # expression: "'New message received at ' + string(document.create_time)" The
1464
+ # exact variables and functions that may be referenced within an expression are
1465
+ # determined by the service that evaluates it. See the service documentation for
1466
+ # additional information.
1467
+ class Expr
1468
+ include Google::Apis::Core::Hashable
1469
+
1470
+ # Optional. Description of the expression. This is a longer text which describes
1471
+ # the expression, e.g. when hovered over it in a UI.
1472
+ # Corresponds to the JSON property `description`
1473
+ # @return [String]
1474
+ attr_accessor :description
1475
+
1476
+ # Textual representation of an expression in Common Expression Language syntax.
1477
+ # Corresponds to the JSON property `expression`
1478
+ # @return [String]
1479
+ attr_accessor :expression
1480
+
1481
+ # Optional. String indicating the location of the expression for error reporting,
1482
+ # e.g. a file name and a position in the file.
1483
+ # Corresponds to the JSON property `location`
1484
+ # @return [String]
1485
+ attr_accessor :location
1486
+
1487
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
1488
+ # This can be used e.g. in UIs which allow to enter the expression.
1489
+ # Corresponds to the JSON property `title`
1490
+ # @return [String]
1491
+ attr_accessor :title
1492
+
1493
+ def initialize(**args)
1494
+ update!(**args)
1495
+ end
1496
+
1497
+ # Update properties of this object
1498
+ def update!(**args)
1499
+ @description = args[:description] if args.key?(:description)
1500
+ @expression = args[:expression] if args.key?(:expression)
1501
+ @location = args[:location] if args.key?(:location)
1502
+ @title = args[:title] if args.key?(:title)
1503
+ end
1504
+ end
1505
+
1506
+ # Container message for hashes of byte content of files, used in source messages
1507
+ # to verify integrity of source input to the build.
1508
+ class FileHashes
1509
+ include Google::Apis::Core::Hashable
1510
+
1511
+ # Required. Collection of file hashes.
1512
+ # Corresponds to the JSON property `fileHash`
1513
+ # @return [Array<Google::Apis::ContaineranalysisV1::HashProp>]
1514
+ attr_accessor :file_hash
1515
+
1516
+ def initialize(**args)
1517
+ update!(**args)
1518
+ end
1519
+
1520
+ # Update properties of this object
1521
+ def update!(**args)
1522
+ @file_hash = args[:file_hash] if args.key?(:file_hash)
1523
+ end
1524
+ end
1525
+
1526
+ # A set of properties that uniquely identify a given Docker image.
1527
+ class Fingerprint
1528
+ include Google::Apis::Core::Hashable
1529
+
1530
+ # Required. The layer ID of the final layer in the Docker image's v1
1531
+ # representation.
1532
+ # Corresponds to the JSON property `v1Name`
1533
+ # @return [String]
1534
+ attr_accessor :v1_name
1535
+
1536
+ # Required. The ordered list of v2 blobs that represent a given image.
1537
+ # Corresponds to the JSON property `v2Blob`
1538
+ # @return [Array<String>]
1539
+ attr_accessor :v2_blob
1540
+
1541
+ # Output only. The name of the image's v2 blobs computed via: [bottom] :=
1542
+ # v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the
1543
+ # final blob is kept.
1544
+ # Corresponds to the JSON property `v2Name`
1545
+ # @return [String]
1546
+ attr_accessor :v2_name
1547
+
1548
+ def initialize(**args)
1549
+ update!(**args)
1550
+ end
1551
+
1552
+ # Update properties of this object
1553
+ def update!(**args)
1554
+ @v1_name = args[:v1_name] if args.key?(:v1_name)
1555
+ @v2_blob = args[:v2_blob] if args.key?(:v2_blob)
1556
+ @v2_name = args[:v2_name] if args.key?(:v2_name)
1557
+ end
1558
+ end
1559
+
1560
+ # Per resource and severity counts of fixable and total vulnerabilities.
1561
+ class FixableTotalByDigest
1562
+ include Google::Apis::Core::Hashable
1563
+
1564
+ # The number of fixable vulnerabilities associated with this resource.
1565
+ # Corresponds to the JSON property `fixableCount`
1566
+ # @return [Fixnum]
1567
+ attr_accessor :fixable_count
1568
+
1569
+ # The affected resource.
1570
+ # Corresponds to the JSON property `resourceUri`
1571
+ # @return [String]
1572
+ attr_accessor :resource_uri
1573
+
1574
+ # The severity for this count. SEVERITY_UNSPECIFIED indicates total across all
1575
+ # severities.
1576
+ # Corresponds to the JSON property `severity`
1577
+ # @return [String]
1578
+ attr_accessor :severity
1579
+
1580
+ # The total number of vulnerabilities associated with this resource.
1581
+ # Corresponds to the JSON property `totalCount`
1582
+ # @return [Fixnum]
1583
+ attr_accessor :total_count
1584
+
1585
+ def initialize(**args)
1586
+ update!(**args)
1587
+ end
1588
+
1589
+ # Update properties of this object
1590
+ def update!(**args)
1591
+ @fixable_count = args[:fixable_count] if args.key?(:fixable_count)
1592
+ @resource_uri = args[:resource_uri] if args.key?(:resource_uri)
1593
+ @severity = args[:severity] if args.key?(:severity)
1594
+ @total_count = args[:total_count] if args.key?(:total_count)
1595
+ end
1596
+ end
1597
+
1598
+ # A SourceContext referring to a Gerrit project.
1599
+ class GerritSourceContext
1600
+ include Google::Apis::Core::Hashable
1601
+
1602
+ # An alias to a repo revision.
1603
+ # Corresponds to the JSON property `aliasContext`
1604
+ # @return [Google::Apis::ContaineranalysisV1::AliasContext]
1605
+ attr_accessor :alias_context
1606
+
1607
+ # The full project name within the host. Projects may be nested, so "project/
1608
+ # subproject" is a valid project name. The "repo name" is the hostURI/project.
1609
+ # Corresponds to the JSON property `gerritProject`
1610
+ # @return [String]
1611
+ attr_accessor :gerrit_project
1612
+
1613
+ # The URI of a running Gerrit instance.
1614
+ # Corresponds to the JSON property `hostUri`
1615
+ # @return [String]
1616
+ attr_accessor :host_uri
1617
+
1618
+ # A revision (commit) ID.
1619
+ # Corresponds to the JSON property `revisionId`
1620
+ # @return [String]
1621
+ attr_accessor :revision_id
1622
+
1623
+ def initialize(**args)
1624
+ update!(**args)
1625
+ end
1626
+
1627
+ # Update properties of this object
1628
+ def update!(**args)
1629
+ @alias_context = args[:alias_context] if args.key?(:alias_context)
1630
+ @gerrit_project = args[:gerrit_project] if args.key?(:gerrit_project)
1631
+ @host_uri = args[:host_uri] if args.key?(:host_uri)
1632
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
1633
+ end
1634
+ end
1635
+
1636
+ # Request message for `GetIamPolicy` method.
1637
+ class GetIamPolicyRequest
1638
+ include Google::Apis::Core::Hashable
1639
+
1640
+ # Encapsulates settings provided to GetIamPolicy.
1641
+ # Corresponds to the JSON property `options`
1642
+ # @return [Google::Apis::ContaineranalysisV1::GetPolicyOptions]
1643
+ attr_accessor :options
1644
+
1645
+ def initialize(**args)
1646
+ update!(**args)
1647
+ end
1648
+
1649
+ # Update properties of this object
1650
+ def update!(**args)
1651
+ @options = args[:options] if args.key?(:options)
1652
+ end
1653
+ end
1654
+
1655
+ # Encapsulates settings provided to GetIamPolicy.
1656
+ class GetPolicyOptions
1657
+ include Google::Apis::Core::Hashable
1658
+
1659
+ # Optional. The policy format version to be returned. Valid values are 0, 1, and
1660
+ # 3. Requests specifying an invalid value will be rejected. Requests for
1661
+ # policies with any conditional bindings must specify version 3. Policies
1662
+ # without any conditional bindings may specify any valid value or leave the
1663
+ # field unset. To learn which resources support conditions in their IAM policies,
1664
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
1665
+ # resource-policies).
1666
+ # Corresponds to the JSON property `requestedPolicyVersion`
1667
+ # @return [Fixnum]
1668
+ attr_accessor :requested_policy_version
1669
+
1670
+ def initialize(**args)
1671
+ update!(**args)
1672
+ end
1673
+
1674
+ # Update properties of this object
1675
+ def update!(**args)
1676
+ @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
1677
+ end
1678
+ end
1679
+
1680
+ # A GitSourceContext denotes a particular revision in a third party Git
1681
+ # repository (e.g., GitHub).
1682
+ class GitSourceContext
1683
+ include Google::Apis::Core::Hashable
1684
+
1685
+ # Git commit hash.
1686
+ # Corresponds to the JSON property `revisionId`
1687
+ # @return [String]
1688
+ attr_accessor :revision_id
1689
+
1690
+ # Git repository URL.
1691
+ # Corresponds to the JSON property `url`
1692
+ # @return [String]
1693
+ attr_accessor :url
1694
+
1695
+ def initialize(**args)
1696
+ update!(**args)
1697
+ end
1698
+
1699
+ # Update properties of this object
1700
+ def update!(**args)
1701
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
1702
+ @url = args[:url] if args.key?(:url)
1703
+ end
1704
+ end
1705
+
1706
+ # Metadata for all operations used and required for all operations that created
1707
+ # by Container Analysis Providers
1708
+ class GoogleDevtoolsContaineranalysisV1alpha1OperationMetadata
1709
+ include Google::Apis::Core::Hashable
1710
+
1711
+ # Output only. The time this operation was created.
1712
+ # Corresponds to the JSON property `createTime`
1713
+ # @return [String]
1714
+ attr_accessor :create_time
1715
+
1716
+ # Output only. The time that this operation was marked completed or failed.
1717
+ # Corresponds to the JSON property `endTime`
1718
+ # @return [String]
1719
+ attr_accessor :end_time
1720
+
1721
+ def initialize(**args)
1722
+ update!(**args)
1723
+ end
1724
+
1725
+ # Update properties of this object
1726
+ def update!(**args)
1727
+ @create_time = args[:create_time] if args.key?(:create_time)
1728
+ @end_time = args[:end_time] if args.key?(:end_time)
1729
+ end
1730
+ end
1731
+
1732
+ # Container message for hash values.
1733
+ class HashProp
1734
+ include Google::Apis::Core::Hashable
1735
+
1736
+ # Required. The type of hash that was performed, e.g. "SHA-256".
1737
+ # Corresponds to the JSON property `type`
1738
+ # @return [String]
1739
+ attr_accessor :type
1740
+
1741
+ # Required. The hash value.
1742
+ # Corresponds to the JSON property `value`
1743
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1744
+ # @return [String]
1745
+ attr_accessor :value
1746
+
1747
+ def initialize(**args)
1748
+ update!(**args)
1749
+ end
1750
+
1751
+ # Update properties of this object
1752
+ def update!(**args)
1753
+ @type = args[:type] if args.key?(:type)
1754
+ @value = args[:value] if args.key?(:value)
1755
+ end
1756
+ end
1757
+
1758
+ # This submessage provides human-readable hints about the purpose of the
1759
+ # authority. Because the name of a note acts as its resource reference, it is
1760
+ # important to disambiguate the canonical name of the Note (which might be a
1761
+ # UUID for security purposes) from "readable" names more suitable for debug
1762
+ # output. Note that these hints should not be used to look up authorities in
1763
+ # security sensitive contexts, such as when looking up attestations to verify.
1764
+ class Hint
1765
+ include Google::Apis::Core::Hashable
1766
+
1767
+ # Required. The human readable name of this attestation authority, for example "
1768
+ # qa".
1769
+ # Corresponds to the JSON property `humanReadableName`
1770
+ # @return [String]
1771
+ attr_accessor :human_readable_name
1772
+
1773
+ def initialize(**args)
1774
+ update!(**args)
1775
+ end
1776
+
1777
+ # Update properties of this object
1778
+ def update!(**args)
1779
+ @human_readable_name = args[:human_readable_name] if args.key?(:human_readable_name)
1780
+ end
1781
+ end
1782
+
1783
+ # The unique identifier of the update.
