grafeas-v1 0.1.0

data/proto_docs/grafeas/v1/upgrade.rb

@@ -0,0 +1,148 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # An Upgrade Note represents a potential upgrade of a package to a given
+    # version. For each package version combination (i.e. bash 4.0, bash 4.1,
+    # bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field
+    # represents the information related to the update.
+    # @!attribute [rw] package
+    #   @return [::String]
+    #     Required for non-Windows OS. The package this Upgrade is for.
+    # @!attribute [rw] version
+    #   @return [::Grafeas::V1::Version]
+    #     Required for non-Windows OS. The version of the package in machine + human
+    #     readable form.
+    # @!attribute [rw] distributions
+    #   @return [::Array<::Grafeas::V1::UpgradeDistribution>]
+    #     Metadata about the upgrade for each specific operating system.
+    # @!attribute [rw] windows_update
+    #   @return [::Grafeas::V1::WindowsUpdate]
+    #     Required for Windows OS. Represents the metadata about the Windows update.
+    class UpgradeNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # The Upgrade Distribution represents metadata about the Upgrade for each
+    # operating system (CPE). Some distributions have additional metadata around
+    # updates, classifying them into various categories and severities.
+    # @!attribute [rw] cpe_uri
+    #   @return [::String]
+    #     Required - The specific operating system this metadata applies to. See
+    #     https://cpe.mitre.org/specification/.
+    # @!attribute [rw] classification
+    #   @return [::String]
+    #     The operating system classification of this Upgrade, as specified by the
+    #     upstream operating system upgrade feed. For Windows the classification is
+    #     one of the category_ids listed at
+    #     https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+    # @!attribute [rw] severity
+    #   @return [::String]
+    #     The severity as specified by the upstream operating system.
+    # @!attribute [rw] cve
+    #   @return [::Array<::String>]
+    #     The cve tied to this Upgrade.
+    class UpgradeDistribution
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Windows Update represents the metadata about the update for the Windows
+    # operating system. The fields in this message come from the Windows Update API
+    # documented at
+    # https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
+    # @!attribute [rw] identity
+    #   @return [::Grafeas::V1::WindowsUpdate::Identity]
+    #     Required - The unique identifier for the update.
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     The localized title of the update.
+    # @!attribute [rw] description
+    #   @return [::String]
+    #     The localized description of the update.
+    # @!attribute [rw] categories
+    #   @return [::Array<::Grafeas::V1::WindowsUpdate::Category>]
+    #     The list of categories to which the update belongs.
+    # @!attribute [rw] kb_article_ids
+    #   @return [::Array<::String>]
+    #     The Microsoft Knowledge Base article IDs that are associated with the
+    #     update.
+    # @!attribute [rw] support_url
+    #   @return [::String]
+    #     The hyperlink to the support information for the update.
+    # @!attribute [rw] last_published_timestamp
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The last published timestamp of the update.
+    class WindowsUpdate
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # The unique identifier of the update.
+      # @!attribute [rw] update_id
+      #   @return [::String]
+      #     The revision independent identifier of the update.
+      # @!attribute [rw] revision
+      #   @return [::Integer]
+      #     The revision number of the update.
+      class Identity
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # The category to which the update belongs.
+      # @!attribute [rw] category_id
+      #   @return [::String]
+      #     The identifier of the category.
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     The localized name of the category.
+      class Category
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # An Upgrade Occurrence represents that a specific resource_url could install a
+    # specific upgrade. This presence is supplied via local sources (i.e. it is
+    # present in the mirror and the running system has noticed its availability).
+    # For Windows, both distribution and windows_update contain information for the
+    # Windows update.
+    # @!attribute [rw] package
+    #   @return [::String]
+    #     Required for non-Windows OS. The package this Upgrade is for.
+    # @!attribute [rw] parsed_version
+    #   @return [::Grafeas::V1::Version]
+    #     Required for non-Windows OS. The version of the package in a machine +
+    #     human readable form.
+    # @!attribute [rw] distribution
+    #   @return [::Grafeas::V1::UpgradeDistribution]
+    #     Metadata about the upgrade for available for the specific operating system
+    #     for the resource_url. This allows efficient filtering, as well as
+    #     making it easier to use the occurrence.
+    # @!attribute [rw] windows_update
+    #   @return [::Grafeas::V1::WindowsUpdate]
+    #     Required for Windows OS. Represents the metadata about the Windows update.
+    class UpgradeOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -0,0 +1,245 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # A security vulnerability that can be found in resources.
+    # @!attribute [rw] cvss_score
+    #   @return [::Float]
+    #     The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
+    #     where 0 indicates low severity and 10 indicates high severity.
+    # @!attribute [rw] severity
+    #   @return [::Grafeas::V1::Severity]
+    #     The note provider assigned severity of this vulnerability.
+    # @!attribute [rw] details
+    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
+    #     Details of all known distros and packages affected by this vulnerability.
