grafeas-v1 0.2.1 → 0.4.0

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -109,6 +109,12 @@ module Grafeas
       #     The time this information was last changed at the source. This is an
       #     upstream timestamp from the underlying information source - e.g. Ubuntu
       #     security tracker.
+      # @!attribute [rw] source
+      #   @return [::String]
+      #     The source from which the information in this Detail was obtained.
+      # @!attribute [rw] vendor
+      #   @return [::String]
+      #     The name of the vendor of the product.
       class Detail
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -161,6 +167,9 @@ module Grafeas
     #     Output only. The CVSS score of this vulnerability. CVSS score is on a
     #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
     #     severity.
+    # @!attribute [rw] cvssv3
+    #   @return [::Grafeas::V1::CVSS]
+    #     The cvss v3 score for the vulnerability.
     # @!attribute [rw] package_issue
     #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
     #     Required. The set of affected locations and their fixes (if available)
@@ -178,6 +187,14 @@ module Grafeas
     #   @return [::Grafeas::V1::Severity]
     #     The distro assigned severity for this vulnerability when it is available,
     #     otherwise this is the note provider assigned severity.
+    #
+    #     When there are multiple PackageIssues for this vulnerability, they can have
+    #     different effective severities because some might be provided by the distro
+    #     while others are provided by the language ecosystem for a language pack.
+    #     For this reason, it is advised to use the effective severity on the
+    #     PackageIssue level. In the case where multiple PackageIssues have differing
+    #     effective severities, this field should be the highest severity for any of
+    #     the PackageIssues.
     # @!attribute [rw] fix_available
     #   @return [::Boolean]
     #     Output only. Whether at least one of the affected packages has a fix
@@ -215,31 +232,18 @@ module Grafeas
       # @!attribute [rw] fix_available
       #   @return [::Boolean]
       #     Output only. Whether a fix is available for this package.
+      # @!attribute [rw] package_type
+      #   @return [::String]
+      #     The type of package (e.g. OS, MAVEN, GO).
+      # @!attribute [r] effective_severity
+      #   @return [::Grafeas::V1::Severity]
+      #     The distro or language system assigned severity for this vulnerability
+      #     when that is available and note provider assigned severity when it is not
+      #     available.
       class PackageIssue
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
       end
     end
-
-    # Note provider assigned severity/impact ranking.
-    module Severity
-      # Unknown.
-      SEVERITY_UNSPECIFIED = 0
-
-      # Minimal severity.
-      MINIMAL = 1
-
-      # Low severity.
-      LOW = 2
-
-      # Medium severity.
-      MEDIUM = 3
-
-      # High severity.
-      HIGH = 4
-
-      # Critical severity.
-      CRITICAL = 5
-    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-17 00:00:00.000000000 Z
+date: 2022-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -173,17 +173,23 @@ files:
 - lib/grafeas/v1/attestation_pb.rb
 - lib/grafeas/v1/build_pb.rb
 - lib/grafeas/v1/common_pb.rb
+- lib/grafeas/v1/compliance_pb.rb
 - lib/grafeas/v1/cvss_pb.rb
 - lib/grafeas/v1/deployment_pb.rb
 - lib/grafeas/v1/discovery_pb.rb
+- lib/grafeas/v1/dsse_attestation_pb.rb
 - lib/grafeas/v1/grafeas.rb
 - lib/grafeas/v1/grafeas/client.rb
 - lib/grafeas/v1/grafeas/paths.rb
 - lib/grafeas/v1/grafeas_pb.rb
 - lib/grafeas/v1/grafeas_services_pb.rb
 - lib/grafeas/v1/image_pb.rb
+- lib/grafeas/v1/intoto_provenance_pb.rb
+- lib/grafeas/v1/intoto_statement_pb.rb
 - lib/grafeas/v1/package_pb.rb
 - lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/severity_pb.rb
+- lib/grafeas/v1/slsa_provenance_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
 - lib/grafeas/v1/vulnerability_pb.rb
@@ -198,13 +204,19 @@ files:
 - proto_docs/grafeas/v1/attestation.rb
 - proto_docs/grafeas/v1/build.rb
 - proto_docs/grafeas/v1/common.rb
+- proto_docs/grafeas/v1/compliance.rb
 - proto_docs/grafeas/v1/cvss.rb
 - proto_docs/grafeas/v1/deployment.rb
 - proto_docs/grafeas/v1/discovery.rb
+- proto_docs/grafeas/v1/dsse_attestation.rb
 - proto_docs/grafeas/v1/grafeas.rb
 - proto_docs/grafeas/v1/image.rb
+- proto_docs/grafeas/v1/intoto_provenance.rb
+- proto_docs/grafeas/v1/intoto_statement.rb
 - proto_docs/grafeas/v1/package.rb
 - proto_docs/grafeas/v1/provenance.rb
+- proto_docs/grafeas/v1/severity.rb
+- proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/upgrade.rb
 - proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
@@ -226,7 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: API Client library for the Grafeas V1 API