grafeas-v1 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -1
  3. data/README.md +6 -1
  4. data/lib/grafeas/v1/attestation_pb.rb +2 -1
  5. data/lib/grafeas/v1/build_pb.rb +2 -1
  6. data/lib/grafeas/v1/common_pb.rb +14 -0
  7. data/lib/grafeas/v1/compliance_pb.rb +3 -1
  8. data/lib/grafeas/v1/cvss_pb.rb +62 -0
  9. data/lib/grafeas/v1/deployment_pb.rb +2 -1
  10. data/lib/grafeas/v1/discovery_pb.rb +4 -1
  11. data/lib/grafeas/v1/dsse_attestation_pb.rb +2 -1
  12. data/lib/grafeas/v1/grafeas_pb.rb +2 -1
  13. data/lib/grafeas/v1/intoto_provenance_pb.rb +2 -1
  14. data/lib/grafeas/v1/intoto_statement_pb.rb +4 -1
  15. data/lib/grafeas/v1/package_pb.rb +17 -0
  16. data/lib/grafeas/v1/provenance_pb.rb +2 -1
  17. data/lib/grafeas/v1/severity_pb.rb +23 -0
  18. data/lib/grafeas/v1/slsa_provenance_pb.rb +2 -1
  19. data/lib/grafeas/v1/slsa_provenance_zero_two_pb.rb +61 -0
  20. data/lib/grafeas/v1/upgrade_pb.rb +2 -1
  21. data/lib/grafeas/v1/version.rb +1 -1
  22. data/lib/grafeas/v1/vulnerability_pb.rb +5 -16
  23. data/lib/grafeas/v1.rb +2 -0
  24. data/proto_docs/google/api/resource.rb +10 -71
  25. data/proto_docs/google/protobuf/any.rb +3 -3
  26. data/proto_docs/google/protobuf/struct.rb +96 -0
  27. data/proto_docs/grafeas/v1/common.rb +38 -0
  28. data/proto_docs/grafeas/v1/compliance.rb +4 -0
  29. data/proto_docs/grafeas/v1/cvss.rb +103 -0
  30. data/proto_docs/grafeas/v1/discovery.rb +3 -0
  31. data/proto_docs/grafeas/v1/intoto_statement.rb +2 -0
  32. data/proto_docs/grafeas/v1/package.rb +61 -10
  33. data/proto_docs/grafeas/v1/severity.rb +43 -0
  34. data/proto_docs/grafeas/v1/slsa_provenance_zero_two.rb +131 -0
  35. data/proto_docs/grafeas/v1/vulnerability.rb +4 -35
  36. metadata +8 -3
@@ -44,7 +44,7 @@ module Google
44
44
  # foo = any.unpack(Foo.class);
45
45
  # }
46
46
  #
47
- # Example 3: Pack and unpack a message in Python.
47
+ # Example 3: Pack and unpack a message in Python.
48
48
  #
49
49
  # foo = Foo(...)
50
50
  # any = Any()
@@ -54,7 +54,7 @@ module Google
54
54
  # any.Unpack(foo)
55
55
  # ...
56
56
  #
57
- # Example 4: Pack and unpack a message in Go
57
+ # Example 4: Pack and unpack a message in Go
58
58
  #
59
59
  # foo := &pb.Foo{...}
60
60
  # any, err := anypb.New(foo)
@@ -75,7 +75,7 @@ module Google
75
75
  #
76
76
  #
77
77
  # JSON
78
- # ====
78
+ #
79
79
  # The JSON representation of an `Any` value uses the regular
80
80
  # representation of the deserialized, embedded message, with an
81
81
  # additional field `@type` which contains the type URL. Example:
@@ -0,0 +1,96 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Protobuf
22
+ # `Struct` represents a structured data value, consisting of fields
23
+ # which map to dynamically typed values. In some languages, `Struct`
24
+ # might be supported by a native representation. For example, in
25
+ # scripting languages like JS a struct is represented as an
26
+ # object. The details of that representation are described together
27
+ # with the proto support for the language.
28
+ #
29
+ # The JSON representation for `Struct` is JSON object.
30
+ # @!attribute [rw] fields
31
+ # @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
32
+ # Unordered map of dynamically typed values.
