grafeas-v1 0.1.4 → 0.3.0

data/proto_docs/grafeas/v1/intoto_provenance.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Steps taken to build the artifact.
+    # For a TaskRun, typically each container corresponds to one step in the
+    # recipe.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     URI indicating what type of recipe was performed. It determines the meaning
+    #     of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+    # @!attribute [rw] defined_in_material
+    #   @return [::Integer]
+    #     Index in materials containing the recipe steps that are not implied by
+    #     recipe.type. For example, if the recipe type were "make", then this would
+    #     point to the source containing the Makefile, not the make program itself.
+    #     Set to -1 if the recipe doesn't come from a material, as zero is default
+    #     unset value for int64.
+    # @!attribute [rw] entry_point
+    #   @return [::String]
+    #     String identifying the entry point into the build.
+    #     This is often a path to a configuration file and/or a target label within
+    #     that file. The syntax and meaning are defined by recipe.type. For example,
+    #     if the recipe type were "make", then this would reference the directory in
+    #     which to run make as well as which target to use.
+    # @!attribute [rw] arguments
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     Collection of all external inputs that influenced the build on top of
+    #     recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe
+    #     type were "make", then this might be the flags passed to make aside from
+    #     the target, which is captured in recipe.entryPoint. Since the arguments
+    #     field can greatly vary in structure, depending on the builder and recipe
+    #     type, this is of form "Any".
+    # @!attribute [rw] environment
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     Any other builder-controlled inputs necessary for correctly evaluating the
+    #     recipe. Usually only needed for reproducing the build but not evaluated as
+    #     part of policy. Since the environment field can greatly vary in structure,
+    #     depending on the builder and recipe type, this is of form "Any".
+    class Recipe
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Indicates that the builder claims certain fields in this message to be
+    # complete.
+    # @!attribute [rw] arguments
+    #   @return [::Boolean]
+    #     If true, the builder claims that recipe.arguments is complete, meaning that
+    #     all external inputs are properly captured in the recipe.
+    # @!attribute [rw] environment
+    #   @return [::Boolean]
+    #     If true, the builder claims that recipe.environment is claimed to be
+    #     complete.
+    # @!attribute [rw] materials
+    #   @return [::Boolean]
+    #     If true, the builder claims that materials are complete, usually through
+    #     some controls to prevent network access. Sometimes called "hermetic".
+    class Completeness
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Other properties of the build.
+    # @!attribute [rw] build_invocation_id
+    #   @return [::String]
+    #     Identifies the particular build invocation, which can be useful for finding
+    #     associated logs or other ad-hoc analysis. The value SHOULD be globally
+    #     unique, per in-toto Provenance spec.
+    # @!attribute [rw] build_started_on
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The timestamp of when the build started.
+    # @!attribute [rw] build_finished_on
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The timestamp of when the build completed.
+    # @!attribute [rw] completeness
+    #   @return [::Grafeas::V1::Completeness]
+    #     Indicates that the builder claims certain fields in this message to be
+    #     complete.
+    # @!attribute [rw] reproducible
+    #   @return [::Boolean]
+    #     If true, the builder claims that running the recipe on materials will
+    #     produce bit-for-bit identical output.
+    class Metadata
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] id
+    #   @return [::String]
+    class BuilderConfig
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] builder_config
+    #   @return [::Grafeas::V1::BuilderConfig]
+    # @!attribute [rw] recipe
+    #   @return [::Grafeas::V1::Recipe]
+    #     Identifies the configuration used for the build.
+    #     When combined with materials, this SHOULD fully describe the build,
+    #     such that re-running this recipe results in bit-for-bit identical output
+    #     (if the build is reproducible).
+    # @!attribute [rw] metadata
+    #   @return [::Grafeas::V1::Metadata]
+    # @!attribute [rw] materials
+    #   @return [::Array<::String>]
+    #     The collection of artifacts that influenced the build including sources,
+    #     dependencies, build tools, base images, and so on. This is considered to be
+    #     incomplete unless metadata.completeness.materials is true. Unset or null is
+    #     equivalent to empty.
