grafeas-v1 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,152 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] builder
23
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
24
+ # @!attribute [rw] recipe
25
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
26
+ # Identifies the configuration used for the build.
27
+ # When combined with materials, this SHOULD fully describe the build,
28
+ # such that re-running this recipe results in bit-for-bit identical output
29
+ # (if the build is reproducible).
30
+ # @!attribute [rw] metadata
31
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
32
+ # @!attribute [rw] materials
33
+ # @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
34
+ # The collection of artifacts that influenced the build including sources,
35
+ # dependencies, build tools, base images, and so on. This is considered to be
36
+ # incomplete unless metadata.completeness.materials is true. Unset or null is
37
+ # equivalent to empty.
38
+ class SlsaProvenance
39
+ include ::Google::Protobuf::MessageExts
40
+ extend ::Google::Protobuf::MessageExts::ClassMethods
41
+
42
+ # Steps taken to build the artifact.
43
+ # For a TaskRun, typically each container corresponds to one step in the
44
+ # recipe.
45
+ # @!attribute [rw] type
46
+ # @return [::String]
47
+ # URI indicating what type of recipe was performed. It determines the
48
+ # meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
49
+ # materials.
50
+ # @!attribute [rw] defined_in_material
51
+ # @return [::Integer]
52
+ # Index in materials containing the recipe steps that are not implied by
53
+ # recipe.type. For example, if the recipe type were "make", then this would
54
+ # point to the source containing the Makefile, not the make program itself.
55
+ # Set to -1 if the recipe doesn't come from a material, as zero is default
56
+ # unset value for int64.
57
+ # @!attribute [rw] entry_point
58
+ # @return [::String]
59
+ # String identifying the entry point into the build.
60
+ # This is often a path to a configuration file and/or a target label within
61
+ # that file. The syntax and meaning are defined by recipe.type. For
62
+ # example, if the recipe type were "make", then this would reference the
63
+ # directory in which to run make as well as which target to use.
64
+ # @!attribute [rw] arguments
65
+ # @return [::Google::Protobuf::Any]
66
+ # Collection of all external inputs that influenced the build on top of
67
+ # recipe.definedInMaterial and recipe.entryPoint. For example, if the
68
+ # recipe type were "make", then this might be the flags passed to make
69
+ # aside from the target, which is captured in recipe.entryPoint. Depending
70
+ # on the recipe Type, the structure may be different.
71
+ # @!attribute [rw] environment
72
+ # @return [::Google::Protobuf::Any]
73
+ # Any other builder-controlled inputs necessary for correctly evaluating
74
+ # the recipe. Usually only needed for reproducing the build but not
75
+ # evaluated as part of policy. Depending on the recipe Type, the structure
76
+ # may be different.
77
+ class SlsaRecipe
78
+ include ::Google::Protobuf::MessageExts
79
+ extend ::Google::Protobuf::MessageExts::ClassMethods
80
+ end
81
+
82
+ # Indicates that the builder claims certain fields in this message to be
83
+ # complete.
84
+ # @!attribute [rw] arguments
85
+ # @return [::Boolean]
86
+ # If true, the builder claims that recipe.arguments is complete, meaning
87
+ # that all external inputs are properly captured in the recipe.
88
+ # @!attribute [rw] environment
89
+ # @return [::Boolean]
90
+ # If true, the builder claims that recipe.environment is claimed to be
91
+ # complete.
92
+ # @!attribute [rw] materials
93
+ # @return [::Boolean]
94
+ # If true, the builder claims that materials are complete, usually through
95
+ # some controls to prevent network access. Sometimes called "hermetic".
96
+ class SlsaCompleteness
97
+ include ::Google::Protobuf::MessageExts
98
+ extend ::Google::Protobuf::MessageExts::ClassMethods
99
+ end
100
+
101
+ # Other properties of the build.
102
+ # @!attribute [rw] build_invocation_id
103
+ # @return [::String]
104
+ # Identifies the particular build invocation, which can be useful for
105
+ # finding associated logs or other ad-hoc analysis. The value SHOULD be
106
+ # globally unique, per in-toto Provenance spec.