33
+ class Struct
34
+ include ::Google::Protobuf::MessageExts
35
+ extend ::Google::Protobuf::MessageExts::ClassMethods
36
+
37
+ # @!attribute [rw] key
38
+ # @return [::String]
39
+ # @!attribute [rw] value
40
+ # @return [::Google::Protobuf::Value]
41
+ class FieldsEntry
42
+ include ::Google::Protobuf::MessageExts
43
+ extend ::Google::Protobuf::MessageExts::ClassMethods
44
+ end
45
+ end
46
+
47
+ # `Value` represents a dynamically typed value which can be either
48
+ # null, a number, a string, a boolean, a recursive struct value, or a
49
+ # list of values. A producer of value is expected to set one of these
50
+ # variants. Absence of any variant indicates an error.
51
+ #
52
+ # The JSON representation for `Value` is JSON value.
53
+ # @!attribute [rw] null_value
54
+ # @return [::Google::Protobuf::NullValue]
55
+ # Represents a null value.
56
+ # @!attribute [rw] number_value
57
+ # @return [::Float]
58
+ # Represents a double value.
59
+ # @!attribute [rw] string_value
60
+ # @return [::String]
61
+ # Represents a string value.
62
+ # @!attribute [rw] bool_value
63
+ # @return [::Boolean]
64
+ # Represents a boolean value.
65
+ # @!attribute [rw] struct_value
66
+ # @return [::Google::Protobuf::Struct]
67
+ # Represents a structured value.
68
+ # @!attribute [rw] list_value
69
+ # @return [::Google::Protobuf::ListValue]
70
+ # Represents a repeated `Value`.
71
+ class Value
72
+ include ::Google::Protobuf::MessageExts
73
+ extend ::Google::Protobuf::MessageExts::ClassMethods
74
+ end
75
+
76
+ # `ListValue` is a wrapper around a repeated field of values.
77
+ #
78
+ # The JSON representation for `ListValue` is JSON array.
79
+ # @!attribute [rw] values
80
+ # @return [::Array<::Google::Protobuf::Value>]
81
+ # Repeated field of dynamically typed values.
82
+ class ListValue
83
+ include ::Google::Protobuf::MessageExts
84
+ extend ::Google::Protobuf::MessageExts::ClassMethods
85
+ end
86
+
87
+ # `NullValue` is a singleton enumeration to represent the null value for the
88
+ # `Value` type union.
89
+ #
90
+ # The JSON representation for `NullValue` is JSON `null`.
91
+ module NullValue
92
+ # Null value.
93
+ NULL_VALUE = 0
94
+ end
95
+ end
96
+ end
@@ -108,6 +108,44 @@ module Grafeas
108
108
  extend ::Google::Protobuf::MessageExts::ClassMethods
109
109
  end
110
110
 
111
+ # Indicates the location at which a package was found.
112
+ # @!attribute [rw] file_path
113
+ # @return [::String]
114
+ # For jars that are contained inside .war files, this filepath
115
+ # can indicate the path to war file combined with the path to jar file.
116
+ class FileLocation
117
+ include ::Google::Protobuf::MessageExts
118
+ extend ::Google::Protobuf::MessageExts::ClassMethods
119
+ end
120
+
121
+ # License information.
122
+ # @!attribute [rw] expression
123
+ # @return [::String]
124
+ # Often a single license can be used to represent the licensing terms.
125
+ # Sometimes it is necessary to include a choice of one or more licenses
126
+ # or some combination of license identifiers.
127
+ # Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT",
128
+ # "GPL-2.0-or-later WITH Bison-exception-2.2".
129
+ # @!attribute [rw] comments
130
+ # @return [::String]
131
+ # Comments
132
+ class License
133
+ include ::Google::Protobuf::MessageExts
134
+ extend ::Google::Protobuf::MessageExts::ClassMethods
135
+ end
136
+
137
+ # Digest information.
138
+ # @!attribute [rw] algo
139
+ # @return [::String]
140
+ # `SHA1`, `SHA512` etc.
141
+ # @!attribute [rw] digest_bytes
142
+ # @return [::String]
143
+ # Value of the digest.
144
+ class Digest
145
+ include ::Google::Protobuf::MessageExts
146
+ extend ::Google::Protobuf::MessageExts::ClassMethods
147
+ end
148
+
111
149
  # Kind represents the kinds of notes supported.
112
150
  module NoteKind
113
151
  # Default value. This value is unused.
@@ -60,6 +60,10 @@ module Grafeas
60
60
  # @return [::String]
61
61
  # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
62
62
  # applicable to.
63
+ # @!attribute [rw] benchmark_document
64
+ # @return [::String]
65
+ # The name of the document that defines this benchmark, e.g. "CIS
66
+ # Container-Optimized OS".
