grafeas-v1 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,9 +1,9 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/provenance.proto
3
3
 
4
+ require 'google/protobuf/timestamp_pb'
4
5
  require 'google/protobuf'
5
6
 
6
- require 'google/protobuf/timestamp_pb'
7
7
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
8
  add_file("grafeas/v1/provenance.proto", :syntax => :proto3) do
9
9
  add_message "grafeas.v1.BuildProvenance" do
@@ -0,0 +1,54 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/slsa_provenance.proto
3
+
4
+ require 'google/protobuf/any_pb'
5
+ require 'google/protobuf/timestamp_pb'
6
+ require 'google/protobuf'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("grafeas/v1/slsa_provenance.proto", :syntax => :proto3) do
10
+ add_message "grafeas.v1.SlsaProvenance" do
11
+ optional :builder, :message, 1, "grafeas.v1.SlsaProvenance.SlsaBuilder"
12
+ optional :recipe, :message, 2, "grafeas.v1.SlsaProvenance.SlsaRecipe"
13
+ optional :metadata, :message, 3, "grafeas.v1.SlsaProvenance.SlsaMetadata"
14
+ repeated :materials, :message, 4, "grafeas.v1.SlsaProvenance.Material"
15
+ end
16
+ add_message "grafeas.v1.SlsaProvenance.SlsaRecipe" do
17
+ optional :type, :string, 1
18
+ optional :defined_in_material, :int64, 2
19
+ optional :entry_point, :string, 3
20
+ optional :arguments, :message, 4, "google.protobuf.Any"
21
+ optional :environment, :message, 5, "google.protobuf.Any"
22
+ end
23
+ add_message "grafeas.v1.SlsaProvenance.SlsaCompleteness" do
24
+ optional :arguments, :bool, 1
25
+ optional :environment, :bool, 2
26
+ optional :materials, :bool, 3
27
+ end
28
+ add_message "grafeas.v1.SlsaProvenance.SlsaMetadata" do
29
+ optional :build_invocation_id, :string, 1
30
+ optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
31
+ optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
32
+ optional :completeness, :message, 4, "grafeas.v1.SlsaProvenance.SlsaCompleteness"
33
+ optional :reproducible, :bool, 5
34
+ end
35
+ add_message "grafeas.v1.SlsaProvenance.SlsaBuilder" do
36
+ optional :id, :string, 1
37
+ end
38
+ add_message "grafeas.v1.SlsaProvenance.Material" do
39
+ optional :uri, :string, 1
40
+ map :digest, :string, :string, 2
41
+ end
42
+ end
43
+ end
44
+
45
+ module Grafeas
46
+ module V1
47
+ SlsaProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance").msgclass
48
+ SlsaProvenance::SlsaRecipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaRecipe").msgclass
49
+ SlsaProvenance::SlsaCompleteness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaCompleteness").msgclass
50
+ SlsaProvenance::SlsaMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaMetadata").msgclass
51
+ SlsaProvenance::SlsaBuilder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaBuilder").msgclass
52
+ SlsaProvenance::Material = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.Material").msgclass
53
+ end
54
+ end
@@ -1,10 +1,10 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/upgrade.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/protobuf/timestamp_pb'
7
5
  require 'grafeas/v1/package_pb'
6
+ require 'google/protobuf'
7
+
8
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
9
9
  add_file("grafeas/v1/upgrade.proto", :syntax => :proto3) do
10
10
  add_message "grafeas.v1.UpgradeNote" do
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Grafeas
21
21
  module V1
22
- VERSION = "0.2.2"
22
+ VERSION = "0.3.0"
23
23
  end
24
24
  end
@@ -1,12 +1,13 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/vulnerability.proto
3
3
 
4
- require 'google/protobuf'
5
-
4
+ require 'google/api/field_behavior_pb'
6
5
  require 'google/protobuf/timestamp_pb'
7
6
  require 'grafeas/v1/common_pb'
8
7
  require 'grafeas/v1/cvss_pb'
9
8
  require 'grafeas/v1/package_pb'
9
+ require 'google/protobuf'
10
+
10
11
  Google::Protobuf::DescriptorPool.generated_pool.build do
11
12
  add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
12
13
  add_message "grafeas.v1.VulnerabilityNote" do
@@ -30,6 +31,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
30
31
  optional :fixed_version, :message, 10, "grafeas.v1.Version"
31
32
  optional :is_obsolete, :bool, 11
32
33
  optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
34
+ optional :source, :string, 13
35
+ optional :vendor, :string, 14
33
36
  end
34
37
  add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
35
38
  optional :cpe_uri, :string, 1
