google-apis-containeranalysis_v1alpha1 0.9.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eca2824b5d5c9546cdead456b95585e9c8489a28c84811565beca742089c32ae
-  data.tar.gz: 196da3ebb70cde99f45d9be4d2dc3704dd75b9ace72211ee7120738d4ce90f44
+  metadata.gz: b01d175a62b08eaa7266ca43826c60d95cf54b3d8bf28017dd293397c985e325
+  data.tar.gz: 3f76c4e4a077d07b33e41da807aee832f799df58a516325b35c4bf63efb9f736
 SHA512:
-  metadata.gz: dbdddfd8fc58edf8d74c00f0dc42dba6998fd4ae1ace23b7296e04b7a10de4ab5609f467461334faeab9e984eca3a9762a1dd7a756c2ddf42079bb4ec8913d3a
-  data.tar.gz: 70e2821e96c6fac23cdd85e402fb267c39729f5233709f143406f70471f14843748dec9dba4c670b9b7c4d2d42b8bfcb90d07bcc16db32ed5db31ff64fd250b5
+  metadata.gz: fdfa58358a40cfde5d5d8e0b0737f6cc801de9f6ecfb4a4083aed461f1d2e5b97d41c471c5fa0b2423293454b2fd2bb6ad58c6efb9756fc60c8cb89e60be5f78
+  data.tar.gz: 48deb3a3c0d707e9065079121a7e95c343d895ba80ec4ca786d089d66bfb3506a00921615d46be3b1979888cf28a8b77a1c227475eee140dd5f8d63c7464e208

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Release history for google-apis-containeranalysis_v1alpha1
 
+### v0.13.0 (2021-08-26)
+
+* Regenerated from discovery document revision 20210820
+
+### v0.12.0 (2021-08-19)
+
+* Regenerated from discovery document revision 20210813
+
+### v0.11.0 (2021-08-05)
+
+* Regenerated from discovery document revision 20210730
+
+### v0.10.0 (2021-07-29)
+
+* Regenerated from discovery document revision 20210723
+
 ### v0.9.0 (2021-06-29)
 
 * Regenerated using generator version 0.4.0

data/lib/google/apis/containeranalysis_v1alpha1/classes.rb

@@ -259,6 +259,11 @@ module Google
       class BuildDetails
         include Google::Apis::Core::Hashable
       
+        # In-toto Provenance representation as defined in spec.
+        # Corresponds to the JSON property `intotoProvenance`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::InTotoProvenance]
+        attr_accessor :intoto_provenance
+      
         # Provenance of a build. Contains all information needed to verify the full
         # details about the build from source to completion.
         # Corresponds to the JSON property `provenance`
@@ -283,6 +288,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @intoto_provenance = args[:intoto_provenance] if args.key?(:intoto_provenance)
           @provenance = args[:provenance] if args.key?(:provenance)
           @provenance_bytes = args[:provenance_bytes] if args.key?(:provenance_bytes)
         end
@@ -458,6 +464,25 @@ module Google
         end
       end
       
+      # 
+      class BuilderConfig
+        include Google::Apis::Core::Hashable
+      
+        # 
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @id = args[:id] if args.key?(:id)
+        end
+      end
+      
       # A compliance check that is a CIS benchmark.
       class CisBenchmark
         include Google::Apis::Core::Hashable
@@ -535,6 +560,43 @@ module Google
         end
       end
       
+      # Indicates that the builder claims certain fields in this message to be
+      # complete.
+      class Completeness
+        include Google::Apis::Core::Hashable
+      
+        # If true, the builder claims that recipe.arguments is complete, meaning that
+        # all external inputs are properly captured in the recipe.
+        # Corresponds to the JSON property `arguments`
+        # @return [Boolean]
+        attr_accessor :arguments
+        alias_method :arguments?, :arguments
+      
+        # If true, the builder claims that recipe.environment is claimed to be complete.
+        # Corresponds to the JSON property `environment`
+        # @return [Boolean]
+        attr_accessor :environment
+        alias_method :environment?, :environment
+      
+        # If true, the builder claims that materials are complete, usually through some
+        # controls to prevent network access. Sometimes called "hermetic".
+        # Corresponds to the JSON property `materials`
+        # @return [Boolean]
+        attr_accessor :materials
+        alias_method :materials?, :materials
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @arguments = args[:arguments] if args.key?(:arguments)
+          @environment = args[:environment] if args.key?(:environment)
+          @materials = args[:materials] if args.key?(:materials)
+        end
+      end
+      
       # ComplianceNote encapsulates all information about a specific compliance check.
       class ComplianceNote
         include Google::Apis::Core::Hashable
@@ -671,6 +733,83 @@ module Google
         end
       end
       