63
67
  # @!attribute [rw] version
64
68
  # @return [::String]
65
69
  # The version of the benchmark. This is set to the version of the OS-specific
@@ -107,5 +107,108 @@ module Grafeas
107
107
  IMPACT_NONE = 3
108
108
  end
109
109
  end
110
+
111
+ # Common Vulnerability Scoring System.
112
+ # For details, see https://www.first.org/cvss/specification-document
113
+ # This is a message we will try to use for storing various versions of CVSS
114
+ # rather than making a separate proto for storing a specific version.
115
+ # @!attribute [rw] base_score
116
+ # @return [::Float]
117
+ # The base score is a function of the base metric scores.
118
+ # @!attribute [rw] exploitability_score
119
+ # @return [::Float]
120
+ # @!attribute [rw] impact_score
121
+ # @return [::Float]
122
+ # @!attribute [rw] attack_vector
123
+ # @return [::Grafeas::V1::CVSS::AttackVector]
124
+ # Base Metrics
125
+ # Represents the intrinsic characteristics of a vulnerability that are
126
+ # constant over time and across user environments.
127
+ # @!attribute [rw] attack_complexity
128
+ # @return [::Grafeas::V1::CVSS::AttackComplexity]
129
+ # @!attribute [rw] authentication
130
+ # @return [::Grafeas::V1::CVSS::Authentication]
131
+ # @!attribute [rw] privileges_required
132
+ # @return [::Grafeas::V1::CVSS::PrivilegesRequired]
133
+ # @!attribute [rw] user_interaction
134
+ # @return [::Grafeas::V1::CVSS::UserInteraction]
135
+ # @!attribute [rw] scope
136
+ # @return [::Grafeas::V1::CVSS::Scope]
137
+ # @!attribute [rw] confidentiality_impact
138
+ # @return [::Grafeas::V1::CVSS::Impact]
139
+ # @!attribute [rw] integrity_impact
140
+ # @return [::Grafeas::V1::CVSS::Impact]
141
+ # @!attribute [rw] availability_impact
142
+ # @return [::Grafeas::V1::CVSS::Impact]
143
+ class CVSS
144
+ include ::Google::Protobuf::MessageExts
145
+ extend ::Google::Protobuf::MessageExts::ClassMethods
146
+
147
+ module AttackVector
148
+ ATTACK_VECTOR_UNSPECIFIED = 0
149
+
150
+ ATTACK_VECTOR_NETWORK = 1
151
+
152
+ ATTACK_VECTOR_ADJACENT = 2
153
+
154
+ ATTACK_VECTOR_LOCAL = 3
155
+
156
+ ATTACK_VECTOR_PHYSICAL = 4
157
+ end
158
+
159
+ module AttackComplexity
160
+ ATTACK_COMPLEXITY_UNSPECIFIED = 0
161
+
162
+ ATTACK_COMPLEXITY_LOW = 1
163
+
164
+ ATTACK_COMPLEXITY_HIGH = 2
165
+ end
166
+
167
+ module Authentication
168
+ AUTHENTICATION_UNSPECIFIED = 0
169
+
170
+ AUTHENTICATION_MULTIPLE = 1
171
+
172
+ AUTHENTICATION_SINGLE = 2
173
+
174
+ AUTHENTICATION_NONE = 3
175
+ end
176
+
177
+ module PrivilegesRequired
178
+ PRIVILEGES_REQUIRED_UNSPECIFIED = 0
179
+
180
+ PRIVILEGES_REQUIRED_NONE = 1
181
+
182
+ PRIVILEGES_REQUIRED_LOW = 2
183
+
184
+ PRIVILEGES_REQUIRED_HIGH = 3
185
+ end
186
+
187
+ module UserInteraction
188
+ USER_INTERACTION_UNSPECIFIED = 0
189
+
190
+ USER_INTERACTION_NONE = 1
191
+
192
+ USER_INTERACTION_REQUIRED = 2
193
+ end
194
+
195
+ module Scope
196
+ SCOPE_UNSPECIFIED = 0
197
+
198
+ SCOPE_UNCHANGED = 1
199
+
200
+ SCOPE_CHANGED = 2
201
+ end
202
+
203
+ module Impact
204
+ IMPACT_UNSPECIFIED = 0
205
+
206
+ IMPACT_HIGH = 1
207
+
208
+ IMPACT_LOW = 2
209
+
210
+ IMPACT_NONE = 3
211
+ end
212
+ end
110
213
  end
111
214
  end
@@ -49,6 +49,9 @@ module Grafeas
49
49
  # @!attribute [rw] last_scan_time
50
50
  # @return [::Google::Protobuf::Timestamp]
51
51
  # The last time this resource was scanned.
52
+ # @!attribute [r] archive_time
53
+ # @return [::Google::Protobuf::Timestamp]
54
+ # The time occurrences related to this discovery occurrence were archived.
