RubyGems - google-cloud-container_analysis-v1 - Versions diffs - 0.4.6 → 0.6.0 - Mend

google-cloud-container_analysis-v1 0.4.6 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/README.md +11 -6
data/lib/google/cloud/container_analysis/v1/container_analysis/client.rb +9 -3
data/lib/google/cloud/container_analysis/v1/version.rb +1 -1
data/lib/google/cloud/container_analysis/v1.rb +2 -0
data/lib/google/devtools/containeranalysis/v1/containeranalysis_pb.rb +3 -3
data/proto_docs/google/devtools/containeranalysis/v1/containeranalysis.rb +1 -1
data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
data/proto_docs/google/iam/v1/options.rb +14 -4
data/proto_docs/google/iam/v1/policy.rb +208 -38
data/proto_docs/google/protobuf/field_mask.rb +229 -0
data/proto_docs/grafeas/v1/severity.rb +43 -0
metadata +22 -31
data/proto_docs/google/protobuf/timestamp.rb +0 -129
data/proto_docs/grafeas/v1/common.rb +0 -147
data/proto_docs/grafeas/v1/cvss.rb +0 -111
data/proto_docs/grafeas/v1/package.rb +0 -152
data/proto_docs/grafeas/v1/vulnerability.rb +0 -283

data/proto_docs/grafeas/v1/common.rb DELETED Viewed

@@ -1,147 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # Metadata for any related URL information.
-    # @!attribute [rw] url
-    #   @return [::String]
-    #     Specific URL associated with the resource.
-    # @!attribute [rw] label
-    #   @return [::String]
-    #     Label to describe usage of the URL.
-    class RelatedUrl
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Verifiers (e.g. Kritis implementations) MUST verify signatures
-    # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
-    # Typically this means that the verifier has been configured with a map from
-    # `public_key_id` to public key material (and any required parameters, e.g.
-    # signing algorithm).
-    #
-    # In particular, verification implementations MUST NOT treat the signature
-    # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
-    # DOES NOT validate or authenticate a public key; it only provides a mechanism
-    # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
-    # a trusted channel. Verification implementations MUST reject signatures in any
-    # of the following circumstances:
-    #   * The `public_key_id` is not recognized by the verifier.
-    #   * The public key that `public_key_id` refers to does not verify the
-    #     signature with respect to the payload.
-    #
-    # The `signature` contents SHOULD NOT be "attached" (where the payload is
-    # included with the serialized `signature` bytes). Verifiers MUST ignore any
-    # "attached" payload and only verify signatures with respect to explicitly
-    # provided payload (e.g. a `payload` field on the proto message that holds
-    # this Signature, or the canonical serialization of the proto message that
-    # holds this signature).
-    # @!attribute [rw] signature
-    #   @return [::String]
-    #     The content of the signature, an opaque bytestring.
-    #     The payload that this signature verifies MUST be unambiguously provided
-    #     with the Signature during verification. A wrapper message might provide
-    #     the payload explicitly. Alternatively, a message might have a canonical
-    #     serialization that can always be unambiguously computed to derive the
-    #     payload.
-    # @!attribute [rw] public_key_id
-    #   @return [::String]
-    #     The identifier for the public key that verifies this signature.
-    #       * The `public_key_id` is required.
-    #       * The `public_key_id` SHOULD be an RFC3986 conformant URI.
-    #       * When possible, the `public_key_id` SHOULD be an immutable reference,
-    #         such as a cryptographic digest.
-    #
-    #     Examples of valid `public_key_id`s:
-    #
-    #     OpenPGP V4 public key fingerprint:
-    #       * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
-    #     See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
-    #     details on this scheme.
-    #
-    #     RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
-    #     serialization):
-    #       * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
-    #       * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
-    class Signature
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # MUST match
-    # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
-    # authenticated message of arbitrary type.
-    # @!attribute [rw] payload
-    #   @return [::String]
-    # @!attribute [rw] payload_type
-    #   @return [::String]
-    # @!attribute [rw] signatures
-    #   @return [::Array<::Grafeas::V1::EnvelopeSignature>]
-    class Envelope
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # @!attribute [rw] sig
-    #   @return [::String]
-    # @!attribute [rw] keyid
-    #   @return [::String]
-    class EnvelopeSignature
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Kind represents the kinds of notes supported.
-    module NoteKind
-      # Default value. This value is unused.
-      NOTE_KIND_UNSPECIFIED = 0
-      # The note and occurrence represent a package vulnerability.
-      VULNERABILITY = 1
-      # The note and occurrence assert build provenance.
-      BUILD = 2
-      # This represents an image basis relationship.
-      IMAGE = 3
-      # This represents a package installed via a package manager.
-      PACKAGE = 4
-      # The note and occurrence track deployment events.
-      DEPLOYMENT = 5
-      # The note and occurrence track the initial discovery status of a resource.
-      DISCOVERY = 6
-      # This represents a logical "role" that can attest to artifacts.
-      ATTESTATION = 7
-      # This represents an available package upgrade.
-      UPGRADE = 8
-      # This represents a Compliance Note
-      COMPLIANCE = 9
-      # This represents a DSSE attestation Note
-      DSSE_ATTESTATION = 10
-    end
-  end
-end