1784
+ class Identity
1785
+ include Google::Apis::Core::Hashable
1786
+
1787
+ # The revision number of the update.
1788
+ # Corresponds to the JSON property `revision`
1789
+ # @return [Fixnum]
1790
+ attr_accessor :revision
1791
+
1792
+ # The revision independent identifier of the update.
1793
+ # Corresponds to the JSON property `updateId`
1794
+ # @return [String]
1795
+ attr_accessor :update_id
1796
+
1797
+ def initialize(**args)
1798
+ update!(**args)
1799
+ end
1800
+
1801
+ # Update properties of this object
1802
+ def update!(**args)
1803
+ @revision = args[:revision] if args.key?(:revision)
1804
+ @update_id = args[:update_id] if args.key?(:update_id)
1805
+ end
1806
+ end
1807
+
1808
+ # Basis describes the base image portion (Note) of the DockerImage relationship.
1809
+ # Linked occurrences are derived from this or an equivalent image via: FROM Or
1810
+ # an equivalent reference, e.g., a tag of the resource_url.
1811
+ class ImageNote
1812
+ include Google::Apis::Core::Hashable
1813
+
1814
+ # A set of properties that uniquely identify a given Docker image.
1815
+ # Corresponds to the JSON property `fingerprint`
1816
+ # @return [Google::Apis::ContaineranalysisV1::Fingerprint]
1817
+ attr_accessor :fingerprint
1818
+
1819
+ # Required. Immutable. The resource_url for the resource representing the basis
1820
+ # of associated occurrence images.
1821
+ # Corresponds to the JSON property `resourceUrl`
1822
+ # @return [String]
1823
+ attr_accessor :resource_url
1824
+
1825
+ def initialize(**args)
1826
+ update!(**args)
1827
+ end
1828
+
1829
+ # Update properties of this object
1830
+ def update!(**args)
1831
+ @fingerprint = args[:fingerprint] if args.key?(:fingerprint)
1832
+ @resource_url = args[:resource_url] if args.key?(:resource_url)
1833
+ end
1834
+ end
1835
+
1836
+ # Details of the derived image portion of the DockerImage relationship. This
1837
+ # image would be produced from a Dockerfile with FROM .
1838
+ class ImageOccurrence
1839
+ include Google::Apis::Core::Hashable
1840
+
1841
+ # Output only. This contains the base image URL for the derived image occurrence.
1842
+ # Corresponds to the JSON property `baseResourceUrl`
1843
+ # @return [String]
1844
+ attr_accessor :base_resource_url
1845
+
1846
+ # Output only. The number of layers by which this image differs from the
1847
+ # associated image basis.
1848
+ # Corresponds to the JSON property `distance`
1849
+ # @return [Fixnum]
1850
+ attr_accessor :distance
1851
+
1852
+ # A set of properties that uniquely identify a given Docker image.
1853
+ # Corresponds to the JSON property `fingerprint`
1854
+ # @return [Google::Apis::ContaineranalysisV1::Fingerprint]
1855
+ attr_accessor :fingerprint
1856
+
1857
+ # This contains layer-specific metadata, if populated it has length "distance"
1858
+ # and is ordered with [distance] being the layer immediately following the base
1859
+ # image and [1] being the final layer.
1860
+ # Corresponds to the JSON property `layerInfo`
1861
+ # @return [Array<Google::Apis::ContaineranalysisV1::Layer>]
1862
+ attr_accessor :layer_info
1863
+
1864
+ def initialize(**args)
1865
+ update!(**args)
1866
+ end
1867
+
1868
+ # Update properties of this object
1869
+ def update!(**args)
1870
+ @base_resource_url = args[:base_resource_url] if args.key?(:base_resource_url)
1871
+ @distance = args[:distance] if args.key?(:distance)
1872
+ @fingerprint = args[:fingerprint] if args.key?(:fingerprint)
1873
+ @layer_info = args[:layer_info] if args.key?(:layer_info)
1874
+ end
1875
+ end
1876
+
1877
+ #
1878
+ class InTotoProvenance
1879
+ include Google::Apis::Core::Hashable
1880
+
1881
+ # required
1882
+ # Corresponds to the JSON property `builderConfig`
1883
+ # @return [Google::Apis::ContaineranalysisV1::BuilderConfig]
1884
+ attr_accessor :builder_config
1885
+
1886
+ # The collection of artifacts that influenced the build including sources,
1887
+ # dependencies, build tools, base images, and so on. This is considered to be
1888
+ # incomplete unless metadata.completeness.materials is true. Unset or null is
1889
+ # equivalent to empty.
1890
+ # Corresponds to the JSON property `materials`
1891
+ # @return [Array<String>]
1892
+ attr_accessor :materials
1893
+
1894
+ # Other properties of the build.
1895
+ # Corresponds to the JSON property `metadata`
1896
+ # @return [Google::Apis::ContaineranalysisV1::Metadata]
1897
+ attr_accessor :metadata
1898
+
1899
+ # Steps taken to build the artifact. For a TaskRun, typically each container
1900
+ # corresponds to one step in the recipe.
1901
+ # Corresponds to the JSON property `recipe`
1902
+ # @return [Google::Apis::ContaineranalysisV1::Recipe]
1903
+ attr_accessor :recipe
1904
+
1905
+ def initialize(**args)
1906
+ update!(**args)
1907
+ end
1908
+
1909
+ # Update properties of this object
1910
+ def update!(**args)
1911
+ @builder_config = args[:builder_config] if args.key?(:builder_config)
1912
+ @materials = args[:materials] if args.key?(:materials)
1913
+ @metadata = args[:metadata] if args.key?(:metadata)
1914
+ @recipe = args[:recipe] if args.key?(:recipe)
1915
+ end
1916
+ end
1917
+
1918
+ # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#
1919
+ # statement The serialized InTotoStatement will be stored as Envelope.payload.
1920
+ # Envelope.payloadType is always "application/vnd.in-toto+json".
1921
+ class InTotoStatement
1922
+ include Google::Apis::Core::Hashable
1923
+
1924
+ # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
1925
+ # Corresponds to the JSON property `predicateType`
1926
+ # @return [String]
1927
+ attr_accessor :predicate_type
1928
+
1929
+ #
1930
+ # Corresponds to the JSON property `provenance`
1931
+ # @return [Google::Apis::ContaineranalysisV1::InTotoProvenance]
1932
+ attr_accessor :provenance
1933
+
1934
+ #
1935
+ # Corresponds to the JSON property `subject`
1936
+ # @return [Array<Google::Apis::ContaineranalysisV1::Subject>]
1937
+ attr_accessor :subject
1938
+
1939
+ # Always "https://in-toto.io/Statement/v0.1".
1940
+ # Corresponds to the JSON property `type`
1941
+ # @return [String]
1942
+ attr_accessor :type
1943
+
1944
+ def initialize(**args)
1945
+ update!(**args)
1946
+ end
1947
+
1948
+ # Update properties of this object
1949
+ def update!(**args)
1950
+ @predicate_type = args[:predicate_type] if args.key?(:predicate_type)
1951
+ @provenance = args[:provenance] if args.key?(:provenance)
1952
+ @subject = args[:subject] if args.key?(:subject)
1953
+ @type = args[:type] if args.key?(:type)
1954
+ end
1955
+ end
1956
+
1957
+ #
1958
+ class Jwt
1959
+ include Google::Apis::Core::Hashable
1960
+
1961
+ # The compact encoding of a JWS, which is always three base64 encoded strings
1962
+ # joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#
1963
+ # section-3.1
1964
+ # Corresponds to the JSON property `compactJwt`
1965
+ # @return [String]
1966
+ attr_accessor :compact_jwt
1967
+
1968
+ def initialize(**args)
1969
+ update!(**args)
1970
+ end
1971
+
1972
+ # Update properties of this object
1973
+ def update!(**args)
1974
+ @compact_jwt = args[:compact_jwt] if args.key?(:compact_jwt)
1975
+ end
1976
+ end
1977
+
1978
+ #
1979
+ class KnowledgeBase
1980
+ include Google::Apis::Core::Hashable
1981
+
1982
+ # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
1983
+ # Corresponds to the JSON property `name`
1984
+ # @return [String]
1985
+ attr_accessor :name
1986
+
1987
+ # A link to the KB in the [Windows update catalog] (https://www.catalog.update.
1988
+ # microsoft.com/).
1989
+ # Corresponds to the JSON property `url`
1990
+ # @return [String]
1991
+ attr_accessor :url
1992
+
1993
+ def initialize(**args)
1994
+ update!(**args)
1995
+ end
1996
+
1997
+ # Update properties of this object
1998
+ def update!(**args)
1999
+ @name = args[:name] if args.key?(:name)
2000
+ @url = args[:url] if args.key?(:url)
2001
+ end
2002
+ end
2003
+
2004
+ # Layer holds metadata specific to a layer of a Docker image.
2005
+ class Layer
2006
+ include Google::Apis::Core::Hashable
2007
+
2008
+ # The recovered arguments to the Dockerfile directive.
2009
+ # Corresponds to the JSON property `arguments`
2010
+ # @return [String]
2011
+ attr_accessor :arguments
2012
+
2013
+ # Required. The recovered Dockerfile directive used to construct this layer. See
2014
+ # https://docs.docker.com/engine/reference/builder/ for more information.
2015
+ # Corresponds to the JSON property `directive`
2016
+ # @return [String]
2017
+ attr_accessor :directive
2018
+
2019
+ def initialize(**args)
2020
+ update!(**args)
2021
+ end
2022
+
2023
+ # Update properties of this object
2024
+ def update!(**args)
2025
+ @arguments = args[:arguments] if args.key?(:arguments)
2026
+ @directive = args[:directive] if args.key?(:directive)
2027
+ end
2028
+ end
2029
+
2030
+ # Response for listing occurrences for a note.
2031
+ class ListNoteOccurrencesResponse
2032
+ include Google::Apis::Core::Hashable
2033
+
2034
+ # Token to provide to skip to a particular spot in the list.
2035
+ # Corresponds to the JSON property `nextPageToken`
2036
+ # @return [String]
2037
+ attr_accessor :next_page_token
2038
+
2039
+ # The occurrences attached to the specified note.
2040
+ # Corresponds to the JSON property `occurrences`
2041
+ # @return [Array<Google::Apis::ContaineranalysisV1::Occurrence>]
2042
+ attr_accessor :occurrences
2043
+
2044
+ def initialize(**args)
2045
+ update!(**args)
2046
+ end
2047
+
2048
+ # Update properties of this object
2049
+ def update!(**args)
2050
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2051
+ @occurrences = args[:occurrences] if args.key?(:occurrences)
2052
+ end
2053
+ end
2054
+
2055
+ # Response for listing notes.
2056
+ class ListNotesResponse
2057
+ include Google::Apis::Core::Hashable
2058
+
2059
+ # The next pagination token in the list response. It should be used as `
2060
+ # page_token` for the following request. An empty value means no more results.
2061
+ # Corresponds to the JSON property `nextPageToken`
2062
+ # @return [String]
2063
+ attr_accessor :next_page_token
2064
+
2065
+ # The notes requested.
2066
+ # Corresponds to the JSON property `notes`
2067
+ # @return [Array<Google::Apis::ContaineranalysisV1::Note>]
2068
+ attr_accessor :notes
2069
+
2070
+ def initialize(**args)
2071
+ update!(**args)
2072
+ end
2073
+
2074
+ # Update properties of this object
2075
+ def update!(**args)
2076
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2077
+ @notes = args[:notes] if args.key?(:notes)
2078
+ end
2079
+ end
2080
+
2081
+ # Response for listing occurrences.
2082
+ class ListOccurrencesResponse
2083
+ include Google::Apis::Core::Hashable
2084
+
2085
+ # The next pagination token in the list response. It should be used as `
2086
+ # page_token` for the following request. An empty value means no more results.
