google-cloud-container_analysis-v1 0.1.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -70,7 +70,16 @@ module Google
70
70
  # .setNanos((int) ((millis % 1000) * 1000000)).build();
71
71
  #
72
72
  #
73
- # Example 5: Compute Timestamp from current time in Python.
73
+ # Example 5: Compute Timestamp from Java `Instant.now()`.
74
+ #
75
+ # Instant now = Instant.now();
76
+ #
77
+ # Timestamp timestamp =
78
+ # Timestamp.newBuilder().setSeconds(now.getEpochSecond())
79
+ # .setNanos(now.getNano()).build();
80
+ #
81
+ #
82
+ # Example 6: Compute Timestamp from current time in Python.
74
83
  #
75
84
  # timestamp = Timestamp()
76
85
  # timestamp.GetCurrentTime()
@@ -0,0 +1,118 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Metadata for any related URL information.
23
+ # @!attribute [rw] url
24
+ # @return [::String]
25
+ # Specific URL associated with the resource.
26
+ # @!attribute [rw] label
27
+ # @return [::String]
28
+ # Label to describe usage of the URL.
29
+ class RelatedUrl
30
+ include ::Google::Protobuf::MessageExts
31
+ extend ::Google::Protobuf::MessageExts::ClassMethods
32
+ end
33
+
34
+ # Verifiers (e.g. Kritis implementations) MUST verify signatures
35
+ # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
36
+ # Typically this means that the verifier has been configured with a map from
37
+ # `public_key_id` to public key material (and any required parameters, e.g.
38
+ # signing algorithm).
39
+ #
40
+ # In particular, verification implementations MUST NOT treat the signature
41
+ # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
42
+ # DOES NOT validate or authenticate a public key; it only provides a mechanism
43
+ # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
44
+ # a trusted channel. Verification implementations MUST reject signatures in any
45
+ # of the following circumstances:
46
+ # * The `public_key_id` is not recognized by the verifier.
47
+ # * The public key that `public_key_id` refers to does not verify the
48
+ # signature with respect to the payload.
49
+ #
50
+ # The `signature` contents SHOULD NOT be "attached" (where the payload is
51
+ # included with the serialized `signature` bytes). Verifiers MUST ignore any
52
+ # "attached" payload and only verify signatures with respect to explicitly
53
+ # provided payload (e.g. a `payload` field on the proto message that holds
54
+ # this Signature, or the canonical serialization of the proto message that
55
+ # holds this signature).
56
+ # @!attribute [rw] signature
57
+ # @return [::String]
58
+ # The content of the signature, an opaque bytestring.
59
+ # The payload that this signature verifies MUST be unambiguously provided
60
+ # with the Signature during verification. A wrapper message might provide
61
+ # the payload explicitly. Alternatively, a message might have a canonical
62
+ # serialization that can always be unambiguously computed to derive the
63
+ # payload.
64
+ # @!attribute [rw] public_key_id
65
+ # @return [::String]
66
+ # The identifier for the public key that verifies this signature.
67
+ # * The `public_key_id` is required.
68
+ # * The `public_key_id` MUST be an RFC3986 conformant URI.
69
+ # * When possible, the `public_key_id` SHOULD be an immutable reference,
70
+ # such as a cryptographic digest.
71
+ #
72
+ # Examples of valid `public_key_id`s:
73
+ #
74
+ # OpenPGP V4 public key fingerprint:
75
+ # * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
76
+ # See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
77
+ # details on this scheme.
78
+ #
79
+ # RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
80
+ # serialization):
81
+ # * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
82
+ # * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
83
+ class Signature
84
+ include ::Google::Protobuf::MessageExts
85
+ extend ::Google::Protobuf::MessageExts::ClassMethods
86
+ end
87
+
88
+ # Kind represents the kinds of notes supported.
89
+ module NoteKind
90
+ # Unknown.