+    class InTotoProvenance
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/intoto_statement.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Spec defined at
+    # https://github.com/in-toto/attestation/tree/main/spec#statement The
+    # serialized InTotoStatement will be stored as Envelope.payload.
+    # Envelope.payloadType is always "application/vnd.in-toto+json".
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     Always `https://in-toto.io/Statement/v0.1`.
+    # @!attribute [rw] subject
+    #   @return [::Array<::Grafeas::V1::Subject>]
+    # @!attribute [rw] predicate_type
+    #   @return [::String]
+    #     `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
+    # @!attribute [rw] provenance
+    #   @return [::Grafeas::V1::InTotoProvenance]
+    # @!attribute [rw] slsa_provenance
+    #   @return [::Grafeas::V1::SlsaProvenance]
+    class InTotoStatement
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] name
+    #   @return [::String]
+    # @!attribute [rw] digest
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     `"<ALGORITHM>": "<HEX_VALUE>"`
+    #     Algorithms can be e.g. sha256, sha512
+    #     See
+    #     https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+    class Subject
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class DigestEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/package.rb

@@ -101,6 +101,14 @@ module Grafeas
     # @!attribute [rw] revision
     #   @return [::String]
     #     The iteration of the package build from the above version.
+    # @!attribute [rw] inclusive
+    #   @return [::Boolean]
+    #     Whether this version is specifying part of an inclusive range. Grafeas
+    #     does not have the capability to specify version ranges; instead we have
+    #     fields that specify start version and end versions. At times this is
+    #     insufficient - we also need to specify whether the version is included in
+    #     the range or is excluded from the range. This boolean is expected to be set
+    #     to true when the version is included in a range.
     # @!attribute [rw] kind
     #   @return [::Grafeas::V1::Version::VersionKind]
     #     Required. Distinguishes between sentinel MIN/MAX versions and normal

data/proto_docs/grafeas/v1/slsa_provenance.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # @!attribute [rw] builder
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
+    # @!attribute [rw] recipe
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
+    #     Identifies the configuration used for the build.
+    #     When combined with materials, this SHOULD fully describe the build,
+    #     such that re-running this recipe results in bit-for-bit identical output
+    #     (if the build is reproducible).
+    # @!attribute [rw] metadata
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
+    # @!attribute [rw] materials
+    #   @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
+    #     The collection of artifacts that influenced the build including sources,
+    #     dependencies, build tools, base images, and so on. This is considered to be
+    #     incomplete unless metadata.completeness.materials is true. Unset or null is
+    #     equivalent to empty.
+    class SlsaProvenance
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Steps taken to build the artifact.
+      # For a TaskRun, typically each container corresponds to one step in the
+      # recipe.
+      # @!attribute [rw] type
+      #   @return [::String]
+      #     URI indicating what type of recipe was performed. It determines the
+      #     meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
+      #     materials.
+      # @!attribute [rw] defined_in_material
+      #   @return [::Integer]
+      #     Index in materials containing the recipe steps that are not implied by
+      #     recipe.type. For example, if the recipe type were "make", then this would
+      #     point to the source containing the Makefile, not the make program itself.
+      #     Set to -1 if the recipe doesn't come from a material, as zero is default
+      #     unset value for int64.
+      # @!attribute [rw] entry_point
+      #   @return [::String]
+      #     String identifying the entry point into the build.
+      #     This is often a path to a configuration file and/or a target label within
+      #     that file. The syntax and meaning are defined by recipe.type. For
+      #     example, if the recipe type were "make", then this would reference the
+      #     directory in which to run make as well as which target to use.