2087
+ # Corresponds to the JSON property `nextPageToken`
2088
+ # @return [String]
2089
+ attr_accessor :next_page_token
2090
+
2091
+ # The occurrences requested.
2092
+ # Corresponds to the JSON property `occurrences`
2093
+ # @return [Array<Google::Apis::ContaineranalysisV1::Occurrence>]
2094
+ attr_accessor :occurrences
2095
+
2096
+ def initialize(**args)
2097
+ update!(**args)
2098
+ end
2099
+
2100
+ # Update properties of this object
2101
+ def update!(**args)
2102
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2103
+ @occurrences = args[:occurrences] if args.key?(:occurrences)
2104
+ end
2105
+ end
2106
+
2107
+ # The response message for Operations.ListOperations.
2108
+ class ListOperationsResponse
2109
+ include Google::Apis::Core::Hashable
2110
+
2111
+ # The standard List next-page token.
2112
+ # Corresponds to the JSON property `nextPageToken`
2113
+ # @return [String]
2114
+ attr_accessor :next_page_token
2115
+
2116
+ # A list of operations that matches the specified filter in the request.
2117
+ # Corresponds to the JSON property `operations`
2118
+ # @return [Array<Google::Apis::ContaineranalysisV1::Operation>]
2119
+ attr_accessor :operations
2120
+
2121
+ def initialize(**args)
2122
+ update!(**args)
2123
+ end
2124
+
2125
+ # Update properties of this object
2126
+ def update!(**args)
2127
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2128
+ @operations = args[:operations] if args.key?(:operations)
2129
+ end
2130
+ end
2131
+
2132
+ # An occurrence of a particular package installation found within a system's
2133
+ # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
2134
+ class Location
2135
+ include Google::Apis::Core::Hashable
2136
+
2137
+ # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
2138
+ # denoting the package manager version distributing a package.
2139
+ # Corresponds to the JSON property `cpeUri`
2140
+ # @return [String]
2141
+ attr_accessor :cpe_uri
2142
+
2143
+ # The path from which we gathered that this package/version is installed.
2144
+ # Corresponds to the JSON property `path`
2145
+ # @return [String]
2146
+ attr_accessor :path
2147
+
2148
+ # Version contains structured information about the version of a package.
2149
+ # Corresponds to the JSON property `version`
2150
+ # @return [Google::Apis::ContaineranalysisV1::Version]
2151
+ attr_accessor :version
2152
+
2153
+ def initialize(**args)
2154
+ update!(**args)
2155
+ end
2156
+
2157
+ # Update properties of this object
2158
+ def update!(**args)
2159
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
2160
+ @path = args[:path] if args.key?(:path)
2161
+ @version = args[:version] if args.key?(:version)
2162
+ end
2163
+ end
2164
+
2165
+ # Other properties of the build.
2166
+ class Metadata
2167
+ include Google::Apis::Core::Hashable
2168
+
2169
+ # The timestamp of when the build completed.
2170
+ # Corresponds to the JSON property `buildFinishedOn`
2171
+ # @return [String]
2172
+ attr_accessor :build_finished_on
2173
+
2174
+ # Identifies the particular build invocation, which can be useful for finding
2175
+ # associated logs or other ad-hoc analysis. The value SHOULD be globally unique,
2176
+ # per in-toto Provenance spec.
2177
+ # Corresponds to the JSON property `buildInvocationId`
2178
+ # @return [String]
2179
+ attr_accessor :build_invocation_id
2180
+
2181
+ # The timestamp of when the build started.
2182
+ # Corresponds to the JSON property `buildStartedOn`
2183
+ # @return [String]
2184
+ attr_accessor :build_started_on
2185
+
2186
+ # Indicates that the builder claims certain fields in this message to be
2187
+ # complete.
2188
+ # Corresponds to the JSON property `completeness`
2189
+ # @return [Google::Apis::ContaineranalysisV1::Completeness]
2190
+ attr_accessor :completeness
2191
+
2192
+ # If true, the builder claims that running the recipe on materials will produce
2193
+ # bit-for-bit identical output.
2194
+ # Corresponds to the JSON property `reproducible`
2195
+ # @return [Boolean]
2196
+ attr_accessor :reproducible
2197
+ alias_method :reproducible?, :reproducible
2198
+
2199
+ def initialize(**args)
2200
+ update!(**args)
2201
+ end
2202
+
2203
+ # Update properties of this object
2204
+ def update!(**args)
2205
+ @build_finished_on = args[:build_finished_on] if args.key?(:build_finished_on)
2206
+ @build_invocation_id = args[:build_invocation_id] if args.key?(:build_invocation_id)
2207
+ @build_started_on = args[:build_started_on] if args.key?(:build_started_on)
2208
+ @completeness = args[:completeness] if args.key?(:completeness)
2209
+ @reproducible = args[:reproducible] if args.key?(:reproducible)
2210
+ end
2211
+ end
2212
+
2213
+ # Details about files that caused a compliance check to fail.
2214
+ class NonCompliantFile
2215
+ include Google::Apis::Core::Hashable
2216
+
2217
+ # Command to display the non-compliant files.
2218
+ # Corresponds to the JSON property `displayCommand`
2219
+ # @return [String]
2220
+ attr_accessor :display_command
2221
+
2222
+ # display_command is a single command that can be used to display a list of non
2223
+ # compliant files. When there is no such command, we can also iterate a list of
2224
+ # non compliant file using 'path'. Empty if `display_command` is set.
2225
+ # Corresponds to the JSON property `path`
2226
+ # @return [String]
2227
+ attr_accessor :path
2228
+
2229
+ # Explains why a file is non compliant for a CIS check.
2230
+ # Corresponds to the JSON property `reason`
2231
+ # @return [String]
2232
+ attr_accessor :reason
2233
+
2234
+ def initialize(**args)
2235
+ update!(**args)
2236
+ end
2237
+
2238
+ # Update properties of this object
2239
+ def update!(**args)
2240
+ @display_command = args[:display_command] if args.key?(:display_command)
2241
+ @path = args[:path] if args.key?(:path)
2242
+ @reason = args[:reason] if args.key?(:reason)
2243
+ end
2244
+ end
2245
+
2246
+ # A type of analysis that can be done for a resource.
2247
+ class Note
2248
+ include Google::Apis::Core::Hashable
2249
+
2250
+ # Note kind that represents a logical attestation "role" or "authority". For
2251
+ # example, an organization might have one `Authority` for "QA" and one for "
2252
+ # build". This note is intended to act strictly as a grouping mechanism for the
2253
+ # attached occurrences (Attestations). This grouping mechanism also provides a
2254
+ # security boundary, since IAM ACLs gate the ability for a principle to attach
2255
+ # an occurrence to a given note. It also provides a single point of lookup to
2256
+ # find all attached attestation occurrences, even if they don't all live in the
2257
+ # same project.
2258
+ # Corresponds to the JSON property `attestation`
2259
+ # @return [Google::Apis::ContaineranalysisV1::AttestationNote]
2260
+ attr_accessor :attestation
2261
+
2262
+ # Note holding the version of the provider's builder and the signature of the
2263
+ # provenance message in the build details occurrence.
2264
+ # Corresponds to the JSON property `build`
2265
+ # @return [Google::Apis::ContaineranalysisV1::BuildNote]
2266
+ attr_accessor :build
2267
+
2268
+ # A note describing a compliance check.
2269
+ # Corresponds to the JSON property `compliance`
2270
+ # @return [Google::Apis::ContaineranalysisV1::ComplianceNote]
2271
+ attr_accessor :compliance
2272
+
2273
+ # Output only. The time this note was created. This field can be used as a
2274
+ # filter in list requests.
2275
+ # Corresponds to the JSON property `createTime`
2276
+ # @return [String]
2277
+ attr_accessor :create_time
2278
+
2279
+ # An artifact that can be deployed in some runtime.
2280
+ # Corresponds to the JSON property `deployment`
2281
+ # @return [Google::Apis::ContaineranalysisV1::DeploymentNote]
2282
+ attr_accessor :deployment
2283
+
2284
+ # A note that indicates a type of analysis a provider would perform. This note
2285
+ # exists in a provider's project. A `Discovery` occurrence is created in a
2286
+ # consumer's project at the start of analysis.
2287
+ # Corresponds to the JSON property `discovery`
2288
+ # @return [Google::Apis::ContaineranalysisV1::DiscoveryNote]
2289
+ attr_accessor :discovery
2290
+
2291
+ # A note describing a dsse attestation note.
2292
+ # Corresponds to the JSON property `dsseAttestation`
2293
+ # @return [Google::Apis::ContaineranalysisV1::DsseAttestationNote]
2294
+ attr_accessor :dsse_attestation
2295
+
2296
+ # Time of expiration for this note. Empty if note does not expire.
2297
+ # Corresponds to the JSON property `expirationTime`
2298
+ # @return [String]
2299
+ attr_accessor :expiration_time
2300
+
2301
+ # Basis describes the base image portion (Note) of the DockerImage relationship.
2302
+ # Linked occurrences are derived from this or an equivalent image via: FROM Or
2303
+ # an equivalent reference, e.g., a tag of the resource_url.
2304
+ # Corresponds to the JSON property `image`
2305
+ # @return [Google::Apis::ContaineranalysisV1::ImageNote]
2306
+ attr_accessor :image
2307
+
2308
+ # Output only. The type of analysis. This field can be used as a filter in list
2309
+ # requests.
2310
+ # Corresponds to the JSON property `kind`
2311
+ # @return [String]
2312
+ attr_accessor :kind
2313
+
2314
+ # A detailed description of this note.
2315
+ # Corresponds to the JSON property `longDescription`
2316
+ # @return [String]
2317
+ attr_accessor :long_description
2318
+
2319
+ # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/
2320
+ # [NOTE_ID]`.
2321
+ # Corresponds to the JSON property `name`
2322
+ # @return [String]
2323
+ attr_accessor :name
2324
+
2325
+ # This represents a particular package that is distributed over various channels.
2326
+ # E.g., glibc (aka libc6) is distributed by many, at various versions.
2327
+ # Corresponds to the JSON property `package`
2328
+ # @return [Google::Apis::ContaineranalysisV1::PackageNote]
2329
+ attr_accessor :package
2330
+
2331
+ # Other notes related to this note.
2332
+ # Corresponds to the JSON property `relatedNoteNames`
2333
+ # @return [Array<String>]
2334
+ attr_accessor :related_note_names
2335
+
2336
+ # URLs associated with this note.
2337
+ # Corresponds to the JSON property `relatedUrl`
2338
+ # @return [Array<Google::Apis::ContaineranalysisV1::RelatedUrl>]
2339
+ attr_accessor :related_url
2340
+
2341
+ # A one sentence description of this note.
2342
+ # Corresponds to the JSON property `shortDescription`
2343
+ # @return [String]
2344
+ attr_accessor :short_description
2345
+
2346
+ # Output only. The time this note was last updated. This field can be used as a
2347
+ # filter in list requests.
2348
+ # Corresponds to the JSON property `updateTime`
2349
+ # @return [String]
2350
+ attr_accessor :update_time
2351
+
2352
+ # An Upgrade Note represents a potential upgrade of a package to a given version.
2353
+ # For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2),
2354
+ # there will be an Upgrade Note. For Windows, windows_update field represents
2355
+ # the information related to the update.
2356
+ # Corresponds to the JSON property `upgrade`
2357
+ # @return [Google::Apis::ContaineranalysisV1::UpgradeNote]
2358
+ attr_accessor :upgrade
2359
+
2360
+ # A security vulnerability that can be found in resources.