91
+ NOTE_KIND_UNSPECIFIED = 0
92
+
93
+ # The note and occurrence represent a package vulnerability.
94
+ VULNERABILITY = 1
95
+
96
+ # The note and occurrence assert build provenance.
97
+ BUILD = 2
98
+
99
+ # This represents an image basis relationship.
100
+ IMAGE = 3
101
+
102
+ # This represents a package installed via a package manager.
103
+ PACKAGE = 4
104
+
105
+ # The note and occurrence track deployment events.
106
+ DEPLOYMENT = 5
107
+
108
+ # The note and occurrence track the initial discovery status of a resource.
109
+ DISCOVERY = 6
110
+
111
+ # This represents a logical "role" that can attest to artifacts.
112
+ ATTESTATION = 7
113
+
114
+ # This represents an available package upgrade.
115
+ UPGRADE = 8
116
+ end
117
+ end
118
+ end
@@ -0,0 +1,111 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Common Vulnerability Scoring System version 3.
23
+ # For details, see https://www.first.org/cvss/specification-document
24
+ # @!attribute [rw] base_score
25
+ # @return [::Float]
26
+ # The base score is a function of the base metric scores.
27
+ # @!attribute [rw] exploitability_score
28
+ # @return [::Float]
29
+ # @!attribute [rw] impact_score
30
+ # @return [::Float]
31
+ # @!attribute [rw] attack_vector
32
+ # @return [::Grafeas::V1::CVSSv3::AttackVector]
33
+ # Base Metrics
34
+ # Represents the intrinsic characteristics of a vulnerability that are
35
+ # constant over time and across user environments.
36
+ # @!attribute [rw] attack_complexity
37
+ # @return [::Grafeas::V1::CVSSv3::AttackComplexity]
38
+ # @!attribute [rw] privileges_required
39
+ # @return [::Grafeas::V1::CVSSv3::PrivilegesRequired]
40
+ # @!attribute [rw] user_interaction
41
+ # @return [::Grafeas::V1::CVSSv3::UserInteraction]
42
+ # @!attribute [rw] scope
43
+ # @return [::Grafeas::V1::CVSSv3::Scope]
44
+ # @!attribute [rw] confidentiality_impact
45
+ # @return [::Grafeas::V1::CVSSv3::Impact]
46
+ # @!attribute [rw] integrity_impact
47
+ # @return [::Grafeas::V1::CVSSv3::Impact]
48
+ # @!attribute [rw] availability_impact
49
+ # @return [::Grafeas::V1::CVSSv3::Impact]
50
+ class CVSSv3
51
+ include ::Google::Protobuf::MessageExts
52
+ extend ::Google::Protobuf::MessageExts::ClassMethods
53
+
54
+ module AttackVector
55
+ ATTACK_VECTOR_UNSPECIFIED = 0
56
+
57
+ ATTACK_VECTOR_NETWORK = 1
58
+
59
+ ATTACK_VECTOR_ADJACENT = 2
60
+
61
+ ATTACK_VECTOR_LOCAL = 3
62
+
63
+ ATTACK_VECTOR_PHYSICAL = 4
64
+ end
65
+
66
+ module AttackComplexity
67
+ ATTACK_COMPLEXITY_UNSPECIFIED = 0
68
+
69
+ ATTACK_COMPLEXITY_LOW = 1
70
+
71
+ ATTACK_COMPLEXITY_HIGH = 2
72
+ end
73
+
74
+ module PrivilegesRequired
75
+ PRIVILEGES_REQUIRED_UNSPECIFIED = 0
76
+
77
+ PRIVILEGES_REQUIRED_NONE = 1
78
+
79
+ PRIVILEGES_REQUIRED_LOW = 2
80
+
81
+ PRIVILEGES_REQUIRED_HIGH = 3
82
+ end
83
+
84
+ module UserInteraction
85
+ USER_INTERACTION_UNSPECIFIED = 0
86
+
87
+ USER_INTERACTION_NONE = 1
88
+
89
+ USER_INTERACTION_REQUIRED = 2
90
+ end
91
+
92
+ module Scope
93
+ SCOPE_UNSPECIFIED = 0
94
+
95
+ SCOPE_UNCHANGED = 1
96
+
97
+ SCOPE_CHANGED = 2
98
+ end
99
+
100
+ module Impact
101
+ IMPACT_UNSPECIFIED = 0
102
+
103
+ IMPACT_HIGH = 1
104
+
105
+ IMPACT_LOW = 2
106
+
107
+ IMPACT_NONE = 3
108
+ end
109
+ end
110
+ end
111
+ end
@@ -0,0 +1,144 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # This represents a particular channel of distribution for a given package.
