google-cloud-container_analysis-v1 0.4.3 → 0.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/README.md +1 -1
- data/lib/google/cloud/container_analysis/v1/container_analysis/client.rb +81 -13
- data/lib/google/cloud/container_analysis/v1/version.rb +1 -1
- data/lib/google/devtools/containeranalysis/v1/containeranalysis_pb.rb +5 -3
- data/lib/google/devtools/containeranalysis/v1/containeranalysis_services_pb.rb +1 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/devtools/containeranalysis/v1/containeranalysis.rb +1 -1
- data/proto_docs/google/protobuf/any.rb +141 -0
- data/proto_docs/google/protobuf/empty.rb +36 -0
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/rpc/status.rb +46 -0
- data/proto_docs/grafeas/v1/attestation.rb +98 -0
- data/proto_docs/grafeas/v1/build.rb +64 -0
- data/proto_docs/grafeas/v1/common.rb +31 -2
- data/proto_docs/grafeas/v1/compliance.rb +98 -0
- data/proto_docs/grafeas/v1/cvss.rb +105 -0
- data/proto_docs/grafeas/v1/deployment.rb +74 -0
- data/proto_docs/grafeas/v1/discovery.rb +95 -0
- data/proto_docs/grafeas/v1/dsse_attestation.rb +59 -0
- data/proto_docs/grafeas/v1/grafeas.rb +419 -0
- data/proto_docs/grafeas/v1/image.rb +95 -0
- data/proto_docs/grafeas/v1/intoto_provenance.rb +134 -0
- data/proto_docs/grafeas/v1/intoto_statement.rb +65 -0
- data/proto_docs/grafeas/v1/package.rb +8 -0
- data/proto_docs/grafeas/v1/provenance.rb +318 -0
- data/proto_docs/grafeas/v1/severity.rb +43 -0
- data/proto_docs/grafeas/v1/slsa_provenance.rb +152 -0
- data/proto_docs/grafeas/v1/upgrade.rb +148 -0
- data/proto_docs/grafeas/v1/vulnerability.rb +25 -21
- metadata +31 -7
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Spec defined at
|
23
|
+
# https://github.com/in-toto/attestation/tree/main/spec#statement The
|
24
|
+
# serialized InTotoStatement will be stored as Envelope.payload.
|
25
|
+
# Envelope.payloadType is always "application/vnd.in-toto+json".
|
26
|
+
# @!attribute [rw] type
|
27
|
+
# @return [::String]
|
28
|
+
# Always `https://in-toto.io/Statement/v0.1`.
|
29
|
+
# @!attribute [rw] subject
|
30
|
+
# @return [::Array<::Grafeas::V1::Subject>]
|
31
|
+
# @!attribute [rw] predicate_type
|
32
|
+
# @return [::String]
|
33
|
+
# `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
|
34
|
+
# @!attribute [rw] provenance
|
35
|
+
# @return [::Grafeas::V1::InTotoProvenance]
|
36
|
+
# @!attribute [rw] slsa_provenance
|
37
|
+
# @return [::Grafeas::V1::SlsaProvenance]
|
38
|
+
class InTotoStatement
|
39
|
+
include ::Google::Protobuf::MessageExts
|
40
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
41
|
+
end
|
42
|
+
|
43
|
+
# @!attribute [rw] name
|
44
|
+
# @return [::String]
|
45
|
+
# @!attribute [rw] digest
|
46
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
47
|
+
# `"<ALGORITHM>": "<HEX_VALUE>"`
|
48
|
+
# Algorithms can be e.g. sha256, sha512
|
49
|
+
# See
|
50
|
+
# https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
|
51
|
+
class Subject
|
52
|
+
include ::Google::Protobuf::MessageExts
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
54
|
+
|
55
|
+
# @!attribute [rw] key
|
56
|
+
# @return [::String]
|
57
|
+
# @!attribute [rw] value
|
58
|
+
# @return [::String]
|
59
|
+
class DigestEntry
|
60
|
+
include ::Google::Protobuf::MessageExts
|
61
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -101,6 +101,14 @@ module Grafeas