+      # @!attribute [rw] arguments
+      #   @return [::Google::Protobuf::Any]
+      #     Collection of all external inputs that influenced the build on top of
+      #     recipe.definedInMaterial and recipe.entryPoint. For example, if the
+      #     recipe type were "make", then this might be the flags passed to make
+      #     aside from the target, which is captured in recipe.entryPoint. Depending
+      #     on the recipe Type, the structure may be different.
+      # @!attribute [rw] environment
+      #   @return [::Google::Protobuf::Any]
+      #     Any other builder-controlled inputs necessary for correctly evaluating
+      #     the recipe. Usually only needed for reproducing the build but not
+      #     evaluated as part of policy. Depending on the recipe Type, the structure
+      #     may be different.
+      class SlsaRecipe
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Indicates that the builder claims certain fields in this message to be
+      # complete.
+      # @!attribute [rw] arguments
+      #   @return [::Boolean]
+      #     If true, the builder claims that recipe.arguments is complete, meaning
+      #     that all external inputs are properly captured in the recipe.
+      # @!attribute [rw] environment
+      #   @return [::Boolean]
+      #     If true, the builder claims that recipe.environment is claimed to be
+      #     complete.
+      # @!attribute [rw] materials
+      #   @return [::Boolean]
+      #     If true, the builder claims that materials are complete, usually through
+      #     some controls to prevent network access. Sometimes called "hermetic".
+      class SlsaCompleteness
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Other properties of the build.
+      # @!attribute [rw] build_invocation_id
+      #   @return [::String]
+      #     Identifies the particular build invocation, which can be useful for
+      #     finding associated logs or other ad-hoc analysis. The value SHOULD be
+      #     globally unique, per in-toto Provenance spec.
+      # @!attribute [rw] build_started_on
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The timestamp of when the build started.
+      # @!attribute [rw] build_finished_on
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The timestamp of when the build completed.
+      # @!attribute [rw] completeness
+      #   @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
+      #     Indicates that the builder claims certain fields in this message to be
+      #     complete.
+      # @!attribute [rw] reproducible
+      #   @return [::Boolean]
+      #     If true, the builder claims that running the recipe on materials will
+      #     produce bit-for-bit identical output.
+      class SlsaMetadata
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] id
+      #   @return [::String]
+      class SlsaBuilder
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] uri
+      #   @return [::String]
+      # @!attribute [rw] digest
+      #   @return [::Google::Protobuf::Map{::String => ::String}]
+      class Material
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] key
+        #   @return [::String]
+        # @!attribute [rw] value
+        #   @return [::String]
+        class DigestEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -109,6 +109,12 @@ module Grafeas
       #     The time this information was last changed at the source. This is an
       #     upstream timestamp from the underlying information source - e.g. Ubuntu
       #     security tracker.
+      # @!attribute [rw] source
+      #   @return [::String]
+      #     The source from which the information in this Detail was obtained.
+      # @!attribute [rw] vendor
+      #   @return [::String]
+      #     The name of the vendor of the product.
       class Detail
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -161,6 +167,9 @@ module Grafeas
     #     Output only. The CVSS score of this vulnerability. CVSS score is on a
     #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
     #     severity.
+    # @!attribute [rw] cvssv3
+    #   @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
+    #     The cvss v3 score for the vulnerability.
     # @!attribute [rw] package_issue
     #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
     #     Required. The set of affected locations and their fixes (if available)
@@ -178,6 +187,14 @@ module Grafeas
     #   @return [::Grafeas::V1::Severity]
     #     The distro assigned severity for this vulnerability when it is available,
     #     otherwise this is the note provider assigned severity.
+    #
+    #     When there are multiple PackageIssues for this vulnerability, they can have
+    #     different effective severities because some might be provided by the distro
+    #     while others are provided by the language ecosystem for a language pack.
+    #     For this reason, it is advised to use the effective severity on the
+    #     PackageIssue level. In the case where multiple PackageIssues have differing
+    #     effective severities, this field should be the highest severity for any of
+    #     the PackageIssues.