23
+ # E.g., Debian's jessie-backports dpkg mirror.
24
+ # @!attribute [rw] cpe_uri
25
+ # @return [::String]
26
+ # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
27
+ # denoting the package manager version distributing a package.
28
+ # @!attribute [rw] architecture
29
+ # @return [::Grafeas::V1::Architecture]
30
+ # The CPU architecture for which packages in this distribution channel were
31
+ # built.
32
+ # @!attribute [rw] latest_version
33
+ # @return [::Grafeas::V1::Version]
34
+ # The latest available version of this package in this distribution channel.
35
+ # @!attribute [rw] maintainer
36
+ # @return [::String]
37
+ # A freeform string denoting the maintainer of this package.
38
+ # @!attribute [rw] url
39
+ # @return [::String]
40
+ # The distribution channel-specific homepage for this package.
41
+ # @!attribute [rw] description
42
+ # @return [::String]
43
+ # The distribution channel-specific description of this package.
44
+ class Distribution
45
+ include ::Google::Protobuf::MessageExts
46
+ extend ::Google::Protobuf::MessageExts::ClassMethods
47
+ end
48
+
49
+ # An occurrence of a particular package installation found within a system's
50
+ # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
51
+ # @!attribute [rw] cpe_uri
52
+ # @return [::String]
53
+ # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
54
+ # denoting the package manager version distributing a package.
55
+ # @!attribute [rw] version
56
+ # @return [::Grafeas::V1::Version]
57
+ # The version installed at this location.
58
+ # @!attribute [rw] path
59
+ # @return [::String]
60
+ # The path from which we gathered that this package/version is installed.
61
+ class Location
62
+ include ::Google::Protobuf::MessageExts
63
+ extend ::Google::Protobuf::MessageExts::ClassMethods
64
+ end
65
+
66
+ # This represents a particular package that is distributed over various
67
+ # channels. E.g., glibc (aka libc6) is distributed by many, at various
68
+ # versions.
69
+ # @!attribute [rw] name
70
+ # @return [::String]
71
+ # Required. Immutable. The name of the package.
72
+ # @!attribute [rw] distribution
73
+ # @return [::Array<::Grafeas::V1::Distribution>]
74
+ # The various channels by which a package is distributed.
75
+ class PackageNote
76
+ include ::Google::Protobuf::MessageExts
77
+ extend ::Google::Protobuf::MessageExts::ClassMethods
78
+ end
79
+
80
+ # Details on how a particular software package was installed on a system.
81
+ # @!attribute [rw] name
82
+ # @return [::String]
83
+ # Output only. The name of the installed package.
84
+ # @!attribute [rw] location
85
+ # @return [::Array<::Grafeas::V1::Location>]
86
+ # Required. All of the places within the filesystem versions of this package
87
+ # have been found.
88
+ class PackageOccurrence
89
+ include ::Google::Protobuf::MessageExts
90
+ extend ::Google::Protobuf::MessageExts::ClassMethods
91
+ end
92
+
93
+ # Version contains structured information about the version of a package.
94
+ # @!attribute [rw] epoch
95
+ # @return [::Integer]
96
+ # Used to correct mistakes in the version numbering scheme.
