grafeas-v1 0.2.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/README.md +1 -1
- data/lib/grafeas/v1/attestation_pb.rb +6 -1
- data/lib/grafeas/v1/build_pb.rb +5 -1
- data/lib/grafeas/v1/common_pb.rb +13 -0
- data/lib/grafeas/v1/compliance_pb.rb +48 -0
- data/lib/grafeas/v1/cvss_pb.rb +62 -0
- data/lib/grafeas/v1/deployment_pb.rb +1 -1
- data/lib/grafeas/v1/discovery_pb.rb +4 -2
- data/lib/grafeas/v1/dsse_attestation_pb.rb +31 -0
- data/lib/grafeas/v1/grafeas/client.rb +375 -121
- data/lib/grafeas/v1/grafeas_pb.rb +9 -2
- data/lib/grafeas/v1/intoto_provenance_pb.rb +49 -0
- data/lib/grafeas/v1/intoto_statement_pb.rb +31 -0
- data/lib/grafeas/v1/package_pb.rb +1 -0
- data/lib/grafeas/v1/provenance_pb.rb +1 -1
- data/lib/grafeas/v1/severity_pb.rb +23 -0
- data/lib/grafeas/v1/slsa_provenance_pb.rb +54 -0
- data/lib/grafeas/v1/upgrade_pb.rb +2 -2
- data/lib/grafeas/v1/version.rb +1 -1
- data/lib/grafeas/v1/vulnerability_pb.rb +9 -11
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/grafeas/v1/attestation.rb +21 -0