107
+ # @!attribute [rw] build_started_on
108
+ # @return [::Google::Protobuf::Timestamp]
109
+ # The timestamp of when the build started.
110
+ # @!attribute [rw] build_finished_on
111
+ # @return [::Google::Protobuf::Timestamp]
112
+ # The timestamp of when the build completed.
113
+ # @!attribute [rw] completeness
114
+ # @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
115
+ # Indicates that the builder claims certain fields in this message to be
116
+ # complete.
117
+ # @!attribute [rw] reproducible
118
+ # @return [::Boolean]
119
+ # If true, the builder claims that running the recipe on materials will
120
+ # produce bit-for-bit identical output.
121
+ class SlsaMetadata
122
+ include ::Google::Protobuf::MessageExts
123
+ extend ::Google::Protobuf::MessageExts::ClassMethods
124
+ end
125
+
126
+ # @!attribute [rw] id
127
+ # @return [::String]
128
+ class SlsaBuilder
129
+ include ::Google::Protobuf::MessageExts
130
+ extend ::Google::Protobuf::MessageExts::ClassMethods
131
+ end
132
+
133
+ # @!attribute [rw] uri
134
+ # @return [::String]
135
+ # @!attribute [rw] digest
136
+ # @return [::Google::Protobuf::Map{::String => ::String}]
137
+ class Material
138
+ include ::Google::Protobuf::MessageExts
139
+ extend ::Google::Protobuf::MessageExts::ClassMethods
140
+
141
+ # @!attribute [rw] key
142
+ # @return [::String]
143
+ # @!attribute [rw] value
144
+ # @return [::String]
145
+ class DigestEntry
146
+ include ::Google::Protobuf::MessageExts
147
+ extend ::Google::Protobuf::MessageExts::ClassMethods
148
+ end
149
+ end
150
+ end
151
+ end
152
+ end
@@ -109,6 +109,12 @@ module Grafeas
109
109
  # The time this information was last changed at the source. This is an
110
110
  # upstream timestamp from the underlying information source - e.g. Ubuntu
111
111
  # security tracker.
112
+ # @!attribute [rw] source
113
+ # @return [::String]
114
+ # The source from which the information in this Detail was obtained.
115
+ # @!attribute [rw] vendor
116
+ # @return [::String]
117
+ # The name of the vendor of the product.
112
118
  class Detail
113
119
  include ::Google::Protobuf::MessageExts
114
120
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -161,6 +167,9 @@ module Grafeas
161
167
  # Output only. The CVSS score of this vulnerability. CVSS score is on a
162
168
  # scale of 0 - 10 where 0 indicates low severity and 10 indicates high
163
169
  # severity.
170
+ # @!attribute [rw] cvssv3
171
+ # @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
172
+ # The cvss v3 score for the vulnerability.
164
173
  # @!attribute [rw] package_issue
165
174
  # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
166
175
  # Required. The set of affected locations and their fixes (if available)
@@ -178,6 +187,14 @@ module Grafeas
178
187
  # @return [::Grafeas::V1::Severity]
179
188
  # The distro assigned severity for this vulnerability when it is available,
180
189
  # otherwise this is the note provider assigned severity.
190
+ #
191
+ # When there are multiple PackageIssues for this vulnerability, they can have
192
+ # different effective severities because some might be provided by the distro
193
+ # while others are provided by the language ecosystem for a language pack.
194
+ # For this reason, it is advised to use the effective severity on the
195
+ # PackageIssue level. In the case where multiple PackageIssues have differing
196
+ # effective severities, this field should be the highest severity for any of
197
+ # the PackageIssues.
181
198
  # @!attribute [rw] fix_available
182
199
  # @return [::Boolean]
183
200
  # Output only. Whether at least one of the affected packages has a fix
@@ -186,6 +203,19 @@ module Grafeas
186
203
  include ::Google::Protobuf::MessageExts
187
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
188
205
 
206
+ # The CVSS v3 score for this vulnerability.
207
+ # @!attribute [rw] base_score
208
+ # @return [::Float]
209
+ # The base score for for this vulnerability according to cvss v3.
210
+ # @!attribute [rw] severity
211
+ # @return [::Grafeas::V1::Severity]
212
+ # The severity rating assigned to this vulnerability by vulnerability
213
+ # provider.