|
|
101
101
|
# @!attribute [rw] revision
|
102
102
|
# @return [::String]
|
103
103
|
# The iteration of the package build from the above version.
|
104
|
+
# @!attribute [rw] inclusive
|
105
|
+
# @return [::Boolean]
|
106
|
+
# Whether this version is specifying part of an inclusive range. Grafeas
|
107
|
+
# does not have the capability to specify version ranges; instead we have
|
108
|
+
# fields that specify start version and end versions. At times this is
|
109
|
+
# insufficient - we also need to specify whether the version is included in
|
110
|
+
# the range or is excluded from the range. This boolean is expected to be set
|
111
|
+
# to true when the version is included in a range.
|
104
112
|
# @!attribute [rw] kind
|
105
113
|
# @return [::Grafeas::V1::Version::VersionKind]
|
106
114
|
# Required. Distinguishes between sentinel MIN/MAX versions and normal
|
@@ -0,0 +1,318 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Provenance of a build. Contains all information needed to verify the full
|
23
|
+
# details about the build from source to completion.
|
24
|
+
# @!attribute [rw] id
|
25
|
+
# @return [::String]
|
26
|
+
# Required. Unique identifier of the build.
|
27
|
+
# @!attribute [rw] project_id
|
28
|
+
# @return [::String]
|
29
|
+
# ID of the project.
|
30
|
+
# @!attribute [rw] commands
|
31
|
+
# @return [::Array<::Grafeas::V1::Command>]
|
32
|
+
# Commands requested by the build.
|
33
|
+
# @!attribute [rw] built_artifacts
|
34
|
+
# @return [::Array<::Grafeas::V1::Artifact>]
|
35
|
+
# Output of the build.
|
36
|
+
# @!attribute [rw] create_time
|
37
|
+
# @return [::Google::Protobuf::Timestamp]
|
38
|
+
# Time at which the build was created.
|
39
|
+
# @!attribute [rw] start_time
|
40
|
+
# @return [::Google::Protobuf::Timestamp]
|
41
|
+
# Time at which execution of the build was started.
|
42
|
+
# @!attribute [rw] end_time
|
43
|
+
# @return [::Google::Protobuf::Timestamp]
|
44
|
+
# Time at which execution of the build was finished.
|
45
|
+
# @!attribute [rw] creator
|
46
|
+
# @return [::String]
|
47
|
+
# E-mail address of the user who initiated this build. Note that this was the
|
48
|
+
# user's e-mail address at the time the build was initiated; this address may
|
49
|
+
# not represent the same end-user for all time.
|
50
|
+
# @!attribute [rw] logs_uri
|
51
|
+
# @return [::String]
|
52
|
+
# URI where any logs for this provenance were written.
|
53
|
+
# @!attribute [rw] source_provenance
|
54
|
+
# @return [::Grafeas::V1::Source]
|
55
|
+
# Details of the Source input to the build.
|
56
|
+
# @!attribute [rw] trigger_id
|
57
|
+
# @return [::String]
|
58
|
+
# Trigger identifier if the build was triggered automatically; empty if not.
|
59
|
+
# @!attribute [rw] build_options
|
60
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
61
|
+
# Special options applied to this build. This is a catch-all field where
|
62
|
+
# build providers can enter any desired additional details.
|
63
|
+
# @!attribute [rw] builder_version
|
64
|
+
# @return [::String]
|
65
|
+
# Version string of the builder at the time this build was executed.
|
66
|
+
class BuildProvenance
|
67
|
+
include ::Google::Protobuf::MessageExts
|
68
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
69
|
+
|
70
|
+
# @!attribute [rw] key
|
71
|
+
# @return [::String]
|
72
|
+
# @!attribute [rw] value
|
73
|
+
# @return [::String]
|
74
|
+
class BuildOptionsEntry
|
75
|
+
include ::Google::Protobuf::MessageExts
|
76
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
