grafeas-v1 0.2.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -1
  3. data/README.md +1 -1
  4. data/lib/grafeas/v1/attestation_pb.rb +6 -1
  5. data/lib/grafeas/v1/build_pb.rb +5 -1
  6. data/lib/grafeas/v1/common_pb.rb +13 -0
  7. data/lib/grafeas/v1/compliance_pb.rb +48 -0
  8. data/lib/grafeas/v1/cvss_pb.rb +62 -0
  9. data/lib/grafeas/v1/deployment_pb.rb +1 -1
  10. data/lib/grafeas/v1/discovery_pb.rb +4 -2
  11. data/lib/grafeas/v1/dsse_attestation_pb.rb +31 -0
  12. data/lib/grafeas/v1/grafeas/client.rb +375 -121
  13. data/lib/grafeas/v1/grafeas_pb.rb +9 -2
  14. data/lib/grafeas/v1/intoto_provenance_pb.rb +49 -0
  15. data/lib/grafeas/v1/intoto_statement_pb.rb +31 -0
  16. data/lib/grafeas/v1/package_pb.rb +1 -0
  17. data/lib/grafeas/v1/provenance_pb.rb +1 -1
  18. data/lib/grafeas/v1/severity_pb.rb +23 -0
  19. data/lib/grafeas/v1/slsa_provenance_pb.rb +54 -0
  20. data/lib/grafeas/v1/upgrade_pb.rb +2 -2
  21. data/lib/grafeas/v1/version.rb +1 -1
  22. data/lib/grafeas/v1/vulnerability_pb.rb +9 -11
  23. data/proto_docs/google/api/field_behavior.rb +7 -1
  24. data/proto_docs/google/api/resource.rb +10 -71
  25. data/proto_docs/grafeas/v1/attestation.rb +21 -0
  26. data/proto_docs/grafeas/v1/build.rb +11 -1
  27. data/proto_docs/grafeas/v1/common.rb +31 -2
  28. data/proto_docs/grafeas/v1/compliance.rb +98 -0
  29. data/proto_docs/grafeas/v1/cvss.rb +105 -0
  30. data/proto_docs/grafeas/v1/discovery.rb +3 -0
  31. data/proto_docs/grafeas/v1/dsse_attestation.rb +59 -0
  32. data/proto_docs/grafeas/v1/grafeas.rb +15 -0
  33. data/proto_docs/grafeas/v1/intoto_provenance.rb +134 -0
  34. data/proto_docs/grafeas/v1/intoto_statement.rb +65 -0
  35. data/proto_docs/grafeas/v1/package.rb +8 -0
  36. data/proto_docs/grafeas/v1/severity.rb +43 -0
  37. data/proto_docs/grafeas/v1/slsa_provenance.rb +152 -0
  38. data/proto_docs/grafeas/v1/vulnerability.rb +25 -21
  39. metadata +17 -5
@@ -107,5 +107,110 @@ module Grafeas
107
107
  IMPACT_NONE = 3
108
108
  end
109
109
  end
110
+
111
+ # Common Vulnerability Scoring System.
112
+ # For details, see https://www.first.org/cvss/specification-document
113
+ # This is a message we will try to use for storing multiple versions of
114
+ # CVSS. The intention is that as new versions of CVSS scores get added, we
115
+ # will be able to modify this message rather than adding new protos for each
116
+ # new version of the score.
117
+ # @!attribute [rw] base_score
118
+ # @return [::Float]
119
+ # The base score is a function of the base metric scores.
120
+ # @!attribute [rw] exploitability_score
121
+ # @return [::Float]
122
+ # @!attribute [rw] impact_score
123
+ # @return [::Float]
124
+ # @!attribute [rw] attack_vector
125
+ # @return [::Grafeas::V1::CVSS::AttackVector]
126
+ # Base Metrics
127
+ # Represents the intrinsic characteristics of a vulnerability that are
128
+ # constant over time and across user environments.