2361
+ # Corresponds to the JSON property `vulnerability`
2362
+ # @return [Google::Apis::ContaineranalysisV1::VulnerabilityNote]
2363
+ attr_accessor :vulnerability
2364
+
2365
+ def initialize(**args)
2366
+ update!(**args)
2367
+ end
2368
+
2369
+ # Update properties of this object
2370
+ def update!(**args)
2371
+ @attestation = args[:attestation] if args.key?(:attestation)
2372
+ @build = args[:build] if args.key?(:build)
2373
+ @compliance = args[:compliance] if args.key?(:compliance)
2374
+ @create_time = args[:create_time] if args.key?(:create_time)
2375
+ @deployment = args[:deployment] if args.key?(:deployment)
2376
+ @discovery = args[:discovery] if args.key?(:discovery)
2377
+ @dsse_attestation = args[:dsse_attestation] if args.key?(:dsse_attestation)
2378
+ @expiration_time = args[:expiration_time] if args.key?(:expiration_time)
2379
+ @image = args[:image] if args.key?(:image)
2380
+ @kind = args[:kind] if args.key?(:kind)
2381
+ @long_description = args[:long_description] if args.key?(:long_description)
2382
+ @name = args[:name] if args.key?(:name)
2383
+ @package = args[:package] if args.key?(:package)
2384
+ @related_note_names = args[:related_note_names] if args.key?(:related_note_names)
2385
+ @related_url = args[:related_url] if args.key?(:related_url)
2386
+ @short_description = args[:short_description] if args.key?(:short_description)
2387
+ @update_time = args[:update_time] if args.key?(:update_time)
2388
+ @upgrade = args[:upgrade] if args.key?(:upgrade)
2389
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
2390
+ end
2391
+ end
2392
+
2393
+ # An instance of an analysis type that has been found on a resource.
2394
+ class Occurrence
2395
+ include Google::Apis::Core::Hashable
2396
+
2397
+ # Occurrence that represents a single "attestation". The authenticity of an
2398
+ # attestation can be verified using the attached signature. If the verifier
2399
+ # trusts the public key of the signer, then verifying the signature is
2400
+ # sufficient to establish trust. In this circumstance, the authority to which
2401
+ # this attestation is attached is primarily useful for lookup (how to find this
2402
+ # attestation if you already know the authority and artifact to be verified) and
2403
+ # intent (for which authority this attestation was intended to sign.
2404
+ # Corresponds to the JSON property `attestation`
2405
+ # @return [Google::Apis::ContaineranalysisV1::AttestationOccurrence]
2406
+ attr_accessor :attestation
2407
+
2408
+ # Details of a build occurrence.
2409
+ # Corresponds to the JSON property `build`
2410
+ # @return [Google::Apis::ContaineranalysisV1::BuildOccurrence]
2411
+ attr_accessor :build
2412
+
2413
+ # An indication that the compliance checks in the associated ComplianceNote were
2414
+ # not satisfied for particular resources or a specified reason.
2415
+ # Corresponds to the JSON property `compliance`
2416
+ # @return [Google::Apis::ContaineranalysisV1::ComplianceOccurrence]
2417
+ attr_accessor :compliance
2418
+
2419
+ # Output only. The time this occurrence was created.
2420
+ # Corresponds to the JSON property `createTime`
2421
+ # @return [String]
2422
+ attr_accessor :create_time
2423
+
2424
+ # The period during which some deployable was active in a runtime.
2425
+ # Corresponds to the JSON property `deployment`
2426
+ # @return [Google::Apis::ContaineranalysisV1::DeploymentOccurrence]
2427
+ attr_accessor :deployment
2428
+
2429
+ # Provides information about the analysis status of a discovered resource.
2430
+ # Corresponds to the JSON property `discovery`
2431
+ # @return [Google::Apis::ContaineranalysisV1::DiscoveryOccurrence]
2432
+ attr_accessor :discovery
2433
+
2434
+ # Describes an attestation of an artifact using dsse.
2435
+ # Corresponds to the JSON property `dsseAttestation`
2436
+ # @return [Google::Apis::ContaineranalysisV1::DsseAttestationOccurrence]
2437
+ attr_accessor :dsse_attestation
2438
+
2439
+ # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
2440
+ # proto. An authenticated message of arbitrary type.
2441
+ # Corresponds to the JSON property `envelope`
2442
+ # @return [Google::Apis::ContaineranalysisV1::Envelope]
2443
+ attr_accessor :envelope
2444
+
2445
+ # Details of the derived image portion of the DockerImage relationship. This
2446
+ # image would be produced from a Dockerfile with FROM .
2447
+ # Corresponds to the JSON property `image`
2448
+ # @return [Google::Apis::ContaineranalysisV1::ImageOccurrence]
2449
+ attr_accessor :image
2450
+
2451
+ # Output only. This explicitly denotes which of the occurrence details are
2452
+ # specified. This field can be used as a filter in list requests.
2453
+ # Corresponds to the JSON property `kind`
2454
+ # @return [String]
2455
+ attr_accessor :kind
2456
+
2457
+ # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/
2458
+ # occurrences/[OCCURRENCE_ID]`.
2459
+ # Corresponds to the JSON property `name`
2460
+ # @return [String]
2461
+ attr_accessor :name
2462
+
2463
+ # Required. Immutable. The analysis note associated with this occurrence, in the
2464
+ # form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a
2465
+ # filter in list requests.
2466
+ # Corresponds to the JSON property `noteName`
2467
+ # @return [String]
2468
+ attr_accessor :note_name
2469
+
2470
+ # Details on how a particular software package was installed on a system.
2471
+ # Corresponds to the JSON property `package`
2472
+ # @return [Google::Apis::ContaineranalysisV1::PackageOccurrence]
2473
+ attr_accessor :package
2474
+
2475
+ # A description of actions that can be taken to remedy the note.
2476
+ # Corresponds to the JSON property `remediation`
2477
+ # @return [String]
2478
+ attr_accessor :remediation
2479
+
2480
+ # Required. Immutable. A URI that represents the resource for which the
2481
+ # occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc`
2482
+ # for a Docker image.
2483
+ # Corresponds to the JSON property `resourceUri`
2484
+ # @return [String]
2485
+ attr_accessor :resource_uri
2486
+
2487
+ # Output only. The time this occurrence was last updated.
2488
+ # Corresponds to the JSON property `updateTime`
2489
+ # @return [String]
2490
+ attr_accessor :update_time
2491
+
2492
+ # An Upgrade Occurrence represents that a specific resource_url could install a
2493
+ # specific upgrade. This presence is supplied via local sources (i.e. it is
2494
+ # present in the mirror and the running system has noticed its availability).
2495
+ # For Windows, both distribution and windows_update contain information for the
2496
+ # Windows update.
2497
+ # Corresponds to the JSON property `upgrade`
2498
+ # @return [Google::Apis::ContaineranalysisV1::UpgradeOccurrence]
2499
+ attr_accessor :upgrade
2500
+
2501
+ # An occurrence of a severity vulnerability on a resource.
2502
+ # Corresponds to the JSON property `vulnerability`
2503
+ # @return [Google::Apis::ContaineranalysisV1::VulnerabilityOccurrence]
2504
+ attr_accessor :vulnerability
2505
+
2506
+ def initialize(**args)
2507
+ update!(**args)
2508
+ end
2509
+
2510
+ # Update properties of this object
2511
+ def update!(**args)
2512
+ @attestation = args[:attestation] if args.key?(:attestation)
2513
+ @build = args[:build] if args.key?(:build)
2514
+ @compliance = args[:compliance] if args.key?(:compliance)
2515
+ @create_time = args[:create_time] if args.key?(:create_time)
2516
+ @deployment = args[:deployment] if args.key?(:deployment)
2517
+ @discovery = args[:discovery] if args.key?(:discovery)
2518
+ @dsse_attestation = args[:dsse_attestation] if args.key?(:dsse_attestation)
2519
+ @envelope = args[:envelope] if args.key?(:envelope)
2520
+ @image = args[:image] if args.key?(:image)
2521
+ @kind = args[:kind] if args.key?(:kind)
2522
+ @name = args[:name] if args.key?(:name)
2523
+ @note_name = args[:note_name] if args.key?(:note_name)
2524
+ @package = args[:package] if args.key?(:package)
2525
+ @remediation = args[:remediation] if args.key?(:remediation)
2526
+ @resource_uri = args[:resource_uri] if args.key?(:resource_uri)
2527
+ @update_time = args[:update_time] if args.key?(:update_time)
2528
+ @upgrade = args[:upgrade] if args.key?(:upgrade)
2529
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
2530
+ end
2531
+ end
2532
+
2533
+ # This resource represents a long-running operation that is the result of a
2534
+ # network API call.
2535
+ class Operation
2536
+ include Google::Apis::Core::Hashable
2537
+
2538
+ # If the value is `false`, it means the operation is still in progress. If `true`
2539
+ # , the operation is completed, and either `error` or `response` is available.
2540
+ # Corresponds to the JSON property `done`
2541
+ # @return [Boolean]
2542
+ attr_accessor :done
2543
+ alias_method :done?, :done
2544
+
2545
+ # The `Status` type defines a logical error model that is suitable for different
2546
+ # programming environments, including REST APIs and RPC APIs. It is used by [
2547
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
2548
+ # data: error code, error message, and error details. You can find out more
2549
+ # about this error model and how to work with it in the [API Design Guide](https:
2550
+ # //cloud.google.com/apis/design/errors).
2551
+ # Corresponds to the JSON property `error`
2552
+ # @return [Google::Apis::ContaineranalysisV1::Status]
2553
+ attr_accessor :error
2554
+
2555
+ # Service-specific metadata associated with the operation. It typically contains
2556
+ # progress information and common metadata such as create time. Some services
2557
+ # might not provide such metadata. Any method that returns a long-running
2558
+ # operation should document the metadata type, if any.
2559
+ # Corresponds to the JSON property `metadata`
2560
+ # @return [Hash<String,Object>]
2561
+ attr_accessor :metadata
2562
+
2563
+ # The server-assigned name, which is only unique within the same service that
2564
+ # originally returns it. If you use the default HTTP mapping, the `name` should
2565
+ # be a resource name ending with `operations/`unique_id``.
2566
+ # Corresponds to the JSON property `name`
2567
+ # @return [String]
2568
+ attr_accessor :name
2569
+
2570
+ # The normal response of the operation in case of success. If the original
2571
+ # method returns no data on success, such as `Delete`, the response is `google.
2572
+ # protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`,
2573
+ # the response should be the resource. For other methods, the response should
2574
+ # have the type `XxxResponse`, where `Xxx` is the original method name. For
2575
+ # example, if the original method name is `TakeSnapshot()`, the inferred
2576
+ # response type is `TakeSnapshotResponse`.
2577
+ # Corresponds to the JSON property `response`
2578
+ # @return [Hash<String,Object>]
2579
+ attr_accessor :response
2580
+
2581
+ def initialize(**args)
2582
+ update!(**args)
2583
+ end
2584
+
2585
+ # Update properties of this object
2586
+ def update!(**args)
2587
+ @done = args[:done] if args.key?(:done)
2588
+ @error = args[:error] if args.key?(:error)
2589
+ @metadata = args[:metadata] if args.key?(:metadata)
2590
+ @name = args[:name] if args.key?(:name)
2591
+ @response = args[:response] if args.key?(:response)
2592
+ end
2593
+ end
2594
+
2595
+ # A detail for a distro and package this vulnerability occurrence was found in
2596
+ # and its associated fix (if one is available).
2597
+ class PackageIssue
2598
+ include Google::Apis::Core::Hashable
2599
+
2600
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
2601
+ # vulnerability was found in.
2602
+ # Corresponds to the JSON property `affectedCpeUri`
2603
+ # @return [String]
2604
+ attr_accessor :affected_cpe_uri
2605
+
2606
+ # Required. The package this vulnerability was found in.
2607
+ # Corresponds to the JSON property `affectedPackage`
2608
+ # @return [String]
2609
+ attr_accessor :affected_package
2610
+
2611
+ # Version contains structured information about the version of a package.
2612
+ # Corresponds to the JSON property `affectedVersion`
2613
+ # @return [Google::Apis::ContaineranalysisV1::Version]
2614
+ attr_accessor :affected_version
2615
+
2616
+ # Output only. The distro or language system assigned severity for this
2617
+ # vulnerability when that is available and note provider assigned severity when
2618
+ # it is not available.
