RubyGems - google-cloud-container_analysis-v1 - Versions diffs - 0.4.6 → 0.6.0 - Mend

google-cloud-container_analysis-v1 0.4.6 → 0.6.0

Files changed (18) hide show

checksums.yaml +4 -4
data/README.md +11 -6
data/lib/google/cloud/container_analysis/v1/container_analysis/client.rb +9 -3
data/lib/google/cloud/container_analysis/v1/version.rb +1 -1
data/lib/google/cloud/container_analysis/v1.rb +2 -0
data/lib/google/devtools/containeranalysis/v1/containeranalysis_pb.rb +3 -3
data/proto_docs/google/devtools/containeranalysis/v1/containeranalysis.rb +1 -1
data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
data/proto_docs/google/iam/v1/options.rb +14 -4
data/proto_docs/google/iam/v1/policy.rb +208 -38
data/proto_docs/google/protobuf/field_mask.rb +229 -0
data/proto_docs/grafeas/v1/severity.rb +43 -0
metadata +22 -31
data/proto_docs/google/protobuf/timestamp.rb +0 -129
data/proto_docs/grafeas/v1/common.rb +0 -147
data/proto_docs/grafeas/v1/cvss.rb +0 -111
data/proto_docs/grafeas/v1/package.rb +0 -152
data/proto_docs/grafeas/v1/vulnerability.rb +0 -283

data/proto_docs/grafeas/v1/common.rb DELETED Viewed

@@ -1,147 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # Metadata for any related URL information.
-    # @!attribute [rw] url
-    #   @return [::String]
-    #     Specific URL associated with the resource.
-    # @!attribute [rw] label
-    #   @return [::String]
-    #     Label to describe usage of the URL.
-    class RelatedUrl
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Verifiers (e.g. Kritis implementations) MUST verify signatures
-    # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
-    # Typically this means that the verifier has been configured with a map from
-    # `public_key_id` to public key material (and any required parameters, e.g.
-    # signing algorithm).
-    #
-    # In particular, verification implementations MUST NOT treat the signature
-    # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
-    # DOES NOT validate or authenticate a public key; it only provides a mechanism
-    # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
-    # a trusted channel. Verification implementations MUST reject signatures in any
-    # of the following circumstances:
-    #   * The `public_key_id` is not recognized by the verifier.
-    #   * The public key that `public_key_id` refers to does not verify the
-    #     signature with respect to the payload.
-    #
-    # The `signature` contents SHOULD NOT be "attached" (where the payload is
-    # included with the serialized `signature` bytes). Verifiers MUST ignore any
-    # "attached" payload and only verify signatures with respect to explicitly
-    # provided payload (e.g. a `payload` field on the proto message that holds
-    # this Signature, or the canonical serialization of the proto message that
-    # holds this signature).
-    # @!attribute [rw] signature
-    #   @return [::String]
-    #     The content of the signature, an opaque bytestring.
-    #     The payload that this signature verifies MUST be unambiguously provided
-    #     with the Signature during verification. A wrapper message might provide
-    #     the payload explicitly. Alternatively, a message might have a canonical
-    #     serialization that can always be unambiguously computed to derive the
-    #     payload.
-    # @!attribute [rw] public_key_id
-    #   @return [::String]
-    #     The identifier for the public key that verifies this signature.
-    #       * The `public_key_id` is required.
-    #       * The `public_key_id` SHOULD be an RFC3986 conformant URI.
-    #       * When possible, the `public_key_id` SHOULD be an immutable reference,
-    #         such as a cryptographic digest.
-    #
-    #     Examples of valid `public_key_id`s:
-    #
-    #     OpenPGP V4 public key fingerprint:
-    #       * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
-    #     See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
-    #     details on this scheme.
-    #
-    #     RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
-    #     serialization):
-    #       * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
-    #       * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
-    class Signature
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # MUST match
-    # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
-    # authenticated message of arbitrary type.
-    # @!attribute [rw] payload
-    #   @return [::String]
-    # @!attribute [rw] payload_type
-    #   @return [::String]
-    # @!attribute [rw] signatures
-    #   @return [::Array<::Grafeas::V1::EnvelopeSignature>]
-    class Envelope
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # @!attribute [rw] sig
-    #   @return [::String]
-    # @!attribute [rw] keyid
-    #   @return [::String]
-    class EnvelopeSignature
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Kind represents the kinds of notes supported.
-    module NoteKind
-      # Default value. This value is unused.
-      NOTE_KIND_UNSPECIFIED = 0
-      # The note and occurrence represent a package vulnerability.
-      VULNERABILITY = 1
-      # The note and occurrence assert build provenance.
-      BUILD = 2
-      # This represents an image basis relationship.
-      IMAGE = 3
-      # This represents a package installed via a package manager.
-      PACKAGE = 4
-      # The note and occurrence track deployment events.
-      DEPLOYMENT = 5
-      # The note and occurrence track the initial discovery status of a resource.
-      DISCOVERY = 6
-      # This represents a logical "role" that can attest to artifacts.
-      ATTESTATION = 7
-      # This represents an available package upgrade.
-      UPGRADE = 8
-      # This represents a Compliance Note
-      COMPLIANCE = 9
-      # This represents a DSSE attestation Note
-      DSSE_ATTESTATION = 10
-    end
-  end
-end