# Source describes the location of the source used for the build.
|
81
|
+
# @!attribute [rw] artifact_storage_source_uri
|
82
|
+
# @return [::String]
|
83
|
+
# If provided, the input binary artifacts for the build came from this
|
84
|
+
# location.
|
85
|
+
# @!attribute [rw] file_hashes
|
86
|
+
# @return [::Google::Protobuf::Map{::String => ::Grafeas::V1::FileHashes}]
|
87
|
+
# Hash(es) of the build source, which can be used to verify that the original
|
88
|
+
# source integrity was maintained in the build.
|
89
|
+
#
|
90
|
+
# The keys to this map are file paths used as build source and the values
|
91
|
+
# contain the hash values for those files.
|
92
|
+
#
|
93
|
+
# If the build source came in a single package such as a gzipped tarfile
|
94
|
+
# (.tar.gz), the FileHash will be for the single path to that file.
|
95
|
+
# @!attribute [rw] context
|
96
|
+
# @return [::Grafeas::V1::SourceContext]
|
97
|
+
# If provided, the source code used for the build came from this location.
|
98
|
+
# @!attribute [rw] additional_contexts
|
99
|
+
# @return [::Array<::Grafeas::V1::SourceContext>]
|
100
|
+
# If provided, some of the source code used for the build may be found in
|
101
|
+
# these locations, in the case where the source repository had multiple
|
102
|
+
# remotes or submodules. This list will not include the context specified in
|
103
|
+
# the context field.
|
104
|
+
class Source
|
105
|
+
include ::Google::Protobuf::MessageExts
|
106
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
107
|
+
|
108
|
+
# @!attribute [rw] key
|
109
|
+
# @return [::String]
|
110
|
+
# @!attribute [rw] value
|
111
|
+
# @return [::Grafeas::V1::FileHashes]
|
112
|
+
class FileHashesEntry
|
113
|
+
include ::Google::Protobuf::MessageExts
|
114
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
# Container message for hashes of byte content of files, used in source
|
119
|
+
# messages to verify integrity of source input to the build.
|
120
|
+
# @!attribute [rw] file_hash
|
121
|
+
# @return [::Array<::Grafeas::V1::Hash>]
|
122
|
+
# Required. Collection of file hashes.
|
123
|
+
class FileHashes
|
124
|
+
include ::Google::Protobuf::MessageExts
|
125
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
126
|
+
end
|
127
|
+
|
128
|
+
# Container message for hash values.
|
129
|
+
# @!attribute [rw] type
|
130
|
+
# @return [::String]
|
131
|
+
# Required. The type of hash that was performed, e.g. "SHA-256".
|
132
|
+
# @!attribute [rw] value
|
133
|
+
# @return [::String]
|
134
|
+
# Required. The hash value.
|
135
|
+
class Hash
|
136
|
+
include ::Google::Protobuf::MessageExts
|
137
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
138
|
+
end
|
139
|
+
|
140
|
+
# Command describes a step performed as part of the build pipeline.
|
141
|
+
# @!attribute [rw] name
|
142
|
+
# @return [::String]
|
143
|
+
# Required. Name of the command, as presented on the command line, or if the
|
144
|
+
# command is packaged as a Docker container, as presented to `docker pull`.
|
145
|
+
# @!attribute [rw] env
|
146
|
+
# @return [::Array<::String>]
|
147
|
+
# Environment variables set before running this command.
|
148
|
+
# @!attribute [rw] args
|
149
|
+
# @return [::Array<::String>]
|
150
|
+
# Command-line arguments used when executing this command.
|
151
|
+
# @!attribute [rw] dir
|
152
|
+
# @return [::String]
|
153
|
+
# Working directory (relative to project source root) used when running this
|
154
|
+
# command.
|
155
|
+
# @!attribute [rw] id
|
156
|
+
# @return [::String]
|
157
|
+