2619
+ # Corresponds to the JSON property `effectiveSeverity`
2620
+ # @return [String]
2621
+ attr_accessor :effective_severity
2622
+
2623
+ # Output only. Whether a fix is available for this package.
2624
+ # Corresponds to the JSON property `fixAvailable`
2625
+ # @return [Boolean]
2626
+ attr_accessor :fix_available
2627
+ alias_method :fix_available?, :fix_available
2628
+
2629
+ # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was
2630
+ # fixed in. It is possible for this to be different from the affected_cpe_uri.
2631
+ # Corresponds to the JSON property `fixedCpeUri`
2632
+ # @return [String]
2633
+ attr_accessor :fixed_cpe_uri
2634
+
2635
+ # The package this vulnerability was fixed in. It is possible for this to be
2636
+ # different from the affected_package.
2637
+ # Corresponds to the JSON property `fixedPackage`
2638
+ # @return [String]
2639
+ attr_accessor :fixed_package
2640
+
2641
+ # Version contains structured information about the version of a package.
2642
+ # Corresponds to the JSON property `fixedVersion`
2643
+ # @return [Google::Apis::ContaineranalysisV1::Version]
2644
+ attr_accessor :fixed_version
2645
+
2646
+ # The type of package (e.g. OS, MAVEN, GO).
2647
+ # Corresponds to the JSON property `packageType`
2648
+ # @return [String]
2649
+ attr_accessor :package_type
2650
+
2651
+ def initialize(**args)
2652
+ update!(**args)
2653
+ end
2654
+
2655
+ # Update properties of this object
2656
+ def update!(**args)
2657
+ @affected_cpe_uri = args[:affected_cpe_uri] if args.key?(:affected_cpe_uri)
2658
+ @affected_package = args[:affected_package] if args.key?(:affected_package)
2659
+ @affected_version = args[:affected_version] if args.key?(:affected_version)
2660
+ @effective_severity = args[:effective_severity] if args.key?(:effective_severity)
2661
+ @fix_available = args[:fix_available] if args.key?(:fix_available)
2662
+ @fixed_cpe_uri = args[:fixed_cpe_uri] if args.key?(:fixed_cpe_uri)
2663
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
2664
+ @fixed_version = args[:fixed_version] if args.key?(:fixed_version)
2665
+ @package_type = args[:package_type] if args.key?(:package_type)
2666
+ end
2667
+ end
2668
+
2669
+ # This represents a particular package that is distributed over various channels.
2670
+ # E.g., glibc (aka libc6) is distributed by many, at various versions.
2671
+ class PackageNote
2672
+ include Google::Apis::Core::Hashable
2673
+
2674
+ # The various channels by which a package is distributed.
2675
+ # Corresponds to the JSON property `distribution`
2676
+ # @return [Array<Google::Apis::ContaineranalysisV1::Distribution>]
2677
+ attr_accessor :distribution
2678
+
2679
+ # Required. Immutable. The name of the package.
2680
+ # Corresponds to the JSON property `name`
2681
+ # @return [String]
2682
+ attr_accessor :name
2683
+
2684
+ def initialize(**args)
2685
+ update!(**args)
2686
+ end
2687
+
2688
+ # Update properties of this object
2689
+ def update!(**args)
2690
+ @distribution = args[:distribution] if args.key?(:distribution)
2691
+ @name = args[:name] if args.key?(:name)
2692
+ end
2693
+ end
2694
+
2695
+ # Details on how a particular software package was installed on a system.
2696
+ class PackageOccurrence
2697
+ include Google::Apis::Core::Hashable
2698
+
2699
+ # Required. All of the places within the filesystem versions of this package
2700
+ # have been found.
2701
+ # Corresponds to the JSON property `location`
2702
+ # @return [Array<Google::Apis::ContaineranalysisV1::Location>]
2703
+ attr_accessor :location
2704
+
2705
+ # Output only. The name of the installed package.
2706
+ # Corresponds to the JSON property `name`
2707
+ # @return [String]
2708
+ attr_accessor :name
2709
+
2710
+ def initialize(**args)
2711
+ update!(**args)
2712
+ end
2713
+
2714
+ # Update properties of this object
2715
+ def update!(**args)
2716
+ @location = args[:location] if args.key?(:location)
2717
+ @name = args[:name] if args.key?(:name)
2718
+ end
2719
+ end
2720
+
2721
+ # An Identity and Access Management (IAM) policy, which specifies access
2722
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
2723
+ # A `binding` binds one or more `members`, or principals, to a single `role`.
2724
+ # Principals can be user accounts, service accounts, Google groups, and domains (
2725
+ # such as G Suite). A `role` is a named list of permissions; each `role` can be
2726
+ # an IAM predefined role or a user-created custom role. For some types of Google
2727
+ # Cloud resources, a `binding` can also specify a `condition`, which is a
2728
+ # logical expression that allows access to a resource only if the expression
2729
+ # evaluates to `true`. A condition can add constraints based on attributes of
2730
+ # the request, the resource, or both. To learn which resources support
2731
+ # conditions in their IAM policies, see the [IAM documentation](https://cloud.
2732
+ # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
2733
+ # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
2734
+ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
2735
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
2736
+ # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
2737
+ # ], "condition": ` "title": "expirable access", "description": "Does not grant
2738
+ # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
2739
+ # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
2740
+ # bindings: - members: - user:mike@example.com - group:admins@example.com -
2741
+ # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
2742
+ # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
2743
+ # com role: roles/resourcemanager.organizationViewer condition: title: expirable
2744
+ # access description: Does not grant access after Sep 2020 expression: request.
2745
+ # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
2746
+ # a description of IAM and its features, see the [IAM documentation](https://
2747
+ # cloud.google.com/iam/docs/).
2748
+ class Policy
2749
+ include Google::Apis::Core::Hashable
2750
+
2751
+ # Associates a list of `members`, or principals, with a `role`. Optionally, may
2752
+ # specify a `condition` that determines how and when the `bindings` are applied.
2753
+ # Each of the `bindings` must contain at least one principal. The `bindings` in
2754
+ # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
2755
+ # can be Google groups. Each occurrence of a principal counts towards these
2756
+ # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
2757
+ # example.com`, and not to any other principal, then you can add another 1,450
2758
+ # principals to the `bindings` in the `Policy`.
2759
+ # Corresponds to the JSON property `bindings`
2760
+ # @return [Array<Google::Apis::ContaineranalysisV1::Binding>]
2761
+ attr_accessor :bindings
2762
+
2763
+ # `etag` is used for optimistic concurrency control as a way to help prevent
2764
+ # simultaneous updates of a policy from overwriting each other. It is strongly
2765
+ # suggested that systems make use of the `etag` in the read-modify-write cycle
2766
+ # to perform policy updates in order to avoid race conditions: An `etag` is
2767
+ # returned in the response to `getIamPolicy`, and systems are expected to put
2768
+ # that etag in the request to `setIamPolicy` to ensure that their change will be
2769
+ # applied to the same version of the policy. **Important:** If you use IAM
2770
+ # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
2771
+ # If you omit this field, then IAM allows you to overwrite a version `3` policy
2772
+ # with a version `1` policy, and all of the conditions in the version `3` policy
2773
+ # are lost.
2774
+ # Corresponds to the JSON property `etag`
2775
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
2776
+ # @return [String]
2777
+ attr_accessor :etag
2778
+
2779
+ # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
2780
+ # Requests that specify an invalid value are rejected. Any operation that
2781
+ # affects conditional role bindings must specify version `3`. This requirement
2782
+ # applies to the following operations: * Getting a policy that includes a
2783
+ # conditional role binding * Adding a conditional role binding to a policy *
2784
+ # Changing a conditional role binding in a policy * Removing any role binding,
2785
+ # with or without a condition, from a policy that includes conditions **
2786
+ # Important:** If you use IAM Conditions, you must include the `etag` field
2787
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
2788
+ # to overwrite a version `3` policy with a version `1` policy, and all of the
2789
+ # conditions in the version `3` policy are lost. If a policy does not include
2790
+ # any conditions, operations on that policy may specify any valid version or
2791
+ # leave the field unset. To learn which resources support conditions in their
2792
+ # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
2793
+ # conditions/resource-policies).
2794
+ # Corresponds to the JSON property `version`
2795
+ # @return [Fixnum]
2796
+ attr_accessor :version
2797
+
2798
+ def initialize(**args)
2799
+ update!(**args)
2800
+ end
2801
+
2802
+ # Update properties of this object
2803
+ def update!(**args)
2804
+ @bindings = args[:bindings] if args.key?(:bindings)
2805
+ @etag = args[:etag] if args.key?(:etag)
2806
+ @version = args[:version] if args.key?(:version)
2807
+ end
2808
+ end
2809
+
2810
+ # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31)
2811
+ # and a repo name within that project.
2812
+ class ProjectRepoId
2813
+ include Google::Apis::Core::Hashable
2814
+
2815
+ # The ID of the project.
2816
+ # Corresponds to the JSON property `projectId`
2817
+ # @return [String]
2818
+ attr_accessor :project_id
2819
+
2820
+ # The name of the repo. Leave empty for the default repo.
2821
+ # Corresponds to the JSON property `repoName`
2822
+ # @return [String]
2823
+ attr_accessor :repo_name
2824
+
2825
+ def initialize(**args)
2826
+ update!(**args)
2827
+ end
2828
+
2829
+ # Update properties of this object
2830
+ def update!(**args)
2831
+ @project_id = args[:project_id] if args.key?(:project_id)
2832
+ @repo_name = args[:repo_name] if args.key?(:repo_name)
2833
+ end
2834
+ end
2835
+
2836
+ # Steps taken to build the artifact. For a TaskRun, typically each container
2837
+ # corresponds to one step in the recipe.
2838
+ class Recipe
2839
+ include Google::Apis::Core::Hashable
2840
+
2841
+ # Collection of all external inputs that influenced the build on top of recipe.
2842
+ # definedInMaterial and recipe.entryPoint. For example, if the recipe type were "
2843
+ # make", then this might be the flags passed to make aside from the target,
2844
+ # which is captured in recipe.entryPoint. Since the arguments field can greatly
2845
+ # vary in structure, depending on the builder and recipe type, this is of form "
2846
+ # Any".
2847
+ # Corresponds to the JSON property `arguments`
2848
+ # @return [Array<Hash<String,Object>>]
2849
+ attr_accessor :arguments
2850
+
2851
+ # Index in materials containing the recipe steps that are not implied by recipe.
2852
+ # type. For example, if the recipe type were "make", then this would point to
2853
+ # the source containing the Makefile, not the make program itself. Set to -1 if
2854
+ # the recipe doesn't come from a material, as zero is default unset value for
2855
+ # int64.
2856
+ # Corresponds to the JSON property `definedInMaterial`
2857
+ # @return [Fixnum]
2858
+ attr_accessor :defined_in_material
2859
+
2860
+ # String identifying the entry point into the build. This is often a path to a
2861
+ # configuration file and/or a target label within that file. The syntax and
2862
+ # meaning are defined by recipe.type. For example, if the recipe type were "make"
2863
+ # , then this would reference the directory in which to run make as well as
2864
+ # which target to use.
2865
+ # Corresponds to the JSON property `entryPoint`
2866
+ # @return [String]
2867
+ attr_accessor :entry_point
2868
+
2869
+ # Any other builder-controlled inputs necessary for correctly evaluating the
2870
+ # recipe. Usually only needed for reproducing the build but not evaluated as
2871
+ # part of policy. Since the environment field can greatly vary in structure,
2872
+ # depending on the builder and recipe type, this is of form "Any".
