google-cloud-container_analysis-v1 0.1.0 → 0.3.0

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -0,0 +1,245 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # A security vulnerability that can be found in resources.
+    # @!attribute [rw] cvss_score
+    #   @return [::Float]
+    #     The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
+    #     where 0 indicates low severity and 10 indicates high severity.
+    # @!attribute [rw] severity
+    #   @return [::Grafeas::V1::Severity]
+    #     The note provider assigned severity of this vulnerability.
+    # @!attribute [rw] details
+    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
+    #     Details of all known distros and packages affected by this vulnerability.
+    # @!attribute [rw] cvss_v3
+    #   @return [::Grafeas::V1::CVSSv3]
+    #     The full description of the CVSSv3 for this vulnerability.
+    # @!attribute [rw] windows_details
+    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
+    #     Windows details get their own format because the information format and
+    #     model don't match a normal detail. Specifically Windows updates are done as
+    #     patches, thus Windows vulnerabilities really are a missing package, rather
+    #     than a package being at an incorrect version.
+    # @!attribute [rw] source_update_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The time this information was last changed at the source. This is an
+    #     upstream timestamp from the underlying information source - e.g. Ubuntu
+    #     security tracker.
+    class VulnerabilityNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A detail for a distro and package affected by this vulnerability and its
+      # associated fix (if one is available).
+      # @!attribute [rw] severity_name
+      #   @return [::String]
+      #     The distro assigned severity of this vulnerability.
+      # @!attribute [rw] description
+      #   @return [::String]
+      #     A vendor-specific description of this vulnerability.
+      # @!attribute [rw] package_type
+      #   @return [::String]
+      #     The type of package; whether native or non native (e.g., ruby gems,
+      #     node.js packages, etc.).
+      # @!attribute [rw] affected_cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability affects.
+      # @!attribute [rw] affected_package
+      #   @return [::String]
+      #     Required. The package this vulnerability affects.
+      # @!attribute [rw] affected_version_start
+      #   @return [::Grafeas::V1::Version]
+      #     The version number at the start of an interval in which this
+      #     vulnerability exists. A vulnerability can affect a package between
+      #     version numbers that are disjoint sets of intervals (example:
+      #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
+      #     represented in its own Detail. If a specific affected version is provided
+      #     by a vulnerability database, affected_version_start and
+      #     affected_version_end will be the same in that Detail.
+      # @!attribute [rw] affected_version_end
+      #   @return [::Grafeas::V1::Version]
+      #     The version number at the end of an interval in which this vulnerability
+      #     exists. A vulnerability can affect a package between version numbers
+      #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
+      #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
+      #     own Detail. If a specific affected version is provided by a vulnerability
+      #     database, affected_version_start and affected_version_end will be the
+      #     same in that Detail.
+      # @!attribute [rw] fixed_cpe_uri
+      #   @return [::String]
+      #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
+      #     to update to that contains a fix for this vulnerability. It is possible
+      #     for this to be different from the affected_cpe_uri.
+      # @!attribute [rw] fixed_package
+      #   @return [::String]
+      #     The distro recommended package to update to that contains a fix for this
+      #     vulnerability. It is possible for this to be different from the
+      #     affected_package.
+      # @!attribute [rw] fixed_version
+      #   @return [::Grafeas::V1::Version]
+      #     The distro recommended version to update to that contains a
+      #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
+      #     such version is yet available.
+      # @!attribute [rw] is_obsolete
+      #   @return [::Boolean]
+      #     Whether this detail is obsolete. Occurrences are expected not to point to
+      #     obsolete details.
+      # @!attribute [rw] source_update_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The time this information was last changed at the source. This is an
+      #     upstream timestamp from the underlying information source - e.g. Ubuntu
+      #     security tracker.
+      class Detail
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability affects.
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Required. The name of this vulnerability.
+      # @!attribute [rw] description
+      #   @return [::String]
+      #     The description of this vulnerability.
+      # @!attribute [rw] fixing_kbs
+      #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
+      #     Required. The names of the KBs which have hotfixes to mitigate this
+      #     vulnerability. Note that there may be multiple hotfixes (and thus
+      #     multiple KBs) that mitigate a given vulnerability. Currently any listed
+      #     KBs presence is considered a fix.
+      class WindowsDetail
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+        # @!attribute [rw] url
+        #   @return [::String]
+        #     A link to the KB in the [Windows update catalog]
+        #     (https://www.catalog.update.microsoft.com/).
+        class KnowledgeBase
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+
+    # An occurrence of a severity vulnerability on a resource.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     The type of package; whether native or non native (e.g., ruby gems, node.js
+    #     packages, etc.).
+    # @!attribute [rw] severity
+    #   @return [::Grafeas::V1::Severity]
+    #     Output only. The note provider assigned severity of this vulnerability.