@@ -45,6 +48,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
45
48
  optional :type, :string, 1
46
49
  optional :severity, :enum, 2, "grafeas.v1.Severity"
47
50
  optional :cvss_score, :float, 3
51
+ optional :cvssv3, :message, 10, "grafeas.v1.VulnerabilityOccurrence.CVSSV3"
48
52
  repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
49
53
  optional :short_description, :string, 5
50
54
  optional :long_description, :string, 6
@@ -52,6 +56,10 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
52
56
  optional :effective_severity, :enum, 8, "grafeas.v1.Severity"
53
57
  optional :fix_available, :bool, 9
54
58
  end
59
+ add_message "grafeas.v1.VulnerabilityOccurrence.CVSSV3" do
60
+ optional :base_score, :float, 1
61
+ optional :severity, :enum, 2, "grafeas.v1.Severity"
62
+ end
55
63
  add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
56
64
  optional :affected_cpe_uri, :string, 1
57
65
  optional :affected_package, :string, 2
@@ -60,6 +68,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
60
68
  optional :fixed_package, :string, 5
61
69
  optional :fixed_version, :message, 6, "grafeas.v1.Version"
62
70
  optional :fix_available, :bool, 7
71
+ optional :package_type, :string, 8
72
+ optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
63
73
  end
64
74
  add_enum "grafeas.v1.Severity" do
65
75
  value :SEVERITY_UNSPECIFIED, 0
@@ -79,6 +89,7 @@ module Grafeas
79
89
  VulnerabilityNote::WindowsDetail = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail").msgclass
80
90
  VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
81
91
  VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
92
+ VulnerabilityOccurrence::CVSSV3 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.CVSSV3").msgclass
82
93
  VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
83
94
  Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
84
95
  end
@@ -51,6 +51,16 @@ module Grafeas
51
51
  end
52
52
  end
53
53
 
54
+ # @!attribute [rw] compact_jwt
55
+ # @return [::String]
56
+ # The compact encoding of a JWS, which is always three base64 encoded strings
57
+ # joined by periods. For details, see:
58
+ # https://tools.ietf.org/html/rfc7515.html#section-3.1
59
+ class Jwt
60
+ include ::Google::Protobuf::MessageExts
61
+ extend ::Google::Protobuf::MessageExts::ClassMethods
62
+ end
63
+
54
64
  # Occurrence that represents a single "attestation". The authenticity of an
55
65
  # attestation can be verified using the attached signature. If the verifier
56
66
  # trusts the public key of the signer, then verifying the signature is
@@ -69,6 +79,17 @@ module Grafeas
69
79
  # should consider this attestation message verified if at least one
70
80
  # `signature` verifies `serialized_payload`. See `Signature` in common.proto
71
81
  # for more details on signature structure and verification.
82
+ # @!attribute [rw] jwts
83
+ # @return [::Array<::Grafeas::V1::Jwt>]
84
+ # One or more JWTs encoding a self-contained attestation.
85
+ # Each JWT encodes the payload that it verifies within the JWT itself.
86
+ # Verifier implementation SHOULD ignore the `serialized_payload` field
87
+ # when verifying these JWTs.
88
+ # If only JWTs are present on this AttestationOccurrence, then the
89
+ # `serialized_payload` SHOULD be left empty.
90
+ # Each JWT SHOULD encode a claim specific to the `resource_uri` of this
91
+ # Occurrence, but this is not validated by Grafeas metadata API
92
+ # implementations. The JWT itself is opaque to Grafeas.
72
93
  class AttestationOccurrence
73
94
  include ::Google::Protobuf::MessageExts
74
95
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -32,7 +32,7 @@ module Grafeas
32
32
  # Details of a build occurrence.
33
33
  # @!attribute [rw] provenance
34
34
  # @return [::Grafeas::V1::BuildProvenance]
35
- # Required. The actual provenance for the build.
35
+ # The actual provenance for the build.
36
36
  # @!attribute [rw] provenance_bytes
37
37
  # @return [::String]
38
38
  # Serialized JSON representation of the provenance, used in generating the
@@ -46,6 +46,16 @@ module Grafeas
46
46
  # The serialized form is captured both to avoid ambiguity in how the
47
47
  # provenance is marshalled to json as well to prevent incompatibilities with
48
48
  # future changes.
49
+ # @!attribute [rw] intoto_provenance
50
+ # @return [::Grafeas::V1::InTotoProvenance]
51
+ # Deprecated. See InTotoStatement for the replacement.