2873
+ # Corresponds to the JSON property `environment`
2874
+ # @return [Array<Hash<String,Object>>]
2875
+ attr_accessor :environment
2876
+
2877
+ # URI indicating what type of recipe was performed. It determines the meaning of
2878
+ # recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
2879
+ # Corresponds to the JSON property `type`
2880
+ # @return [String]
2881
+ attr_accessor :type
2882
+
2883
+ def initialize(**args)
2884
+ update!(**args)
2885
+ end
2886
+
2887
+ # Update properties of this object
2888
+ def update!(**args)
2889
+ @arguments = args[:arguments] if args.key?(:arguments)
2890
+ @defined_in_material = args[:defined_in_material] if args.key?(:defined_in_material)
2891
+ @entry_point = args[:entry_point] if args.key?(:entry_point)
2892
+ @environment = args[:environment] if args.key?(:environment)
2893
+ @type = args[:type] if args.key?(:type)
2894
+ end
2895
+ end
2896
+
2897
+ # Metadata for any related URL information.
2898
+ class RelatedUrl
2899
+ include Google::Apis::Core::Hashable
2900
+
2901
+ # Label to describe usage of the URL.
2902
+ # Corresponds to the JSON property `label`
2903
+ # @return [String]
2904
+ attr_accessor :label
2905
+
2906
+ # Specific URL associated with the resource.
2907
+ # Corresponds to the JSON property `url`
2908
+ # @return [String]
2909
+ attr_accessor :url
2910
+
2911
+ def initialize(**args)
2912
+ update!(**args)
2913
+ end
2914
+
2915
+ # Update properties of this object
2916
+ def update!(**args)
2917
+ @label = args[:label] if args.key?(:label)
2918
+ @url = args[:url] if args.key?(:url)
2919
+ end
2920
+ end
2921
+
2922
+ # A unique identifier for a Cloud Repo.
2923
+ class RepoId
2924
+ include Google::Apis::Core::Hashable
2925
+
2926
+ # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31)
2927
+ # and a repo name within that project.
2928
+ # Corresponds to the JSON property `projectRepoId`
2929
+ # @return [Google::Apis::ContaineranalysisV1::ProjectRepoId]
2930
+ attr_accessor :project_repo_id
2931
+
2932
+ # A server-assigned, globally unique identifier.
2933
+ # Corresponds to the JSON property `uid`
2934
+ # @return [String]
2935
+ attr_accessor :uid
2936
+
2937
+ def initialize(**args)
2938
+ update!(**args)
2939
+ end
2940
+
2941
+ # Update properties of this object
2942
+ def update!(**args)
2943
+ @project_repo_id = args[:project_repo_id] if args.key?(:project_repo_id)
2944
+ @uid = args[:uid] if args.key?(:uid)
2945
+ end
2946
+ end
2947
+
2948
+ # Request message for `SetIamPolicy` method.
2949
+ class SetIamPolicyRequest
2950
+ include Google::Apis::Core::Hashable
2951
+
2952
+ # An Identity and Access Management (IAM) policy, which specifies access
2953
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
2954
+ # A `binding` binds one or more `members`, or principals, to a single `role`.
2955
+ # Principals can be user accounts, service accounts, Google groups, and domains (
2956
+ # such as G Suite). A `role` is a named list of permissions; each `role` can be
2957
+ # an IAM predefined role or a user-created custom role. For some types of Google
2958
+ # Cloud resources, a `binding` can also specify a `condition`, which is a
2959
+ # logical expression that allows access to a resource only if the expression
2960
+ # evaluates to `true`. A condition can add constraints based on attributes of
2961
+ # the request, the resource, or both. To learn which resources support
2962
+ # conditions in their IAM policies, see the [IAM documentation](https://cloud.
2963
+ # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
2964
+ # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
2965
+ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
2966
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
2967
+ # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
2968
+ # ], "condition": ` "title": "expirable access", "description": "Does not grant
2969
+ # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
2970
+ # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
2971
+ # bindings: - members: - user:mike@example.com - group:admins@example.com -
2972
+ # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
2973
+ # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
2974
+ # com role: roles/resourcemanager.organizationViewer condition: title: expirable
2975
+ # access description: Does not grant access after Sep 2020 expression: request.
2976
+ # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
2977
+ # a description of IAM and its features, see the [IAM documentation](https://
2978
+ # cloud.google.com/iam/docs/).
2979
+ # Corresponds to the JSON property `policy`
2980
+ # @return [Google::Apis::ContaineranalysisV1::Policy]
2981
+ attr_accessor :policy
2982
+
2983
+ def initialize(**args)
2984
+ update!(**args)
2985
+ end
2986
+
2987
+ # Update properties of this object
2988
+ def update!(**args)
2989
+ @policy = args[:policy] if args.key?(:policy)
2990
+ end
2991
+ end
2992
+
2993
+ # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to
2994
+ # the trust anchors defined in policy (e.g. a Kritis policy). Typically this
2995
+ # means that the verifier has been configured with a map from `public_key_id` to
2996
+ # public key material (and any required parameters, e.g. signing algorithm). In
2997
+ # particular, verification implementations MUST NOT treat the signature `
2998
+ # public_key_id` as anything more than a key lookup hint. The `public_key_id`
2999
+ # DOES NOT validate or authenticate a public key; it only provides a mechanism
3000
+ # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
3001
+ # a trusted channel. Verification implementations MUST reject signatures in any
3002
+ # of the following circumstances: * The `public_key_id` is not recognized by the
3003
+ # verifier. * The public key that `public_key_id` refers to does not verify the
3004
+ # signature with respect to the payload. The `signature` contents SHOULD NOT be "
3005
+ # attached" (where the payload is included with the serialized `signature` bytes)
3006
+ # . Verifiers MUST ignore any "attached" payload and only verify signatures with
3007
+ # respect to explicitly provided payload (e.g. a `payload` field on the proto
3008
+ # message that holds this Signature, or the canonical serialization of the proto
3009
+ # message that holds this signature).
3010
+ class Signature
3011
+ include Google::Apis::Core::Hashable
3012
+
3013
+ # The identifier for the public key that verifies this signature. * The `
3014
+ # public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986
3015
+ # conformant URI. * When possible, the `public_key_id` SHOULD be an immutable
3016
+ # reference, such as a cryptographic digest. Examples of valid `public_key_id`s:
3017
+ # OpenPGP V4 public key fingerprint: * "openpgp4fpr:
3018
+ # 74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/
3019
+ # uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-
3020
+ # named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;
3021
+ # cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;
3022
+ # 703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
3023
+ # Corresponds to the JSON property `publicKeyId`
3024
+ # @return [String]
3025
+ attr_accessor :public_key_id
3026
+
3027
+ # The content of the signature, an opaque bytestring. The payload that this
3028
+ # signature verifies MUST be unambiguously provided with the Signature during
3029
+ # verification. A wrapper message might provide the payload explicitly.
3030
+ # Alternatively, a message might have a canonical serialization that can always
3031
+ # be unambiguously computed to derive the payload.
3032
+ # Corresponds to the JSON property `signature`
3033
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
3034
+ # @return [String]
3035
+ attr_accessor :signature
3036
+
3037
+ def initialize(**args)
3038
+ update!(**args)
3039
+ end
3040
+
3041
+ # Update properties of this object
3042
+ def update!(**args)
3043
+ @public_key_id = args[:public_key_id] if args.key?(:public_key_id)
3044
+ @signature = args[:signature] if args.key?(:signature)
3045
+ end
3046
+ end
3047
+
3048
+ # Source describes the location of the source used for the build.
3049
+ class Source
3050
+ include Google::Apis::Core::Hashable
3051
+
3052
+ # If provided, some of the source code used for the build may be found in these
3053
+ # locations, in the case where the source repository had multiple remotes or
3054
+ # submodules. This list will not include the context specified in the context
3055
+ # field.
3056
+ # Corresponds to the JSON property `additionalContexts`
3057
+ # @return [Array<Google::Apis::ContaineranalysisV1::SourceContext>]
3058
+ attr_accessor :additional_contexts
3059
+
3060
+ # If provided, the input binary artifacts for the build came from this location.
3061
+ # Corresponds to the JSON property `artifactStorageSourceUri`
3062
+ # @return [String]
3063
+ attr_accessor :artifact_storage_source_uri
3064
+
3065
+ # A SourceContext is a reference to a tree of files. A SourceContext together
3066
+ # with a path point to a unique revision of a single file or directory.
3067
+ # Corresponds to the JSON property `context`
3068
+ # @return [Google::Apis::ContaineranalysisV1::SourceContext]
3069
+ attr_accessor :context
3070
+
3071
+ # Hash(es) of the build source, which can be used to verify that the original
3072
+ # source integrity was maintained in the build. The keys to this map are file
3073
+ # paths used as build source and the values contain the hash values for those
3074
+ # files. If the build source came in a single package such as a gzipped tarfile (
3075
+ # .tar.gz), the FileHash will be for the single path to that file.
3076
+ # Corresponds to the JSON property `fileHashes`
3077
+ # @return [Hash<String,Google::Apis::ContaineranalysisV1::FileHashes>]
3078
+ attr_accessor :file_hashes
3079
+
3080
+ def initialize(**args)
3081
+ update!(**args)
3082
+ end
3083
+
3084
+ # Update properties of this object
3085
+ def update!(**args)
3086
+ @additional_contexts = args[:additional_contexts] if args.key?(:additional_contexts)
3087
+ @artifact_storage_source_uri = args[:artifact_storage_source_uri] if args.key?(:artifact_storage_source_uri)
3088
+ @context = args[:context] if args.key?(:context)
3089
+ @file_hashes = args[:file_hashes] if args.key?(:file_hashes)
3090
+ end
3091
+ end
3092
+
3093
+ # A SourceContext is a reference to a tree of files. A SourceContext together
3094
+ # with a path point to a unique revision of a single file or directory.
3095
+ class SourceContext
3096
+ include Google::Apis::Core::Hashable
3097
+
3098
+ # A CloudRepoSourceContext denotes a particular revision in a Google Cloud
3099
+ # Source Repo.
3100
+ # Corresponds to the JSON property `cloudRepo`
3101
+ # @return [Google::Apis::ContaineranalysisV1::CloudRepoSourceContext]
3102
+ attr_accessor :cloud_repo
3103
+
3104
+ # A SourceContext referring to a Gerrit project.
3105
+ # Corresponds to the JSON property `gerrit`
3106
+ # @return [Google::Apis::ContaineranalysisV1::GerritSourceContext]
3107
+ attr_accessor :gerrit
3108
+
3109
+ # A GitSourceContext denotes a particular revision in a third party Git
3110
+ # repository (e.g., GitHub).
3111
+ # Corresponds to the JSON property `git`
3112
+ # @return [Google::Apis::ContaineranalysisV1::GitSourceContext]
3113
+ attr_accessor :git
3114
+
3115
+ # Labels with user defined metadata.
3116
+ # Corresponds to the JSON property `labels`
3117
+ # @return [Hash<String,String>]
3118
+ attr_accessor :labels
3119
+
3120
+ def initialize(**args)
3121
+ update!(**args)
3122
+ end
3123
+
3124
+ # Update properties of this object
3125
+ def update!(**args)
3126
+ @cloud_repo = args[:cloud_repo] if args.key?(:cloud_repo)
3127
+ @gerrit = args[:gerrit] if args.key?(:gerrit)
3128
+ @git = args[:git] if args.key?(:git)
3129
+ @labels = args[:labels] if args.key?(:labels)
3130
+ end
3131
+ end
3132
+
3133
+ # The `Status` type defines a logical error model that is suitable for different
3134
+ # programming environments, including REST APIs and RPC APIs. It is used by [
3135
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
3136
+ # data: error code, error message, and error details. You can find out more
3137
+ # about this error model and how to work with it in the [API Design Guide](https:
3138
+ # //cloud.google.com/apis/design/errors).
3139
+ class Status
3140
+ include Google::Apis::Core::Hashable
3141
+
3142
+ # The status code, which should be an enum value of google.rpc.Code.
3143
+ # Corresponds to the JSON property `code`
3144
+ # @return [Fixnum]
3145
+ attr_accessor :code
3146
+
3147
+ # A list of messages that carry the error details. There is a common set of
3148
+ # message types for APIs to use.
3149
+ # Corresponds to the JSON property `details`
3150
+ # @return [Array<Hash<String,Object>>]
3151
+ attr_accessor :details
3152
+
3153
+ # A developer-facing error message, which should be in English. Any user-facing
3154
+ # error message should be localized and sent in the google.rpc.Status.details
3155
+ # field, or localized by the client.
