grafeas-v1 0.2.1 → 0.4.0

data/lib/grafeas/v1/grafeas_pb.rb

@@ -1,8 +1,6 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/grafeas.proto
 
-require 'google/protobuf'
-
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
@@ -13,12 +11,16 @@ require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/attestation_pb'
 require 'grafeas/v1/build_pb'
 require 'grafeas/v1/common_pb'
+require 'grafeas/v1/compliance_pb'
 require 'grafeas/v1/deployment_pb'
 require 'grafeas/v1/discovery_pb'
+require 'grafeas/v1/dsse_attestation_pb'
 require 'grafeas/v1/image_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/upgrade_pb'
 require 'grafeas/v1/vulnerability_pb'
+require 'google/protobuf'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/grafeas.proto", :syntax => :proto3) do
     add_message "grafeas.v1.Occurrence" do
@@ -29,6 +31,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :remediation, :string, 5
       optional :create_time, :message, 6, "google.protobuf.Timestamp"
       optional :update_time, :message, 7, "google.protobuf.Timestamp"
+      optional :envelope, :message, 18, "grafeas.v1.Envelope"
       oneof :details do
         optional :vulnerability, :message, 8, "grafeas.v1.VulnerabilityOccurrence"
         optional :build, :message, 9, "grafeas.v1.BuildOccurrence"
@@ -38,6 +41,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
         optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
         optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
+        optional :compliance, :message, 16, "grafeas.v1.ComplianceOccurrence"
+        optional :dsse_attestation, :message, 17, "grafeas.v1.DSSEAttestationOccurrence"
       end
     end
     add_message "grafeas.v1.Note" do
@@ -59,6 +64,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
         optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
         optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
+        optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
+        optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
       end
     end
     add_message "grafeas.v1.GetOccurrenceRequest" do

data/lib/grafeas/v1/intoto_provenance_pb.rb

@@ -0,0 +1,49 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/intoto_provenance.proto
+
+require 'google/protobuf/any_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/intoto_provenance.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.Recipe" do
+      optional :type, :string, 1
+      optional :defined_in_material, :int64, 2
+      optional :entry_point, :string, 3
+      repeated :arguments, :message, 4, "google.protobuf.Any"
+      repeated :environment, :message, 5, "google.protobuf.Any"
+    end
+    add_message "grafeas.v1.Completeness" do
+      optional :arguments, :bool, 1
+      optional :environment, :bool, 2
+      optional :materials, :bool, 3
+    end
+    add_message "grafeas.v1.Metadata" do
+      optional :build_invocation_id, :string, 1
+      optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
+      optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
+      optional :completeness, :message, 4, "grafeas.v1.Completeness"
+      optional :reproducible, :bool, 5
+    end
+    add_message "grafeas.v1.BuilderConfig" do
+      optional :id, :string, 1
+    end
+    add_message "grafeas.v1.InTotoProvenance" do
+      optional :builder_config, :message, 1, "grafeas.v1.BuilderConfig"
+      optional :recipe, :message, 2, "grafeas.v1.Recipe"
+      optional :metadata, :message, 3, "grafeas.v1.Metadata"
+      repeated :materials, :string, 4
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    Recipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Recipe").msgclass
+    Completeness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Completeness").msgclass
+    Metadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Metadata").msgclass
+    BuilderConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.BuilderConfig").msgclass
+    InTotoProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoProvenance").msgclass
+  end
+end

data/lib/grafeas/v1/intoto_statement_pb.rb

@@ -0,0 +1,31 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/intoto_statement.proto
+
+require 'grafeas/v1/intoto_provenance_pb'
+require 'grafeas/v1/slsa_provenance_pb'
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/intoto_statement.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.InTotoStatement" do
+      optional :type, :string, 1, json_name: "_type"
+      repeated :subject, :message, 2, "grafeas.v1.Subject"
+      optional :predicate_type, :string, 3
+      oneof :predicate do
+        optional :provenance, :message, 4, "grafeas.v1.InTotoProvenance"
+        optional :slsa_provenance, :message, 5, "grafeas.v1.SlsaProvenance"
+      end
+    end
+    add_message "grafeas.v1.Subject" do
+      optional :name, :string, 1
+      map :digest, :string, :string, 2
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    InTotoStatement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoStatement").msgclass
+    Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Subject").msgclass
+  end
+end

data/lib/grafeas/v1/package_pb.rb

@@ -30,6 +30,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :epoch, :int32, 1
       optional :name, :string, 2
       optional :revision, :string, 3
+      optional :inclusive, :bool, 6
       optional :kind, :enum, 4, "grafeas.v1.Version.VersionKind"
       optional :full_name, :string, 5
     end

data/lib/grafeas/v1/provenance_pb.rb

@@ -1,9 +1,9 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/provenance.proto
 