97
+ # @!attribute [rw] name
98
+ # @return [::String]
99
+ # Required only when version kind is NORMAL. The main part of the version
100
+ # name.
101
+ # @!attribute [rw] revision
102
+ # @return [::String]
103
+ # The iteration of the package build from the above version.
104
+ # @!attribute [rw] kind
105
+ # @return [::Grafeas::V1::Version::VersionKind]
106
+ # Required. Distinguishes between sentinel MIN/MAX versions and normal
107
+ # versions.
108
+ # @!attribute [rw] full_name
109
+ # @return [::String]
110
+ # Human readable version string. This string is of the form
111
+ # <epoch>:<name>-<revision> and is only set when kind is NORMAL.
112
+ class Version
113
+ include ::Google::Protobuf::MessageExts
114
+ extend ::Google::Protobuf::MessageExts::ClassMethods
115
+
116
+ # Whether this is an ordinary package version or a sentinel MIN/MAX version.
117
+ module VersionKind
118
+ # Unknown.
119
+ VERSION_KIND_UNSPECIFIED = 0
120
+
121
+ # A standard package version.
122
+ NORMAL = 1
123
+
124
+ # A special version representing negative infinity.
125
+ MINIMUM = 2
126
+
127
+ # A special version representing positive infinity.
128
+ MAXIMUM = 3
129
+ end
130
+ end
131
+
132
+ # Instruction set architectures supported by various package managers.
133
+ module Architecture
134
+ # Unknown architecture.
135
+ ARCHITECTURE_UNSPECIFIED = 0
136
+
137
+ # X86 architecture.
138
+ X86 = 1
139
+
140
+ # X64 architecture.
141
+ X64 = 2
142
+ end
143
+ end
144
+ end
@@ -0,0 +1,245 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # A security vulnerability that can be found in resources.
23
+ # @!attribute [rw] cvss_score
24
+ # @return [::Float]
25
+ # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
26
+ # where 0 indicates low severity and 10 indicates high severity.
27
+ # @!attribute [rw] severity
28
+ # @return [::Grafeas::V1::Severity]
29
+ # The note provider assigned severity of this vulnerability.
30
+ # @!attribute [rw] details
31
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
32
+ # Details of all known distros and packages affected by this vulnerability.
33
+ # @!attribute [rw] cvss_v3
34
+ # @return [::Grafeas::V1::CVSSv3]
35
+ # The full description of the CVSSv3 for this vulnerability.
36
+ # @!attribute [rw] windows_details
37
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
38
+ # Windows details get their own format because the information format and
39
+ # model don't match a normal detail. Specifically Windows updates are done as
40
+ # patches, thus Windows vulnerabilities really are a missing package, rather
41
+ # than a package being at an incorrect version.
42
+ # @!attribute [rw] source_update_time
43
+ # @return [::Google::Protobuf::Timestamp]
44
+ # The time this information was last changed at the source. This is an
45
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
46
+ # security tracker.
47
+ class VulnerabilityNote
48
+ include ::Google::Protobuf::MessageExts
49
+ extend ::Google::Protobuf::MessageExts::ClassMethods
50
+
51
+ # A detail for a distro and package affected by this vulnerability and its
52
+ # associated fix (if one is available).
53
+ # @!attribute [rw] severity_name
54
+ # @return [::String]
55
+ # The distro assigned severity of this vulnerability.
56
+ # @!attribute [rw] description
57
+ # @return [::String]
58
+ # A vendor-specific description of this vulnerability.
59
+ # @!attribute [rw] package_type
60
+ # @return [::String]
61
+ # The type of package; whether native or non native (e.g., ruby gems,
62
+ # node.js packages, etc.).
63
+ # @!attribute [rw] affected_cpe_uri
64
+ # @return [::String]
65
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
66
+ # vulnerability affects.