+      # A note describing an attestation
+      class DsseAttestationNote
+        include Google::Apis::Core::Hashable
+      
+        # This submessage provides human-readable hints about the purpose of the
+        # authority. Because the name of a note acts as its resource reference, it is
+        # important to disambiguate the canonical name of the Note (which might be a
+        # UUID for security purposes) from "readable" names more suitable for debug
+        # output. Note that these hints should not be used to look up authorities in
+        # security sensitive contexts, such as when looking up attestations to verify.
+        # Corresponds to the JSON property `hint`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::DsseHint]
+        attr_accessor :hint
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @hint = args[:hint] if args.key?(:hint)
+        end
+      end
+      
+      # An occurrence describing an attestation on a resource
+      class DsseAttestationOccurrence
+        include Google::Apis::Core::Hashable
+      
+        # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
+        # proto. An authenticated message of arbitrary type.
+        # Corresponds to the JSON property `envelope`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::Envelope]
+        attr_accessor :envelope
+      
+        # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#
+        # statement The serialized InTotoStatement will be stored as Envelope.payload.
+        # Envelope.payloadType is always "application/vnd.in-toto+json".
+        # Corresponds to the JSON property `statement`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::InTotoStatement]
+        attr_accessor :statement
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @envelope = args[:envelope] if args.key?(:envelope)
+          @statement = args[:statement] if args.key?(:statement)
+        end
+      end
+      
+      # This submessage provides human-readable hints about the purpose of the
+      # authority. Because the name of a note acts as its resource reference, it is
+      # important to disambiguate the canonical name of the Note (which might be a
+      # UUID for security purposes) from "readable" names more suitable for debug
+      # output. Note that these hints should not be used to look up authorities in
+      # security sensitive contexts, such as when looking up attestations to verify.
+      class DsseHint
+        include Google::Apis::Core::Hashable
+      
+        # Required. The human readable name of this attestation authority, for example "
+        # cloudbuild-prod".
+        # Corresponds to the JSON property `humanReadableName`
+        # @return [String]
+        attr_accessor :human_readable_name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @human_readable_name = args[:human_readable_name] if args.key?(:human_readable_name)
+        end
+      end
+      
       # An artifact that can be deployed in some runtime.
       class Deployable
         include Google::Apis::Core::Hashable
@@ -1007,6 +1146,112 @@ module Google
         end
       end
       
+      # DocumentNote represents an SPDX Document Creation Infromation section: https://
+      # spdx.github.io/spdx-spec/2-document-creation-information/
+      class DocumentNote
+        include Google::Apis::Core::Hashable
+      
+        # Compliance with the SPDX specification includes populating the SPDX fields
+        # therein with data related to such fields ("SPDX-Metadata")
+        # Corresponds to the JSON property `dataLicence`
+        # @return [String]
+        attr_accessor :data_licence
+      
+        # Provide a reference number that can be used to understand how to parse and
+        # interpret the rest of the file
+        # Corresponds to the JSON property `spdxVersion`
+        # @return [String]
+        attr_accessor :spdx_version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data_licence = args[:data_licence] if args.key?(:data_licence)
+          @spdx_version = args[:spdx_version] if args.key?(:spdx_version)
+        end
+      end
+      
+      # DocumentOccurrence represents an SPDX Document Creation Information section:
+      # https://spdx.github.io/spdx-spec/2-document-creation-information/
+      class DocumentOccurrence
+        include Google::Apis::Core::Hashable
+      
+        # Identify when the SPDX file was originally created. The date is to be
+        # specified according to combined date and time in UTC format as specified in
+        # ISO 8601 standard
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # A field for creators of the SPDX file to provide general comments about the
+        # creation of the SPDX file or any other relevant comment not included in the
+        # other fields
+        # Corresponds to the JSON property `creatorComment`
+        # @return [String]
+        attr_accessor :creator_comment
+      
+        # Identify who (or what, in the case of a tool) created the SPDX file. If the
+        # SPDX file was created by an individual, indicate the person's name
+        # Corresponds to the JSON property `creators`
+        # @return [Array<String>]
+        attr_accessor :creators
+      
+        # A field for creators of the SPDX file content to provide comments to the
+        # consumers of the SPDX document
+        # Corresponds to the JSON property `documentComment`
+        # @return [String]
+        attr_accessor :document_comment
+      
+        # Identify any external SPDX documents referenced within this SPDX document
+        # Corresponds to the JSON property `externalDocumentRefs`
+        # @return [Array<String>]
+        attr_accessor :external_document_refs
+      
+        # Identify the current SPDX document which may be referenced in relationships by
+        # other files, packages internally and documents externally
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        # A field for creators of the SPDX file to provide the version of the SPDX
+        # License List used when the SPDX file was created
+        # Corresponds to the JSON property `licenseListVersion`
+        # @return [String]
+        attr_accessor :license_list_version
+      
+        # Provide an SPDX document specific namespace as a unique absolute Uniform
+        # Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘
+        # #’ delimiter
+        # Corresponds to the JSON property `namespace`
+        # @return [String]
+        attr_accessor :namespace
+      
+        # Identify name of this document as designated by creator
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @creator_comment = args[:creator_comment] if args.key?(:creator_comment)
+          @creators = args[:creators] if args.key?(:creators)
+          @document_comment = args[:document_comment] if args.key?(:document_comment)
+          @external_document_refs = args[:external_document_refs] if args.key?(:external_document_refs)
+          @id = args[:id] if args.key?(:id)
+          @license_list_version = args[:license_list_version] if args.key?(:license_list_version)
+          @namespace = args[:namespace] if args.key?(:namespace)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      
       # A generic empty message that you can re-use to avoid defining duplicated empty
       # messages in your APIs. A typical example is to use it as the request or the
       # response type of an API method. For instance: service Foo ` rpc Bar(google.
@@ -1024,6 +1269,65 @@ module Google
         end
       end
       