+    # @!attribute [rw] cvss_score
+    #   @return [::Float]
+    #     Output only. The CVSS score of this vulnerability. CVSS score is on a
+    #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
+    #     severity.
+    # @!attribute [rw] package_issue
+    #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
+    #     Required. The set of affected locations and their fixes (if available)
+    #     within the associated resource.
+    # @!attribute [rw] short_description
+    #   @return [::String]
+    #     Output only. A one sentence description of this vulnerability.
+    # @!attribute [rw] long_description
+    #   @return [::String]
+    #     Output only. A detailed description of this vulnerability.
+    # @!attribute [rw] related_urls
+    #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+    #     Output only. URLs related to this vulnerability.
+    # @!attribute [rw] effective_severity
+    #   @return [::Grafeas::V1::Severity]
+    #     The distro assigned severity for this vulnerability when it is available,
+    #     otherwise this is the note provider assigned severity.
+    # @!attribute [rw] fix_available
+    #   @return [::Boolean]
+    #     Output only. Whether at least one of the affected packages has a fix
+    #     available.
+    class VulnerabilityOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A detail for a distro and package this vulnerability occurrence was found
+      # in and its associated fix (if one is available).
+      # @!attribute [rw] affected_cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability was found in.
+      # @!attribute [rw] affected_package
+      #   @return [::String]
+      #     Required. The package this vulnerability was found in.
+      # @!attribute [rw] affected_version
+      #   @return [::Grafeas::V1::Version]
+      #     Required. The version of the package that is installed on the resource
+      #     affected by this vulnerability.
+      # @!attribute [rw] fixed_cpe_uri
+      #   @return [::String]
+      #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
+      #     was fixed in. It is possible for this to be different from the
+      #     affected_cpe_uri.
+      # @!attribute [rw] fixed_package
+      #   @return [::String]
+      #     The package this vulnerability was fixed in. It is possible for this to
+      #     be different from the affected_package.
+      # @!attribute [rw] fixed_version
+      #   @return [::Grafeas::V1::Version]
+      #     Required. The version of the package this vulnerability was fixed in.
+      #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
+      # @!attribute [rw] fix_available
+      #   @return [::Boolean]
+      #     Output only. Whether a fix is available for this package.
+      class PackageIssue
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Note provider assigned severity/impact ranking.
+    module Severity
+      # Unknown.
+      SEVERITY_UNSPECIFIED = 0
+
+      # Minimal severity.
+      MINIMAL = 1
+
+      # Low severity.
+      LOW = 2
+
+      # Medium severity.
+      MEDIUM = 3
+
+      # High severity.
+      HIGH = 4
+
+      # Critical severity.
+      CRITICAL = 5
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-container_analysis-v1
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-03 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: google-cloud-errors
   requirement: !ruby/object:Gem::Requirement
@@ -186,7 +186,9 @@ dependencies:
         version: '0.9'
 description: The Container Analysis API is an implementation of Grafeas. It stores,
   and enables querying and retrieval of, critical metadata about all of your software
-  artifacts.
+  artifacts. Note that google-cloud-container_analysis-v1 is a version-specific client
+  library. For most uses, we recommend installing the main client library google-cloud-container_analysis
+  instead. See the readme for more details.
 email: googleapis-packages@google.com
 executables: []
 extensions: []
@@ -202,17 +204,23 @@ files:
 - lib/google/cloud/container_analysis/v1/container_analysis/client.rb
 - lib/google/cloud/container_analysis/v1/container_analysis/credentials.rb
 - lib/google/cloud/container_analysis/v1/container_analysis/helpers.rb
+- lib/google/cloud/container_analysis/v1/container_analysis/paths.rb
 - lib/google/cloud/container_analysis/v1/version.rb
 - lib/google/devtools/containeranalysis/v1/containeranalysis_pb.rb
 - lib/google/devtools/containeranalysis/v1/containeranalysis_services_pb.rb
 - proto_docs/README.md
 - proto_docs/google/api/field_behavior.rb
 - proto_docs/google/api/resource.rb
+- proto_docs/google/devtools/containeranalysis/v1/containeranalysis.rb
 - proto_docs/google/iam/v1/iam_policy.rb
 - proto_docs/google/iam/v1/options.rb
 - proto_docs/google/iam/v1/policy.rb
 - proto_docs/google/protobuf/timestamp.rb
 - proto_docs/google/type/expr.rb
+- proto_docs/grafeas/v1/common.rb
+- proto_docs/grafeas/v1/cvss.rb
+- proto_docs/grafeas/v1/package.rb
+- proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses:
 - Apache-2.0
@@ -232,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: API Client library for the Container Analysis V1 API