grafeas-v1 0.15.0 → 0.16.0

data/proto_docs/grafeas/v1/sbom.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # The note representing an SBOM reference.
+    # @!attribute [rw] format
+    #   @return [::String]
+    #     The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     The version of the format that the SBOM takes. E.g. if the format
+    #     is spdx, the version may be 2.3.
+    class SBOMReferenceNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # The occurrence representing an SBOM reference as applied to a specific
+    # resource. The occurrence follows the DSSE specification. See
+    # https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more
+    # details.
+    # @!attribute [rw] payload
+    #   @return [::Grafeas::V1::SbomReferenceIntotoPayload]
+    #     The actual payload that contains the SBOM reference data.
+    # @!attribute [rw] payload_type
+    #   @return [::String]
+    #     The kind of payload that SbomReferenceIntotoPayload takes. Since it's in
+    #     the intoto format, this value is expected to be
+    #     'application/vnd.in-toto+json'.
+    # @!attribute [rw] signatures
+    #   @return [::Array<::Grafeas::V1::EnvelopeSignature>]
+    #     The signatures over the payload.
+    class SBOMReferenceOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # The actual payload that contains the SBOM Reference data.
+    # The payload follows the intoto statement specification. See
+    # https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md
+    # for more details.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     Identifier for the schema of the Statement.
+    # @!attribute [rw] predicate_type
+    #   @return [::String]
+    #     URI identifying the type of the Predicate.
+    # @!attribute [rw] subject
+    #   @return [::Array<::Grafeas::V1::Subject>]
+    #     Set of software artifacts that the attestation applies to. Each element
+    #     represents a single software artifact.
+    # @!attribute [rw] predicate
+    #   @return [::Grafeas::V1::SbomReferenceIntotoPredicate]
+    #     Additional parameters of the Predicate. Includes the actual data about the
+    #     SBOM.
+    class SbomReferenceIntotoPayload
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # A predicate which describes the SBOM being referenced.
+    # @!attribute [rw] referrer_id
+    #   @return [::String]
+    #     The person or system referring this predicate to the consumer.
+    # @!attribute [rw] location
+    #   @return [::String]
+    #     The location of the SBOM.
+    # @!attribute [rw] mime_type
+    #   @return [::String]
+    #     The mime type of the SBOM.
+    # @!attribute [rw] digest
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     A map of algorithm to digest of the contents of the SBOM.
+    class SbomReferenceIntotoPredicate
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class DigestEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/vex.rb

@@ -95,9 +95,15 @@ module Grafeas
       # Assessment provides all information that is related to a single
       # vulnerability for this product.
       # @!attribute [rw] cve
+      #   @deprecated This field is deprecated and may be removed in the next major version update.
       #   @return [::String]
       #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
       #     tracking number for the vulnerability.
+      #     Deprecated: Use vulnerability_id instead to denote CVEs.
+      # @!attribute [rw] vulnerability_id
+      #   @return [::String]
+      #     The vulnerability identifier for this Assessment. Will hold one of
+      #     common identifiers e.g. CVE, GHSA etc.
       # @!attribute [rw] short_description
       #   @return [::String]
       #     A one sentence description of this Vex.

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -213,6 +213,9 @@ module Grafeas
     #     The cvss v2 score for the vulnerability.
     # @!attribute [rw] vex_assessment
     #   @return [::Grafeas::V1::VulnerabilityOccurrence::VexAssessment]
+    # @!attribute [rw] extra_details
+    #   @return [::String]
+    #     Occurrence-specific extra details about the vulnerability.
     class VulnerabilityOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -265,9 +268,15 @@ module Grafeas
       # VexAssessment provides all publisher provided Vex information that is
       # related to this vulnerability.
       # @!attribute [rw] cve
+      #   @deprecated This field is deprecated and may be removed in the next major version update.
       #   @return [::String]
       #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
       #     tracking number for the vulnerability.
+      #     Deprecated: Use vulnerability_id instead to denote CVEs.
+      # @!attribute [rw] vulnerability_id
+      #   @return [::String]
+      #     The vulnerability identifier for this Assessment. Will hold one of
+      #     common identifiers e.g. CVE, GHSA etc.
       # @!attribute [rw] related_uris
       #   @return [::Array<::Grafeas::V1::RelatedUrl>]
       #     Holds a list of references associated with this vulnerability item and

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.16.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-26 00:00:00.000000000 Z
+date: 2024-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -69,6 +69,9 @@ files:
 - lib/grafeas/v1/grafeas.rb
 - lib/grafeas/v1/grafeas/client.rb
 - lib/grafeas/v1/grafeas/paths.rb
+- lib/grafeas/v1/grafeas/rest.rb
+- lib/grafeas/v1/grafeas/rest/client.rb
+- lib/grafeas/v1/grafeas/rest/service_stub.rb
 - lib/grafeas/v1/grafeas_pb.rb
 - lib/grafeas/v1/grafeas_services_pb.rb
 - lib/grafeas/v1/image_pb.rb
@@ -76,6 +79,8 @@ files:
 - lib/grafeas/v1/intoto_statement_pb.rb
 - lib/grafeas/v1/package_pb.rb
 - lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/rest.rb
+- lib/grafeas/v1/sbom_pb.rb
 - lib/grafeas/v1/severity_pb.rb
 - lib/grafeas/v1/slsa_provenance_pb.rb
 - lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
@@ -109,6 +114,7 @@ files:
 - proto_docs/grafeas/v1/intoto_statement.rb
 - proto_docs/grafeas/v1/package.rb
 - proto_docs/grafeas/v1/provenance.rb
+- proto_docs/grafeas/v1/sbom.rb
 - proto_docs/grafeas/v1/severity.rb
 - proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/slsa_provenance_zero_two.rb