+      # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
+      # proto. An authenticated message of arbitrary type.
+      class Envelope
+        include Google::Apis::Core::Hashable
+      
+        # The bytes being signed
+        # Corresponds to the JSON property `payload`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :payload
+      
+        # The type of payload being signed
+        # Corresponds to the JSON property `payloadType`
+        # @return [String]
+        attr_accessor :payload_type
+      
+        # The signatures over the payload
+        # Corresponds to the JSON property `signatures`
+        # @return [Array<Google::Apis::ContaineranalysisV1alpha1::EnvelopeSignature>]
+        attr_accessor :signatures
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @payload = args[:payload] if args.key?(:payload)
+          @payload_type = args[:payload_type] if args.key?(:payload_type)
+          @signatures = args[:signatures] if args.key?(:signatures)
+        end
+      end
+      
+      # A DSSE signature
+      class EnvelopeSignature
+        include Google::Apis::Core::Hashable
+      
+        # A reference id to the key being used for signing
+        # Corresponds to the JSON property `keyid`
+        # @return [String]
+        attr_accessor :keyid
+      
+        # The signature itself
+        # Corresponds to the JSON property `sig`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :sig
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @keyid = args[:keyid] if args.key?(:keyid)
+          @sig = args[:sig] if args.key?(:sig)
+        end
+      end
+      
       # Represents a textual expression in the Common Expression Language (CEL) syntax.
       # CEL is a C-like expression language. The syntax and semantics of CEL are
       # documented at https://github.com/google/cel-spec. Example (Comparison): title:
@@ -1078,6 +1382,48 @@ module Google
         end
       end
       
+      # An External Reference allows a Package to reference an external source of
+      # additional information, metadata, enumerations, asset identifiers, or
+      # downloadable content believed to be relevant to the Package
+      class ExternalRef
+        include Google::Apis::Core::Hashable
+      
+        # An External Reference allows a Package to reference an external source of
+        # additional information, metadata, enumerations, asset identifiers, or
+        # downloadable content believed to be relevant to the Package
+        # Corresponds to the JSON property `category`
+        # @return [String]
+        attr_accessor :category
+      
+        # Human-readable information about the purpose and target of the reference
+        # Corresponds to the JSON property `comment`
+        # @return [String]
+        attr_accessor :comment
+      
+        # The unique string with no spaces necessary to access the package-specific
+        # information, metadata, or content within the target location
+        # Corresponds to the JSON property `locator`
+        # @return [String]
+        attr_accessor :locator
+      
+        # Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @category = args[:category] if args.key?(:category)
+          @comment = args[:comment] if args.key?(:comment)
+          @locator = args[:locator] if args.key?(:locator)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
       # Container message for hashes of byte content of files, used in Source messages
       # to verify integrity of source input to the build.
       class FileHashes
@@ -1098,6 +1444,117 @@ module Google
         end
       end
       
+      # FileNote represents an SPDX File Information section: https://spdx.github.io/
+      # spdx-spec/4-file-information/
+      class FileNote
+        include Google::Apis::Core::Hashable
+      
+        # Provide a unique identifier to match analysis information on each specific
+        # file in a package
+        # Corresponds to the JSON property `checksum`
+        # @return [Array<String>]
+        attr_accessor :checksum
+      
+        # This field provides information about the type of file identified
+        # Corresponds to the JSON property `fileType`
+        # @return [String]
+        attr_accessor :file_type
+      
+        # Identify the full path and filename that corresponds to the file information
+        # in this section
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @checksum = args[:checksum] if args.key?(:checksum)
+          @file_type = args[:file_type] if args.key?(:file_type)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      
+      # FileOccurrence represents an SPDX File Information section: https://spdx.
+      # github.io/spdx-spec/4-file-information/
+      class FileOccurrence
+        include Google::Apis::Core::Hashable
+      
+        # This field provides a place for the SPDX data creator to record, at the file
+        # level, acknowledgements that may be needed to be communicated in some contexts
+        # Corresponds to the JSON property `attributions`
+        # @return [Array<String>]
+        attr_accessor :attributions
+      
+        # This field provides a place for the SPDX file creator to record any general
+        # comments about the file
+        # Corresponds to the JSON property `comment`
+        # @return [String]
+        attr_accessor :comment
+      
+        # This field provides a place for the SPDX file creator to record file
+        # contributors
+        # Corresponds to the JSON property `contributors`
+        # @return [Array<String>]
+        attr_accessor :contributors
+      
+        # Identify the copyright holder of the file, as well as any dates present
+        # Corresponds to the JSON property `copyright`
+        # @return [String]
+        attr_accessor :copyright
+      
+        # This field contains the license information actually found in the file, if any
+        # Corresponds to the JSON property `filesLicenseInfo`
+        # @return [Array<String>]
+        attr_accessor :files_license_info
+      
+        # Uniquely identify any element in an SPDX document which may be referenced by
+        # other elements
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        # This field provides a place for the SPDX file creator to record any relevant
+        # background references or analysis that went in to arriving at the Concluded
+        # License for a file
+        # Corresponds to the JSON property `licenseComments`
+        # @return [String]
+        attr_accessor :license_comments
+      
+        # This field contains the license the SPDX file creator has concluded as
+        # governing the file or alternative values if the governing license cannot be
+        # determined
+        # Corresponds to the JSON property `licenseConcluded`
+        # @return [String]
+        attr_accessor :license_concluded
+      
+        # This field provides a place for the SPDX file creator to record license
+        # notices or other such related notices found in the file
+        # Corresponds to the JSON property `notice`
+        # @return [String]
+        attr_accessor :notice
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @attributions = args[:attributions] if args.key?(:attributions)
+          @comment = args[:comment] if args.key?(:comment)
+          @contributors = args[:contributors] if args.key?(:contributors)
+          @copyright = args[:copyright] if args.key?(:copyright)
+          @files_license_info = args[:files_license_info] if args.key?(:files_license_info)
+          @id = args[:id] if args.key?(:id)
+          @license_comments = args[:license_comments] if args.key?(:license_comments)
+          @license_concluded = args[:license_concluded] if args.key?(:license_concluded)
+          @notice = args[:notice] if args.key?(:notice)
+        end
+      end
+      
       # A set of properties that uniquely identify a given Docker image.
       class Fingerprint
         include Google::Apis::Core::Hashable
@@ -1461,6 +1918,86 @@ module Google
         end
       end
       