- data/proto_docs/grafeas/v1/build.rb +11 -1
- data/proto_docs/grafeas/v1/common.rb +31 -2
- data/proto_docs/grafeas/v1/compliance.rb +98 -0
- data/proto_docs/grafeas/v1/cvss.rb +105 -0
- data/proto_docs/grafeas/v1/discovery.rb +3 -0
- data/proto_docs/grafeas/v1/dsse_attestation.rb +59 -0
- data/proto_docs/grafeas/v1/grafeas.rb +15 -0
- data/proto_docs/grafeas/v1/intoto_provenance.rb +134 -0
- data/proto_docs/grafeas/v1/intoto_statement.rb +65 -0
- data/proto_docs/grafeas/v1/package.rb +8 -0
- data/proto_docs/grafeas/v1/severity.rb +43 -0
- data/proto_docs/grafeas/v1/slsa_provenance.rb +152 -0
- data/proto_docs/grafeas/v1/vulnerability.rb +25 -21
- metadata +17 -5
@@ -107,5 +107,110 @@ module Grafeas
|
|
107
107
|
IMPACT_NONE = 3
|
108
108
|
end
|
109
109
|
end
|
110
|
+
|
111
|
+
# Common Vulnerability Scoring System.
|
112
|
+
# For details, see https://www.first.org/cvss/specification-document
|
113
|
+
# This is a message we will try to use for storing multiple versions of
|
114
|
+
# CVSS. The intention is that as new versions of CVSS scores get added, we
|
115
|
+
# will be able to modify this message rather than adding new protos for each
|
116
|
+
# new version of the score.
|
117
|
+
# @!attribute [rw] base_score
|
118
|
+
# @return [::Float]
|
119
|
+
# The base score is a function of the base metric scores.
|
120
|
+
# @!attribute [rw] exploitability_score
|
121
|
+
# @return [::Float]
|
122
|
+
# @!attribute [rw] impact_score
|
123
|
+
# @return [::Float]
|
124
|
+
# @!attribute [rw] attack_vector
|
125
|
+
# @return [::Grafeas::V1::CVSS::AttackVector]
|
126
|
+
# Base Metrics
|
127
|
+
# Represents the intrinsic characteristics of a vulnerability that are
|
128
|
+
# constant over time and across user environments.
|
129
|
+
# @!attribute [rw] attack_complexity
|
130
|
+
# @return [::Grafeas::V1::CVSS::AttackComplexity]
|
131
|
+
# @!attribute [rw] authentication
|
132
|
+
# @return [::Grafeas::V1::CVSS::Authentication]
|
133
|
+
# @!attribute [rw] privileges_required
|
134
|
+
# @return [::Grafeas::V1::CVSS::PrivilegesRequired]
|
135
|
+
# @!attribute [rw] user_interaction
|
136
|
+
# @return [::Grafeas::V1::CVSS::UserInteraction]
|
137
|
+
# @!attribute [rw] scope
|
138
|
+
# @return [::Grafeas::V1::CVSS::Scope]
|
139
|
+
# @!attribute [rw] confidentiality_impact
|
140
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
141
|
+
# @!attribute [rw] integrity_impact
|
142
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
143
|
+
# @!attribute [rw] availability_impact
|
144
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
145
|
+
class CVSS
|
146
|
+
include ::Google::Protobuf::MessageExts
|
147
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
148
|
+
|
149
|
+
module AttackVector
|
150
|
+
ATTACK_VECTOR_UNSPECIFIED = 0
|
151
|
+
|
152
|
+
ATTACK_VECTOR_NETWORK = 1
|
153
|
+
|
154
|
+
ATTACK_VECTOR_ADJACENT = 2
|
155
|
+
|
156
|
+
ATTACK_VECTOR_LOCAL = 3
|
157
|
+
|
158
|
+
ATTACK_VECTOR_PHYSICAL = 4
|
159
|
+
end
|
160
|
+
|
161
|
+
module AttackComplexity
|
162
|
+
ATTACK_COMPLEXITY_UNSPECIFIED = 0
|
163
|
+
|
164
|
+
ATTACK_COMPLEXITY_LOW = 1
|
165
|
+
|
166
|
+
ATTACK_COMPLEXITY_HIGH = 2
|
167
|
+
end
|
168
|
+
|
169
|
+
module Authentication
|
170
|
+
AUTHENTICATION_UNSPECIFIED = 0
|
171
|
+
|
172
|
+
AUTHENTICATION_MULTIPLE = 1
|
173
|
+
|
174
|
+
AUTHENTICATION_SINGLE = 2
|
175
|
+
|
176
|
+
AUTHENTICATION_NONE = 3
|
177
|
+
end
|
178
|
+
|
179
|
+
module PrivilegesRequired
|
180
|
+
PRIVILEGES_REQUIRED_UNSPECIFIED = 0
|
181
|
+
|
182
|
+
PRIVILEGES_REQUIRED_NONE = 1
|
183
|
+
|
184
|
+
PRIVILEGES_REQUIRED_LOW = 2
|
185
|
+
|
186
|
+
PRIVILEGES_REQUIRED_HIGH = 3
|
187
|
+
end
|
188
|
+
|
189
|
+
module UserInteraction
|
190
|
+
USER_INTERACTION_UNSPECIFIED = 0
|
191
|
+
|
192
|
+
USER_INTERACTION_NONE = 1
|
193
|
+
|
194
|
+
USER_INTERACTION_REQUIRED = 2
|
195
|
+
end
|
196
|
+
|
197
|
+
module Scope
|
198
|
+
SCOPE_UNSPECIFIED = 0
|
199
|
+
|
200
|
+
SCOPE_UNCHANGED = 1
|
201
|
+
|
202
|
+
SCOPE_CHANGED = 2