129
+ # @!attribute [rw] attack_complexity
130
+ # @return [::Grafeas::V1::CVSS::AttackComplexity]
131
+ # @!attribute [rw] authentication
132
+ # @return [::Grafeas::V1::CVSS::Authentication]
133
+ # @!attribute [rw] privileges_required
134
+ # @return [::Grafeas::V1::CVSS::PrivilegesRequired]
135
+ # @!attribute [rw] user_interaction
136
+ # @return [::Grafeas::V1::CVSS::UserInteraction]
137
+ # @!attribute [rw] scope
138
+ # @return [::Grafeas::V1::CVSS::Scope]
139
+ # @!attribute [rw] confidentiality_impact
140
+ # @return [::Grafeas::V1::CVSS::Impact]
141
+ # @!attribute [rw] integrity_impact
142
+ # @return [::Grafeas::V1::CVSS::Impact]
143
+ # @!attribute [rw] availability_impact
144
+ # @return [::Grafeas::V1::CVSS::Impact]
145
+ class CVSS
146
+ include ::Google::Protobuf::MessageExts
147
+ extend ::Google::Protobuf::MessageExts::ClassMethods
148
+
149
+ module AttackVector
150
+ ATTACK_VECTOR_UNSPECIFIED = 0
151
+
152
+ ATTACK_VECTOR_NETWORK = 1
153
+
154
+ ATTACK_VECTOR_ADJACENT = 2
155
+
156
+ ATTACK_VECTOR_LOCAL = 3
157
+
158
+ ATTACK_VECTOR_PHYSICAL = 4
159
+ end
160
+
161
+ module AttackComplexity
162
+ ATTACK_COMPLEXITY_UNSPECIFIED = 0
163
+
164
+ ATTACK_COMPLEXITY_LOW = 1
165
+
166
+ ATTACK_COMPLEXITY_HIGH = 2
167
+ end
168
+
169
+ module Authentication
170
+ AUTHENTICATION_UNSPECIFIED = 0
171
+
172
+ AUTHENTICATION_MULTIPLE = 1
173
+
174
+ AUTHENTICATION_SINGLE = 2
175
+
176
+ AUTHENTICATION_NONE = 3
177
+ end
178
+
179
+ module PrivilegesRequired
180
+ PRIVILEGES_REQUIRED_UNSPECIFIED = 0
181
+
182
+ PRIVILEGES_REQUIRED_NONE = 1
183
+
184
+ PRIVILEGES_REQUIRED_LOW = 2
185
+
186
+ PRIVILEGES_REQUIRED_HIGH = 3
187
+ end
188
+
189
+ module UserInteraction
190
+ USER_INTERACTION_UNSPECIFIED = 0
191
+
192
+ USER_INTERACTION_NONE = 1
193
+
194
+ USER_INTERACTION_REQUIRED = 2
195
+ end
196
+
197
+ module Scope
198
+ SCOPE_UNSPECIFIED = 0
199
+
200
+ SCOPE_UNCHANGED = 1
201
+
202
+ SCOPE_CHANGED = 2
203
+ end
204
+
205
+ module Impact
206
+ IMPACT_UNSPECIFIED = 0
207
+
208
+ IMPACT_HIGH = 1
209
+
210
+ IMPACT_LOW = 2
211
+
212
+ IMPACT_NONE = 3
213
+ end
214
+ end
110
215
  end
111
216
  end
@@ -49,6 +49,9 @@ module Grafeas
49
49
  # @!attribute [rw] last_scan_time
50
50
  # @return [::Google::Protobuf::Timestamp]
51
51
  # The last time this resource was scanned.
52
+ # @!attribute [r] archive_time
53
+ # @return [::Google::Protobuf::Timestamp]
54
+ # The time occurrences related to this discovery occurrence were archived.
52
55
  class DiscoveryOccurrence
53
56
  include ::Google::Protobuf::MessageExts
54
57
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] hint
23
+ # @return [::Grafeas::V1::DSSEAttestationNote::DSSEHint]
24
+ # DSSEHint hints at the purpose of the attestation authority.
25
+ class DSSEAttestationNote
26
+ include ::Google::Protobuf::MessageExts
27
+ extend ::Google::Protobuf::MessageExts::ClassMethods
28
+
29
+ # This submessage provides human-readable hints about the purpose of the
30
+ # authority. Because the name of a note acts as its resource reference, it is
31
+ # important to disambiguate the canonical name of the Note (which might be a
32
+ # UUID for security purposes) from "readable" names more suitable for debug
33
+ # output. Note that these hints should not be used to look up authorities in
34
+ # security sensitive contexts, such as when looking up attestations to
35
+ # verify.