+      # 
+      class InTotoProvenance
+        include Google::Apis::Core::Hashable
+      
+        # required
+        # Corresponds to the JSON property `builderConfig`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::BuilderConfig]
+        attr_accessor :builder_config
+      
+        # The collection of artifacts that influenced the build including sources,
+        # dependencies, build tools, base images, and so on. This is considered to be
+        # incomplete unless metadata.completeness.materials is true. Unset or null is
+        # equivalent to empty.
+        # Corresponds to the JSON property `materials`
+        # @return [Array<String>]
+        attr_accessor :materials
+      
+        # Other properties of the build.
+        # Corresponds to the JSON property `metadata`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::Metadata]
+        attr_accessor :metadata
+      
+        # Steps taken to build the artifact. For a TaskRun, typically each container
+        # corresponds to one step in the recipe.
+        # Corresponds to the JSON property `recipe`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::Recipe]
+        attr_accessor :recipe
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @builder_config = args[:builder_config] if args.key?(:builder_config)
+          @materials = args[:materials] if args.key?(:materials)
+          @metadata = args[:metadata] if args.key?(:metadata)
+          @recipe = args[:recipe] if args.key?(:recipe)
+        end
+      end
+      
+      # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#
+      # statement The serialized InTotoStatement will be stored as Envelope.payload.
+      # Envelope.payloadType is always "application/vnd.in-toto+json".
+      class InTotoStatement
+        include Google::Apis::Core::Hashable
+      
+        # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+        # Corresponds to the JSON property `predicateType`
+        # @return [String]
+        attr_accessor :predicate_type
+      
+        # 
+        # Corresponds to the JSON property `provenance`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::InTotoProvenance]
+        attr_accessor :provenance
+      
+        # 
+        # Corresponds to the JSON property `subject`
+        # @return [Array<Google::Apis::ContaineranalysisV1alpha1::Subject>]
+        attr_accessor :subject
+      
+        # Always "https://in-toto.io/Statement/v0.1".
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @predicate_type = args[:predicate_type] if args.key?(:predicate_type)
+          @provenance = args[:provenance] if args.key?(:provenance)
+          @subject = args[:subject] if args.key?(:subject)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
       # This represents how a particular software package may be installed on a system.
       class Installation
         include Google::Apis::Core::Hashable
@@ -1650,6 +2187,54 @@ module Google
         end
       end
       
+      # Other properties of the build.
+      class Metadata
+        include Google::Apis::Core::Hashable
+      
+        # The timestamp of when the build completed.
+        # Corresponds to the JSON property `buildFinishedOn`
+        # @return [String]
+        attr_accessor :build_finished_on
+      
+        # Identifies the particular build invocation, which can be useful for finding
+        # associated logs or other ad-hoc analysis. The value SHOULD be globally unique,
+        # per in-toto Provenance spec.
+        # Corresponds to the JSON property `buildInvocationId`
+        # @return [String]
+        attr_accessor :build_invocation_id
+      
+        # The timestamp of when the build started.
+        # Corresponds to the JSON property `buildStartedOn`
+        # @return [String]
+        attr_accessor :build_started_on
+      
+        # Indicates that the builder claims certain fields in this message to be
+        # complete.
+        # Corresponds to the JSON property `completeness`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::Completeness]
+        attr_accessor :completeness
+      
+        # If true, the builder claims that running the recipe on materials will produce
+        # bit-for-bit identical output.
+        # Corresponds to the JSON property `reproducible`
+        # @return [Boolean]
+        attr_accessor :reproducible
+        alias_method :reproducible?, :reproducible
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @build_finished_on = args[:build_finished_on] if args.key?(:build_finished_on)
+          @build_invocation_id = args[:build_invocation_id] if args.key?(:build_invocation_id)
+          @build_started_on = args[:build_started_on] if args.key?(:build_started_on)
+          @completeness = args[:completeness] if args.key?(:completeness)
+          @reproducible = args[:reproducible] if args.key?(:reproducible)
+        end
+      end
+      
       # Details about files that caused a compliance check to fail.
       class NonCompliantFile
         include Google::Apis::Core::Hashable
@@ -1737,6 +2322,11 @@ module Google
         # @return [Google::Apis::ContaineranalysisV1alpha1::Discovery]
         attr_accessor :discovery
       