     # @!attribute [rw] fix_available
     #   @return [::Boolean]
     #     Output only. Whether at least one of the affected packages has a fix
@@ -186,6 +203,19 @@ module Grafeas
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
 
+      # The CVSS v3 score for this vulnerability.
+      # @!attribute [rw] base_score
+      #   @return [::Float]
+      #     The base score for for this vulnerability according to cvss v3.
+      # @!attribute [rw] severity
+      #   @return [::Grafeas::V1::Severity]
+      #     The severity rating assigned to this vulnerability by vulnerability
+      #     provider.
+      class CVSSV3
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
       # A detail for a distro and package this vulnerability occurrence was found
       # in and its associated fix (if one is available).
       # @!attribute [rw] affected_cpe_uri
@@ -215,6 +245,14 @@ module Grafeas
       # @!attribute [rw] fix_available
       #   @return [::Boolean]
       #     Output only. Whether a fix is available for this package.
+      # @!attribute [rw] package_type
+      #   @return [::String]
+      #     The type of package (e.g. OS, MAVEN, GO).
+      # @!attribute [r] effective_severity
+      #   @return [::Grafeas::V1::Severity]
+      #     The distro or language system assigned severity for this vulnerability
+      #     when that is available and note provider assigned severity when it is not
+      #     available.
       class PackageIssue
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-02 00:00:00.000000000 Z
+date: 2021-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: 2.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: 2.a
 - !ruby/object:Gem::Dependency
   name: google-cloud-errors
   requirement: !ruby/object:Gem::Requirement
@@ -44,14 +50,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.24.0
+        version: 1.25.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.24.0
+        version: 1.25.1
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -167,17 +173,22 @@ files:
 - lib/grafeas/v1/attestation_pb.rb
 - lib/grafeas/v1/build_pb.rb
 - lib/grafeas/v1/common_pb.rb
+- lib/grafeas/v1/compliance_pb.rb
 - lib/grafeas/v1/cvss_pb.rb
 - lib/grafeas/v1/deployment_pb.rb
 - lib/grafeas/v1/discovery_pb.rb
+- lib/grafeas/v1/dsse_attestation_pb.rb
 - lib/grafeas/v1/grafeas.rb
 - lib/grafeas/v1/grafeas/client.rb
 - lib/grafeas/v1/grafeas/paths.rb
 - lib/grafeas/v1/grafeas_pb.rb
 - lib/grafeas/v1/grafeas_services_pb.rb
 - lib/grafeas/v1/image_pb.rb
+- lib/grafeas/v1/intoto_provenance_pb.rb
+- lib/grafeas/v1/intoto_statement_pb.rb
 - lib/grafeas/v1/package_pb.rb
 - lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/slsa_provenance_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
 - lib/grafeas/v1/vulnerability_pb.rb
@@ -192,13 +203,18 @@ files:
 - proto_docs/grafeas/v1/attestation.rb
 - proto_docs/grafeas/v1/build.rb
 - proto_docs/grafeas/v1/common.rb
+- proto_docs/grafeas/v1/compliance.rb
 - proto_docs/grafeas/v1/cvss.rb
 - proto_docs/grafeas/v1/deployment.rb
 - proto_docs/grafeas/v1/discovery.rb
+- proto_docs/grafeas/v1/dsse_attestation.rb
 - proto_docs/grafeas/v1/grafeas.rb
 - proto_docs/grafeas/v1/image.rb
+- proto_docs/grafeas/v1/intoto_provenance.rb
+- proto_docs/grafeas/v1/intoto_statement.rb
 - proto_docs/grafeas/v1/package.rb
 - proto_docs/grafeas/v1/provenance.rb
+- proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/upgrade.rb
 - proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
@@ -213,14 +229,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.6
+rubygems_version: 3.2.17
 signing_key: 
 specification_version: 4
 summary: API Client library for the Grafeas V1 API