52
55
  class DiscoveryOccurrence
53
56
  include ::Google::Protobuf::MessageExts
54
57
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -35,6 +35,8 @@ module Grafeas
35
35
  # @return [::Grafeas::V1::InTotoProvenance]
36
36
  # @!attribute [rw] slsa_provenance
37
37
  # @return [::Grafeas::V1::SlsaProvenance]
38
+ # @!attribute [rw] slsa_provenance_zero_two
39
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo]
38
40
  class InTotoStatement
39
41
  include ::Google::Protobuf::MessageExts
40
42
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -23,7 +23,7 @@ module Grafeas
23
23
  # E.g., Debian's jessie-backports dpkg mirror.
24
24
  # @!attribute [rw] cpe_uri
25
25
  # @return [::String]
26
- # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
26
+ # The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
27
27
  # denoting the package manager version distributing a package.
28
28
  # @!attribute [rw] architecture
29
29
  # @return [::Grafeas::V1::Architecture]
@@ -50,10 +50,11 @@ module Grafeas
50
50
  # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
51
51
  # @!attribute [rw] cpe_uri
52
52
  # @return [::String]
53
- # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
54
- # denoting the package manager version distributing a package.
53
+ # Deprecated.
54
+ # The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
55
55
  # @!attribute [rw] version
56
56
  # @return [::Grafeas::V1::Version]
57
+ # Deprecated.
57
58
  # The version installed at this location.
58
59
  # @!attribute [rw] path
59
60
  # @return [::String]
@@ -63,28 +64,78 @@ module Grafeas
63
64
  extend ::Google::Protobuf::MessageExts::ClassMethods
64
65
  end
65
66
 
66
- # This represents a particular package that is distributed over various
67
- # channels. E.g., glibc (aka libc6) is distributed by many, at various
68
- # versions.
67
+ # PackageNote represents a particular package version.
69
68
  # @!attribute [rw] name
70
69
  # @return [::String]
71
- # Required. Immutable. The name of the package.
70
+ # The name of the package.
72
71
  # @!attribute [rw] distribution
73
72
  # @return [::Array<::Grafeas::V1::Distribution>]
73
+ # Deprecated.
74
74
  # The various channels by which a package is distributed.
75
+ # @!attribute [rw] package_type
76
+ # @return [::String]
77
+ # The type of package; whether native or non native (e.g., ruby gems,
78
+ # node.js packages, etc.).
79
+ # @!attribute [rw] cpe_uri
80
+ # @return [::String]
81
+ # The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
82
+ # denoting the package manager version distributing a package.
83
+ # The cpe_uri will be blank for language packages.
84
+ # @!attribute [rw] architecture
85
+ # @return [::Grafeas::V1::Architecture]
86
+ # The CPU architecture for which packages in this distribution channel were
87
+ # built. Architecture will be blank for language packages.
88
+ # @!attribute [rw] version
89
+ # @return [::Grafeas::V1::Version]
90
+ # The version of the package.
91
+ # @!attribute [rw] maintainer
92
+ # @return [::String]
93
+ # A freeform text denoting the maintainer of this package.
94
+ # @!attribute [rw] url
95
+ # @return [::String]
96
+ # The homepage for this package.
97
+ # @!attribute [rw] description
98
+ # @return [::String]
99
+ # The description of this package.
100
+ # @!attribute [rw] license
101
+ # @return [::Grafeas::V1::License]
102
+ # Licenses that have been declared by the authors of the package.
103
+ # @!attribute [rw] digest
104
+ # @return [::Array<::Grafeas::V1::Digest>]
105
+ # Hash value, typically a file digest, that allows unique
106
+ # identification a specific package.
75
107
  class PackageNote
76
108
  include ::Google::Protobuf::MessageExts
77
109
  extend ::Google::Protobuf::MessageExts::ClassMethods
78
110
  end
79
111
 
80
112
  # Details on how a particular software package was installed on a system.
81
- # @!attribute [rw] name
113
+ # @!attribute [r] name
82
114
  # @return [::String]
83
- # Output only. The name of the installed package.