# Optional unique identifier for this command, used in wait_for to reference
|
158
|
+
# this command as a dependency.
|
159
|
+
# @!attribute [rw] wait_for
|
160
|
+
# @return [::Array<::String>]
|
161
|
+
# The ID(s) of the command(s) that this command depends on.
|
162
|
+
class Command
|
163
|
+
include ::Google::Protobuf::MessageExts
|
164
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
165
|
+
end
|
166
|
+
|
167
|
+
# Artifact describes a build product.
|
168
|
+
# @!attribute [rw] checksum
|
169
|
+
# @return [::String]
|
170
|
+
# Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
|
171
|
+
# container.
|
172
|
+
# @!attribute [rw] id
|
173
|
+
# @return [::String]
|
174
|
+
# Artifact ID, if any; for container images, this will be a URL by digest
|
175
|
+
# like `gcr.io/projectID/imagename@sha256:123456`.
|
176
|
+
# @!attribute [rw] names
|
177
|
+
# @return [::Array<::String>]
|
178
|
+
# Related artifact names. This may be the path to a binary or jar file, or in
|
179
|
+
# the case of a container build, the name used to push the container image to
|
180
|
+
# Google Container Registry, as presented to `docker push`. Note that a
|
181
|
+
# single Artifact ID can have multiple names, for example if two tags are
|
182
|
+
# applied to one image.
|
183
|
+
class Artifact
|
184
|
+
include ::Google::Protobuf::MessageExts
|
185
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
186
|
+
end
|
187
|
+
|
188
|
+
# A SourceContext is a reference to a tree of files. A SourceContext together
|
189
|
+
# with a path point to a unique revision of a single file or directory.
|
190
|
+
# @!attribute [rw] cloud_repo
|
191
|
+
# @return [::Grafeas::V1::CloudRepoSourceContext]
|
192
|
+
# A SourceContext referring to a revision in a Google Cloud Source Repo.
|
193
|
+
# @!attribute [rw] gerrit
|
194
|
+
# @return [::Grafeas::V1::GerritSourceContext]
|
195
|
+
# A SourceContext referring to a Gerrit project.
|
196
|
+
# @!attribute [rw] git
|
197
|
+
# @return [::Grafeas::V1::GitSourceContext]
|
198
|
+
# A SourceContext referring to any third party Git repo (e.g., GitHub).
|
199
|
+
# @!attribute [rw] labels
|
200
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
201
|
+
# Labels with user defined metadata.
|
202
|
+
class SourceContext
|
203
|
+
include ::Google::Protobuf::MessageExts
|
204
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
205
|
+
|
206
|
+
# @!attribute [rw] key
|
207
|
+
# @return [::String]
|
208
|
+
# @!attribute [rw] value
|
209
|
+
# @return [::String]
|
210
|
+
class LabelsEntry
|
211
|
+
include ::Google::Protobuf::MessageExts
|
212
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
213
|
+
end
|
214
|
+
end
|
215
|
+
|
216
|
+
# An alias to a repo revision.
|
217
|
+
# @!attribute [rw] kind
|
218
|
+
# @return [::Grafeas::V1::AliasContext::Kind]
|
219
|
+
# The alias kind.
|
220
|
+
# @!attribute [rw] name
|
221
|
+
# @return [::String]
|
222
|
+
# The alias name.
|
223
|
+
class AliasContext
|
224
|
+
include ::Google::Protobuf::MessageExts
|
225
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
226
|
+
|
227
|
+
# The type of an alias.
|
228
|
+
module Kind
|
229
|
+
# Unknown.
|
230
|
+
KIND_UNSPECIFIED = 0
|
231
|
+
|
232
|
+
# Git tag.
|
233
|
+
FIXED = 1
|
234
|
+
|
235
|
+
# Git branch.
|
236
|
+
MOVABLE = 2
|
237
|
+
|
238
|
+
# Used to specify non-standard aliases. For example, if a Git repo has a
|
239
|
+
# ref named "refs/foo/bar".
|
240
|
+
OTHER = 4
|
241
|
+
end
|
242
|
+
end
|
243
|
+
|
244
|
+
# A CloudRepoSourceContext denotes a particular revision in a Google Cloud
|