+require 'google/protobuf/timestamp_pb'
 require 'google/protobuf'
 
-require 'google/protobuf/timestamp_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/provenance.proto", :syntax => :proto3) do
     add_message "grafeas.v1.BuildProvenance" do

data/lib/grafeas/v1/severity_pb.rb

@@ -0,0 +1,23 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/severity.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/severity.proto", :syntax => :proto3) do
+    add_enum "grafeas.v1.Severity" do
+      value :SEVERITY_UNSPECIFIED, 0
+      value :MINIMAL, 1
+      value :LOW, 2
+      value :MEDIUM, 3
+      value :HIGH, 4
+      value :CRITICAL, 5
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
+  end
+end

data/lib/grafeas/v1/slsa_provenance_pb.rb

@@ -0,0 +1,54 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/slsa_provenance.proto
+
+require 'google/protobuf/any_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/slsa_provenance.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.SlsaProvenance" do
+      optional :builder, :message, 1, "grafeas.v1.SlsaProvenance.SlsaBuilder"
+      optional :recipe, :message, 2, "grafeas.v1.SlsaProvenance.SlsaRecipe"
+      optional :metadata, :message, 3, "grafeas.v1.SlsaProvenance.SlsaMetadata"
+      repeated :materials, :message, 4, "grafeas.v1.SlsaProvenance.Material"
+    end
+    add_message "grafeas.v1.SlsaProvenance.SlsaRecipe" do
+      optional :type, :string, 1
+      optional :defined_in_material, :int64, 2
+      optional :entry_point, :string, 3
+      optional :arguments, :message, 4, "google.protobuf.Any"
+      optional :environment, :message, 5, "google.protobuf.Any"
+    end
+    add_message "grafeas.v1.SlsaProvenance.SlsaCompleteness" do
+      optional :arguments, :bool, 1
+      optional :environment, :bool, 2
+      optional :materials, :bool, 3
+    end
+    add_message "grafeas.v1.SlsaProvenance.SlsaMetadata" do
+      optional :build_invocation_id, :string, 1
+      optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
+      optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
+      optional :completeness, :message, 4, "grafeas.v1.SlsaProvenance.SlsaCompleteness"
+      optional :reproducible, :bool, 5
+    end
+    add_message "grafeas.v1.SlsaProvenance.SlsaBuilder" do
+      optional :id, :string, 1
+    end
+    add_message "grafeas.v1.SlsaProvenance.Material" do
+      optional :uri, :string, 1
+      map :digest, :string, :string, 2
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    SlsaProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance").msgclass
+    SlsaProvenance::SlsaRecipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaRecipe").msgclass
+    SlsaProvenance::SlsaCompleteness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaCompleteness").msgclass
+    SlsaProvenance::SlsaMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaMetadata").msgclass
+    SlsaProvenance::SlsaBuilder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaBuilder").msgclass
+    SlsaProvenance::Material = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.Material").msgclass
+  end
+end

data/lib/grafeas/v1/upgrade_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/upgrade.proto
 
-require 'google/protobuf'
-
 require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/package_pb'
+require 'google/protobuf'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/upgrade.proto", :syntax => :proto3) do
     add_message "grafeas.v1.UpgradeNote" do

data/lib/grafeas/v1/version.rb

@@ -19,6 +19,6 @@
 
 module Grafeas
   module V1
-    VERSION = "0.2.1"
+    VERSION = "0.4.0"
   end
 end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -1,12 +1,14 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/vulnerability.proto
 