+        # A note describing an attestation
+        # Corresponds to the JSON property `dsseAttestation`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::DsseAttestationNote]
+        attr_accessor :dsse_attestation
+      
         # Time of expiration for this note, null if note does not expire.
         # Corresponds to the JSON property `expirationTime`
         # @return [String]
@@ -1770,11 +2360,35 @@ module Google
         # @return [Array<Google::Apis::ContaineranalysisV1alpha1::RelatedUrl>]
         attr_accessor :related_url
       
+        # DocumentNote represents an SPDX Document Creation Infromation section: https://
+        # spdx.github.io/spdx-spec/2-document-creation-information/
+        # Corresponds to the JSON property `sbom`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::DocumentNote]
+        attr_accessor :sbom
+      
         # A one sentence description of this `Note`.
         # Corresponds to the JSON property `shortDescription`
         # @return [String]
         attr_accessor :short_description
       
+        # FileNote represents an SPDX File Information section: https://spdx.github.io/
+        # spdx-spec/4-file-information/
+        # Corresponds to the JSON property `spdxFile`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::FileNote]
+        attr_accessor :spdx_file
+      
+        # PackageNote represents an SPDX Package Information section: https://spdx.
+        # github.io/spdx-spec/3-package-information/
+        # Corresponds to the JSON property `spdxPackage`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::PackageNote]
+        attr_accessor :spdx_package
+      
+        # RelationshipNote represents an SPDX Relationship section: https://spdx.github.
+        # io/spdx-spec/7-relationships-between-SPDX-elements/
+        # Corresponds to the JSON property `spdxRelationship`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::RelationshipNote]
+        attr_accessor :spdx_relationship
+      
         # Output only. The time this note was last updated. This field can be used as a
         # filter in list requests.
         # Corresponds to the JSON property `updateTime`
@@ -1806,13 +2420,18 @@ module Google
           @create_time = args[:create_time] if args.key?(:create_time)
           @deployable = args[:deployable] if args.key?(:deployable)
           @discovery = args[:discovery] if args.key?(:discovery)
+          @dsse_attestation = args[:dsse_attestation] if args.key?(:dsse_attestation)
           @expiration_time = args[:expiration_time] if args.key?(:expiration_time)
           @kind = args[:kind] if args.key?(:kind)
           @long_description = args[:long_description] if args.key?(:long_description)
           @name = args[:name] if args.key?(:name)
           @package = args[:package] if args.key?(:package)
           @related_url = args[:related_url] if args.key?(:related_url)
+          @sbom = args[:sbom] if args.key?(:sbom)
           @short_description = args[:short_description] if args.key?(:short_description)
+          @spdx_file = args[:spdx_file] if args.key?(:spdx_file)
+          @spdx_package = args[:spdx_package] if args.key?(:spdx_package)
+          @spdx_relationship = args[:spdx_relationship] if args.key?(:spdx_relationship)
           @update_time = args[:update_time] if args.key?(:update_time)
           @upgrade = args[:upgrade] if args.key?(:upgrade)
           @vulnerability_type = args[:vulnerability_type] if args.key?(:vulnerability_type)
@@ -1867,6 +2486,17 @@ module Google
         # @return [Google::Apis::ContaineranalysisV1alpha1::Discovered]
         attr_accessor :discovered
       
+        # An occurrence describing an attestation on a resource
+        # Corresponds to the JSON property `dsseAttestation`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::DsseAttestationOccurrence]
+        attr_accessor :dsse_attestation
+      
+        # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.
+        # proto. An authenticated message of arbitrary type.
+        # Corresponds to the JSON property `envelope`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::Envelope]
+        attr_accessor :envelope
+      
         # This represents how a particular software package may be installed on a system.
         # Corresponds to the JSON property `installation`
         # @return [Google::Apis::ContaineranalysisV1alpha1::Installation]
@@ -1908,6 +2538,30 @@ module Google
         # @return [String]
         attr_accessor :resource_url
       