245
|
+
# Source Repo.
|
246
|
+
# @!attribute [rw] repo_id
|
247
|
+
# @return [::Grafeas::V1::RepoId]
|
248
|
+
# The ID of the repo.
|
249
|
+
# @!attribute [rw] revision_id
|
250
|
+
# @return [::String]
|
251
|
+
# A revision ID.
|
252
|
+
# @!attribute [rw] alias_context
|
253
|
+
# @return [::Grafeas::V1::AliasContext]
|
254
|
+
# An alias, which may be a branch or tag.
|
255
|
+
class CloudRepoSourceContext
|
256
|
+
include ::Google::Protobuf::MessageExts
|
257
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
258
|
+
end
|
259
|
+
|
260
|
+
# A SourceContext referring to a Gerrit project.
|
261
|
+
# @!attribute [rw] host_uri
|
262
|
+
# @return [::String]
|
263
|
+
# The URI of a running Gerrit instance.
|
264
|
+
# @!attribute [rw] gerrit_project
|
265
|
+
# @return [::String]
|
266
|
+
# The full project name within the host. Projects may be nested, so
|
267
|
+
# "project/subproject" is a valid project name. The "repo name" is the
|
268
|
+
# hostURI/project.
|
269
|
+
# @!attribute [rw] revision_id
|
270
|
+
# @return [::String]
|
271
|
+
# A revision (commit) ID.
|
272
|
+
# @!attribute [rw] alias_context
|
273
|
+
# @return [::Grafeas::V1::AliasContext]
|
274
|
+
# An alias, which may be a branch or tag.
|
275
|
+
class GerritSourceContext
|
276
|
+
include ::Google::Protobuf::MessageExts
|
277
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
278
|
+
end
|
279
|
+
|
280
|
+
# A GitSourceContext denotes a particular revision in a third party Git
|
281
|
+
# repository (e.g., GitHub).
|
282
|
+
# @!attribute [rw] url
|
283
|
+
# @return [::String]
|
284
|
+
# Git repository URL.
|
285
|
+
# @!attribute [rw] revision_id
|
286
|
+
# @return [::String]
|
287
|
+
# Git commit hash.
|
288
|
+
class GitSourceContext
|
289
|
+
include ::Google::Protobuf::MessageExts
|
290
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
291
|
+
end
|
292
|
+
|
293
|
+
# A unique identifier for a Cloud Repo.
|
294
|
+
# @!attribute [rw] project_repo_id
|
295
|
+
# @return [::Grafeas::V1::ProjectRepoId]
|
296
|
+
# A combination of a project ID and a repo name.
|
297
|
+
# @!attribute [rw] uid
|
298
|
+
# @return [::String]
|
299
|
+
# A server-assigned, globally unique identifier.
|
300
|
+
class RepoId
|
301
|
+
include ::Google::Protobuf::MessageExts
|
302
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
303
|
+
end
|
304
|
+
|
305
|
+
# Selects a repo using a Google Cloud Platform project ID (e.g.,
|
306
|
+
# winged-cargo-31) and a repo name within that project.
|
307
|
+
# @!attribute [rw] project_id
|
308
|
+
# @return [::String]
|
309
|
+
# The ID of the project.
|
310
|
+
# @!attribute [rw] repo_name
|
311
|
+
# @return [::String]
|
312
|
+
# The name of the repo. Leave empty for the default repo.
|
313
|
+
class ProjectRepoId
|
314
|
+
include ::Google::Protobuf::MessageExts
|
315
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
316
|
+
end
|
317
|
+
end
|
318
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Note provider assigned severity/impact ranking.
|
23
|
+
module Severity
|
24
|
+
# Unknown.
|
25
|
+
SEVERITY_UNSPECIFIED = 0
|
26
|
+
|
27
|
+
# Minimal severity.
|
28
|
+
MINIMAL = 1
|
29
|
+
|
30
|
+
# Low severity.
|
31
|
+
LOW = 2
|
32
|
+
|
33
|
+
# Medium severity.
|
34
|
+
MEDIUM = 3
|
35
|
+
|
36
|
+
# High severity.
|
37
|
+
HIGH = 4
|
38
|
+
|
39
|
+
# Critical severity.
|
40
|
+
CRITICAL = 5
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,152 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# @!attribute [rw] builder