|
203
|
+
end
|
204
|
+
|
205
|
+
module Impact
|
206
|
+
IMPACT_UNSPECIFIED = 0
|
207
|
+
|
208
|
+
IMPACT_HIGH = 1
|
209
|
+
|
210
|
+
IMPACT_LOW = 2
|
211
|
+
|
212
|
+
IMPACT_NONE = 3
|
213
|
+
end
|
214
|
+
end
|
110
215
|
end
|
111
216
|
end
|
@@ -49,6 +49,9 @@ module Grafeas
|
|
49
49
|
# @!attribute [rw] last_scan_time
|
50
50
|
# @return [::Google::Protobuf::Timestamp]
|
51
51
|
# The last time this resource was scanned.
|
52
|
+
# @!attribute [r] archive_time
|
53
|
+
# @return [::Google::Protobuf::Timestamp]
|
54
|
+
# The time occurrences related to this discovery occurrence were archived.
|
52
55
|
class DiscoveryOccurrence
|
53
56
|
include ::Google::Protobuf::MessageExts
|
54
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# @!attribute [rw] hint
|
23
|
+
# @return [::Grafeas::V1::DSSEAttestationNote::DSSEHint]
|
24
|
+
# DSSEHint hints at the purpose of the attestation authority.
|
25
|
+
class DSSEAttestationNote
|
26
|
+
include ::Google::Protobuf::MessageExts
|
27
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
28
|
+
|
29
|
+
# This submessage provides human-readable hints about the purpose of the
|
30
|
+
# authority. Because the name of a note acts as its resource reference, it is
|
31
|
+
# important to disambiguate the canonical name of the Note (which might be a
|
32
|
+
# UUID for security purposes) from "readable" names more suitable for debug
|
33
|
+
# output. Note that these hints should not be used to look up authorities in
|
34
|
+
# security sensitive contexts, such as when looking up attestations to
|
35
|
+
# verify.
|
36
|
+
# @!attribute [rw] human_readable_name
|
37
|
+
# @return [::String]
|
38
|
+
# Required. The human readable name of this attestation authority, for
|
39
|
+
# example "cloudbuild-prod".
|
40
|
+
class DSSEHint
|
41
|
+
include ::Google::Protobuf::MessageExts
|
42
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
# Deprecated. Prefer to use a regular Occurrence, and populate the
|
47
|
+
# Envelope at the top level of the Occurrence.
|
48
|
+
# @!attribute [rw] envelope
|
49
|
+
# @return [::Grafeas::V1::Envelope]
|
50
|
+
# If doing something security critical, make sure to verify the signatures in
|
51
|
+
# this metadata.
|
52
|
+
# @!attribute [rw] statement
|
53
|
+
# @return [::Grafeas::V1::InTotoStatement]
|
54
|
+
class DSSEAttestationOccurrence
|
55
|
+
include ::Google::Protobuf::MessageExts
|
56
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -72,6 +72,15 @@ module Grafeas
|
|
72
72
|
# @!attribute [rw] upgrade
|
73
73
|
# @return [::Grafeas::V1::UpgradeOccurrence]
|
74
74
|
# Describes an available package upgrade on the linked resource.
|
75
|
+
# @!attribute [rw] compliance
|
76
|
+
# @return [::Grafeas::V1::ComplianceOccurrence]
|
77
|
+
# Describes a compliance violation on a linked resource.
|
78
|
+
# @!attribute [rw] dsse_attestation
|
79
|
+
# @return [::Grafeas::V1::DSSEAttestationOccurrence]
|
80
|
+
# Describes an attestation of an artifact using dsse.
|
81
|
+
# @!attribute [rw] envelope
|
82
|
+
# @return [::Grafeas::V1::Envelope]
|
83
|
+
# https://github.com/secure-systems-lab/dsse
|
75
84
|
class Occurrence
|
76
85
|
include ::Google::Protobuf::MessageExts
|
77
86
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -133,6 +142,12 @@ module Grafeas
|
|
133
142
|
# @!attribute [rw] upgrade
|
134
143
|
# @return [::Grafeas::V1::UpgradeNote]
|
135
144
|
# A note describing available package upgrades.
|
145
|
+
# @!attribute [rw] compliance
|
146
|
+
# @return [::Grafeas::V1::ComplianceNote]
|
147
|
+
# A note describing a compliance check.
|
148
|
+
# @!attribute [rw] dsse_attestation
|
149
|
+
# @return [::Grafeas::V1::DSSEAttestationNote]
|
150
|
+
# A note describing a dsse attestation note.
|
136
151
|
class Note
|
137
152
|
include ::Google::Protobuf::MessageExts
|
138
153
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -0,0 +1,134 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Steps taken to build the artifact.