115
+ # The name of the installed package.
84
116
  # @!attribute [rw] location
85
117
  # @return [::Array<::Grafeas::V1::Location>]
86
- # Required. All of the places within the filesystem versions of this package
118
+ # All of the places within the filesystem versions of this package
87
119
  # have been found.
120
+ # @!attribute [r] package_type
121
+ # @return [::String]
122
+ # The type of package; whether native or non native (e.g., ruby gems,
123
+ # node.js packages, etc.).
124
+ # @!attribute [r] cpe_uri
125
+ # @return [::String]
126
+ # The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
127
+ # denoting the package manager version distributing a package.
128
+ # The cpe_uri will be blank for language packages.
129
+ # @!attribute [r] architecture
130
+ # @return [::Grafeas::V1::Architecture]
131
+ # The CPU architecture for which packages in this distribution channel were
132
+ # built. Architecture will be blank for language packages.
133
+ # @!attribute [rw] license
134
+ # @return [::Grafeas::V1::License]
135
+ # Licenses that have been declared by the authors of the package.
136
+ # @!attribute [r] version
137
+ # @return [::Grafeas::V1::Version]
138
+ # The version of the package.
88
139
  class PackageOccurrence
89
140
  include ::Google::Protobuf::MessageExts
90
141
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Note provider assigned severity/impact ranking.
23
+ module Severity
24
+ # Unknown.
25
+ SEVERITY_UNSPECIFIED = 0
26
+
27
+ # Minimal severity.
28
+ MINIMAL = 1
29
+
30
+ # Low severity.
31
+ LOW = 2
32
+
33
+ # Medium severity.
34
+ MEDIUM = 3
35
+
36
+ # High severity.
37
+ HIGH = 4
38
+
39
+ # Critical severity.
40
+ CRITICAL = 5
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,131 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] builder
23
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaBuilder]
24
+ # @!attribute [rw] build_type
25
+ # @return [::String]
26
+ # @!attribute [rw] invocation
27
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaInvocation]
28
+ # @!attribute [rw] build_config
29
+ # @return [::Google::Protobuf::Struct]
30
+ # @!attribute [rw] metadata
31
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMetadata]
32
+ # @!attribute [rw] materials
33
+ # @return [::Array<::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMaterial>]
34
+ class SlsaProvenanceZeroTwo
35
+ include ::Google::Protobuf::MessageExts
36
+ extend ::Google::Protobuf::MessageExts::ClassMethods
37
+
38
+ # Identifies the entity that executed the recipe, which is trusted to have
39
+ # correctly performed the operation and populated this provenance.
40
+ # @!attribute [rw] id
41
+ # @return [::String]
42
+ class SlsaBuilder
43
+ include ::Google::Protobuf::MessageExts
44
+ extend ::Google::Protobuf::MessageExts::ClassMethods
45
+ end
46
+
47
+ # The collection of artifacts that influenced the build including sources,
48
+ # dependencies, build tools, base images, and so on.
49
+ # @!attribute [rw] uri
50
+ # @return [::String]
51
+ # @!attribute [rw] digest
52
+ # @return [::Google::Protobuf::Map{::String => ::String}]
53
+ class SlsaMaterial
54
+ include ::Google::Protobuf::MessageExts
55
+ extend ::Google::Protobuf::MessageExts::ClassMethods
56
+
57
+ # @!attribute [rw] key
58
+ # @return [::String]
59
+ # @!attribute [rw] value
60
+ # @return [::String]
61
+ class DigestEntry
62
+ include ::Google::Protobuf::MessageExts
63
+ extend ::Google::Protobuf::MessageExts::ClassMethods
64
+ end
65
+ end
66
+
67
+ # Identifies the event that kicked off the build.
68
+ # @!attribute [rw] config_source
69
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaConfigSource]
70
+ # @!attribute [rw] parameters
71
+ # @return [::Google::Protobuf::Struct]
72
+ # @!attribute [rw] environment
73
+ # @return [::Google::Protobuf::Struct]
74
+ class SlsaInvocation
75
+ include ::Google::Protobuf::MessageExts
76
+ extend ::Google::Protobuf::MessageExts::ClassMethods
77
+ end
78
+
79
+ # Describes where the config file that kicked off the build came from.
80
+ # This is effectively a pointer to the source where buildConfig came from.