52
+ # In-toto Provenance representation as defined in spec.
53
+ # @!attribute [rw] intoto_statement
54
+ # @return [::Grafeas::V1::InTotoStatement]
55
+ # In-toto Statement representation as defined in spec.
56
+ # The intoto_statement can contain any type of provenance. The serialized
57
+ # payload of the statement can be stored and signed in the Occurrence's
58
+ # envelope.
49
59
  class BuildOccurrence
50
60
  include ::Google::Protobuf::MessageExts
51
61
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -65,7 +65,7 @@ module Grafeas
65
65
  # @return [::String]
66
66
  # The identifier for the public key that verifies this signature.
67
67
  # * The `public_key_id` is required.
68
- # * The `public_key_id` MUST be an RFC3986 conformant URI.
68
+ # * The `public_key_id` SHOULD be an RFC3986 conformant URI.
69
69
  # * When possible, the `public_key_id` SHOULD be an immutable reference,
70
70
  # such as a cryptographic digest.
71
71
  #
@@ -85,9 +85,32 @@ module Grafeas
85
85
  extend ::Google::Protobuf::MessageExts::ClassMethods
86
86
  end
87
87
 
88
+ # MUST match
89
+ # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
90
+ # authenticated message of arbitrary type.
91
+ # @!attribute [rw] payload
92
+ # @return [::String]
93
+ # @!attribute [rw] payload_type
94
+ # @return [::String]
95
+ # @!attribute [rw] signatures
96
+ # @return [::Array<::Grafeas::V1::EnvelopeSignature>]
97
+ class Envelope
98
+ include ::Google::Protobuf::MessageExts
99
+ extend ::Google::Protobuf::MessageExts::ClassMethods
100
+ end
101
+
102
+ # @!attribute [rw] sig
103
+ # @return [::String]
104
+ # @!attribute [rw] keyid
105
+ # @return [::String]
106
+ class EnvelopeSignature
107
+ include ::Google::Protobuf::MessageExts
108
+ extend ::Google::Protobuf::MessageExts::ClassMethods
109
+ end
110
+
88
111
  # Kind represents the kinds of notes supported.
89
112
  module NoteKind
90
- # Unknown.
113
+ # Default value. This value is unused.
91
114
  NOTE_KIND_UNSPECIFIED = 0
92
115
 
93
116
  # The note and occurrence represent a package vulnerability.
@@ -113,6 +136,12 @@ module Grafeas
113
136
 
114
137
  # This represents an available package upgrade.
115
138
  UPGRADE = 8
139
+
140
+ # This represents a Compliance Note
141
+ COMPLIANCE = 9
142
+
143
+ # This represents a DSSE attestation Note
144
+ DSSE_ATTESTATION = 10
116
145
  end
117
146
  end
118
147
  end
@@ -0,0 +1,98 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] title
23
+ # @return [::String]
24
+ # The title that identifies this compliance check.
25
+ # @!attribute [rw] description
26
+ # @return [::String]
27
+ # A description about this compliance check.
28
+ # @!attribute [rw] version
29
+ # @return [::Array<::Grafeas::V1::ComplianceVersion>]
30
+ # The OS and config versions the benchmark applies to.
31
+ # @!attribute [rw] rationale
32
+ # @return [::String]
33
+ # A rationale for the existence of this compliance check.
34
+ # @!attribute [rw] remediation
35
+ # @return [::String]
36
+ # A description of remediation steps if the compliance check fails.
37
+ # @!attribute [rw] cis_benchmark
38
+ # @return [::Grafeas::V1::ComplianceNote::CisBenchmark]
39
+ # @!attribute [rw] scan_instructions
40
+ # @return [::String]
41
+ # Serialized scan instructions with a predefined format.
42
+ class ComplianceNote
43
+ include ::Google::Protobuf::MessageExts
44
+ extend ::Google::Protobuf::MessageExts::ClassMethods
45
+
46
+ # A compliance check that is a CIS benchmark.
47
+ # @!attribute [rw] profile_level
48
+ # @return [::Integer]
49
+ # @!attribute [rw] severity
50
+ # @return [::Grafeas::V1::Severity]
51
+ class CisBenchmark
52
+ include ::Google::Protobuf::MessageExts
53
+ extend ::Google::Protobuf::MessageExts::ClassMethods
54
+ end
55
+ end
56
+
57
+ # Describes the CIS benchmark version that is applicable to a given OS and
58
+ # os version.