|
23
|
+
# For a TaskRun, typically each container corresponds to one step in the
|
24
|
+
# recipe.
|
25
|
+
# @!attribute [rw] type
|
26
|
+
# @return [::String]
|
27
|
+
# URI indicating what type of recipe was performed. It determines the meaning
|
28
|
+
# of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
|
29
|
+
# @!attribute [rw] defined_in_material
|
30
|
+
# @return [::Integer]
|
31
|
+
# Index in materials containing the recipe steps that are not implied by
|
32
|
+
# recipe.type. For example, if the recipe type were "make", then this would
|
33
|
+
# point to the source containing the Makefile, not the make program itself.
|
34
|
+
# Set to -1 if the recipe doesn't come from a material, as zero is default
|
35
|
+
# unset value for int64.
|
36
|
+
# @!attribute [rw] entry_point
|
37
|
+
# @return [::String]
|
38
|
+
# String identifying the entry point into the build.
|
39
|
+
# This is often a path to a configuration file and/or a target label within
|
40
|
+
# that file. The syntax and meaning are defined by recipe.type. For example,
|
41
|
+
# if the recipe type were "make", then this would reference the directory in
|
42
|
+
# which to run make as well as which target to use.
|
43
|
+
# @!attribute [rw] arguments
|
44
|
+
# @return [::Array<::Google::Protobuf::Any>]
|
45
|
+
# Collection of all external inputs that influenced the build on top of
|
46
|
+
# recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe
|
47
|
+
# type were "make", then this might be the flags passed to make aside from
|
48
|
+
# the target, which is captured in recipe.entryPoint. Since the arguments
|
49
|
+
# field can greatly vary in structure, depending on the builder and recipe
|
50
|
+
# type, this is of form "Any".
|
51
|
+
# @!attribute [rw] environment
|
52
|
+
# @return [::Array<::Google::Protobuf::Any>]
|
53
|
+
# Any other builder-controlled inputs necessary for correctly evaluating the
|
54
|
+
# recipe. Usually only needed for reproducing the build but not evaluated as
|
55
|
+
# part of policy. Since the environment field can greatly vary in structure,
|
56
|
+
# depending on the builder and recipe type, this is of form "Any".
|
57
|
+
class Recipe
|
58
|
+
include ::Google::Protobuf::MessageExts
|
59
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
60
|
+
end
|
61
|
+
|
62
|
+
# Indicates that the builder claims certain fields in this message to be
|
63
|
+
# complete.
|
64
|
+
# @!attribute [rw] arguments
|
65
|
+
# @return [::Boolean]
|
66
|
+
# If true, the builder claims that recipe.arguments is complete, meaning that
|
67
|
+
# all external inputs are properly captured in the recipe.
|
68
|
+
# @!attribute [rw] environment
|
69
|
+
# @return [::Boolean]
|
70
|
+
# If true, the builder claims that recipe.environment is claimed to be
|
71
|
+
# complete.
|
72
|
+
# @!attribute [rw] materials
|
73
|
+
# @return [::Boolean]
|
74
|
+
# If true, the builder claims that materials are complete, usually through
|
75
|
+
# some controls to prevent network access. Sometimes called "hermetic".
|
76
|
+
class Completeness
|
77
|
+
include ::Google::Protobuf::MessageExts
|
78
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
79
|
+
end
|
80
|
+
|
81
|
+
# Other properties of the build.
|
82
|
+
# @!attribute [rw] build_invocation_id
|
83
|
+
# @return [::String]
|
84
|
+
# Identifies the particular build invocation, which can be useful for finding
|
85
|
+
# associated logs or other ad-hoc analysis. The value SHOULD be globally
|
86
|
+
# unique, per in-toto Provenance spec.
|
87
|
+
# @!attribute [rw] build_started_on
|
88
|
+
# @return [::Google::Protobuf::Timestamp]
|
89
|
+
# The timestamp of when the build started.
|