36
+ # @!attribute [rw] human_readable_name
37
+ # @return [::String]
38
+ # Required. The human readable name of this attestation authority, for
39
+ # example "cloudbuild-prod".
40
+ class DSSEHint
41
+ include ::Google::Protobuf::MessageExts
42
+ extend ::Google::Protobuf::MessageExts::ClassMethods
43
+ end
44
+ end
45
+
46
+ # Deprecated. Prefer to use a regular Occurrence, and populate the
47
+ # Envelope at the top level of the Occurrence.
48
+ # @!attribute [rw] envelope
49
+ # @return [::Grafeas::V1::Envelope]
50
+ # If doing something security critical, make sure to verify the signatures in
51
+ # this metadata.
52
+ # @!attribute [rw] statement
53
+ # @return [::Grafeas::V1::InTotoStatement]
54
+ class DSSEAttestationOccurrence
55
+ include ::Google::Protobuf::MessageExts
56
+ extend ::Google::Protobuf::MessageExts::ClassMethods
57
+ end
58
+ end
59
+ end
@@ -72,6 +72,15 @@ module Grafeas
72
72
  # @!attribute [rw] upgrade
73
73
  # @return [::Grafeas::V1::UpgradeOccurrence]
74
74
  # Describes an available package upgrade on the linked resource.
75
+ # @!attribute [rw] compliance
76
+ # @return [::Grafeas::V1::ComplianceOccurrence]
77
+ # Describes a compliance violation on a linked resource.
78
+ # @!attribute [rw] dsse_attestation
79
+ # @return [::Grafeas::V1::DSSEAttestationOccurrence]
80
+ # Describes an attestation of an artifact using dsse.
81
+ # @!attribute [rw] envelope
82
+ # @return [::Grafeas::V1::Envelope]
83
+ # https://github.com/secure-systems-lab/dsse
75
84
  class Occurrence
76
85
  include ::Google::Protobuf::MessageExts
77
86
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -133,6 +142,12 @@ module Grafeas
133
142
  # @!attribute [rw] upgrade
134
143
  # @return [::Grafeas::V1::UpgradeNote]
135
144
  # A note describing available package upgrades.
145
+ # @!attribute [rw] compliance
146
+ # @return [::Grafeas::V1::ComplianceNote]
147
+ # A note describing a compliance check.
148
+ # @!attribute [rw] dsse_attestation
149
+ # @return [::Grafeas::V1::DSSEAttestationNote]
150
+ # A note describing a dsse attestation note.
136
151
  class Note
137
152
  include ::Google::Protobuf::MessageExts
138
153
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,134 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Steps taken to build the artifact.
23
+ # For a TaskRun, typically each container corresponds to one step in the
24
+ # recipe.
25
+ # @!attribute [rw] type
26
+ # @return [::String]
27
+ # URI indicating what type of recipe was performed. It determines the meaning
28
+ # of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
29
+ # @!attribute [rw] defined_in_material
30
+ # @return [::Integer]
31
+ # Index in materials containing the recipe steps that are not implied by
32
+ # recipe.type. For example, if the recipe type were "make", then this would
33
+ # point to the source containing the Makefile, not the make program itself.
34
+ # Set to -1 if the recipe doesn't come from a material, as zero is default
35
+ # unset value for int64.
36
+ # @!attribute [rw] entry_point
37
+ # @return [::String]
38
+ # String identifying the entry point into the build.
39
+ # This is often a path to a configuration file and/or a target label within
40
+ # that file. The syntax and meaning are defined by recipe.type. For example,
41
+ # if the recipe type were "make", then this would reference the directory in
42
+ # which to run make as well as which target to use.
43
+ # @!attribute [rw] arguments
44
+ # @return [::Array<::Google::Protobuf::Any>]
45
+ # Collection of all external inputs that influenced the build on top of
46
+ # recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe
47
+ # type were "make", then this might be the flags passed to make aside from
48
+ # the target, which is captured in recipe.entryPoint. Since the arguments
49
+ # field can greatly vary in structure, depending on the builder and recipe
50
+ # type, this is of form "Any".
51
+ # @!attribute [rw] environment
52
+ # @return [::Array<::Google::Protobuf::Any>]
53
+ # Any other builder-controlled inputs necessary for correctly evaluating the
54
+ # recipe. Usually only needed for reproducing the build but not evaluated as
55
+ # part of policy. Since the environment field can greatly vary in structure,
56
+ # depending on the builder and recipe type, this is of form "Any".