59
+ # @!attribute [rw] cpe_uri
60
+ # @return [::String]
61
+ # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
62
+ # applicable to.
63
+ # @!attribute [rw] version
64
+ # @return [::String]
65
+ # The version of the benchmark. This is set to the version of the OS-specific
66
+ # CIS document the benchmark is defined in.
67
+ class ComplianceVersion
68
+ include ::Google::Protobuf::MessageExts
69
+ extend ::Google::Protobuf::MessageExts::ClassMethods
70
+ end
71
+
72
+ # An indication that the compliance checks in the associated ComplianceNote
73
+ # were not satisfied for particular resources or a specified reason.
74
+ # @!attribute [rw] non_compliant_files
75
+ # @return [::Array<::Grafeas::V1::NonCompliantFile>]
76
+ # @!attribute [rw] non_compliance_reason
77
+ # @return [::String]
78
+ class ComplianceOccurrence
79
+ include ::Google::Protobuf::MessageExts
80
+ extend ::Google::Protobuf::MessageExts::ClassMethods
81
+ end
82
+
83
+ # Details about files that caused a compliance check to fail.
84
+ # @!attribute [rw] path
85
+ # @return [::String]
86
+ # Empty if `display_command` is set.
87
+ # @!attribute [rw] display_command
88
+ # @return [::String]
89
+ # Command to display the non-compliant files.
90
+ # @!attribute [rw] reason
91
+ # @return [::String]
92
+ # Explains why a file is non compliant for a CIS check.
93
+ class NonCompliantFile
94
+ include ::Google::Protobuf::MessageExts
95
+ extend ::Google::Protobuf::MessageExts::ClassMethods
96
+ end
97
+ end
98
+ end
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] hint
23
+ # @return [::Grafeas::V1::DSSEAttestationNote::DSSEHint]
24
+ # DSSEHint hints at the purpose of the attestation authority.
25
+ class DSSEAttestationNote
26
+ include ::Google::Protobuf::MessageExts
27
+ extend ::Google::Protobuf::MessageExts::ClassMethods
28
+
29
+ # This submessage provides human-readable hints about the purpose of the
30
+ # authority. Because the name of a note acts as its resource reference, it is
31
+ # important to disambiguate the canonical name of the Note (which might be a
32
+ # UUID for security purposes) from "readable" names more suitable for debug
33
+ # output. Note that these hints should not be used to look up authorities in
34
+ # security sensitive contexts, such as when looking up attestations to
35
+ # verify.
36
+ # @!attribute [rw] human_readable_name
37
+ # @return [::String]
38
+ # Required. The human readable name of this attestation authority, for
39
+ # example "cloudbuild-prod".
40
+ class DSSEHint
41
+ include ::Google::Protobuf::MessageExts
42
+ extend ::Google::Protobuf::MessageExts::ClassMethods
43
+ end
44
+ end
45
+
46
+ # Deprecated. Prefer to use a regular Occurrence, and populate the
47
+ # Envelope at the top level of the Occurrence.
48
+ # @!attribute [rw] envelope
49
+ # @return [::Grafeas::V1::Envelope]
50
+ # If doing something security critical, make sure to verify the signatures in
51
+ # this metadata.
52
+ # @!attribute [rw] statement
53
+ # @return [::Grafeas::V1::InTotoStatement]
54
+ class DSSEAttestationOccurrence
55
+ include ::Google::Protobuf::MessageExts
56
+ extend ::Google::Protobuf::MessageExts::ClassMethods
57
+ end
58
+ end
59
+ end
@@ -72,6 +72,15 @@ module Grafeas
72
72
  # @!attribute [rw] upgrade
73
73
  # @return [::Grafeas::V1::UpgradeOccurrence]
74
74
  # Describes an available package upgrade on the linked resource.
75
+ # @!attribute [rw] compliance
76
+ # @return [::Grafeas::V1::ComplianceOccurrence]
77
+ # Describes a compliance violation on a linked resource.
78
+ # @!attribute [rw] dsse_attestation
79
+ # @return [::Grafeas::V1::DSSEAttestationOccurrence]
80
+ # Describes an attestation of an artifact using dsse.