67
+ # @!attribute [rw] affected_package
68
+ # @return [::String]
69
+ # Required. The package this vulnerability affects.
70
+ # @!attribute [rw] affected_version_start
71
+ # @return [::Grafeas::V1::Version]
72
+ # The version number at the start of an interval in which this
73
+ # vulnerability exists. A vulnerability can affect a package between
74
+ # version numbers that are disjoint sets of intervals (example:
75
+ # [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
76
+ # represented in its own Detail. If a specific affected version is provided
77
+ # by a vulnerability database, affected_version_start and
78
+ # affected_version_end will be the same in that Detail.
79
+ # @!attribute [rw] affected_version_end
80
+ # @return [::Grafeas::V1::Version]
81
+ # The version number at the end of an interval in which this vulnerability
82
+ # exists. A vulnerability can affect a package between version numbers
83
+ # that are disjoint sets of intervals (example: [1.0.0-1.1.0],
84
+ # [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
85
+ # own Detail. If a specific affected version is provided by a vulnerability
86
+ # database, affected_version_start and affected_version_end will be the
87
+ # same in that Detail.
88
+ # @!attribute [rw] fixed_cpe_uri
89
+ # @return [::String]
90
+ # The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
91
+ # to update to that contains a fix for this vulnerability. It is possible
92
+ # for this to be different from the affected_cpe_uri.
93
+ # @!attribute [rw] fixed_package
94
+ # @return [::String]
95
+ # The distro recommended package to update to that contains a fix for this
96
+ # vulnerability. It is possible for this to be different from the
97
+ # affected_package.
98
+ # @!attribute [rw] fixed_version
99
+ # @return [::Grafeas::V1::Version]
100
+ # The distro recommended version to update to that contains a
101
+ # fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
102
+ # such version is yet available.
103
+ # @!attribute [rw] is_obsolete
104
+ # @return [::Boolean]
105
+ # Whether this detail is obsolete. Occurrences are expected not to point to
106
+ # obsolete details.
107
+ # @!attribute [rw] source_update_time
108
+ # @return [::Google::Protobuf::Timestamp]
109
+ # The time this information was last changed at the source. This is an
110
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
111
+ # security tracker.
112
+ class Detail
113
+ include ::Google::Protobuf::MessageExts
114
+ extend ::Google::Protobuf::MessageExts::ClassMethods
115
+ end
116
+
117
+ # @!attribute [rw] cpe_uri
118
+ # @return [::String]
119
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
120
+ # vulnerability affects.
121
+ # @!attribute [rw] name
122
+ # @return [::String]
123
+ # Required. The name of this vulnerability.
124
+ # @!attribute [rw] description
125
+ # @return [::String]
126
+ # The description of this vulnerability.
127
+ # @!attribute [rw] fixing_kbs
128
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
129
+ # Required. The names of the KBs which have hotfixes to mitigate this
130
+ # vulnerability. Note that there may be multiple hotfixes (and thus
131
+ # multiple KBs) that mitigate a given vulnerability. Currently any listed
132
+ # KBs presence is considered a fix.
133
+ class WindowsDetail
134
+ include ::Google::Protobuf::MessageExts
135
+ extend ::Google::Protobuf::MessageExts::ClassMethods
136
+
137
+ # @!attribute [rw] name
138
+ # @return [::String]
139
+ # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
140
+ # @!attribute [rw] url
141
+ # @return [::String]
142
+ # A link to the KB in the [Windows update catalog]
143
+ # (https://www.catalog.update.microsoft.com/).
144
+ class KnowledgeBase
145
+ include ::Google::Protobuf::MessageExts
146
+ extend ::Google::Protobuf::MessageExts::ClassMethods
147
+ end
148
+ end
149
+ end
150
+
151
+ # An occurrence of a severity vulnerability on a resource.
152
+ # @!attribute [rw] type
153
+ # @return [::String]
154
+ # The type of package; whether native or non native (e.g., ruby gems, node.js
155
+ # packages, etc.).