3156
+ # Corresponds to the JSON property `message`
3157
+ # @return [String]
3158
+ attr_accessor :message
3159
+
3160
+ def initialize(**args)
3161
+ update!(**args)
3162
+ end
3163
+
3164
+ # Update properties of this object
3165
+ def update!(**args)
3166
+ @code = args[:code] if args.key?(:code)
3167
+ @details = args[:details] if args.key?(:details)
3168
+ @message = args[:message] if args.key?(:message)
3169
+ end
3170
+ end
3171
+
3172
+ #
3173
+ class Subject
3174
+ include Google::Apis::Core::Hashable
3175
+
3176
+ # "": ""
3177
+ # Corresponds to the JSON property `digest`
3178
+ # @return [Hash<String,String>]
3179
+ attr_accessor :digest
3180
+
3181
+ #
3182
+ # Corresponds to the JSON property `name`
3183
+ # @return [String]
3184
+ attr_accessor :name
3185
+
3186
+ def initialize(**args)
3187
+ update!(**args)
3188
+ end
3189
+
3190
+ # Update properties of this object
3191
+ def update!(**args)
3192
+ @digest = args[:digest] if args.key?(:digest)
3193
+ @name = args[:name] if args.key?(:name)
3194
+ end
3195
+ end
3196
+
3197
+ # Request message for `TestIamPermissions` method.
3198
+ class TestIamPermissionsRequest
3199
+ include Google::Apis::Core::Hashable
3200
+
3201
+ # The set of permissions to check for the `resource`. Permissions with wildcards
3202
+ # (such as '*' or 'storage.*') are not allowed. For more information see [IAM
3203
+ # Overview](https://cloud.google.com/iam/docs/overview#permissions).
3204
+ # Corresponds to the JSON property `permissions`
3205
+ # @return [Array<String>]
3206
+ attr_accessor :permissions
3207
+
3208
+ def initialize(**args)
3209
+ update!(**args)
3210
+ end
3211
+
3212
+ # Update properties of this object
3213
+ def update!(**args)
3214
+ @permissions = args[:permissions] if args.key?(:permissions)
3215
+ end
3216
+ end
3217
+
3218
+ # Response message for `TestIamPermissions` method.
3219
+ class TestIamPermissionsResponse
3220
+ include Google::Apis::Core::Hashable
3221
+
3222
+ # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
3223
+ # Corresponds to the JSON property `permissions`
3224
+ # @return [Array<String>]
3225
+ attr_accessor :permissions
3226
+
3227
+ def initialize(**args)
3228
+ update!(**args)
3229
+ end
3230
+
3231
+ # Update properties of this object
3232
+ def update!(**args)
3233
+ @permissions = args[:permissions] if args.key?(:permissions)
3234
+ end
3235
+ end
3236
+
3237
+ # Start and end times for a build execution phase.
3238
+ class TimeSpan
3239
+ include Google::Apis::Core::Hashable
3240
+
3241
+ # End of time span.
3242
+ # Corresponds to the JSON property `endTime`
3243
+ # @return [String]
3244
+ attr_accessor :end_time
3245
+
3246
+ # Start of time span.
3247
+ # Corresponds to the JSON property `startTime`
3248
+ # @return [String]
3249
+ attr_accessor :start_time
3250
+
3251
+ def initialize(**args)
3252
+ update!(**args)
3253
+ end
3254
+
3255
+ # Update properties of this object
3256
+ def update!(**args)
3257
+ @end_time = args[:end_time] if args.key?(:end_time)
3258
+ @start_time = args[:start_time] if args.key?(:start_time)
3259
+ end
3260
+ end
3261
+
3262
+ # The Upgrade Distribution represents metadata about the Upgrade for each
3263
+ # operating system (CPE). Some distributions have additional metadata around
3264
+ # updates, classifying them into various categories and severities.
3265
+ class UpgradeDistribution
3266
+ include Google::Apis::Core::Hashable
3267
+
3268
+ # The operating system classification of this Upgrade, as specified by the
3269
+ # upstream operating system upgrade feed. For Windows the classification is one
3270
+ # of the category_ids listed at https://docs.microsoft.com/en-us/previous-
3271
+ # versions/windows/desktop/ff357803(v=vs.85)
3272
+ # Corresponds to the JSON property `classification`
3273
+ # @return [String]
3274
+ attr_accessor :classification
3275
+
3276
+ # Required - The specific operating system this metadata applies to. See https://
3277
+ # cpe.mitre.org/specification/.
3278
+ # Corresponds to the JSON property `cpeUri`
3279
+ # @return [String]
3280
+ attr_accessor :cpe_uri
3281
+
3282
+ # The cve tied to this Upgrade.
3283
+ # Corresponds to the JSON property `cve`
3284
+ # @return [Array<String>]
3285
+ attr_accessor :cve
3286
+
3287
+ # The severity as specified by the upstream operating system.
3288
+ # Corresponds to the JSON property `severity`
3289
+ # @return [String]
3290
+ attr_accessor :severity
3291
+
3292
+ def initialize(**args)
3293
+ update!(**args)
3294
+ end
3295
+
3296
+ # Update properties of this object
3297
+ def update!(**args)
3298
+ @classification = args[:classification] if args.key?(:classification)
3299
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
3300
+ @cve = args[:cve] if args.key?(:cve)
3301
+ @severity = args[:severity] if args.key?(:severity)
3302
+ end
3303
+ end
3304
+
3305
+ # An Upgrade Note represents a potential upgrade of a package to a given version.
3306
+ # For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2),
3307
+ # there will be an Upgrade Note. For Windows, windows_update field represents
3308
+ # the information related to the update.
3309
+ class UpgradeNote
3310
+ include Google::Apis::Core::Hashable
3311
+
3312
+ # Metadata about the upgrade for each specific operating system.
3313
+ # Corresponds to the JSON property `distributions`
3314
+ # @return [Array<Google::Apis::ContaineranalysisV1::UpgradeDistribution>]
3315
+ attr_accessor :distributions
3316
+
3317
+ # Required for non-Windows OS. The package this Upgrade is for.
3318
+ # Corresponds to the JSON property `package`
3319
+ # @return [String]
3320
+ attr_accessor :package
3321
+
3322
+ # Version contains structured information about the version of a package.
3323
+ # Corresponds to the JSON property `version`
3324
+ # @return [Google::Apis::ContaineranalysisV1::Version]
3325
+ attr_accessor :version
3326
+
3327
+ # Windows Update represents the metadata about the update for the Windows
3328
+ # operating system. The fields in this message come from the Windows Update API
3329
+ # documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-
3330
+ # wuapi-iupdate.
3331
+ # Corresponds to the JSON property `windowsUpdate`
3332
+ # @return [Google::Apis::ContaineranalysisV1::WindowsUpdate]
3333
+ attr_accessor :windows_update
3334
+
3335
+ def initialize(**args)
3336
+ update!(**args)
3337
+ end
3338
+
3339
+ # Update properties of this object
3340
+ def update!(**args)
3341
+ @distributions = args[:distributions] if args.key?(:distributions)
3342
+ @package = args[:package] if args.key?(:package)
3343
+ @version = args[:version] if args.key?(:version)
3344
+ @windows_update = args[:windows_update] if args.key?(:windows_update)
3345
+ end
3346
+ end
3347
+
3348
+ # An Upgrade Occurrence represents that a specific resource_url could install a
3349
+ # specific upgrade. This presence is supplied via local sources (i.e. it is
3350
+ # present in the mirror and the running system has noticed its availability).
3351
+ # For Windows, both distribution and windows_update contain information for the
3352
+ # Windows update.
3353
+ class UpgradeOccurrence
3354
+ include Google::Apis::Core::Hashable
3355
+
3356
+ # The Upgrade Distribution represents metadata about the Upgrade for each
3357
+ # operating system (CPE). Some distributions have additional metadata around
3358
+ # updates, classifying them into various categories and severities.
3359
+ # Corresponds to the JSON property `distribution`
3360
+ # @return [Google::Apis::ContaineranalysisV1::UpgradeDistribution]
3361
+ attr_accessor :distribution
3362
+
3363
+ # Required for non-Windows OS. The package this Upgrade is for.
3364
+ # Corresponds to the JSON property `package`
3365
+ # @return [String]
3366
+ attr_accessor :package
3367
+
3368
+ # Version contains structured information about the version of a package.
3369
+ # Corresponds to the JSON property `parsedVersion`
3370
+ # @return [Google::Apis::ContaineranalysisV1::Version]
3371
+ attr_accessor :parsed_version
3372
+
3373
+ # Windows Update represents the metadata about the update for the Windows
3374
+ # operating system. The fields in this message come from the Windows Update API
3375
+ # documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-
3376
+ # wuapi-iupdate.
3377
+ # Corresponds to the JSON property `windowsUpdate`
3378
+ # @return [Google::Apis::ContaineranalysisV1::WindowsUpdate]
3379
+ attr_accessor :windows_update
3380
+
3381
+ def initialize(**args)
3382
+ update!(**args)
3383
+ end
3384
+
3385
+ # Update properties of this object
3386
+ def update!(**args)
3387
+ @distribution = args[:distribution] if args.key?(:distribution)
3388
+ @package = args[:package] if args.key?(:package)
3389
+ @parsed_version = args[:parsed_version] if args.key?(:parsed_version)
3390
+ @windows_update = args[:windows_update] if args.key?(:windows_update)
3391
+ end
3392
+ end
3393
+
3394
+ # Version contains structured information about the version of a package.
3395
+ class Version
3396
+ include Google::Apis::Core::Hashable
3397
+
3398
+ # Used to correct mistakes in the version numbering scheme.
3399
+ # Corresponds to the JSON property `epoch`
3400
+ # @return [Fixnum]
3401
+ attr_accessor :epoch
3402
+
3403
+ # Human readable version string. This string is of the form :- and is only set
3404
+ # when kind is NORMAL.
3405
+ # Corresponds to the JSON property `fullName`
3406
+ # @return [String]
3407
+ attr_accessor :full_name
3408
+
3409
+ # Whether this version is specifying part of an inclusive range. Grafeas does
3410
+ # not have the capability to specify version ranges; instead we have fields that
3411
+ # specify start version and end versions. At times this is insufficient - we
3412
+ # also need to specify whether the version is included in the range or is
3413
+ # excluded from the range. This boolean is expected to be set to true when the
3414
+ # version is included in a range.
3415
+ # Corresponds to the JSON property `inclusive`
3416
+ # @return [Boolean]
3417
+ attr_accessor :inclusive
3418
+ alias_method :inclusive?, :inclusive
3419
+
3420
+ # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
3421
+ # Corresponds to the JSON property `kind`
3422
+ # @return [String]
3423
+ attr_accessor :kind
3424
+
3425
+ # Required only when version kind is NORMAL. The main part of the version name.
3426
+ # Corresponds to the JSON property `name`
3427
+ # @return [String]
3428
+ attr_accessor :name
3429
+
3430
+ # The iteration of the package build from the above version.
3431
+ # Corresponds to the JSON property `revision`
3432
+ # @return [String]
3433
+ attr_accessor :revision
3434
+
3435
+ def initialize(**args)
3436
+ update!(**args)
3437
+ end
3438
+
3439
+ # Update properties of this object
3440
+ def update!(**args)
3441
+ @epoch = args[:epoch] if args.key?(:epoch)
3442
+ @full_name = args[:full_name] if args.key?(:full_name)
3443
+ @inclusive = args[:inclusive] if args.key?(:inclusive)
3444
+ @kind = args[:kind] if args.key?(:kind)
3445
+ @name = args[:name] if args.key?(:name)
3446
+ @revision = args[:revision] if args.key?(:revision)
3447
+ end
3448
+ end
3449
+
3450
+ # Volume describes a Docker container volume which is mounted into build steps
3451
+ # in order to persist files across build step execution.
3452
+ class Volume
3453
+ include Google::Apis::Core::Hashable
3454
+
3455
+ # Name of the volume to mount. Volume names must be unique per build step and
3456
+ # must be valid names for Docker volumes. Each named volume must be used by at
3457
+ # least two build steps.