81
+ # @!attribute [rw] envelope
82
+ # @return [::Grafeas::V1::Envelope]
83
+ # https://github.com/secure-systems-lab/dsse
75
84
  class Occurrence
76
85
  include ::Google::Protobuf::MessageExts
77
86
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -133,6 +142,12 @@ module Grafeas
133
142
  # @!attribute [rw] upgrade
134
143
  # @return [::Grafeas::V1::UpgradeNote]
135
144
  # A note describing available package upgrades.
145
+ # @!attribute [rw] compliance
146
+ # @return [::Grafeas::V1::ComplianceNote]
147
+ # A note describing a compliance check.
148
+ # @!attribute [rw] dsse_attestation
149
+ # @return [::Grafeas::V1::DSSEAttestationNote]
150
+ # A note describing a dsse attestation note.
136
151
  class Note
137
152
  include ::Google::Protobuf::MessageExts
138
153
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,134 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Steps taken to build the artifact.
23
+ # For a TaskRun, typically each container corresponds to one step in the
24
+ # recipe.
25
+ # @!attribute [rw] type
26
+ # @return [::String]
27
+ # URI indicating what type of recipe was performed. It determines the meaning
28
+ # of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
29
+ # @!attribute [rw] defined_in_material
30
+ # @return [::Integer]
31
+ # Index in materials containing the recipe steps that are not implied by
32
+ # recipe.type. For example, if the recipe type were "make", then this would
33
+ # point to the source containing the Makefile, not the make program itself.
34
+ # Set to -1 if the recipe doesn't come from a material, as zero is default
35
+ # unset value for int64.
36
+ # @!attribute [rw] entry_point
37
+ # @return [::String]
38
+ # String identifying the entry point into the build.
39
+ # This is often a path to a configuration file and/or a target label within
40
+ # that file. The syntax and meaning are defined by recipe.type. For example,
41
+ # if the recipe type were "make", then this would reference the directory in
42
+ # which to run make as well as which target to use.
43
+ # @!attribute [rw] arguments
44
+ # @return [::Array<::Google::Protobuf::Any>]
45
+ # Collection of all external inputs that influenced the build on top of
46
+ # recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe
47
+ # type were "make", then this might be the flags passed to make aside from
48
+ # the target, which is captured in recipe.entryPoint. Since the arguments
49
+ # field can greatly vary in structure, depending on the builder and recipe
50
+ # type, this is of form "Any".
51
+ # @!attribute [rw] environment
52
+ # @return [::Array<::Google::Protobuf::Any>]
53
+ # Any other builder-controlled inputs necessary for correctly evaluating the
54
+ # recipe. Usually only needed for reproducing the build but not evaluated as
55
+ # part of policy. Since the environment field can greatly vary in structure,
56
+ # depending on the builder and recipe type, this is of form "Any".
57
+ class Recipe
58
+ include ::Google::Protobuf::MessageExts
59
+ extend ::Google::Protobuf::MessageExts::ClassMethods
60
+ end
61
+
62
+ # Indicates that the builder claims certain fields in this message to be
63
+ # complete.
64
+ # @!attribute [rw] arguments
65
+ # @return [::Boolean]
66
+ # If true, the builder claims that recipe.arguments is complete, meaning that
67
+ # all external inputs are properly captured in the recipe.
68
+ # @!attribute [rw] environment
69
+ # @return [::Boolean]
70
+ # If true, the builder claims that recipe.environment is claimed to be
71
+ # complete.
72
+ # @!attribute [rw] materials
73
+ # @return [::Boolean]
74
+ # If true, the builder claims that materials are complete, usually through
75
+ # some controls to prevent network access. Sometimes called "hermetic".
76
+ class Completeness
77
+ include ::Google::Protobuf::MessageExts
78
+ extend ::Google::Protobuf::MessageExts::ClassMethods
79
+ end
80
+
81
+ # Other properties of the build.
82
+ # @!attribute [rw] build_invocation_id
83
+ # @return [::String]
84
+ # Identifies the particular build invocation, which can be useful for finding
85
+ # associated logs or other ad-hoc analysis. The value SHOULD be globally
86
+ # unique, per in-toto Provenance spec.
87
+ # @!attribute [rw] build_started_on
88
+ # @return [::Google::Protobuf::Timestamp]
89
+ # The timestamp of when the build started.
90
+ # @!attribute [rw] build_finished_on
91
+ # @return [::Google::Protobuf::Timestamp]
92
+ # The timestamp of when the build completed.
93
+ # @!attribute [rw] completeness
94
+ # @return [::Grafeas::V1::Completeness]
95
+ # Indicates that the builder claims certain fields in this message to be
96
+ # complete.