+    # @!attribute [rw] cvss_v3
+    #   @return [::Grafeas::V1::CVSSv3]
+    #     The full description of the CVSSv3 for this vulnerability.
+    # @!attribute [rw] windows_details
+    #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
+    #     Windows details get their own format because the information format and
+    #     model don't match a normal detail. Specifically Windows updates are done as
+    #     patches, thus Windows vulnerabilities really are a missing package, rather
+    #     than a package being at an incorrect version.
+    # @!attribute [rw] source_update_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The time this information was last changed at the source. This is an
+    #     upstream timestamp from the underlying information source - e.g. Ubuntu
+    #     security tracker.
+    class VulnerabilityNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A detail for a distro and package affected by this vulnerability and its
+      # associated fix (if one is available).
+      # @!attribute [rw] severity_name
+      #   @return [::String]
+      #     The distro assigned severity of this vulnerability.
+      # @!attribute [rw] description
+      #   @return [::String]
+      #     A vendor-specific description of this vulnerability.
+      # @!attribute [rw] package_type
+      #   @return [::String]
+      #     The type of package; whether native or non native (e.g., ruby gems,
+      #     node.js packages, etc.).
+      # @!attribute [rw] affected_cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability affects.
+      # @!attribute [rw] affected_package
+      #   @return [::String]
+      #     Required. The package this vulnerability affects.
+      # @!attribute [rw] affected_version_start
+      #   @return [::Grafeas::V1::Version]
+      #     The version number at the start of an interval in which this
+      #     vulnerability exists. A vulnerability can affect a package between
+      #     version numbers that are disjoint sets of intervals (example:
+      #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
+      #     represented in its own Detail. If a specific affected version is provided
+      #     by a vulnerability database, affected_version_start and
+      #     affected_version_end will be the same in that Detail.
+      # @!attribute [rw] affected_version_end
+      #   @return [::Grafeas::V1::Version]
+      #     The version number at the end of an interval in which this vulnerability
+      #     exists. A vulnerability can affect a package between version numbers
+      #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
+      #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
+      #     own Detail. If a specific affected version is provided by a vulnerability
+      #     database, affected_version_start and affected_version_end will be the
+      #     same in that Detail.
+      # @!attribute [rw] fixed_cpe_uri
+      #   @return [::String]
+      #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
+      #     to update to that contains a fix for this vulnerability. It is possible
+      #     for this to be different from the affected_cpe_uri.
+      # @!attribute [rw] fixed_package
+      #   @return [::String]
+      #     The distro recommended package to update to that contains a fix for this
+      #     vulnerability. It is possible for this to be different from the
+      #     affected_package.
+      # @!attribute [rw] fixed_version
+      #   @return [::Grafeas::V1::Version]
+      #     The distro recommended version to update to that contains a
+      #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
+      #     such version is yet available.
+      # @!attribute [rw] is_obsolete
+      #   @return [::Boolean]
+      #     Whether this detail is obsolete. Occurrences are expected not to point to
+      #     obsolete details.
+      # @!attribute [rw] source_update_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The time this information was last changed at the source. This is an
+      #     upstream timestamp from the underlying information source - e.g. Ubuntu
+      #     security tracker.
+      class Detail
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability affects.
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Required. The name of this vulnerability.
+      # @!attribute [rw] description
+      #   @return [::String]
+      #     The description of this vulnerability.
+      # @!attribute [rw] fixing_kbs
+      #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
+      #     Required. The names of the KBs which have hotfixes to mitigate this
+      #     vulnerability. Note that there may be multiple hotfixes (and thus
+      #     multiple KBs) that mitigate a given vulnerability. Currently any listed
+      #     KBs presence is considered a fix.
+      class WindowsDetail
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+        # @!attribute [rw] url
+        #   @return [::String]
+        #     A link to the KB in the [Windows update catalog]
+        #     (https://www.catalog.update.microsoft.com/).
+        class KnowledgeBase
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+
+    # An occurrence of a severity vulnerability on a resource.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     The type of package; whether native or non native (e.g., ruby gems, node.js
+    #     packages, etc.).
+    # @!attribute [rw] severity
+    #   @return [::Grafeas::V1::Severity]
+    #     Output only. The note provider assigned severity of this vulnerability.
+    # @!attribute [rw] cvss_score
+    #   @return [::Float]
+    #     Output only. The CVSS score of this vulnerability. CVSS score is on a
+    #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
+    #     severity.
+    # @!attribute [rw] package_issue
+    #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
+    #     Required. The set of affected locations and their fixes (if available)
+    #     within the associated resource.
+    # @!attribute [rw] short_description
+    #   @return [::String]
+    #     Output only. A one sentence description of this vulnerability.
+    # @!attribute [rw] long_description
+    #   @return [::String]
+    #     Output only. A detailed description of this vulnerability.