data/proto_docs/grafeas/v1/cvss.rb DELETED Viewed

@@ -1,111 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # Common Vulnerability Scoring System version 3.
-    # For details, see https://www.first.org/cvss/specification-document
-    # @!attribute [rw] base_score
-    #   @return [::Float]
-    #     The base score is a function of the base metric scores.
-    # @!attribute [rw] exploitability_score
-    #   @return [::Float]
-    # @!attribute [rw] impact_score
-    #   @return [::Float]
-    # @!attribute [rw] attack_vector
-    #   @return [::Grafeas::V1::CVSSv3::AttackVector]
-    #     Base Metrics
-    #     Represents the intrinsic characteristics of a vulnerability that are
-    #     constant over time and across user environments.
-    # @!attribute [rw] attack_complexity
-    #   @return [::Grafeas::V1::CVSSv3::AttackComplexity]
-    # @!attribute [rw] privileges_required
-    #   @return [::Grafeas::V1::CVSSv3::PrivilegesRequired]
-    # @!attribute [rw] user_interaction
-    #   @return [::Grafeas::V1::CVSSv3::UserInteraction]
-    # @!attribute [rw] scope
-    #   @return [::Grafeas::V1::CVSSv3::Scope]
-    # @!attribute [rw] confidentiality_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] integrity_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] availability_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    class CVSSv3
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      module AttackVector
-        ATTACK_VECTOR_UNSPECIFIED = 0
-        ATTACK_VECTOR_NETWORK = 1
-        ATTACK_VECTOR_ADJACENT = 2
-        ATTACK_VECTOR_LOCAL = 3
-        ATTACK_VECTOR_PHYSICAL = 4
-      end
-      module AttackComplexity
-        ATTACK_COMPLEXITY_UNSPECIFIED = 0
-        ATTACK_COMPLEXITY_LOW = 1
-        ATTACK_COMPLEXITY_HIGH = 2
-      end
-      module PrivilegesRequired
-        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
-        PRIVILEGES_REQUIRED_NONE = 1
-        PRIVILEGES_REQUIRED_LOW = 2
-        PRIVILEGES_REQUIRED_HIGH = 3
-      end
-      module UserInteraction
-        USER_INTERACTION_UNSPECIFIED = 0
-        USER_INTERACTION_NONE = 1
-        USER_INTERACTION_REQUIRED = 2
-      end
-      module Scope
-        SCOPE_UNSPECIFIED = 0
-        SCOPE_UNCHANGED = 1
-        SCOPE_CHANGED = 2
-      end
-      module Impact
-        IMPACT_UNSPECIFIED = 0
-        IMPACT_HIGH = 1
-        IMPACT_LOW = 2
-        IMPACT_NONE = 3
-      end
-    end
-  end
-end