data/proto_docs/grafeas/v1/cvss.rb DELETED Viewed

@@ -1,111 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # Common Vulnerability Scoring System version 3.
-    # For details, see https://www.first.org/cvss/specification-document
-    # @!attribute [rw] base_score
-    #   @return [::Float]
-    #     The base score is a function of the base metric scores.
-    # @!attribute [rw] exploitability_score
-    #   @return [::Float]
-    # @!attribute [rw] impact_score
-    #   @return [::Float]
-    # @!attribute [rw] attack_vector
-    #   @return [::Grafeas::V1::CVSSv3::AttackVector]
-    #     Base Metrics
-    #     Represents the intrinsic characteristics of a vulnerability that are
-    #     constant over time and across user environments.
-    # @!attribute [rw] attack_complexity
-    #   @return [::Grafeas::V1::CVSSv3::AttackComplexity]
-    # @!attribute [rw] privileges_required
-    #   @return [::Grafeas::V1::CVSSv3::PrivilegesRequired]
-    # @!attribute [rw] user_interaction
-    #   @return [::Grafeas::V1::CVSSv3::UserInteraction]
-    # @!attribute [rw] scope
-    #   @return [::Grafeas::V1::CVSSv3::Scope]
-    # @!attribute [rw] confidentiality_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] integrity_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] availability_impact
-    #   @return [::Grafeas::V1::CVSSv3::Impact]
-    class CVSSv3
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      module AttackVector
-        ATTACK_VECTOR_UNSPECIFIED = 0
-        ATTACK_VECTOR_NETWORK = 1
-        ATTACK_VECTOR_ADJACENT = 2
-        ATTACK_VECTOR_LOCAL = 3
-        ATTACK_VECTOR_PHYSICAL = 4
-      end
-      module AttackComplexity
-        ATTACK_COMPLEXITY_UNSPECIFIED = 0
-        ATTACK_COMPLEXITY_LOW = 1
-        ATTACK_COMPLEXITY_HIGH = 2
-      end
-      module PrivilegesRequired
-        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
-        PRIVILEGES_REQUIRED_NONE = 1
-        PRIVILEGES_REQUIRED_LOW = 2
-        PRIVILEGES_REQUIRED_HIGH = 3
-      end
-      module UserInteraction
-        USER_INTERACTION_UNSPECIFIED = 0
-        USER_INTERACTION_NONE = 1
-        USER_INTERACTION_REQUIRED = 2
-      end
-      module Scope
-        SCOPE_UNSPECIFIED = 0
-        SCOPE_UNCHANGED = 1
-        SCOPE_CHANGED = 2
-      end
-      module Impact
-        IMPACT_UNSPECIFIED = 0
-        IMPACT_HIGH = 1
-        IMPACT_LOW = 2
-        IMPACT_NONE = 3
-      end
-    end
-  end
-end