3458
+ # Corresponds to the JSON property `name`
3459
+ # @return [String]
3460
+ attr_accessor :name
3461
+
3462
+ # Path at which to mount the volume. Paths must be absolute and cannot conflict
3463
+ # with other volume paths on the same build step or with certain reserved volume
3464
+ # paths.
3465
+ # Corresponds to the JSON property `path`
3466
+ # @return [String]
3467
+ attr_accessor :path
3468
+
3469
+ def initialize(**args)
3470
+ update!(**args)
3471
+ end
3472
+
3473
+ # Update properties of this object
3474
+ def update!(**args)
3475
+ @name = args[:name] if args.key?(:name)
3476
+ @path = args[:path] if args.key?(:path)
3477
+ end
3478
+ end
3479
+
3480
+ # A security vulnerability that can be found in resources.
3481
+ class VulnerabilityNote
3482
+ include Google::Apis::Core::Hashable
3483
+
3484
+ # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where
3485
+ # 0 indicates low severity and 10 indicates high severity.
3486
+ # Corresponds to the JSON property `cvssScore`
3487
+ # @return [Float]
3488
+ attr_accessor :cvss_score
3489
+
3490
+ # Common Vulnerability Scoring System version 3. For details, see https://www.
3491
+ # first.org/cvss/specification-document
3492
+ # Corresponds to the JSON property `cvssV3`
3493
+ # @return [Google::Apis::ContaineranalysisV1::CvsSv3]
3494
+ attr_accessor :cvss_v3
3495
+
3496
+ # Details of all known distros and packages affected by this vulnerability.
3497
+ # Corresponds to the JSON property `details`
3498
+ # @return [Array<Google::Apis::ContaineranalysisV1::Detail>]
3499
+ attr_accessor :details
3500
+
3501
+ # The note provider assigned severity of this vulnerability.
3502
+ # Corresponds to the JSON property `severity`
3503
+ # @return [String]
3504
+ attr_accessor :severity
3505
+
3506
+ # The time this information was last changed at the source. This is an upstream
3507
+ # timestamp from the underlying information source - e.g. Ubuntu security
3508
+ # tracker.
3509
+ # Corresponds to the JSON property `sourceUpdateTime`
3510
+ # @return [String]
3511
+ attr_accessor :source_update_time
3512
+
3513
+ # Windows details get their own format because the information format and model
3514
+ # don't match a normal detail. Specifically Windows updates are done as patches,
3515
+ # thus Windows vulnerabilities really are a missing package, rather than a
3516
+ # package being at an incorrect version.
3517
+ # Corresponds to the JSON property `windowsDetails`
3518
+ # @return [Array<Google::Apis::ContaineranalysisV1::WindowsDetail>]
3519
+ attr_accessor :windows_details
3520
+
3521
+ def initialize(**args)
3522
+ update!(**args)
3523
+ end
3524
+
3525
+ # Update properties of this object
3526
+ def update!(**args)
3527
+ @cvss_score = args[:cvss_score] if args.key?(:cvss_score)
3528
+ @cvss_v3 = args[:cvss_v3] if args.key?(:cvss_v3)
3529
+ @details = args[:details] if args.key?(:details)
3530
+ @severity = args[:severity] if args.key?(:severity)
3531
+ @source_update_time = args[:source_update_time] if args.key?(:source_update_time)
3532
+ @windows_details = args[:windows_details] if args.key?(:windows_details)
3533
+ end
3534
+ end
3535
+
3536
+ # An occurrence of a severity vulnerability on a resource.
3537
+ class VulnerabilityOccurrence
3538
+ include Google::Apis::Core::Hashable
3539
+
3540
+ # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of
3541
+ # 0 - 10 where 0 indicates low severity and 10 indicates high severity.
3542
+ # Corresponds to the JSON property `cvssScore`
3543
+ # @return [Float]
3544
+ attr_accessor :cvss_score
3545
+
3546
+ # The distro assigned severity for this vulnerability when it is available,
3547
+ # otherwise this is the note provider assigned severity. When there are multiple
3548
+ # PackageIssues for this vulnerability, they can have different effective
3549
+ # severities because some might be provided by the distro while others are
3550
+ # provided by the language ecosystem for a language pack. For this reason, it is
3551
+ # advised to use the effective severity on the PackageIssue level. In the case
3552
+ # where multiple PackageIssues have differing effective severities, this field
3553
+ # should be the highest severity for any of the PackageIssues.
3554
+ # Corresponds to the JSON property `effectiveSeverity`
3555
+ # @return [String]
3556
+ attr_accessor :effective_severity
3557
+
3558
+ # Output only. Whether at least one of the affected packages has a fix available.
3559
+ # Corresponds to the JSON property `fixAvailable`
3560
+ # @return [Boolean]
3561
+ attr_accessor :fix_available
3562
+ alias_method :fix_available?, :fix_available
3563
+
3564
+ # Output only. A detailed description of this vulnerability.
3565
+ # Corresponds to the JSON property `longDescription`
3566
+ # @return [String]
3567
+ attr_accessor :long_description
3568
+
3569
+ # Required. The set of affected locations and their fixes (if available) within
3570
+ # the associated resource.
3571
+ # Corresponds to the JSON property `packageIssue`
3572
+ # @return [Array<Google::Apis::ContaineranalysisV1::PackageIssue>]
3573
+ attr_accessor :package_issue
3574
+
3575
+ # Output only. URLs related to this vulnerability.
3576
+ # Corresponds to the JSON property `relatedUrls`
3577
+ # @return [Array<Google::Apis::ContaineranalysisV1::RelatedUrl>]
3578
+ attr_accessor :related_urls
3579
+
3580
+ # Output only. The note provider assigned severity of this vulnerability.
3581
+ # Corresponds to the JSON property `severity`
3582
+ # @return [String]
3583
+ attr_accessor :severity
3584
+
3585
+ # Output only. A one sentence description of this vulnerability.
3586
+ # Corresponds to the JSON property `shortDescription`
3587
+ # @return [String]
3588
+ attr_accessor :short_description
3589
+
3590
+ # The type of package; whether native or non native (e.g., ruby gems, node.js
3591
+ # packages, etc.).
3592
+ # Corresponds to the JSON property `type`
3593
+ # @return [String]
3594
+ attr_accessor :type
3595
+
3596
+ def initialize(**args)
3597
+ update!(**args)
3598
+ end
3599
+
3600
+ # Update properties of this object
3601
+ def update!(**args)
3602
+ @cvss_score = args[:cvss_score] if args.key?(:cvss_score)
3603
+ @effective_severity = args[:effective_severity] if args.key?(:effective_severity)
3604
+ @fix_available = args[:fix_available] if args.key?(:fix_available)
3605
+ @long_description = args[:long_description] if args.key?(:long_description)
3606
+ @package_issue = args[:package_issue] if args.key?(:package_issue)
3607
+ @related_urls = args[:related_urls] if args.key?(:related_urls)
3608
+ @severity = args[:severity] if args.key?(:severity)
3609
+ @short_description = args[:short_description] if args.key?(:short_description)
3610
+ @type = args[:type] if args.key?(:type)
3611
+ end
3612
+ end
3613
+
3614
+ # A summary of how many vulnerability occurrences there are per resource and
3615
+ # severity type.
3616
+ class VulnerabilityOccurrencesSummary
3617
+ include Google::Apis::Core::Hashable
3618
+
3619
+ # A listing by resource of the number of fixable and total vulnerabilities.
3620
+ # Corresponds to the JSON property `counts`
3621
+ # @return [Array<Google::Apis::ContaineranalysisV1::FixableTotalByDigest>]
3622
+ attr_accessor :counts
3623
+
3624
+ def initialize(**args)
3625
+ update!(**args)
3626
+ end
3627
+
3628
+ # Update properties of this object
3629
+ def update!(**args)
3630
+ @counts = args[:counts] if args.key?(:counts)
3631
+ end
3632
+ end
3633
+
3634
+ #
3635
+ class WindowsDetail
3636
+ include Google::Apis::Core::Hashable
3637
+
3638
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
3639
+ # vulnerability affects.
3640
+ # Corresponds to the JSON property `cpeUri`
3641
+ # @return [String]
3642
+ attr_accessor :cpe_uri
3643
+
3644
+ # The description of this vulnerability.
3645
+ # Corresponds to the JSON property `description`
3646
+ # @return [String]
3647
+ attr_accessor :description
3648
+
3649
+ # Required. The names of the KBs which have hotfixes to mitigate this
3650
+ # vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs)
3651
+ # that mitigate a given vulnerability. Currently any listed KBs presence is
3652
+ # considered a fix.
3653
+ # Corresponds to the JSON property `fixingKbs`
3654
+ # @return [Array<Google::Apis::ContaineranalysisV1::KnowledgeBase>]
3655
+ attr_accessor :fixing_kbs
3656
+
3657
+ # Required. The name of this vulnerability.
3658
+ # Corresponds to the JSON property `name`
3659
+ # @return [String]
3660
+ attr_accessor :name
3661
+
3662
+ def initialize(**args)
3663
+ update!(**args)
3664
+ end
3665
+
3666
+ # Update properties of this object
3667
+ def update!(**args)
3668
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
3669
+ @description = args[:description] if args.key?(:description)
3670
+ @fixing_kbs = args[:fixing_kbs] if args.key?(:fixing_kbs)
3671
+ @name = args[:name] if args.key?(:name)
3672
+ end
3673
+ end
3674
+
3675
+ # Windows Update represents the metadata about the update for the Windows
3676
+ # operating system. The fields in this message come from the Windows Update API
3677
+ # documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-
3678
+ # wuapi-iupdate.
3679
+ class WindowsUpdate
3680
+ include Google::Apis::Core::Hashable
3681
+
3682
+ # The list of categories to which the update belongs.
3683
+ # Corresponds to the JSON property `categories`
3684
+ # @return [Array<Google::Apis::ContaineranalysisV1::Category>]
3685
+ attr_accessor :categories
3686
+
3687
+ # The localized description of the update.
3688
+ # Corresponds to the JSON property `description`
3689
+ # @return [String]
3690
+ attr_accessor :description
3691
+
3692
+ # The unique identifier of the update.
3693
+ # Corresponds to the JSON property `identity`
3694
+ # @return [Google::Apis::ContaineranalysisV1::Identity]
3695
+ attr_accessor :identity
3696
+
3697
+ # The Microsoft Knowledge Base article IDs that are associated with the update.
3698
+ # Corresponds to the JSON property `kbArticleIds`
3699
+ # @return [Array<String>]
3700
+ attr_accessor :kb_article_ids
3701
+
3702
+ # The last published timestamp of the update.
3703
+ # Corresponds to the JSON property `lastPublishedTimestamp`
3704
+ # @return [String]
3705
+ attr_accessor :last_published_timestamp
3706
+
3707
+ # The hyperlink to the support information for the update.
3708
+ # Corresponds to the JSON property `supportUrl`
3709
+ # @return [String]
3710
+ attr_accessor :support_url
3711
+
3712
+ # The localized title of the update.
3713
+ # Corresponds to the JSON property `title`
3714
+ # @return [String]
3715
+ attr_accessor :title
3716
+
3717
+ def initialize(**args)
3718
+ update!(**args)
3719
+ end
3720
+
3721
+ # Update properties of this object
3722
+ def update!(**args)
3723
+ @categories = args[:categories] if args.key?(:categories)
3724
+ @description = args[:description] if args.key?(:description)
3725
+ @identity = args[:identity] if args.key?(:identity)
3726
+ @kb_article_ids = args[:kb_article_ids] if args.key?(:kb_article_ids)
3727
+ @last_published_timestamp = args[:last_published_timestamp] if args.key?(:last_published_timestamp)
3728
+ @support_url = args[:support_url] if args.key?(:support_url)
3729
+ @title = args[:title] if args.key?(:title)
3730
+ end
3731
+ end
3732
+ end
3733
+ end
3734
+ end