data/proto_docs/grafeas/v1/package.rb DELETED Viewed

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # This represents a particular channel of distribution for a given package.
-    # E.g., Debian's jessie-backports dpkg mirror.
-    # @!attribute [rw] cpe_uri
-    #   @return [::String]
-    #     Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
-    #     denoting the package manager version distributing a package.
-    # @!attribute [rw] architecture
-    #   @return [::Grafeas::V1::Architecture]
-    #     The CPU architecture for which packages in this distribution channel were
-    #     built.
-    # @!attribute [rw] latest_version
-    #   @return [::Grafeas::V1::Version]
-    #     The latest available version of this package in this distribution channel.
-    # @!attribute [rw] maintainer
-    #   @return [::String]
-    #     A freeform string denoting the maintainer of this package.
-    # @!attribute [rw] url
-    #   @return [::String]
-    #     The distribution channel-specific homepage for this package.
-    # @!attribute [rw] description
-    #   @return [::String]
-    #     The distribution channel-specific description of this package.
-    class Distribution
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # An occurrence of a particular package installation found within a system's
-    # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
-    # @!attribute [rw] cpe_uri
-    #   @return [::String]
-    #     Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
-    #     denoting the package manager version distributing a package.
-    # @!attribute [rw] version
-    #   @return [::Grafeas::V1::Version]
-    #     The version installed at this location.
-    # @!attribute [rw] path
-    #   @return [::String]
-    #     The path from which we gathered that this package/version is installed.
-    class Location
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # This represents a particular package that is distributed over various
-    # channels. E.g., glibc (aka libc6) is distributed by many, at various
-    # versions.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Required. Immutable. The name of the package.
-    # @!attribute [rw] distribution
-    #   @return [::Array<::Grafeas::V1::Distribution>]
-    #     The various channels by which a package is distributed.
-    class PackageNote
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Details on how a particular software package was installed on a system.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Output only. The name of the installed package.
-    # @!attribute [rw] location
-    #   @return [::Array<::Grafeas::V1::Location>]
-    #     Required. All of the places within the filesystem versions of this package
-    #     have been found.
-    class PackageOccurrence
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Version contains structured information about the version of a package.
-    # @!attribute [rw] epoch
-    #   @return [::Integer]
-    #     Used to correct mistakes in the version numbering scheme.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Required only when version kind is NORMAL. The main part of the version
-    #     name.
-    # @!attribute [rw] revision
-    #   @return [::String]
-    #     The iteration of the package build from the above version.
-    # @!attribute [rw] inclusive
-    #   @return [::Boolean]
-    #     Whether this version is specifying part of an inclusive range. Grafeas
-    #     does not have the capability to specify version ranges; instead we have
-    #     fields that specify start version and end versions. At times this is
-    #     insufficient - we also need to specify whether the version is included in
-    #     the range or is excluded from the range. This boolean is expected to be set
-    #     to true when the version is included in a range.
-    # @!attribute [rw] kind
-    #   @return [::Grafeas::V1::Version::VersionKind]
-    #     Required. Distinguishes between sentinel MIN/MAX versions and normal
-    #     versions.
-    # @!attribute [rw] full_name
-    #   @return [::String]
-    #     Human readable version string. This string is of the form
-    #     <epoch>:<name>-<revision> and is only set when kind is NORMAL.
-    class Version
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # Whether this is an ordinary package version or a sentinel MIN/MAX version.
-      module VersionKind
-        # Unknown.
-        VERSION_KIND_UNSPECIFIED = 0
-        # A standard package version.
-        NORMAL = 1
-        # A special version representing negative infinity.
-        MINIMUM = 2
-        # A special version representing positive infinity.
-        MAXIMUM = 3
-      end
-    end
-    # Instruction set architectures supported by various package managers.
-    module Architecture
-      # Unknown architecture.
-      ARCHITECTURE_UNSPECIFIED = 0
-      # X86 architecture.
-      X86 = 1
-      # X64 architecture.
-      X64 = 2
-    end
-  end
-end