+        # DocumentOccurrence represents an SPDX Document Creation Information section:
+        # https://spdx.github.io/spdx-spec/2-document-creation-information/
+        # Corresponds to the JSON property `sbom`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::DocumentOccurrence]
+        attr_accessor :sbom
+      
+        # FileOccurrence represents an SPDX File Information section: https://spdx.
+        # github.io/spdx-spec/4-file-information/
+        # Corresponds to the JSON property `spdxFile`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::FileOccurrence]
+        attr_accessor :spdx_file
+      
+        # PackageOccurrence represents an SPDX Package Information section: https://spdx.
+        # github.io/spdx-spec/3-package-information/
+        # Corresponds to the JSON property `spdxPackage`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::PackageOccurrence]
+        attr_accessor :spdx_package
+      
+        # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.
+        # github.io/spdx-spec/7-relationships-between-SPDX-elements/
+        # Corresponds to the JSON property `spdxRelationship`
+        # @return [Google::Apis::ContaineranalysisV1alpha1::RelationshipOccurrence]
+        attr_accessor :spdx_relationship
+      
         # Output only. The time this `Occurrence` was last updated.
         # Corresponds to the JSON property `updateTime`
         # @return [String]
@@ -1939,6 +2593,8 @@ module Google
           @deployment = args[:deployment] if args.key?(:deployment)
           @derived_image = args[:derived_image] if args.key?(:derived_image)
           @discovered = args[:discovered] if args.key?(:discovered)
+          @dsse_attestation = args[:dsse_attestation] if args.key?(:dsse_attestation)
+          @envelope = args[:envelope] if args.key?(:envelope)
           @installation = args[:installation] if args.key?(:installation)
           @kind = args[:kind] if args.key?(:kind)
           @name = args[:name] if args.key?(:name)
@@ -1946,6 +2602,10 @@ module Google
           @remediation = args[:remediation] if args.key?(:remediation)
           @resource = args[:resource] if args.key?(:resource)
           @resource_url = args[:resource_url] if args.key?(:resource_url)
+          @sbom = args[:sbom] if args.key?(:sbom)
+          @spdx_file = args[:spdx_file] if args.key?(:spdx_file)
+          @spdx_package = args[:spdx_package] if args.key?(:spdx_package)
+          @spdx_relationship = args[:spdx_relationship] if args.key?(:spdx_relationship)
           @update_time = args[:update_time] if args.key?(:update_time)
           @upgrade = args[:upgrade] if args.key?(:upgrade)
           @vulnerability_details = args[:vulnerability_details] if args.key?(:vulnerability_details)
@@ -2050,11 +2710,24 @@ module Google
         # @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
         attr_accessor :affected_location
       
+        # Output only. The distro or language system assigned severity for this
+        # vulnerability when that is available and note provider assigned severity when
+        # distro or language system has not yet assigned a severity for this
+        # vulnerability.
+        # Corresponds to the JSON property `effectiveSeverity`
+        # @return [String]
+        attr_accessor :effective_severity
+      
         # The location of the vulnerability
         # Corresponds to the JSON property `fixedLocation`
         # @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
         attr_accessor :fixed_location
       
+        # The type of package (e.g. OS, MAVEN, GO).
+        # Corresponds to the JSON property `packageType`
+        # @return [String]
+        attr_accessor :package_type
+      
         # 
         # Corresponds to the JSON property `severityName`
         # @return [String]
@@ -2067,11 +2740,196 @@ module Google
         # Update properties of this object
         def update!(**args)
           @affected_location = args[:affected_location] if args.key?(:affected_location)
+          @effective_severity = args[:effective_severity] if args.key?(:effective_severity)
           @fixed_location = args[:fixed_location] if args.key?(:fixed_location)
+          @package_type = args[:package_type] if args.key?(:package_type)
           @severity_name = args[:severity_name] if args.key?(:severity_name)
         end
       end
       