57
+ class Recipe
58
+ include ::Google::Protobuf::MessageExts
59
+ extend ::Google::Protobuf::MessageExts::ClassMethods
60
+ end
61
+
62
+ # Indicates that the builder claims certain fields in this message to be
63
+ # complete.
64
+ # @!attribute [rw] arguments
65
+ # @return [::Boolean]
66
+ # If true, the builder claims that recipe.arguments is complete, meaning that
67
+ # all external inputs are properly captured in the recipe.
68
+ # @!attribute [rw] environment
69
+ # @return [::Boolean]
70
+ # If true, the builder claims that recipe.environment is claimed to be
71
+ # complete.
72
+ # @!attribute [rw] materials
73
+ # @return [::Boolean]
74
+ # If true, the builder claims that materials are complete, usually through
75
+ # some controls to prevent network access. Sometimes called "hermetic".
76
+ class Completeness
77
+ include ::Google::Protobuf::MessageExts
78
+ extend ::Google::Protobuf::MessageExts::ClassMethods
79
+ end
80
+
81
+ # Other properties of the build.
82
+ # @!attribute [rw] build_invocation_id
83
+ # @return [::String]
84
+ # Identifies the particular build invocation, which can be useful for finding
85
+ # associated logs or other ad-hoc analysis. The value SHOULD be globally
86
+ # unique, per in-toto Provenance spec.
87
+ # @!attribute [rw] build_started_on
88
+ # @return [::Google::Protobuf::Timestamp]
89
+ # The timestamp of when the build started.
90
+ # @!attribute [rw] build_finished_on
91
+ # @return [::Google::Protobuf::Timestamp]
92
+ # The timestamp of when the build completed.
93
+ # @!attribute [rw] completeness
94
+ # @return [::Grafeas::V1::Completeness]
95
+ # Indicates that the builder claims certain fields in this message to be
96
+ # complete.
97
+ # @!attribute [rw] reproducible
98
+ # @return [::Boolean]
99
+ # If true, the builder claims that running the recipe on materials will
100
+ # produce bit-for-bit identical output.
101
+ class Metadata
102
+ include ::Google::Protobuf::MessageExts
103
+ extend ::Google::Protobuf::MessageExts::ClassMethods
104
+ end
105
+
106
+ # @!attribute [rw] id
107
+ # @return [::String]
108
+ class BuilderConfig
109
+ include ::Google::Protobuf::MessageExts
110
+ extend ::Google::Protobuf::MessageExts::ClassMethods
111
+ end
112
+
113
+ # @!attribute [rw] builder_config
114
+ # @return [::Grafeas::V1::BuilderConfig]
115
+ # @!attribute [rw] recipe
116
+ # @return [::Grafeas::V1::Recipe]
117
+ # Identifies the configuration used for the build.
118
+ # When combined with materials, this SHOULD fully describe the build,
119
+ # such that re-running this recipe results in bit-for-bit identical output
120
+ # (if the build is reproducible).
121
+ # @!attribute [rw] metadata
122
+ # @return [::Grafeas::V1::Metadata]
123
+ # @!attribute [rw] materials
124
+ # @return [::Array<::String>]
125
+ # The collection of artifacts that influenced the build including sources,
126
+ # dependencies, build tools, base images, and so on. This is considered to be
127
+ # incomplete unless metadata.completeness.materials is true. Unset or null is
128
+ # equivalent to empty.
129
+ class InTotoProvenance
130
+ include ::Google::Protobuf::MessageExts
131
+ extend ::Google::Protobuf::MessageExts::ClassMethods
132
+ end
133
+ end
134
+ end
@@ -0,0 +1,65 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Spec defined at
23
+ # https://github.com/in-toto/attestation/tree/main/spec#statement The
24
+ # serialized InTotoStatement will be stored as Envelope.payload.
25
+ # Envelope.payloadType is always "application/vnd.in-toto+json".
26
+ # @!attribute [rw] type
27
+ # @return [::String]
28
+ # Always `https://in-toto.io/Statement/v0.1`.