data/proto_docs/grafeas/v1/vulnerability.rb DELETED Viewed

@@ -1,283 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # A security vulnerability that can be found in resources.
-    # @!attribute [rw] cvss_score
-    #   @return [::Float]
-    #     The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
-    #     where 0 indicates low severity and 10 indicates high severity.
-    # @!attribute [rw] severity
-    #   @return [::Grafeas::V1::Severity]
-    #     The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] details
-    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
-    #     Details of all known distros and packages affected by this vulnerability.
-    # @!attribute [rw] cvss_v3
-    #   @return [::Grafeas::V1::CVSSv3]
-    #     The full description of the CVSSv3 for this vulnerability.
-    # @!attribute [rw] windows_details
-    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
-    #     Windows details get their own format because the information format and
-    #     model don't match a normal detail. Specifically Windows updates are done as
-    #     patches, thus Windows vulnerabilities really are a missing package, rather
-    #     than a package being at an incorrect version.
-    # @!attribute [rw] source_update_time
-    #   @return [::Google::Protobuf::Timestamp]
-    #     The time this information was last changed at the source. This is an
-    #     upstream timestamp from the underlying information source - e.g. Ubuntu
-    #     security tracker.
-    class VulnerabilityNote
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # A detail for a distro and package affected by this vulnerability and its
-      # associated fix (if one is available).
-      # @!attribute [rw] severity_name
-      #   @return [::String]
-      #     The distro assigned severity of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [::String]
-      #     A vendor-specific description of this vulnerability.
-      # @!attribute [rw] package_type
-      #   @return [::String]
-      #     The type of package; whether native or non native (e.g., ruby gems,
-      #     node.js packages, etc.).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] affected_package
-      #   @return [::String]
-      #     Required. The package this vulnerability affects.
-      # @!attribute [rw] affected_version_start
-      #   @return [::Grafeas::V1::Version]
-      #     The version number at the start of an interval in which this
-      #     vulnerability exists. A vulnerability can affect a package between
-      #     version numbers that are disjoint sets of intervals (example:
-      #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
-      #     represented in its own Detail. If a specific affected version is provided
-      #     by a vulnerability database, affected_version_start and
-      #     affected_version_end will be the same in that Detail.
-      # @!attribute [rw] affected_version_end
-      #   @return [::Grafeas::V1::Version]
-      #     The version number at the end of an interval in which this vulnerability
-      #     exists. A vulnerability can affect a package between version numbers
-      #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
-      #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
-      #     own Detail. If a specific affected version is provided by a vulnerability
-      #     database, affected_version_start and affected_version_end will be the
-      #     same in that Detail.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [::String]
-      #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
-      #     to update to that contains a fix for this vulnerability. It is possible
-      #     for this to be different from the affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [::String]
-      #     The distro recommended package to update to that contains a fix for this
-      #     vulnerability. It is possible for this to be different from the
-      #     affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [::Grafeas::V1::Version]
-      #     The distro recommended version to update to that contains a
-      #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
-      #     such version is yet available.
-      # @!attribute [rw] is_obsolete
-      #   @return [::Boolean]
-      #     Whether this detail is obsolete. Occurrences are expected not to point to
-      #     obsolete details.
-      # @!attribute [rw] source_update_time
-      #   @return [::Google::Protobuf::Timestamp]
-      #     The time this information was last changed at the source. This is an
-      #     upstream timestamp from the underlying information source - e.g. Ubuntu
-      #     security tracker.
-      # @!attribute [rw] source
-      #   @return [::String]
-      #     The source from which the information in this Detail was obtained.
-      # @!attribute [rw] vendor
-      #   @return [::String]
-      #     The name of the vendor of the product.
-      class Detail
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-      # @!attribute [rw] cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] name
-      #   @return [::String]
-      #     Required. The name of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [::String]
-      #     The description of this vulnerability.
-      # @!attribute [rw] fixing_kbs
-      #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
-      #     Required. The names of the KBs which have hotfixes to mitigate this
-      #     vulnerability. Note that there may be multiple hotfixes (and thus
-      #     multiple KBs) that mitigate a given vulnerability. Currently any listed