+      # PackageNote represents an SPDX Package Information section: https://spdx.
+      # github.io/spdx-spec/3-package-information/
+      class PackageNote
+        include Google::Apis::Core::Hashable
+      
+        # Indicates whether the file content of this package has been available for or
+        # subjected to analysis when creating the SPDX document
+        # Corresponds to the JSON property `analyzed`
+        # @return [Boolean]
+        attr_accessor :analyzed
+        alias_method :analyzed?, :analyzed
+      
+        # A place for the SPDX data creator to record, at the package level,
+        # acknowledgements that may be needed to be communicated in some contexts
+        # Corresponds to the JSON property `attribution`
+        # @return [String]
+        attr_accessor :attribution
+      
+        # Provide an independently reproducible mechanism that permits unique
+        # identification of a specific package that correlates to the data in this SPDX
+        # file
+        # Corresponds to the JSON property `checksum`
+        # @return [String]
+        attr_accessor :checksum
+      
+        # Identify the copyright holders of the package, as well as any dates present
+        # Corresponds to the JSON property `copyright`
+        # @return [String]
+        attr_accessor :copyright
+      
+        # A more detailed description of the package
+        # Corresponds to the JSON property `detailedDescription`
+        # @return [String]
+        attr_accessor :detailed_description
+      
+        # This section identifies the download Universal Resource Locator (URL), or a
+        # specific location within a version control system (VCS) for the package at the
+        # time that the SPDX file was created
+        # Corresponds to the JSON property `downloadLocation`
+        # @return [String]
+        attr_accessor :download_location
+      
+        # ExternalRef
+        # Corresponds to the JSON property `externalRefs`
+        # @return [Array<Google::Apis::ContaineranalysisV1alpha1::ExternalRef>]
+        attr_accessor :external_refs
+      
+        # Contain the license the SPDX file creator has concluded as governing the This
+        # field is to contain a list of all licenses found in the package. The
+        # relationship between licenses (i.e., conjunctive, disjunctive) is not
+        # specified in this field – it is simply a listing of all licenses found
+        # Corresponds to the JSON property `filesLicenseInfo`
+        # @return [Array<String>]
+        attr_accessor :files_license_info
+      
+        # Provide a place for the SPDX file creator to record a web site that serves as
+        # the package's home page
+        # Corresponds to the JSON property `homePage`
+        # @return [String]
+        attr_accessor :home_page
+      
+        # List the licenses that have been declared by the authors of the package
+        # Corresponds to the JSON property `licenseDeclared`
+        # @return [String]
+        attr_accessor :license_declared
+      
+        # If the package identified in the SPDX file originated from a different person
+        # or organization than identified as Package Supplier, this field identifies
+        # from where or whom the package originally came
+        # Corresponds to the JSON property `originator`
+        # @return [String]
+        attr_accessor :originator
+      
+        # A short description of the package
+        # Corresponds to the JSON property `summaryDescription`
+        # @return [String]
+        attr_accessor :summary_description
+      
+        # Identify the actual distribution source for the package/directory identified
+        # in the SPDX file
+        # Corresponds to the JSON property `supplier`
+        # @return [String]
+        attr_accessor :supplier
+      
+        # Identify the full name of the package as given by the Package Originator
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+      
+        # This field provides an independently reproducible mechanism identifying
+        # specific contents of a package based on the actual files (except the SPDX file
+        # itself, if it is included in the package) that make up each package and that
+        # correlates to the data in this SPDX file
+        # Corresponds to the JSON property `verificationCode`
+        # @return [String]
+        attr_accessor :verification_code
+      
+        # Identify the version of the package
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @analyzed = args[:analyzed] if args.key?(:analyzed)
+          @attribution = args[:attribution] if args.key?(:attribution)
+          @checksum = args[:checksum] if args.key?(:checksum)
+          @copyright = args[:copyright] if args.key?(:copyright)
+          @detailed_description = args[:detailed_description] if args.key?(:detailed_description)
+          @download_location = args[:download_location] if args.key?(:download_location)
+          @external_refs = args[:external_refs] if args.key?(:external_refs)
+          @files_license_info = args[:files_license_info] if args.key?(:files_license_info)
+          @home_page = args[:home_page] if args.key?(:home_page)
+          @license_declared = args[:license_declared] if args.key?(:license_declared)
+          @originator = args[:originator] if args.key?(:originator)
+          @summary_description = args[:summary_description] if args.key?(:summary_description)
+          @supplier = args[:supplier] if args.key?(:supplier)
+          @title = args[:title] if args.key?(:title)
+          @verification_code = args[:verification_code] if args.key?(:verification_code)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
+      # PackageOccurrence represents an SPDX Package Information section: https://spdx.
+      # github.io/spdx-spec/3-package-information/
+      class PackageOccurrence
+        include Google::Apis::Core::Hashable
+      
+        # A place for the SPDX file creator to record any general comments about the
+        # package being described
+        # Corresponds to the JSON property `comment`
+        # @return [String]
+        attr_accessor :comment
+      
+        # Provide the actual file name of the package, or path of the directory being
+        # treated as a package
+        # Corresponds to the JSON property `filename`
+        # @return [String]
+        attr_accessor :filename
+      
+        # Uniquely identify any element in an SPDX document which may be referenced by
+        # other elements
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        # This field provides a place for the SPDX file creator to record any relevant
+        # background information or analysis that went in to arriving at the Concluded
+        # License for a package
+        # Corresponds to the JSON property `licenseComments`
+        # @return [String]
+        attr_accessor :license_comments
+      
+        # package or alternative values, if the governing license cannot be determined
+        # Corresponds to the JSON property `licenseConcluded`
+        # @return [String]
+        attr_accessor :license_concluded
+      
+        # Provide a place for the SPDX file creator to record any relevant background
+        # information or additional comments about the origin of the package
+        # Corresponds to the JSON property `sourceInfo`
+        # @return [String]
+        attr_accessor :source_info
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @comment = args[:comment] if args.key?(:comment)
+          @filename = args[:filename] if args.key?(:filename)
+          @id = args[:id] if args.key?(:id)
+          @license_comments = args[:license_comments] if args.key?(:license_comments)
+          @license_concluded = args[:license_concluded] if args.key?(:license_concluded)
+          @source_info = args[:source_info] if args.key?(:source_info)
+        end
+      end
+      
       # An attestation wrapper with a PGP-compatible signature. This message only
       # supports `ATTACHED` signatures, where the payload that is signed is included
       # alongside the signature itself in the same file.
@@ -2149,7 +3007,7 @@ module Google
       # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
       # roles/resourcemanager.organizationViewer condition: title: expirable access
       # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
+      # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
       # description of IAM and its features, see the [IAM documentation](https://cloud.
       # google.com/iam/docs/).
       class Policy
@@ -2209,6 +3067,64 @@ module Google
         end
       end
       