+    # @!attribute [rw] related_urls
+    #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+    #     Output only. URLs related to this vulnerability.
+    # @!attribute [rw] effective_severity
+    #   @return [::Grafeas::V1::Severity]
+    #     The distro assigned severity for this vulnerability when it is available,
+    #     otherwise this is the note provider assigned severity.
+    # @!attribute [rw] fix_available
+    #   @return [::Boolean]
+    #     Output only. Whether at least one of the affected packages has a fix
+    #     available.
+    class VulnerabilityOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A detail for a distro and package this vulnerability occurrence was found
+      # in and its associated fix (if one is available).
+      # @!attribute [rw] affected_cpe_uri
+      #   @return [::String]
+      #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
+      #     vulnerability was found in.
+      # @!attribute [rw] affected_package
+      #   @return [::String]
+      #     Required. The package this vulnerability was found in.
+      # @!attribute [rw] affected_version
+      #   @return [::Grafeas::V1::Version]
+      #     Required. The version of the package that is installed on the resource
+      #     affected by this vulnerability.
+      # @!attribute [rw] fixed_cpe_uri
+      #   @return [::String]
+      #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
+      #     was fixed in. It is possible for this to be different from the
+      #     affected_cpe_uri.
+      # @!attribute [rw] fixed_package
+      #   @return [::String]
+      #     The package this vulnerability was fixed in. It is possible for this to
+      #     be different from the affected_package.
+      # @!attribute [rw] fixed_version
+      #   @return [::Grafeas::V1::Version]
+      #     Required. The version of the package this vulnerability was fixed in.
+      #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
+      # @!attribute [rw] fix_available
+      #   @return [::Boolean]
+      #     Output only. Whether a fix is available for this package.
+      class PackageIssue
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Note provider assigned severity/impact ranking.
+    module Severity
+      # Unknown.
+      SEVERITY_UNSPECIFIED = 0
+
+      # Minimal severity.
+      MINIMAL = 1
+
+      # Low severity.
+      LOW = 2
+
+      # Medium severity.
+      MEDIUM = 3
+
+      # High severity.
+      HIGH = 4
+
+      # Critical severity.
+      CRITICAL = 5
+    end
+  end
+end

metadata

@@ -0,0 +1,225 @@
+--- !ruby/object:Gem::Specification
+name: grafeas-v1
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Google LLC
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-06-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gapic-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: google-cloud-errors
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: google-style
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.24.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.24.0
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.14'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: minitest-rg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: The Grafeas API stores, and enables querying and retrieval of, critical
+  metadata about all of your software artifacts.
+email: googleapis-packages@google.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".yardopts"
+- LICENSE.md
+- README.md
+- lib/grafeas-v1.rb
+- lib/grafeas/v1.rb
+- lib/grafeas/v1/attestation_pb.rb
+- lib/grafeas/v1/build_pb.rb
+- lib/grafeas/v1/common_pb.rb
+- lib/grafeas/v1/cvss_pb.rb
+- lib/grafeas/v1/deployment_pb.rb
+- lib/grafeas/v1/discovery_pb.rb
+- lib/grafeas/v1/grafeas.rb
+- lib/grafeas/v1/grafeas/client.rb
+- lib/grafeas/v1/grafeas/paths.rb
+- lib/grafeas/v1/grafeas_pb.rb
+- lib/grafeas/v1/grafeas_services_pb.rb
+- lib/grafeas/v1/image_pb.rb
+- lib/grafeas/v1/package_pb.rb
+- lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/upgrade_pb.rb
+- lib/grafeas/v1/version.rb
+- lib/grafeas/v1/vulnerability_pb.rb
+- proto_docs/README.md
+- proto_docs/google/api/field_behavior.rb
+- proto_docs/google/api/resource.rb
+- proto_docs/google/protobuf/any.rb
+- proto_docs/google/protobuf/empty.rb
+- proto_docs/google/protobuf/field_mask.rb
+- proto_docs/google/protobuf/timestamp.rb
+- proto_docs/google/rpc/status.rb
+- proto_docs/grafeas/v1/attestation.rb
+- proto_docs/grafeas/v1/build.rb
+- proto_docs/grafeas/v1/common.rb
+- proto_docs/grafeas/v1/cvss.rb
+- proto_docs/grafeas/v1/deployment.rb
+- proto_docs/grafeas/v1/discovery.rb
+- proto_docs/grafeas/v1/grafeas.rb
+- proto_docs/grafeas/v1/image.rb
+- proto_docs/grafeas/v1/package.rb
+- proto_docs/grafeas/v1/provenance.rb
+- proto_docs/grafeas/v1/upgrade.rb
+- proto_docs/grafeas/v1/vulnerability.rb
+homepage: https://github.com/googleapis/google-cloud-ruby
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.3
+signing_key: 
+specification_version: 4
+summary: API Client library for the Grafeas V1 API
+test_files: []