214
+ class CVSSV3
215
+ include ::Google::Protobuf::MessageExts
216
+ extend ::Google::Protobuf::MessageExts::ClassMethods
217
+ end
218
+
189
219
  # A detail for a distro and package this vulnerability occurrence was found
190
220
  # in and its associated fix (if one is available).
191
221
  # @!attribute [rw] affected_cpe_uri
@@ -215,6 +245,14 @@ module Grafeas
215
245
  # @!attribute [rw] fix_available
216
246
  # @return [::Boolean]
217
247
  # Output only. Whether a fix is available for this package.
248
+ # @!attribute [rw] package_type
249
+ # @return [::String]
250
+ # The type of package (e.g. OS, MAVEN, GO).
251
+ # @!attribute [r] effective_severity
252
+ # @return [::Grafeas::V1::Severity]
253
+ # The distro or language system assigned severity for this vulnerability
254
+ # when that is available and note provider assigned severity when it is not
255
+ # available.
218
256
  class PackageIssue
219
257
  include ::Google::Protobuf::MessageExts
220
258
  extend ::Google::Protobuf::MessageExts::ClassMethods
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grafeas-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-11 00:00:00.000000000 Z
11
+ date: 2021-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -173,17 +173,22 @@ files:
173
173
  - lib/grafeas/v1/attestation_pb.rb
174
174
  - lib/grafeas/v1/build_pb.rb
175
175
  - lib/grafeas/v1/common_pb.rb
176
+ - lib/grafeas/v1/compliance_pb.rb
176
177
  - lib/grafeas/v1/cvss_pb.rb
177
178
  - lib/grafeas/v1/deployment_pb.rb
178
179
  - lib/grafeas/v1/discovery_pb.rb
180
+ - lib/grafeas/v1/dsse_attestation_pb.rb
179
181
  - lib/grafeas/v1/grafeas.rb
180
182
  - lib/grafeas/v1/grafeas/client.rb
181
183
  - lib/grafeas/v1/grafeas/paths.rb
182
184
  - lib/grafeas/v1/grafeas_pb.rb
183
185
  - lib/grafeas/v1/grafeas_services_pb.rb
184
186
  - lib/grafeas/v1/image_pb.rb
187
+ - lib/grafeas/v1/intoto_provenance_pb.rb
188
+ - lib/grafeas/v1/intoto_statement_pb.rb
185
189
  - lib/grafeas/v1/package_pb.rb
186
190
  - lib/grafeas/v1/provenance_pb.rb
191
+ - lib/grafeas/v1/slsa_provenance_pb.rb
187
192
  - lib/grafeas/v1/upgrade_pb.rb
188
193
  - lib/grafeas/v1/version.rb
189
194
  - lib/grafeas/v1/vulnerability_pb.rb
@@ -198,13 +203,18 @@ files:
198
203
  - proto_docs/grafeas/v1/attestation.rb
199
204
  - proto_docs/grafeas/v1/build.rb
200
205
  - proto_docs/grafeas/v1/common.rb
206
+ - proto_docs/grafeas/v1/compliance.rb
201
207
  - proto_docs/grafeas/v1/cvss.rb
202
208
  - proto_docs/grafeas/v1/deployment.rb
203
209
  - proto_docs/grafeas/v1/discovery.rb
210
+ - proto_docs/grafeas/v1/dsse_attestation.rb
204
211
  - proto_docs/grafeas/v1/grafeas.rb
205
212
  - proto_docs/grafeas/v1/image.rb
213
+ - proto_docs/grafeas/v1/intoto_provenance.rb
214
+ - proto_docs/grafeas/v1/intoto_statement.rb
206
215
  - proto_docs/grafeas/v1/package.rb
207
216
  - proto_docs/grafeas/v1/provenance.rb
217
+ - proto_docs/grafeas/v1/slsa_provenance.rb
208
218
  - proto_docs/grafeas/v1/upgrade.rb
209
219
  - proto_docs/grafeas/v1/vulnerability.rb
210
220
  homepage: https://github.com/googleapis/google-cloud-ruby