90
|
+
# @!attribute [rw] build_finished_on
|
91
|
+
# @return [::Google::Protobuf::Timestamp]
|
92
|
+
# The timestamp of when the build completed.
|
93
|
+
# @!attribute [rw] completeness
|
94
|
+
# @return [::Grafeas::V1::Completeness]
|
95
|
+
# Indicates that the builder claims certain fields in this message to be
|
96
|
+
# complete.
|
97
|
+
# @!attribute [rw] reproducible
|
98
|
+
# @return [::Boolean]
|
99
|
+
# If true, the builder claims that running the recipe on materials will
|
100
|
+
# produce bit-for-bit identical output.
|
101
|
+
class Metadata
|
102
|
+
include ::Google::Protobuf::MessageExts
|
103
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
104
|
+
end
|
105
|
+
|
106
|
+
# @!attribute [rw] id
|
107
|
+
# @return [::String]
|
108
|
+
class BuilderConfig
|
109
|
+
include ::Google::Protobuf::MessageExts
|
110
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
111
|
+
end
|
112
|
+
|
113
|
+
# @!attribute [rw] builder_config
|
114
|
+
# @return [::Grafeas::V1::BuilderConfig]
|
115
|
+
# @!attribute [rw] recipe
|
116
|
+
# @return [::Grafeas::V1::Recipe]
|
117
|
+
# Identifies the configuration used for the build.
|
118
|
+
# When combined with materials, this SHOULD fully describe the build,
|
119
|
+
# such that re-running this recipe results in bit-for-bit identical output
|
120
|
+
# (if the build is reproducible).
|
121
|
+
# @!attribute [rw] metadata
|
122
|
+
# @return [::Grafeas::V1::Metadata]
|
123
|
+
# @!attribute [rw] materials
|
124
|
+
# @return [::Array<::String>]
|
125
|
+
# The collection of artifacts that influenced the build including sources,
|
126
|
+
# dependencies, build tools, base images, and so on. This is considered to be
|
127
|
+
# incomplete unless metadata.completeness.materials is true. Unset or null is
|
128
|
+
# equivalent to empty.
|
129
|
+
class InTotoProvenance
|
130
|
+
include ::Google::Protobuf::MessageExts
|
131
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Spec defined at
|
23
|
+
# https://github.com/in-toto/attestation/tree/main/spec#statement The
|
24
|
+
# serialized InTotoStatement will be stored as Envelope.payload.
|
25
|
+
# Envelope.payloadType is always "application/vnd.in-toto+json".
|
26
|
+
# @!attribute [rw] type
|
27
|
+
# @return [::String]
|
28
|
+
# Always `https://in-toto.io/Statement/v0.1`.
|
29
|
+
# @!attribute [rw] subject
|
30
|
+
# @return [::Array<::Grafeas::V1::Subject>]
|
31
|
+
# @!attribute [rw] predicate_type
|
32
|
+
# @return [::String]
|
33
|
+
# `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
|
34
|
+
# @!attribute [rw] provenance
|
35
|
+
# @return [::Grafeas::V1::InTotoProvenance]
|
36
|
+
# @!attribute [rw] slsa_provenance
|
37
|
+
# @return [::Grafeas::V1::SlsaProvenance]
|
38
|
+
class InTotoStatement
|
39
|
+
include ::Google::Protobuf::MessageExts
|
40
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
41
|
+
end
|
42
|
+
|
43
|
+
# @!attribute [rw] name
|
44
|
+
# @return [::String]
|
45
|
+
# @!attribute [rw] digest
|
46
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
47
|
+
# `"<ALGORITHM>": "<HEX_VALUE>"`
|
48
|
+
# Algorithms can be e.g. sha256, sha512
|
49
|
+
# See
|
50
|
+
# https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
|
51
|
+
class Subject
|
52
|
+
include ::Google::Protobuf::MessageExts
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
54
|
+
|
55
|
+
# @!attribute [rw] key
|
56
|
+
# @return [::String]
|
57
|
+
# @!attribute [rw] value
|
58
|
+
# @return [::String]
|
59
|
+
class DigestEntry
|
60
|
+
include ::Google::Protobuf::MessageExts
|
61
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -101,6 +101,14 @@ module Grafeas