data/proto_docs/grafeas/v1/package.rb DELETED Viewed

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # This represents a particular channel of distribution for a given package.
-    # E.g., Debian's jessie-backports dpkg mirror.
-    # @!attribute [rw] cpe_uri
-    #   @return [::String]
-    #     Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
-    #     denoting the package manager version distributing a package.
-    # @!attribute [rw] architecture
-    #   @return [::Grafeas::V1::Architecture]
-    #     The CPU architecture for which packages in this distribution channel were
-    #     built.
-    # @!attribute [rw] latest_version
-    #   @return [::Grafeas::V1::Version]
-    #     The latest available version of this package in this distribution channel.
-    # @!attribute [rw] maintainer
-    #   @return [::String]
-    #     A freeform string denoting the maintainer of this package.
-    # @!attribute [rw] url
-    #   @return [::String]
-    #     The distribution channel-specific homepage for this package.
-    # @!attribute [rw] description
-    #   @return [::String]
-    #     The distribution channel-specific description of this package.
-    class Distribution
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # An occurrence of a particular package installation found within a system's
-    # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
-    # @!attribute [rw] cpe_uri
-    #   @return [::String]
-    #     Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
-    #     denoting the package manager version distributing a package.
-    # @!attribute [rw] version
-    #   @return [::Grafeas::V1::Version]
-    #     The version installed at this location.
-    # @!attribute [rw] path
-    #   @return [::String]
-    #     The path from which we gathered that this package/version is installed.
-    class Location
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # This represents a particular package that is distributed over various
-    # channels. E.g., glibc (aka libc6) is distributed by many, at various
-    # versions.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Required. Immutable. The name of the package.
-    # @!attribute [rw] distribution
-    #   @return [::Array<::Grafeas::V1::Distribution>]
-    #     The various channels by which a package is distributed.
-    class PackageNote
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Details on how a particular software package was installed on a system.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Output only. The name of the installed package.
-    # @!attribute [rw] location
-    #   @return [::Array<::Grafeas::V1::Location>]
-    #     Required. All of the places within the filesystem versions of this package
-    #     have been found.
-    class PackageOccurrence
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-    end
-    # Version contains structured information about the version of a package.
-    # @!attribute [rw] epoch
-    #   @return [::Integer]
-    #     Used to correct mistakes in the version numbering scheme.
-    # @!attribute [rw] name
-    #   @return [::String]
-    #     Required only when version kind is NORMAL. The main part of the version
-    #     name.
-    # @!attribute [rw] revision
-    #   @return [::String]
-    #     The iteration of the package build from the above version.
-    # @!attribute [rw] inclusive
-    #   @return [::Boolean]
-    #     Whether this version is specifying part of an inclusive range. Grafeas
-    #     does not have the capability to specify version ranges; instead we have
-    #     fields that specify start version and end versions. At times this is
-    #     insufficient - we also need to specify whether the version is included in
-    #     the range or is excluded from the range. This boolean is expected to be set
-    #     to true when the version is included in a range.
-    # @!attribute [rw] kind
-    #   @return [::Grafeas::V1::Version::VersionKind]
-    #     Required. Distinguishes between sentinel MIN/MAX versions and normal
-    #     versions.
-    # @!attribute [rw] full_name
-    #   @return [::String]
-    #     Human readable version string. This string is of the form
-    #     <epoch>:<name>-<revision> and is only set when kind is NORMAL.
-    class Version
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # Whether this is an ordinary package version or a sentinel MIN/MAX version.
-      module VersionKind
-        # Unknown.
-        VERSION_KIND_UNSPECIFIED = 0
-        # A standard package version.
-        NORMAL = 1
-        # A special version representing negative infinity.
-        MINIMUM = 2
-        # A special version representing positive infinity.
-        MAXIMUM = 3
-      end
-    end
-    # Instruction set architectures supported by various package managers.
-    module Architecture
-      # Unknown architecture.
-      ARCHITECTURE_UNSPECIFIED = 0
-      # X86 architecture.
-      X86 = 1
-      # X64 architecture.
-      X64 = 2
-    end
-  end
-end