-require 'google/protobuf'
-
+require 'google/api/field_behavior_pb'
 require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
+require 'grafeas/v1/severity_pb'
+require 'google/protobuf'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
     add_message "grafeas.v1.VulnerabilityNote" do
@@ -30,6 +32,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :fixed_version, :message, 10, "grafeas.v1.Version"
       optional :is_obsolete, :bool, 11
       optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
+      optional :source, :string, 13
+      optional :vendor, :string, 14
     end
     add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
       optional :cpe_uri, :string, 1
@@ -45,6 +49,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :type, :string, 1
       optional :severity, :enum, 2, "grafeas.v1.Severity"
       optional :cvss_score, :float, 3
+      optional :cvssv3, :message, 10, "grafeas.v1.CVSS"
       repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
       optional :short_description, :string, 5
       optional :long_description, :string, 6
@@ -60,14 +65,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :fixed_package, :string, 5
       optional :fixed_version, :message, 6, "grafeas.v1.Version"
       optional :fix_available, :bool, 7
-    end
-    add_enum "grafeas.v1.Severity" do
-      value :SEVERITY_UNSPECIFIED, 0
-      value :MINIMAL, 1
-      value :LOW, 2
-      value :MEDIUM, 3
-      value :HIGH, 4
-      value :CRITICAL, 5
+      optional :package_type, :string, 8
+      optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
     end
   end
 end
@@ -80,6 +79,5 @@ module Grafeas
     VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
     VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
     VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
-    Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
   end
 end

data/proto_docs/google/api/field_behavior.rb

@@ -57,9 +57,15 @@ module Google
 
       # Denotes that a (repeated) field is an unordered list.
       # This indicates that the service may provide the elements of the list
-      # in any arbitrary order, rather than the order the user originally
+      # in any arbitrary  order, rather than the order the user originally
       # provided. Additionally, the list's order may or may not be stable.
       UNORDERED_LIST = 6
+
+      # Denotes that this field returns a non-empty default value if not set.
+      # This indicates that if the user provides the empty value in a request,
+      # a non-empty value will be returned. The user will not be aware of what
+      # non-empty value to expect.
+      NON_EMPTY_DEFAULT = 7
     end
   end
 end

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/grafeas/v1/attestation.rb

@@ -51,6 +51,16 @@ module Grafeas
       end
     end
 
+    # @!attribute [rw] compact_jwt
+    #   @return [::String]
+    #     The compact encoding of a JWS, which is always three base64 encoded strings
+    #     joined by periods. For details, see:
+    #     https://tools.ietf.org/html/rfc7515.html#section-3.1
+    class Jwt
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # Occurrence that represents a single "attestation". The authenticity of an
     # attestation can be verified using the attached signature. If the verifier
     # trusts the public key of the signer, then verifying the signature is
@@ -69,6 +79,17 @@ module Grafeas
     #     should consider this attestation message verified if at least one
     #     `signature` verifies `serialized_payload`.  See `Signature` in common.proto
     #     for more details on signature structure and verification.
+    # @!attribute [rw] jwts
+    #   @return [::Array<::Grafeas::V1::Jwt>]
+    #     One or more JWTs encoding a self-contained attestation.
+    #     Each JWT encodes the payload that it verifies within the JWT itself.
+    #     Verifier implementation SHOULD ignore the `serialized_payload` field
+    #     when verifying these JWTs.
+    #     If only JWTs are present on this AttestationOccurrence, then the
+    #     `serialized_payload` SHOULD be left empty.
+    #     Each JWT SHOULD encode a claim specific to the `resource_uri` of this
+    #     Occurrence, but this is not validated by Grafeas metadata API
+    #     implementations.  The JWT itself is opaque to Grafeas.
     class AttestationOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/build.rb

@@ -32,7 +32,7 @@ module Grafeas
     # Details of a build occurrence.
     # @!attribute [rw] provenance
     #   @return [::Grafeas::V1::BuildProvenance]
-    #     Required. The actual provenance for the build.
+    #     The actual provenance for the build.
     # @!attribute [rw] provenance_bytes
     #   @return [::String]
     #     Serialized JSON representation of the provenance, used in generating the
@@ -46,6 +46,16 @@ module Grafeas
     #     The serialized form is captured both to avoid ambiguity in how the
     #     provenance is marshalled to json as well to prevent incompatibilities with
     #     future changes.
+    # @!attribute [rw] intoto_provenance
+    #   @return [::Grafeas::V1::InTotoProvenance]
+    #     Deprecated. See InTotoStatement for the replacement.
+    #     In-toto Provenance representation as defined in spec.
+    # @!attribute [rw] intoto_statement
+    #   @return [::Grafeas::V1::InTotoStatement]
+    #     In-toto Statement representation as defined in spec.
+    #     The intoto_statement can contain any type of provenance. The serialized
+    #     payload of the statement can be stored and signed in the Occurrence's
+    #     envelope.
     class BuildOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/common.rb