|
23
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
|
24
|
+
# @!attribute [rw] recipe
|
25
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
|
26
|
+
# Identifies the configuration used for the build.
|
27
|
+
# When combined with materials, this SHOULD fully describe the build,
|
28
|
+
# such that re-running this recipe results in bit-for-bit identical output
|
29
|
+
# (if the build is reproducible).
|
30
|
+
# @!attribute [rw] metadata
|
31
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
|
32
|
+
# @!attribute [rw] materials
|
33
|
+
# @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
|
34
|
+
# The collection of artifacts that influenced the build including sources,
|
35
|
+
# dependencies, build tools, base images, and so on. This is considered to be
|
36
|
+
# incomplete unless metadata.completeness.materials is true. Unset or null is
|
37
|
+
# equivalent to empty.
|
38
|
+
class SlsaProvenance
|
39
|
+
include ::Google::Protobuf::MessageExts
|
40
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
41
|
+
|
42
|
+
# Steps taken to build the artifact.
|
43
|
+
# For a TaskRun, typically each container corresponds to one step in the
|
44
|
+
# recipe.
|
45
|
+
# @!attribute [rw] type
|
46
|
+
# @return [::String]
|
47
|
+
# URI indicating what type of recipe was performed. It determines the
|
48
|
+
# meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
|
49
|
+
# materials.
|
50
|
+
# @!attribute [rw] defined_in_material
|
51
|
+
# @return [::Integer]
|
52
|
+
# Index in materials containing the recipe steps that are not implied by
|
53
|
+
# recipe.type. For example, if the recipe type were "make", then this would
|
54
|
+
# point to the source containing the Makefile, not the make program itself.
|
55
|
+
# Set to -1 if the recipe doesn't come from a material, as zero is default
|
56
|
+
# unset value for int64.
|
57
|
+
# @!attribute [rw] entry_point
|
58
|
+
# @return [::String]
|
59
|
+
# String identifying the entry point into the build.
|
60
|
+
# This is often a path to a configuration file and/or a target label within
|
61
|
+
# that file. The syntax and meaning are defined by recipe.type. For
|
62
|
+
# example, if the recipe type were "make", then this would reference the
|
63
|
+
# directory in which to run make as well as which target to use.
|
64
|
+
# @!attribute [rw] arguments
|
65
|
+
# @return [::Google::Protobuf::Any]
|
66
|
+
# Collection of all external inputs that influenced the build on top of
|
67
|
+
# recipe.definedInMaterial and recipe.entryPoint. For example, if the
|
68
|
+
# recipe type were "make", then this might be the flags passed to make
|
69
|
+
# aside from the target, which is captured in recipe.entryPoint. Depending
|
70
|
+
# on the recipe Type, the structure may be different.
|
71
|
+
# @!attribute [rw] environment
|
72
|
+
# @return [::Google::Protobuf::Any]
|
73
|
+
# Any other builder-controlled inputs necessary for correctly evaluating
|
74
|
+
# the recipe. Usually only needed for reproducing the build but not
|
75
|
+
# evaluated as part of policy. Depending on the recipe Type, the structure
|
76
|
+
# may be different.
|
77
|
+
class SlsaRecipe
|
78
|
+
include ::Google::Protobuf::MessageExts
|
79
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
80
|
+
end
|
81
|
+
|
82
|
+
# Indicates that the builder claims certain fields in this message to be
|
83
|
+
# complete.
|
84
|
+
# @!attribute [rw] arguments
|
85
|
+
# @return [::Boolean]
|
86
|
+
# If true, the builder claims that recipe.arguments is complete, meaning
|
87
|
+
# that all external inputs are properly captured in the recipe.
|
88
|
+
# @!attribute [rw] environment
|
89
|
+
# @return [::Boolean]
|
90
|
+
# If true, the builder claims that recipe.environment is claimed to be
|
91
|
+
# complete.
|
92
|
+
# @!attribute [rw] materials
|
93
|
+
# @return [::Boolean]
|
94
|
+
# If true, the builder claims that materials are complete, usually through
|
95
|
+
# some controls to prevent network access. Sometimes called "hermetic".
|
96
|
+
class SlsaCompleteness
|
97
|
+
include ::Google::Protobuf::MessageExts
|
98
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
99
|
+
end
|
100
|
+
|
101
|
+
# Other properties of the build.
|
102
|
+
# @!attribute [rw] build_invocation_id
|
103
|
+
# @return [::String]
|
104
|
+
# Identifies the particular build invocation, which can be useful for
|
105
|
+
# finding associated logs or other ad-hoc analysis. The value SHOULD be
|
106
|
+
# globally unique, per in-toto Provenance spec.
|
107
|
+
# @!attribute [rw] build_started_on
|
108
|
+
# @return [::Google::Protobuf::Timestamp]
|
109
|
+
# The timestamp of when the build started.
|
110
|
+
# @!attribute [rw] build_finished_on
|
111
|
+
# @return [::Google::Protobuf::Timestamp]
|
112
|
+
# The timestamp of when the build completed.
|
113
|
+
# @!attribute [rw] completeness
|
114
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
|
115
|
+
# Indicates that the builder claims certain fields in this message to be
|
116
|
+
# complete.
|
117
|
+
# @!attribute [rw] reproducible
|
118
|
+
# @return [::Boolean]
|
119
|
+
# If true, the builder claims that running the recipe on materials will
|
120
|
+
# produce bit-for-bit identical output.
|
121
|
+
class SlsaMetadata
|
122
|
+
include ::Google::Protobuf::MessageExts
|
123
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
124
|
+
end
|
125
|
+
|
126
|
+
# @!attribute [rw] id
|
127
|
+
# @return [::String]
|
128
|
+
class SlsaBuilder
|
129
|
+
include ::Google::Protobuf::MessageExts
|
130
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
131
|
+
end
|
132
|
+
|
133
|
+
# @!attribute [rw] uri
|
134
|
+
# @return [::String]
|
135
|
+
# @!attribute [rw] digest
|
136
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
137
|
+
class Material
|
138
|
+
include ::Google::Protobuf::MessageExts
|
139
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
140
|
+
|
141
|
+
# @!attribute [rw] key
|
142
|
+
# @return [::String]
|
143
|
+
# @!attribute [rw] value
|
144
|
+
# @return [::String]
|
145
|
+
class DigestEntry
|
146
|
+
include ::Google::Protobuf::MessageExts
|
147
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
151
|
+
end
|
152
|
+
end
|