grafeas-client 0.3.0 → 0.4.0

data/lib/grafeas/v1/doc/grafeas/v1/provenance.rb

@@ -1,248 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # Provenance of a build. Contains all information needed to verify the full
-    # details about the build from source to completion.
-    # @!attribute [rw] id
-    #   @return [String]
-    #     Required. Unique identifier of the build.
-    # @!attribute [rw] project_id
-    #   @return [String]
-    #     ID of the project.
-    # @!attribute [rw] commands
-    #   @return [Array<Grafeas::V1::Command>]
-    #     Commands requested by the build.
-    # @!attribute [rw] built_artifacts
-    #   @return [Array<Grafeas::V1::Artifact>]
-    #     Output of the build.
-    # @!attribute [rw] create_time
-    #   @return [Google::Protobuf::Timestamp]
-    #     Time at which the build was created.
-    # @!attribute [rw] start_time
-    #   @return [Google::Protobuf::Timestamp]
-    #     Time at which execution of the build was started.
-    # @!attribute [rw] end_time
-    #   @return [Google::Protobuf::Timestamp]
-    #     Time at which execution of the build was finished.
-    # @!attribute [rw] creator
-    #   @return [String]
-    #     E-mail address of the user who initiated this build. Note that this was the
-    #     user's e-mail address at the time the build was initiated; this address may
-    #     not represent the same end-user for all time.
-    # @!attribute [rw] logs_uri
-    #   @return [String]
-    #     URI where any logs for this provenance were written.
-    # @!attribute [rw] source_provenance
-    #   @return [Grafeas::V1::Source]
-    #     Details of the Source input to the build.
-    # @!attribute [rw] trigger_id
-    #   @return [String]
-    #     Trigger identifier if the build was triggered automatically; empty if not.
-    # @!attribute [rw] build_options
-    #   @return [Hash{String => String}]
-    #     Special options applied to this build. This is a catch-all field where
-    #     build providers can enter any desired additional details.
-    # @!attribute [rw] builder_version
-    #   @return [String]
-    #     Version string of the builder at the time this build was executed.
-    class BuildProvenance; end
-
-    # Source describes the location of the source used for the build.
-    # @!attribute [rw] artifact_storage_source_uri
-    #   @return [String]
-    #     If provided, the input binary artifacts for the build came from this
-    #     location.
-    # @!attribute [rw] file_hashes
-    #   @return [Hash{String => Grafeas::V1::FileHashes}]
-    #     Hash(es) of the build source, which can be used to verify that the original
-    #     source integrity was maintained in the build.
-    #
-    #     The keys to this map are file paths used as build source and the values
-    #     contain the hash values for those files.
-    #
-    #     If the build source came in a single package such as a gzipped tarfile
-    #     (.tar.gz), the FileHash will be for the single path to that file.
-    # @!attribute [rw] context
-    #   @return [Grafeas::V1::SourceContext]
-    #     If provided, the source code used for the build came from this location.
-    # @!attribute [rw] additional_contexts
-    #   @return [Array<Grafeas::V1::SourceContext>]
-    #     If provided, some of the source code used for the build may be found in
-    #     these locations, in the case where the source repository had multiple
-    #     remotes or submodules. This list will not include the context specified in
-    #     the context field.
-    class Source; end
-
-    # Container message for hashes of byte content of files, used in source
-    # messages to verify integrity of source input to the build.
-    # @!attribute [rw] file_hash
-    #   @return [Array<Grafeas::V1::Hash>]
-    #     Required. Collection of file hashes.
-    class FileHashes; end
-
-    # Container message for hash values.
-    # @!attribute [rw] type
-    #   @return [String]
-    #     Required. The type of hash that was performed, e.g. "SHA-256".
-    # @!attribute [rw] value
-    #   @return [String]
-    #     Required. The hash value.
-    class Hash; end
-
-    # Command describes a step performed as part of the build pipeline.
-    # @!attribute [rw] name
-    #   @return [String]
-    #     Required. Name of the command, as presented on the command line, or if the
-    #     command is packaged as a Docker container, as presented to `docker pull`.