|
|
101
101
|
# @!attribute [rw] revision
|
102
102
|
# @return [::String]
|
103
103
|
# The iteration of the package build from the above version.
|
104
|
+
# @!attribute [rw] inclusive
|
105
|
+
# @return [::Boolean]
|
106
|
+
# Whether this version is specifying part of an inclusive range. Grafeas
|
107
|
+
# does not have the capability to specify version ranges; instead we have
|
108
|
+
# fields that specify start version and end versions. At times this is
|
109
|
+
# insufficient - we also need to specify whether the version is included in
|
110
|
+
# the range or is excluded from the range. This boolean is expected to be set
|
111
|
+
# to true when the version is included in a range.
|
104
112
|
# @!attribute [rw] kind
|
105
113
|
# @return [::Grafeas::V1::Version::VersionKind]
|
106
114
|
# Required. Distinguishes between sentinel MIN/MAX versions and normal
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Note provider assigned severity/impact ranking.
|
23
|
+
module Severity
|
24
|
+
# Unknown.
|
25
|
+
SEVERITY_UNSPECIFIED = 0
|
26
|
+
|
27
|
+
# Minimal severity.
|
28
|
+
MINIMAL = 1
|
29
|
+
|
30
|
+
# Low severity.
|
31
|
+
LOW = 2
|
32
|
+
|
33
|
+
# Medium severity.
|
34
|
+
MEDIUM = 3
|
35
|
+
|
36
|
+
# High severity.
|
37
|
+
HIGH = 4
|
38
|
+
|
39
|
+
# Critical severity.
|
40
|
+
CRITICAL = 5
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,152 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# @!attribute [rw] builder