97
+ # @!attribute [rw] reproducible
98
+ # @return [::Boolean]
99
+ # If true, the builder claims that running the recipe on materials will
100
+ # produce bit-for-bit identical output.
101
+ class Metadata
102
+ include ::Google::Protobuf::MessageExts
103
+ extend ::Google::Protobuf::MessageExts::ClassMethods
104
+ end
105
+
106
+ # @!attribute [rw] id
107
+ # @return [::String]
108
+ class BuilderConfig
109
+ include ::Google::Protobuf::MessageExts
110
+ extend ::Google::Protobuf::MessageExts::ClassMethods
111
+ end
112
+
113
+ # @!attribute [rw] builder_config
114
+ # @return [::Grafeas::V1::BuilderConfig]
115
+ # @!attribute [rw] recipe
116
+ # @return [::Grafeas::V1::Recipe]
117
+ # Identifies the configuration used for the build.
118
+ # When combined with materials, this SHOULD fully describe the build,
119
+ # such that re-running this recipe results in bit-for-bit identical output
120
+ # (if the build is reproducible).
121
+ # @!attribute [rw] metadata
122
+ # @return [::Grafeas::V1::Metadata]
123
+ # @!attribute [rw] materials
124
+ # @return [::Array<::String>]
125
+ # The collection of artifacts that influenced the build including sources,
126
+ # dependencies, build tools, base images, and so on. This is considered to be
127
+ # incomplete unless metadata.completeness.materials is true. Unset or null is
128
+ # equivalent to empty.
129
+ class InTotoProvenance
130
+ include ::Google::Protobuf::MessageExts
131
+ extend ::Google::Protobuf::MessageExts::ClassMethods
132
+ end
133
+ end
134
+ end
@@ -0,0 +1,65 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Spec defined at
23
+ # https://github.com/in-toto/attestation/tree/main/spec#statement The
24
+ # serialized InTotoStatement will be stored as Envelope.payload.
25
+ # Envelope.payloadType is always "application/vnd.in-toto+json".
26
+ # @!attribute [rw] type
27
+ # @return [::String]
28
+ # Always `https://in-toto.io/Statement/v0.1`.
29
+ # @!attribute [rw] subject
30
+ # @return [::Array<::Grafeas::V1::Subject>]
31
+ # @!attribute [rw] predicate_type
32
+ # @return [::String]
33
+ # `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
34
+ # @!attribute [rw] provenance
35
+ # @return [::Grafeas::V1::InTotoProvenance]
36
+ # @!attribute [rw] slsa_provenance
37
+ # @return [::Grafeas::V1::SlsaProvenance]
38
+ class InTotoStatement
39
+ include ::Google::Protobuf::MessageExts
40
+ extend ::Google::Protobuf::MessageExts::ClassMethods
41
+ end
42
+
43
+ # @!attribute [rw] name
44
+ # @return [::String]
45
+ # @!attribute [rw] digest
46
+ # @return [::Google::Protobuf::Map{::String => ::String}]
47
+ # `"<ALGORITHM>": "<HEX_VALUE>"`
48
+ # Algorithms can be e.g. sha256, sha512
49
+ # See
50
+ # https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
51
+ class Subject
52
+ include ::Google::Protobuf::MessageExts
53
+ extend ::Google::Protobuf::MessageExts::ClassMethods
54
+
55
+ # @!attribute [rw] key
56
+ # @return [::String]
57
+ # @!attribute [rw] value
58
+ # @return [::String]
59
+ class DigestEntry
60
+ include ::Google::Protobuf::MessageExts
61
+ extend ::Google::Protobuf::MessageExts::ClassMethods
62
+ end
63
+ end
64
+ end
65
+ end
@@ -101,6 +101,14 @@ module Grafeas
101
101
  # @!attribute [rw] revision
102
102
  # @return [::String]
103
103
  # The iteration of the package build from the above version.
104
+ # @!attribute [rw] inclusive
105
+ # @return [::Boolean]
106
+ # Whether this version is specifying part of an inclusive range. Grafeas
107
+ # does not have the capability to specify version ranges; instead we have
108
+ # fields that specify start version and end versions. At times this is
109
+ # insufficient - we also need to specify whether the version is included in
110
+ # the range or is excluded from the range. This boolean is expected to be set
111
+ # to true when the version is included in a range.
104
112
  # @!attribute [rw] kind
105
113
  # @return [::Grafeas::V1::Version::VersionKind]
106
114
  # Required. Distinguishes between sentinel MIN/MAX versions and normal