data/proto_docs/grafeas/v1/vulnerability.rb DELETED Viewed

@@ -1,283 +0,0 @@
-# frozen_string_literal: true
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-module Grafeas
-  module V1
-    # A security vulnerability that can be found in resources.
-    # @!attribute [rw] cvss_score
-    #   @return [::Float]
-    #     The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
-    #     where 0 indicates low severity and 10 indicates high severity.
-    # @!attribute [rw] severity
-    #   @return [::Grafeas::V1::Severity]
-    #     The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] details
-    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
-    #     Details of all known distros and packages affected by this vulnerability.
-    # @!attribute [rw] cvss_v3
-    #   @return [::Grafeas::V1::CVSSv3]
-    #     The full description of the CVSSv3 for this vulnerability.
-    # @!attribute [rw] windows_details
-    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
-    #     Windows details get their own format because the information format and
-    #     model don't match a normal detail. Specifically Windows updates are done as
-    #     patches, thus Windows vulnerabilities really are a missing package, rather
-    #     than a package being at an incorrect version.
-    # @!attribute [rw] source_update_time
-    #   @return [::Google::Protobuf::Timestamp]
-    #     The time this information was last changed at the source. This is an
-    #     upstream timestamp from the underlying information source - e.g. Ubuntu
-    #     security tracker.
-    class VulnerabilityNote
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # A detail for a distro and package affected by this vulnerability and its
-      # associated fix (if one is available).
-      # @!attribute [rw] severity_name
-      #   @return [::String]
-      #     The distro assigned severity of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [::String]
-      #     A vendor-specific description of this vulnerability.
-      # @!attribute [rw] package_type
-      #   @return [::String]
-      #     The type of package; whether native or non native (e.g., ruby gems,
-      #     node.js packages, etc.).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] affected_package
-      #   @return [::String]
-      #     Required. The package this vulnerability affects.
-      # @!attribute [rw] affected_version_start
-      #   @return [::Grafeas::V1::Version]
-      #     The version number at the start of an interval in which this
-      #     vulnerability exists. A vulnerability can affect a package between
-      #     version numbers that are disjoint sets of intervals (example:
-      #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
-      #     represented in its own Detail. If a specific affected version is provided
-      #     by a vulnerability database, affected_version_start and
-      #     affected_version_end will be the same in that Detail.
-      # @!attribute [rw] affected_version_end
-      #   @return [::Grafeas::V1::Version]
-      #     The version number at the end of an interval in which this vulnerability
-      #     exists. A vulnerability can affect a package between version numbers
-      #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
-      #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
-      #     own Detail. If a specific affected version is provided by a vulnerability
-      #     database, affected_version_start and affected_version_end will be the
-      #     same in that Detail.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [::String]
-      #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
-      #     to update to that contains a fix for this vulnerability. It is possible
-      #     for this to be different from the affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [::String]
-      #     The distro recommended package to update to that contains a fix for this
-      #     vulnerability. It is possible for this to be different from the
-      #     affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [::Grafeas::V1::Version]
-      #     The distro recommended version to update to that contains a
-      #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
-      #     such version is yet available.
-      # @!attribute [rw] is_obsolete
-      #   @return [::Boolean]
-      #     Whether this detail is obsolete. Occurrences are expected not to point to
-      #     obsolete details.
-      # @!attribute [rw] source_update_time
-      #   @return [::Google::Protobuf::Timestamp]
-      #     The time this information was last changed at the source. This is an
-      #     upstream timestamp from the underlying information source - e.g. Ubuntu
-      #     security tracker.
-      # @!attribute [rw] source
-      #   @return [::String]
-      #     The source from which the information in this Detail was obtained.
-      # @!attribute [rw] vendor
-      #   @return [::String]
-      #     The name of the vendor of the product.
-      class Detail
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-      # @!attribute [rw] cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] name
-      #   @return [::String]
-      #     Required. The name of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [::String]
-      #     The description of this vulnerability.
-      # @!attribute [rw] fixing_kbs
-      #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
-      #     Required. The names of the KBs which have hotfixes to mitigate this
-      #     vulnerability. Note that there may be multiple hotfixes (and thus
-      #     multiple KBs) that mitigate a given vulnerability. Currently any listed
-      #     KBs presence is considered a fix.