-      #     KBs presence is considered a fix.
-      class WindowsDetail
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-        # @!attribute [rw] name
-        #   @return [::String]
-        #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
-        # @!attribute [rw] url
-        #   @return [::String]
-        #     A link to the KB in the [Windows update catalog]
-        #     (https://www.catalog.update.microsoft.com/).
-        class KnowledgeBase
-          include ::Google::Protobuf::MessageExts
-          extend ::Google::Protobuf::MessageExts::ClassMethods
-        end
-      end
-    end
-    # An occurrence of a severity vulnerability on a resource.
-    # @!attribute [rw] type
-    #   @return [::String]
-    #     The type of package; whether native or non native (e.g., ruby gems, node.js
-    #     packages, etc.).
-    # @!attribute [rw] severity
-    #   @return [::Grafeas::V1::Severity]
-    #     Output only. The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] cvss_score
-    #   @return [::Float]
-    #     Output only. The CVSS score of this vulnerability. CVSS score is on a
-    #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
-    #     severity.
-    # @!attribute [rw] cvssv3
-    #   @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
-    #     The cvss v3 score for the vulnerability.
-    # @!attribute [rw] package_issue
-    #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
-    #     Required. The set of affected locations and their fixes (if available)
-    #     within the associated resource.
-    # @!attribute [rw] short_description
-    #   @return [::String]
-    #     Output only. A one sentence description of this vulnerability.
-    # @!attribute [rw] long_description
-    #   @return [::String]
-    #     Output only. A detailed description of this vulnerability.
-    # @!attribute [rw] related_urls
-    #   @return [::Array<::Grafeas::V1::RelatedUrl>]
-    #     Output only. URLs related to this vulnerability.
-    # @!attribute [rw] effective_severity
-    #   @return [::Grafeas::V1::Severity]
-    #     The distro assigned severity for this vulnerability when it is available,
-    #     otherwise this is the note provider assigned severity.
-    #
-    #     When there are multiple PackageIssues for this vulnerability, they can have
-    #     different effective severities because some might be provided by the distro
-    #     while others are provided by the language ecosystem for a language pack.
-    #     For this reason, it is advised to use the effective severity on the
-    #     PackageIssue level. In the case where multiple PackageIssues have differing
-    #     effective severities, this field should be the highest severity for any of
-    #     the PackageIssues.
-    # @!attribute [rw] fix_available
-    #   @return [::Boolean]
-    #     Output only. Whether at least one of the affected packages has a fix
-    #     available.
-    class VulnerabilityOccurrence
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # The CVSS v3 score for this vulnerability.
-      # @!attribute [rw] base_score
-      #   @return [::Float]
-      #     The base score for for this vulnerability according to cvss v3.
-      # @!attribute [rw] severity
-      #   @return [::Grafeas::V1::Severity]
-      #     The severity rating assigned to this vulnerability by vulnerability
-      #     provider.
-      class CVSSV3
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-      # A detail for a distro and package this vulnerability occurrence was found
-      # in and its associated fix (if one is available).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability was found in.
-      # @!attribute [rw] affected_package
-      #   @return [::String]
-      #     Required. The package this vulnerability was found in.
-      # @!attribute [rw] affected_version
-      #   @return [::Grafeas::V1::Version]
-      #     Required. The version of the package that is installed on the resource
-      #     affected by this vulnerability.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [::String]
-      #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
-      #     was fixed in. It is possible for this to be different from the
-      #     affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [::String]
-      #     The package this vulnerability was fixed in. It is possible for this to
-      #     be different from the affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [::Grafeas::V1::Version]
-      #     Required. The version of the package this vulnerability was fixed in.
-      #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
-      # @!attribute [rw] fix_available
-      #   @return [::Boolean]
-      #     Output only. Whether a fix is available for this package.
-      # @!attribute [rw] package_type
-      #   @return [::String]
-      #     The type of package (e.g. OS, MAVEN, GO).
-      # @!attribute [r] effective_severity
-      #   @return [::Grafeas::V1::Severity]
-      #     The distro or language system assigned severity for this vulnerability
-      #     when that is available and note provider assigned severity when it is not
-      #     available.
-      class PackageIssue
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-    end
-    # Note provider assigned severity/impact ranking.
-    module Severity
-      # Unknown.
-      SEVERITY_UNSPECIFIED = 0
-      # Minimal severity.
-      MINIMAL = 1
-      # Low severity.
-      LOW = 2
-      # Medium severity.
-      MEDIUM = 3
-      # High severity.
-      HIGH = 4
-      # Critical severity.
-      CRITICAL = 5
-    end
-  end
-end