29
+ # @!attribute [rw] subject
30
+ # @return [::Array<::Grafeas::V1::Subject>]
31
+ # @!attribute [rw] predicate_type
32
+ # @return [::String]
33
+ # `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
34
+ # @!attribute [rw] provenance
35
+ # @return [::Grafeas::V1::InTotoProvenance]
36
+ # @!attribute [rw] slsa_provenance
37
+ # @return [::Grafeas::V1::SlsaProvenance]
38
+ class InTotoStatement
39
+ include ::Google::Protobuf::MessageExts
40
+ extend ::Google::Protobuf::MessageExts::ClassMethods
41
+ end
42
+
43
+ # @!attribute [rw] name
44
+ # @return [::String]
45
+ # @!attribute [rw] digest
46
+ # @return [::Google::Protobuf::Map{::String => ::String}]
47
+ # `"<ALGORITHM>": "<HEX_VALUE>"`
48
+ # Algorithms can be e.g. sha256, sha512
49
+ # See
50
+ # https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
51
+ class Subject
52
+ include ::Google::Protobuf::MessageExts
53
+ extend ::Google::Protobuf::MessageExts::ClassMethods
54
+
55
+ # @!attribute [rw] key
56
+ # @return [::String]
57
+ # @!attribute [rw] value
58
+ # @return [::String]
59
+ class DigestEntry
60
+ include ::Google::Protobuf::MessageExts
61
+ extend ::Google::Protobuf::MessageExts::ClassMethods
62
+ end
63
+ end
64
+ end
65
+ end
@@ -101,6 +101,14 @@ module Grafeas
101
101
  # @!attribute [rw] revision
102
102
  # @return [::String]
103
103
  # The iteration of the package build from the above version.
104
+ # @!attribute [rw] inclusive
105
+ # @return [::Boolean]
106
+ # Whether this version is specifying part of an inclusive range. Grafeas
107
+ # does not have the capability to specify version ranges; instead we have
108
+ # fields that specify start version and end versions. At times this is
109
+ # insufficient - we also need to specify whether the version is included in
110
+ # the range or is excluded from the range. This boolean is expected to be set
111
+ # to true when the version is included in a range.
104
112
  # @!attribute [rw] kind
105
113
  # @return [::Grafeas::V1::Version::VersionKind]
106
114
  # Required. Distinguishes between sentinel MIN/MAX versions and normal
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Note provider assigned severity/impact ranking.
23
+ module Severity
24
+ # Unknown.
25
+ SEVERITY_UNSPECIFIED = 0
26
+
27
+ # Minimal severity.
28
+ MINIMAL = 1
29
+
30
+ # Low severity.
31
+ LOW = 2
32
+
33
+ # Medium severity.
34
+ MEDIUM = 3
35
+
36
+ # High severity.
37
+ HIGH = 4
38
+
39
+ # Critical severity.
40
+ CRITICAL = 5
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,152 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] builder
23
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
24
+ # @!attribute [rw] recipe
25
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
26
+ # Identifies the configuration used for the build.
27
+ # When combined with materials, this SHOULD fully describe the build,
28
+ # such that re-running this recipe results in bit-for-bit identical output
29
+ # (if the build is reproducible).
30
+ # @!attribute [rw] metadata
31
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
32
+ # @!attribute [rw] materials
33
+ # @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
34
+ # The collection of artifacts that influenced the build including sources,
35
+ # dependencies, build tools, base images, and so on. This is considered to be
36
+ # incomplete unless metadata.completeness.materials is true. Unset or null is
37
+ # equivalent to empty.
38
+ class SlsaProvenance
39
+ include ::Google::Protobuf::MessageExts
40
+ extend ::Google::Protobuf::MessageExts::ClassMethods
41
+
42
+ # Steps taken to build the artifact.
43
+ # For a TaskRun, typically each container corresponds to one step in the
44
+ # recipe.
45
+ # @!attribute [rw] type
46
+ # @return [::String]
47
+ # URI indicating what type of recipe was performed. It determines the
48
+ # meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
49
+ # materials.
50
+ # @!attribute [rw] defined_in_material
51
+ # @return [::Integer]
52
+ # Index in materials containing the recipe steps that are not implied by
53
+ # recipe.type. For example, if the recipe type were "make", then this would
54
+ # point to the source containing the Makefile, not the make program itself.
55
+ # Set to -1 if the recipe doesn't come from a material, as zero is default
56
+ # unset value for int64.