+      # Steps taken to build the artifact. For a TaskRun, typically each container
+      # corresponds to one step in the recipe.
+      class Recipe
+        include Google::Apis::Core::Hashable
+      
+        # Collection of all external inputs that influenced the build on top of recipe.
+        # definedInMaterial and recipe.entryPoint. For example, if the recipe type were "
+        # make", then this might be the flags passed to make aside from the target,
+        # which is captured in recipe.entryPoint.
+        # Corresponds to the JSON property `arguments`
+        # @return [Array<String>]
+        attr_accessor :arguments
+      
+        # Index in materials containing the recipe steps that are not implied by recipe.
+        # type. For example, if the recipe type were "make", then this would point to
+        # the source containing the Makefile, not the make program itself. Set to -1 if
+        # the recipe doesn't come from a material, as zero is default unset value for
+        # int64.
+        # Corresponds to the JSON property `definedInMaterial`
+        # @return [Fixnum]
+        attr_accessor :defined_in_material
+      
+        # String identifying the entry point into the build. This is often a path to a
+        # configuration file and/or a target label within that file. The syntax and
+        # meaning are defined by recipe.type. For example, if the recipe type were "make"
+        # , then this would reference the directory in which to run make as well as
+        # which target to use.
+        # Corresponds to the JSON property `entryPoint`
+        # @return [String]
+        attr_accessor :entry_point
+      
+        # Any other builder-controlled inputs necessary for correctly evaluating the
+        # recipe. Usually only needed for reproducing the build but not evaluated as
+        # part of policy.
+        # Corresponds to the JSON property `environment`
+        # @return [Hash<String,String>]
+        attr_accessor :environment
+      
+        # URI indicating what type of recipe was performed. It determines the meaning of
+        # recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @arguments = args[:arguments] if args.key?(:arguments)
+          @defined_in_material = args[:defined_in_material] if args.key?(:defined_in_material)
+          @entry_point = args[:entry_point] if args.key?(:entry_point)
+          @environment = args[:environment] if args.key?(:environment)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
       # Metadata for any related URL information
       class RelatedUrl
         include Google::Apis::Core::Hashable
@@ -2234,6 +3150,63 @@ module Google
         end
       end
       
+      # RelationshipNote represents an SPDX Relationship section: https://spdx.github.
+      # io/spdx-spec/7-relationships-between-SPDX-elements/
+      class RelationshipNote
+        include Google::Apis::Core::Hashable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      
+      # RelationshipOccurrence represents an SPDX Relationship section: https://spdx.
+      # github.io/spdx-spec/7-relationships-between-SPDX-elements/
+      class RelationshipOccurrence
+        include Google::Apis::Core::Hashable
+      
+        # A place for the SPDX file creator to record any general comments about the
+        # relationship
+        # Corresponds to the JSON property `comment`
+        # @return [String]
+        attr_accessor :comment
+      
+        # Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
+        # Corresponds to the JSON property `source`
+        # @return [String]
+        attr_accessor :source
+      
+        # Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In
+        # cases where there are "known unknowns", the use of the keyword NOASSERTION can
+        # be used The keywords NONE can be used to indicate that an SPDX element (
+        # package/file/snippet) has no other elements connected by some relationship to
+        # it
+        # Corresponds to the JSON property `target`
+        # @return [String]
+        attr_accessor :target
+      
+        # The type of relationship between the source and target SPDX elements
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @comment = args[:comment] if args.key?(:comment)
+          @source = args[:source] if args.key?(:source)
+          @target = args[:target] if args.key?(:target)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
       # RepoSource describes the location of the source in a Google Cloud Source
       # Repository.
       class RepoSource
@@ -2383,7 +3356,7 @@ module Google
         # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
         # roles/resourcemanager.organizationViewer condition: title: expirable access
         # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
+        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
         # description of IAM and its features, see the [IAM documentation](https://cloud.
         # google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
@@ -2557,6 +3530,31 @@ module Google
         end
       end
       
+      # 
+      class Subject
+        include Google::Apis::Core::Hashable
+      
+        # "": ""
+        # Corresponds to the JSON property `digest`
+        # @return [Hash<String,String>]
+        attr_accessor :digest
+      
+        # 
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @digest = args[:digest] if args.key?(:digest)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
       # Request message for `TestIamPermissions` method.
       class TestIamPermissionsRequest
         include Google::Apis::Core::Hashable
@@ -2801,7 +3799,14 @@ module Google
       
         # The distro assigned severity for this vulnerability when that is available and
         # note provider assigned severity when distro has not yet assigned a severity
-        # for this vulnerability.
+        # for this vulnerability. When there are multiple package issues for this
+        # vulnerability, they can have different effective severities because some might
+        # come from the distro and some might come from installed language packs (e.g.
+        # Maven JARs or Go binaries). For this reason, it is advised to use the
+        # effective severity on the PackageIssue level, as this field may eventually be
+        # deprecated. In the case where multiple PackageIssues have different effective
+        # severities, the one set here will be the highest severity of any of the
+        # PackageIssues.
         # Corresponds to the JSON property `effectiveSeverity`
         # @return [String]
         attr_accessor :effective_severity
@@ -2818,7 +3823,8 @@ module Google
         attr_accessor :severity
       
         # The type of package; whether native or non native(ruby gems, node.js packages
-        # etc)
+        # etc). This may be deprecated in the future because we can have multiple
+        # PackageIssues with different package types.
         # Corresponds to the JSON property `type`
         # @return [String]
         attr_accessor :type