156
+ # @!attribute [rw] severity
157
+ # @return [::Grafeas::V1::Severity]
158
+ # Output only. The note provider assigned severity of this vulnerability.
159
+ # @!attribute [rw] cvss_score
160
+ # @return [::Float]
161
+ # Output only. The CVSS score of this vulnerability. CVSS score is on a
162
+ # scale of 0 - 10 where 0 indicates low severity and 10 indicates high
163
+ # severity.
164
+ # @!attribute [rw] package_issue
165
+ # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
166
+ # Required. The set of affected locations and their fixes (if available)
167
+ # within the associated resource.
168
+ # @!attribute [rw] short_description
169
+ # @return [::String]
170
+ # Output only. A one sentence description of this vulnerability.
171
+ # @!attribute [rw] long_description
172
+ # @return [::String]
173
+ # Output only. A detailed description of this vulnerability.
174
+ # @!attribute [rw] related_urls
175
+ # @return [::Array<::Grafeas::V1::RelatedUrl>]
176
+ # Output only. URLs related to this vulnerability.
177
+ # @!attribute [rw] effective_severity
178
+ # @return [::Grafeas::V1::Severity]
179
+ # The distro assigned severity for this vulnerability when it is available,
180
+ # otherwise this is the note provider assigned severity.
181
+ # @!attribute [rw] fix_available
182
+ # @return [::Boolean]
183
+ # Output only. Whether at least one of the affected packages has a fix
184
+ # available.
185
+ class VulnerabilityOccurrence
186
+ include ::Google::Protobuf::MessageExts
187
+ extend ::Google::Protobuf::MessageExts::ClassMethods
188
+
189
+ # A detail for a distro and package this vulnerability occurrence was found
190
+ # in and its associated fix (if one is available).
191
+ # @!attribute [rw] affected_cpe_uri
192
+ # @return [::String]
193
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
194
+ # vulnerability was found in.
195
+ # @!attribute [rw] affected_package
196
+ # @return [::String]
197
+ # Required. The package this vulnerability was found in.
198
+ # @!attribute [rw] affected_version
199
+ # @return [::Grafeas::V1::Version]
200
+ # Required. The version of the package that is installed on the resource
201
+ # affected by this vulnerability.
202
+ # @!attribute [rw] fixed_cpe_uri
203
+ # @return [::String]
204
+ # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
205
+ # was fixed in. It is possible for this to be different from the
206
+ # affected_cpe_uri.
207
+ # @!attribute [rw] fixed_package
208
+ # @return [::String]
209
+ # The package this vulnerability was fixed in. It is possible for this to
210
+ # be different from the affected_package.
211
+ # @!attribute [rw] fixed_version
212
+ # @return [::Grafeas::V1::Version]
213
+ # Required. The version of the package this vulnerability was fixed in.
214
+ # Setting this to VersionKind.MAXIMUM means no fix is yet available.
215
+ # @!attribute [rw] fix_available
216
+ # @return [::Boolean]
217
+ # Output only. Whether a fix is available for this package.
218
+ class PackageIssue
219
+ include ::Google::Protobuf::MessageExts
220
+ extend ::Google::Protobuf::MessageExts::ClassMethods
221
+ end
222
+ end
223
+
224
+ # Note provider assigned severity/impact ranking.
225
+ module Severity
226
+ # Unknown.
227
+ SEVERITY_UNSPECIFIED = 0
228
+
229
+ # Minimal severity.
230
+ MINIMAL = 1
231
+
232
+ # Low severity.
233
+ LOW = 2
234
+
235
+ # Medium severity.
236
+ MEDIUM = 3
237
+
238
+ # High severity.
239
+ HIGH = 4
240
+
241
+ # Critical severity.
242
+ CRITICAL = 5
243
+ end
244
+ end
245
+ end