-    # @!attribute [rw] env
-    #   @return [Array<String>]
-    #     Environment variables set before running this command.
-    # @!attribute [rw] args
-    #   @return [Array<String>]
-    #     Command-line arguments used when executing this command.
-    # @!attribute [rw] dir
-    #   @return [String]
-    #     Working directory (relative to project source root) used when running this
-    #     command.
-    # @!attribute [rw] id
-    #   @return [String]
-    #     Optional unique identifier for this command, used in wait_for to reference
-    #     this command as a dependency.
-    # @!attribute [rw] wait_for
-    #   @return [Array<String>]
-    #     The ID(s) of the command(s) that this command depends on.
-    class Command; end
-
-    # Artifact describes a build product.
-    # @!attribute [rw] checksum
-    #   @return [String]
-    #     Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
-    #     container.
-    # @!attribute [rw] id
-    #   @return [String]
-    #     Artifact ID, if any; for container images, this will be a URL by digest
-    #     like `gcr.io/projectID/imagename@sha256:123456`.
-    # @!attribute [rw] names
-    #   @return [Array<String>]
-    #     Related artifact names. This may be the path to a binary or jar file, or in
-    #     the case of a container build, the name used to push the container image to
-    #     Google Container Registry, as presented to `docker push`. Note that a
-    #     single Artifact ID can have multiple names, for example if two tags are
-    #     applied to one image.
-    class Artifact; end
-
-    # A SourceContext is a reference to a tree of files. A SourceContext together
-    # with a path point to a unique revision of a single file or directory.
-    # @!attribute [rw] cloud_repo
-    #   @return [Grafeas::V1::CloudRepoSourceContext]
-    #     A SourceContext referring to a revision in a Google Cloud Source Repo.
-    # @!attribute [rw] gerrit
-    #   @return [Grafeas::V1::GerritSourceContext]
-    #     A SourceContext referring to a Gerrit project.
-    # @!attribute [rw] git
-    #   @return [Grafeas::V1::GitSourceContext]
-    #     A SourceContext referring to any third party Git repo (e.g., GitHub).
-    # @!attribute [rw] labels
-    #   @return [Hash{String => String}]
-    #     Labels with user defined metadata.
-    class SourceContext; end
-
-    # An alias to a repo revision.
-    # @!attribute [rw] kind
-    #   @return [Grafeas::V1::AliasContext::Kind]
-    #     The alias kind.
-    # @!attribute [rw] name
-    #   @return [String]
-    #     The alias name.
-    class AliasContext
-      # The type of an alias.
-      module Kind
-        # Unknown.
-        KIND_UNSPECIFIED = 0
-
-        # Git tag.
-        FIXED = 1
-
-        # Git branch.
-        MOVABLE = 2
-
-        # Used to specify non-standard aliases. For example, if a Git repo has a
-        # ref named "refs/foo/bar".
-        OTHER = 4
-      end
-    end
-
-    # A CloudRepoSourceContext denotes a particular revision in a Google Cloud
-    # Source Repo.
-    # @!attribute [rw] repo_id
-    #   @return [Grafeas::V1::RepoId]
-    #     The ID of the repo.
-    # @!attribute [rw] revision_id
-    #   @return [String]
-    #     A revision ID.
-    # @!attribute [rw] alias_context
-    #   @return [Grafeas::V1::AliasContext]
-    #     An alias, which may be a branch or tag.
-    class CloudRepoSourceContext; end
-
-    # A SourceContext referring to a Gerrit project.
-    # @!attribute [rw] host_uri
-    #   @return [String]
-    #     The URI of a running Gerrit instance.
-    # @!attribute [rw] gerrit_project
-    #   @return [String]
-    #     The full project name within the host. Projects may be nested, so
-    #     "project/subproject" is a valid project name. The "repo name" is the
-    #     hostURI/project.
-    # @!attribute [rw] revision_id
-    #   @return [String]
-    #     A revision (commit) ID.
-    # @!attribute [rw] alias_context
-    #   @return [Grafeas::V1::AliasContext]
-    #     An alias, which may be a branch or tag.