-      class WindowsDetail
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-        # @!attribute [rw] name
-        #   @return [::String]
-        #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
-        # @!attribute [rw] url
-        #   @return [::String]
-        #     A link to the KB in the [Windows update catalog]
-        #     (https://www.catalog.update.microsoft.com/).
-        class KnowledgeBase
-          include ::Google::Protobuf::MessageExts
-          extend ::Google::Protobuf::MessageExts::ClassMethods
-        end
-      end
-    end
-    # An occurrence of a severity vulnerability on a resource.
-    # @!attribute [rw] type
-    #   @return [::String]
-    #     The type of package; whether native or non native (e.g., ruby gems, node.js
-    #     packages, etc.).
-    # @!attribute [rw] severity
-    #   @return [::Grafeas::V1::Severity]
-    #     Output only. The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] cvss_score
-    #   @return [::Float]
-    #     Output only. The CVSS score of this vulnerability. CVSS score is on a
-    #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
-    #     severity.
-    # @!attribute [rw] cvssv3
-    #   @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
-    #     The cvss v3 score for the vulnerability.
-    # @!attribute [rw] package_issue
-    #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
-    #     Required. The set of affected locations and their fixes (if available)
-    #     within the associated resource.
-    # @!attribute [rw] short_description
-    #   @return [::String]
-    #     Output only. A one sentence description of this vulnerability.
-    # @!attribute [rw] long_description
-    #   @return [::String]
-    #     Output only. A detailed description of this vulnerability.
-    # @!attribute [rw] related_urls
-    #   @return [::Array<::Grafeas::V1::RelatedUrl>]
-    #     Output only. URLs related to this vulnerability.
-    # @!attribute [rw] effective_severity
-    #   @return [::Grafeas::V1::Severity]
-    #     The distro assigned severity for this vulnerability when it is available,
-    #     otherwise this is the note provider assigned severity.
-    #
-    #     When there are multiple PackageIssues for this vulnerability, they can have
-    #     different effective severities because some might be provided by the distro
-    #     while others are provided by the language ecosystem for a language pack.
-    #     For this reason, it is advised to use the effective severity on the
-    #     PackageIssue level. In the case where multiple PackageIssues have differing
-    #     effective severities, this field should be the highest severity for any of
-    #     the PackageIssues.
-    # @!attribute [rw] fix_available
-    #   @return [::Boolean]
-    #     Output only. Whether at least one of the affected packages has a fix
-    #     available.
-    class VulnerabilityOccurrence
-      include ::Google::Protobuf::MessageExts
-      extend ::Google::Protobuf::MessageExts::ClassMethods
-      # The CVSS v3 score for this vulnerability.
-      # @!attribute [rw] base_score
-      #   @return [::Float]
-      #     The base score for for this vulnerability according to cvss v3.
-      # @!attribute [rw] severity
-      #   @return [::Grafeas::V1::Severity]
-      #     The severity rating assigned to this vulnerability by vulnerability
-      #     provider.
-      class CVSSV3
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-      # A detail for a distro and package this vulnerability occurrence was found
-      # in and its associated fix (if one is available).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [::String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability was found in.
-      # @!attribute [rw] affected_package
-      #   @return [::String]
-      #     Required. The package this vulnerability was found in.
-      # @!attribute [rw] affected_version
-      #   @return [::Grafeas::V1::Version]
-      #     Required. The version of the package that is installed on the resource
-      #     affected by this vulnerability.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [::String]
-      #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
-      #     was fixed in. It is possible for this to be different from the
-      #     affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [::String]
-      #     The package this vulnerability was fixed in. It is possible for this to
-      #     be different from the affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [::Grafeas::V1::Version]
-      #     Required. The version of the package this vulnerability was fixed in.
-      #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
-      # @!attribute [rw] fix_available
-      #   @return [::Boolean]
-      #     Output only. Whether a fix is available for this package.
-      # @!attribute [rw] package_type
-      #   @return [::String]
-      #     The type of package (e.g. OS, MAVEN, GO).
-      # @!attribute [r] effective_severity
-      #   @return [::Grafeas::V1::Severity]
-      #     The distro or language system assigned severity for this vulnerability
-      #     when that is available and note provider assigned severity when it is not
-      #     available.
-      class PackageIssue
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-    end
-    # Note provider assigned severity/impact ranking.
-    module Severity
-      # Unknown.
-      SEVERITY_UNSPECIFIED = 0
-      # Minimal severity.
-      MINIMAL = 1
-      # Low severity.
-      LOW = 2
-      # Medium severity.
-      MEDIUM = 3
-      # High severity.
-      HIGH = 4
-      # Critical severity.
-      CRITICAL = 5
-    end
-  end
-end