81
+ # @!attribute [rw] uri
82
+ # @return [::String]
83
+ # @!attribute [rw] digest
84
+ # @return [::Google::Protobuf::Map{::String => ::String}]
85
+ # @!attribute [rw] entry_point
86
+ # @return [::String]
87
+ class SlsaConfigSource
88
+ include ::Google::Protobuf::MessageExts
89
+ extend ::Google::Protobuf::MessageExts::ClassMethods
90
+
91
+ # @!attribute [rw] key
92
+ # @return [::String]
93
+ # @!attribute [rw] value
94
+ # @return [::String]
95
+ class DigestEntry
96
+ include ::Google::Protobuf::MessageExts
97
+ extend ::Google::Protobuf::MessageExts::ClassMethods
98
+ end
99
+ end
100
+
101
+ # Other properties of the build.
102
+ # @!attribute [rw] build_invocation_id
103
+ # @return [::String]
104
+ # @!attribute [rw] build_started_on
105
+ # @return [::Google::Protobuf::Timestamp]
106
+ # @!attribute [rw] build_finished_on
107
+ # @return [::Google::Protobuf::Timestamp]
108
+ # @!attribute [rw] completeness
109
+ # @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaCompleteness]
110
+ # @!attribute [rw] reproducible
111
+ # @return [::Boolean]
112
+ class SlsaMetadata
113
+ include ::Google::Protobuf::MessageExts
114
+ extend ::Google::Protobuf::MessageExts::ClassMethods
115
+ end
116
+
117
+ # Indicates that the builder claims certain fields in this message to be
118
+ # complete.
119
+ # @!attribute [rw] parameters
120
+ # @return [::Boolean]
121
+ # @!attribute [rw] environment
122
+ # @return [::Boolean]
123
+ # @!attribute [rw] materials
124
+ # @return [::Boolean]
125
+ class SlsaCompleteness
126
+ include ::Google::Protobuf::MessageExts
127
+ extend ::Google::Protobuf::MessageExts::ClassMethods
128
+ end
129
+ end
130
+ end
131
+ end
@@ -168,7 +168,7 @@ module Grafeas
168
168
  # scale of 0 - 10 where 0 indicates low severity and 10 indicates high
169
169
  # severity.
170
170
  # @!attribute [rw] cvssv3
171
- # @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
171
+ # @return [::Grafeas::V1::CVSS]
172
172
  # The cvss v3 score for the vulnerability.
173
173
  # @!attribute [rw] package_issue
174
174
  # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
@@ -203,19 +203,6 @@ module Grafeas
203
203
  include ::Google::Protobuf::MessageExts
204
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
205
205
 
206
- # The CVSS v3 score for this vulnerability.
207
- # @!attribute [rw] base_score
208
- # @return [::Float]
209
- # The base score for for this vulnerability according to cvss v3.
210
- # @!attribute [rw] severity
211
- # @return [::Grafeas::V1::Severity]
212
- # The severity rating assigned to this vulnerability by vulnerability
213
- # provider.
214
- class CVSSV3
215
- include ::Google::Protobuf::MessageExts
216
- extend ::Google::Protobuf::MessageExts::ClassMethods
217
- end
218
-
219
206
  # A detail for a distro and package this vulnerability occurrence was found
220
207
  # in and its associated fix (if one is available).
221
208
  # @!attribute [rw] affected_cpe_uri
@@ -253,31 +240,13 @@ module Grafeas
253
240
  # The distro or language system assigned severity for this vulnerability
254
241
  # when that is available and note provider assigned severity when it is not
255
242
  # available.
243
+ # @!attribute [rw] file_location
244
+ # @return [::Array<::Grafeas::V1::FileLocation>]
245
+ # The location at which this package was found.
256
246
  class PackageIssue
257
247
  include ::Google::Protobuf::MessageExts
258
248
  extend ::Google::Protobuf::MessageExts::ClassMethods
259
249
  end
260
250
  end
261
-
262
- # Note provider assigned severity/impact ranking.
263
- module Severity
264
- # Unknown.
265
- SEVERITY_UNSPECIFIED = 0
266
-
267
- # Minimal severity.
268
- MINIMAL = 1
269
-
270
- # Low severity.
271
- LOW = 2
272
-
273
- # Medium severity.
274
- MEDIUM = 3
275
-
276
- # High severity.
277
- HIGH = 4
278
-
279
- # Critical severity.
280
- CRITICAL = 5
281
- end
282
251
  end
283
252
  end