|
23
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
|
24
|
+
# @!attribute [rw] recipe
|
25
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
|
26
|
+
# Identifies the configuration used for the build.
|
27
|
+
# When combined with materials, this SHOULD fully describe the build,
|
28
|
+
# such that re-running this recipe results in bit-for-bit identical output
|
29
|
+
# (if the build is reproducible).
|
30
|
+
# @!attribute [rw] metadata
|
31
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
|
32
|
+
# @!attribute [rw] materials
|
33
|
+
# @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
|
34
|
+
# The collection of artifacts that influenced the build including sources,
|
35
|
+
# dependencies, build tools, base images, and so on. This is considered to be
|
36
|
+
# incomplete unless metadata.completeness.materials is true. Unset or null is
|
37
|
+
# equivalent to empty.
|
38
|
+
class SlsaProvenance
|
39
|
+
include ::Google::Protobuf::MessageExts
|
40
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
41
|
+
|
42
|
+
# Steps taken to build the artifact.
|
43
|
+
# For a TaskRun, typically each container corresponds to one step in the
|
44
|
+
# recipe.
|
45
|
+
# @!attribute [rw] type
|
46
|
+
# @return [::String]
|
47
|
+
# URI indicating what type of recipe was performed. It determines the
|
48
|
+
# meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
|
49
|
+
# materials.
|
50
|
+
# @!attribute [rw] defined_in_material
|
51
|
+
# @return [::Integer]
|
52
|
+
# Index in materials containing the recipe steps that are not implied by
|
53
|
+
# recipe.type. For example, if the recipe type were "make", then this would
|
54
|
+
# point to the source containing the Makefile, not the make program itself.
|
55
|
+
# Set to -1 if the recipe doesn't come from a material, as zero is default
|
56
|
+
# unset value for int64.
|
57
|
+
# @!attribute [rw] entry_point
|
58
|
+
# @return [::String]
|
59
|
+
# String identifying the entry point into the build.
|
60
|
+
# This is often a path to a configuration file and/or a target label within
|
61
|
+
# that file. The syntax and meaning are defined by recipe.type. For
|
62
|
+
# example, if the recipe type were "make", then this would reference the
|
63
|
+
# directory in which to run make as well as which target to use.
|
64
|
+
# @!attribute [rw] arguments
|
65
|
+
# @return [::Google::Protobuf::Any]
|
66
|
+
# Collection of all external inputs that influenced the build on top of
|
67
|
+
# recipe.definedInMaterial and recipe.entryPoint. For example, if the
|
68
|
+
# recipe type were "make", then this might be the flags passed to make
|
69
|
+
# aside from the target, which is captured in recipe.entryPoint. Depending
|
70
|
+
# on the recipe Type, the structure may be different.
|
71
|
+
# @!attribute [rw] environment
|
72
|
+
# @return [::Google::Protobuf::Any]
|
73
|
+
# Any other builder-controlled inputs necessary for correctly evaluating
|
74
|
+
# the recipe. Usually only needed for reproducing the build but not
|
75
|
+
# evaluated as part of policy. Depending on the recipe Type, the structure
|
76
|
+
# may be different.
|
77
|
+
class SlsaRecipe
|
78
|
+
include ::Google::Protobuf::MessageExts
|
79
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
80
|
+
end
|
81
|
+
|
82
|
+
# Indicates that the builder claims certain fields in this message to be
|
83
|
+
# complete.
|
84
|
+
# @!attribute [rw] arguments
|
85
|
+
# @return [::Boolean]
|
86
|
+
# If true, the builder claims that recipe.arguments is complete, meaning
|
87
|
+
# that all external inputs are properly captured in the recipe.
|
88
|
+
# @!attribute [rw] environment
|
89
|
+
# @return [::Boolean]
|
90
|
+
# If true, the builder claims that recipe.environment is claimed to be
|
91
|
+
# complete.
|
92
|
+
# @!attribute [rw] materials
|
93
|
+
# @return [::Boolean]
|
94
|
+
# If true, the builder claims that materials are complete, usually through
|
95
|
+
# some controls to prevent network access. Sometimes called "hermetic".
|
96
|
+
class SlsaCompleteness
|
97
|
+
include ::Google::Protobuf::MessageExts
|
98
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
99
|
+
end
|
100
|
+
|
101
|
+
# Other properties of the build.
|
102
|
+
# @!attribute [rw] build_invocation_id
|
103
|
+
# @return [::String]
|
104
|
+
# Identifies the particular build invocation, which can be useful for
|
105
|
+
# finding associated logs or other ad-hoc analysis. The value SHOULD be
|
106
|
+
# globally unique, per in-toto Provenance spec.
|
107
|
+
# @!attribute [rw] build_started_on
|
108
|
+
# @return [::Google::Protobuf::Timestamp]
|
109
|
+
# The timestamp of when the build started.
|
110
|
+
# @!attribute [rw] build_finished_on
|
111
|
+
# @return [::Google::Protobuf::Timestamp]
|
112
|
+
# The timestamp of when the build completed.
|
113
|
+
# @!attribute [rw] completeness
|
114
|
+
# @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
|
115
|
+
# Indicates that the builder claims certain fields in this message to be
|
116
|
+
# complete.
|
117
|
+
# @!attribute [rw] reproducible
|
118
|
+
# @return [::Boolean]
|
119
|
+
# If true, the builder claims that running the recipe on materials will
|
120
|
+
# produce bit-for-bit identical output.
|
121
|
+
class SlsaMetadata
|
122
|
+
include ::Google::Protobuf::MessageExts
|
123
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
124
|
+
end
|
125
|
+
|
126
|
+
# @!attribute [rw] id
|
127
|
+
# @return [::String]
|
128
|
+
class SlsaBuilder
|
129
|
+
include ::Google::Protobuf::MessageExts
|
130
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
131
|
+
end
|
132
|
+
|
133
|
+
# @!attribute [rw] uri
|
134
|
+
# @return [::String]
|
135
|
+
# @!attribute [rw] digest
|
136
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
137
|
+
class Material
|
138
|
+
include ::Google::Protobuf::MessageExts
|
139
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
140
|
+
|
141
|
+
# @!attribute [rw] key
|
142
|
+
# @return [::String]
|
143
|
+
# @!attribute [rw] value
|
144
|
+
# @return [::String]
|
145
|
+
class DigestEntry
|
146
|
+
include ::Google::Protobuf::MessageExts
|
147
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
151
|
+
end
|
152
|
+
end
|