57
+ # @!attribute [rw] entry_point
58
+ # @return [::String]
59
+ # String identifying the entry point into the build.
60
+ # This is often a path to a configuration file and/or a target label within
61
+ # that file. The syntax and meaning are defined by recipe.type. For
62
+ # example, if the recipe type were "make", then this would reference the
63
+ # directory in which to run make as well as which target to use.
64
+ # @!attribute [rw] arguments
65
+ # @return [::Google::Protobuf::Any]
66
+ # Collection of all external inputs that influenced the build on top of
67
+ # recipe.definedInMaterial and recipe.entryPoint. For example, if the
68
+ # recipe type were "make", then this might be the flags passed to make
69
+ # aside from the target, which is captured in recipe.entryPoint. Depending
70
+ # on the recipe Type, the structure may be different.
71
+ # @!attribute [rw] environment
72
+ # @return [::Google::Protobuf::Any]
73
+ # Any other builder-controlled inputs necessary for correctly evaluating
74
+ # the recipe. Usually only needed for reproducing the build but not
75
+ # evaluated as part of policy. Depending on the recipe Type, the structure
76
+ # may be different.
77
+ class SlsaRecipe
78
+ include ::Google::Protobuf::MessageExts
79
+ extend ::Google::Protobuf::MessageExts::ClassMethods
80
+ end
81
+
82
+ # Indicates that the builder claims certain fields in this message to be
83
+ # complete.
84
+ # @!attribute [rw] arguments
85
+ # @return [::Boolean]
86
+ # If true, the builder claims that recipe.arguments is complete, meaning
87
+ # that all external inputs are properly captured in the recipe.
88
+ # @!attribute [rw] environment
89
+ # @return [::Boolean]
90
+ # If true, the builder claims that recipe.environment is claimed to be
91
+ # complete.
92
+ # @!attribute [rw] materials
93
+ # @return [::Boolean]
94
+ # If true, the builder claims that materials are complete, usually through
95
+ # some controls to prevent network access. Sometimes called "hermetic".
96
+ class SlsaCompleteness
97
+ include ::Google::Protobuf::MessageExts
98
+ extend ::Google::Protobuf::MessageExts::ClassMethods
99
+ end
100
+
101
+ # Other properties of the build.
102
+ # @!attribute [rw] build_invocation_id
103
+ # @return [::String]
104
+ # Identifies the particular build invocation, which can be useful for
105
+ # finding associated logs or other ad-hoc analysis. The value SHOULD be
106
+ # globally unique, per in-toto Provenance spec.
107
+ # @!attribute [rw] build_started_on
108
+ # @return [::Google::Protobuf::Timestamp]
109
+ # The timestamp of when the build started.
110
+ # @!attribute [rw] build_finished_on
111
+ # @return [::Google::Protobuf::Timestamp]
112
+ # The timestamp of when the build completed.
113
+ # @!attribute [rw] completeness
114
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
115
+ # Indicates that the builder claims certain fields in this message to be
116
+ # complete.
117
+ # @!attribute [rw] reproducible
118
+ # @return [::Boolean]
119
+ # If true, the builder claims that running the recipe on materials will
120
+ # produce bit-for-bit identical output.
121
+ class SlsaMetadata
122
+ include ::Google::Protobuf::MessageExts
123
+ extend ::Google::Protobuf::MessageExts::ClassMethods
124
+ end
125
+
126
+ # @!attribute [rw] id
127
+ # @return [::String]
128
+ class SlsaBuilder
129
+ include ::Google::Protobuf::MessageExts
130
+ extend ::Google::Protobuf::MessageExts::ClassMethods
131
+ end
132
+
133
+ # @!attribute [rw] uri
134
+ # @return [::String]
135
+ # @!attribute [rw] digest
136
+ # @return [::Google::Protobuf::Map{::String => ::String}]
137
+ class Material
138
+ include ::Google::Protobuf::MessageExts
139
+ extend ::Google::Protobuf::MessageExts::ClassMethods
140
+
141
+ # @!attribute [rw] key
142
+ # @return [::String]
143
+ # @!attribute [rw] value
144
+ # @return [::String]
145
+ class DigestEntry
146
+ include ::Google::Protobuf::MessageExts
147
+ extend ::Google::Protobuf::MessageExts::ClassMethods
148
+ end
149
+ end
150
+ end
151
+ end
152
+ end