@@ -65,7 +65,7 @@ module Grafeas
     #   @return [::String]
     #     The identifier for the public key that verifies this signature.
     #       * The `public_key_id` is required.
-    #       * The `public_key_id` MUST be an RFC3986 conformant URI.
+    #       * The `public_key_id` SHOULD be an RFC3986 conformant URI.
     #       * When possible, the `public_key_id` SHOULD be an immutable reference,
     #         such as a cryptographic digest.
     #
@@ -85,9 +85,32 @@ module Grafeas
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
+    # MUST match
+    # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
+    # authenticated message of arbitrary type.
+    # @!attribute [rw] payload
+    #   @return [::String]
+    # @!attribute [rw] payload_type
+    #   @return [::String]
+    # @!attribute [rw] signatures
+    #   @return [::Array<::Grafeas::V1::EnvelopeSignature>]
+    class Envelope
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] sig
+    #   @return [::String]
+    # @!attribute [rw] keyid
+    #   @return [::String]
+    class EnvelopeSignature
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # Kind represents the kinds of notes supported.
     module NoteKind
-      # Unknown.
+      # Default value. This value is unused.
       NOTE_KIND_UNSPECIFIED = 0
 
       # The note and occurrence represent a package vulnerability.
@@ -113,6 +136,12 @@ module Grafeas
 
       # This represents an available package upgrade.
       UPGRADE = 8
+
+      # This represents a Compliance Note
+      COMPLIANCE = 9
+
+      # This represents a DSSE attestation Note
+      DSSE_ATTESTATION = 10
     end
   end
 end

data/proto_docs/grafeas/v1/compliance.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     The title that identifies this compliance check.
+    # @!attribute [rw] description
+    #   @return [::String]
+    #     A description about this compliance check.
+    # @!attribute [rw] version
+    #   @return [::Array<::Grafeas::V1::ComplianceVersion>]
+    #     The OS and config versions the benchmark applies to.
+    # @!attribute [rw] rationale
+    #   @return [::String]
+    #     A rationale for the existence of this compliance check.
+    # @!attribute [rw] remediation
+    #   @return [::String]
+    #     A description of remediation steps if the compliance check fails.
+    # @!attribute [rw] cis_benchmark
+    #   @return [::Grafeas::V1::ComplianceNote::CisBenchmark]
+    # @!attribute [rw] scan_instructions
+    #   @return [::String]
+    #     Serialized scan instructions with a predefined format.
+    class ComplianceNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A compliance check that is a CIS benchmark.
+      # @!attribute [rw] profile_level
+      #   @return [::Integer]
+      # @!attribute [rw] severity
+      #   @return [::Grafeas::V1::Severity]
+      class CisBenchmark
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Describes the CIS benchmark version that is applicable to a given OS and
+    # os version.
+    # @!attribute [rw] cpe_uri
+    #   @return [::String]
+    #     The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
+    #     applicable to.
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     The version of the benchmark. This is set to the version of the OS-specific
+    #     CIS document the benchmark is defined in.
+    class ComplianceVersion
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # An indication that the compliance checks in the associated ComplianceNote
+    # were not satisfied for particular resources or a specified reason.
+    # @!attribute [rw] non_compliant_files
+    #   @return [::Array<::Grafeas::V1::NonCompliantFile>]
+    # @!attribute [rw] non_compliance_reason
+    #   @return [::String]
+    class ComplianceOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details about files that caused a compliance check to fail.
+    # @!attribute [rw] path
+    #   @return [::String]
+    #     Empty if `display_command` is set.
+    # @!attribute [rw] display_command
+    #   @return [::String]
+    #     Command to display the non-compliant files.
+    # @!attribute [rw] reason
+    #   @return [::String]
+    #     Explains why a file is non compliant for a CIS check.
+    class NonCompliantFile
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end