-    class GerritSourceContext; end
-
-    # A GitSourceContext denotes a particular revision in a third party Git
-    # repository (e.g., GitHub).
-    # @!attribute [rw] url
-    #   @return [String]
-    #     Git repository URL.
-    # @!attribute [rw] revision_id
-    #   @return [String]
-    #     Git commit hash.
-    class GitSourceContext; end
-
-    # A unique identifier for a Cloud Repo.
-    # @!attribute [rw] project_repo_id
-    #   @return [Grafeas::V1::ProjectRepoId]
-    #     A combination of a project ID and a repo name.
-    # @!attribute [rw] uid
-    #   @return [String]
-    #     A server-assigned, globally unique identifier.
-    class RepoId; end
-
-    # Selects a repo using a Google Cloud Platform project ID (e.g.,
-    # winged-cargo-31) and a repo name within that project.
-    # @!attribute [rw] project_id
-    #   @return [String]
-    #     The ID of the project.
-    # @!attribute [rw] repo_name
-    #   @return [String]
-    #     The name of the repo. Leave empty for the default repo.
-    class ProjectRepoId; end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb

@@ -1,214 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # A security vulnerability that can be found in resources.
-    # @!attribute [rw] cvss_score
-    #   @return [Float]
-    #     The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
-    #     where 0 indicates low severity and 10 indicates high severity.
-    # @!attribute [rw] severity
-    #   @return [Grafeas::V1::Severity]
-    #     The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] details
-    #   @return [Array<Grafeas::V1::VulnerabilityNote::Detail>]
-    #     Details of all known distros and packages affected by this vulnerability.
-    # @!attribute [rw] cvss_v3
-    #   @return [Grafeas::V1::CVSSv3]
-    #     The full description of the CVSSv3 for this vulnerability.
-    # @!attribute [rw] windows_details
-    #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail>]
-    #     Windows details get their own format because the information format and
-    #     model don't match a normal detail. Specifically Windows updates are done as
-    #     patches, thus Windows vulnerabilities really are a missing package, rather
-    #     than a package being at an incorrect version.
-    class VulnerabilityNote
-      # A detail for a distro and package affected by this vulnerability and its
-      # associated fix (if one is available).
-      # @!attribute [rw] severity_name
-      #   @return [String]
-      #     The distro assigned severity of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [String]
-      #     A vendor-specific description of this vulnerability.
-      # @!attribute [rw] package_type
-      #   @return [String]
-      #     The type of package; whether native or non native (e.g., ruby gems,
-      #     node.js packages, etc.).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] affected_package
-      #   @return [String]
-      #     Required. The package this vulnerability affects.
-      # @!attribute [rw] affected_version_start
-      #   @return [Grafeas::V1::Version]
-      #     The version number at the start of an interval in which this
-      #     vulnerability exists. A vulnerability can affect a package between
-      #     version numbers that are disjoint sets of intervals (example:
-      #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
-      #     represented in its own Detail. If a specific affected version is provided
-      #     by a vulnerability database, affected_version_start and
-      #     affected_version_end will be the same in that Detail.
-      # @!attribute [rw] affected_version_end
-      #   @return [Grafeas::V1::Version]
-      #     The version number at the end of an interval in which this vulnerability
-      #     exists. A vulnerability can affect a package between version numbers
-      #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
-      #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
-      #     own Detail. If a specific affected version is provided by a vulnerability
-      #     database, affected_version_start and affected_version_end will be the
-      #     same in that Detail.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [String]
-      #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
-      #     to update to that contains a fix for this vulnerability. It is possible
-      #     for this to be different from the affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [String]
-      #     The distro recommended package to update to that contains a fix for this
-      #     vulnerability. It is possible for this to be different from the
-      #     affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [Grafeas::V1::Version]
-      #     The distro recommended version to update to that contains a
-      #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
-      #     such version is yet available.
-      # @!attribute [rw] is_obsolete
-      #   @return [true, false]
-      #     Whether this detail is obsolete. Occurrences are expected not to point to
-      #     obsolete details.
-      class Detail; end
-
-      # @!attribute [rw] cpe_uri
-      #   @return [String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability affects.
-      # @!attribute [rw] name
-      #   @return [String]
-      #     Required. The name of this vulnerability.
-      # @!attribute [rw] description
-      #   @return [String]
-      #     The description of this vulnerability.
-      # @!attribute [rw] fixing_kbs
-      #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
-      #     Required. The names of the KBs which have hotfixes to mitigate this
-      #     vulnerability. Note that there may be multiple hotfixes (and thus
-      #     multiple KBs) that mitigate a given vulnerability. Currently any listed
-      #     KBs presence is considered a fix.
-      class WindowsDetail
-        # @!attribute [rw] name
-        #   @return [String]
-        #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
-        # @!attribute [rw] url
-        #   @return [String]
-        #     A link to the KB in the [Windows update catalog]
-        #     (https://www.catalog.update.microsoft.com/).
-        class KnowledgeBase; end
-      end
-    end
-
-    # An occurrence of a severity vulnerability on a resource.
-    # @!attribute [rw] type
-    #   @return [String]
-    #     The type of package; whether native or non native (e.g., ruby gems, node.js
-    #     packages, etc.).
-    # @!attribute [rw] severity
-    #   @return [Grafeas::V1::Severity]
-    #     Output only. The note provider assigned severity of this vulnerability.
-    # @!attribute [rw] cvss_score
-    #   @return [Float]
-    #     Output only. The CVSS score of this vulnerability. CVSS score is on a
-    #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
-    #     severity.
-    # @!attribute [rw] package_issue
-    #   @return [Array<Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
-    #     Required. The set of affected locations and their fixes (if available)
-    #     within the associated resource.
-    # @!attribute [rw] short_description
-    #   @return [String]
-    #     Output only. A one sentence description of this vulnerability.
-    # @!attribute [rw] long_description
-    #   @return [String]
-    #     Output only. A detailed description of this vulnerability.
-    # @!attribute [rw] related_urls
-    #   @return [Array<Grafeas::V1::RelatedUrl>]
-    #     Output only. URLs related to this vulnerability.
-    # @!attribute [rw] effective_severity
-    #   @return [Grafeas::V1::Severity]
-    #     The distro assigned severity for this vulnerability when it is available,
-    #     and note provider assigned severity when distro has not yet assigned a
-    #     severity for this vulnerability.
-    # @!attribute [rw] fix_available
-    #   @return [true, false]
-    #     Output only. Whether at least one of the affected packages has a fix
-    #     available.
-    class VulnerabilityOccurrence
-      # A detail for a distro and package this vulnerability occurrence was found
-      # in and its associated fix (if one is available).
-      # @!attribute [rw] affected_cpe_uri
-      #   @return [String]
-      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
-      #     vulnerability was found in.
-      # @!attribute [rw] affected_package
-      #   @return [String]
-      #     Required. The package this vulnerability was found in.
-      # @!attribute [rw] affected_version
-      #   @return [Grafeas::V1::Version]
-      #     Required. The version of the package that is installed on the resource
-      #     affected by this vulnerability.
-      # @!attribute [rw] fixed_cpe_uri
-      #   @return [String]
-      #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
-      #     was fixed in. It is possible for this to be different from the
-      #     affected_cpe_uri.
-      # @!attribute [rw] fixed_package
-      #   @return [String]
-      #     The package this vulnerability was fixed in. It is possible for this to
-      #     be different from the affected_package.
-      # @!attribute [rw] fixed_version
-      #   @return [Grafeas::V1::Version]
-      #     Required. The version of the package this vulnerability was fixed in.
-      #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
-      # @!attribute [rw] fix_available
-      #   @return [true, false]
-      #     Output only. Whether a fix is available for this package.
-      class PackageIssue; end
-    end
-
-    # Note provider assigned severity/impact ranking.
-    module Severity
-      # Unknown.
-      SEVERITY_UNSPECIFIED = 0
-
-      # Minimal severity.
-      MINIMAL = 1
-
-      # Low severity.
-      LOW = 2
-
-      # Medium severity.
-      MEDIUM = 3
-
-      # High severity.
-      HIGH = 4
-
-      # Critical severity.
-      CRITICAL = 5
-    end
-  end
-end