grafeas-v1 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/README.md +6 -1
- data/lib/grafeas/v1/attestation_pb.rb +2 -1
- data/lib/grafeas/v1/build_pb.rb +2 -1
- data/lib/grafeas/v1/common_pb.rb +14 -0
- data/lib/grafeas/v1/compliance_pb.rb +3 -1
- data/lib/grafeas/v1/cvss_pb.rb +62 -0
- data/lib/grafeas/v1/deployment_pb.rb +2 -1
- data/lib/grafeas/v1/discovery_pb.rb +4 -1
- data/lib/grafeas/v1/dsse_attestation_pb.rb +2 -1
- data/lib/grafeas/v1/grafeas_pb.rb +2 -1
- data/lib/grafeas/v1/intoto_provenance_pb.rb +2 -1
- data/lib/grafeas/v1/intoto_statement_pb.rb +4 -1
- data/lib/grafeas/v1/package_pb.rb +17 -0
- data/lib/grafeas/v1/provenance_pb.rb +2 -1
- data/lib/grafeas/v1/severity_pb.rb +23 -0
- data/lib/grafeas/v1/slsa_provenance_pb.rb +2 -1
- data/lib/grafeas/v1/slsa_provenance_zero_two_pb.rb +61 -0
- data/lib/grafeas/v1/upgrade_pb.rb +2 -1
- data/lib/grafeas/v1/version.rb +1 -1
- data/lib/grafeas/v1/vulnerability_pb.rb +5 -16
- data/lib/grafeas/v1.rb +2 -0
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/protobuf/any.rb +3 -3
- data/proto_docs/google/protobuf/struct.rb +96 -0
- data/proto_docs/grafeas/v1/common.rb +38 -0
- data/proto_docs/grafeas/v1/compliance.rb +4 -0
- data/proto_docs/grafeas/v1/cvss.rb +103 -0
- data/proto_docs/grafeas/v1/discovery.rb +3 -0
- data/proto_docs/grafeas/v1/intoto_statement.rb +2 -0
- data/proto_docs/grafeas/v1/package.rb +61 -10
- data/proto_docs/grafeas/v1/severity.rb +43 -0
- data/proto_docs/grafeas/v1/slsa_provenance_zero_two.rb +131 -0
- data/proto_docs/grafeas/v1/vulnerability.rb +4 -35
- metadata +8 -3
@@ -44,7 +44,7 @@ module Google
|
|
44
44
|
# foo = any.unpack(Foo.class);
|
45
45
|
# }
|
46
46
|
#
|
47
|
-
#
|
47
|
+
# Example 3: Pack and unpack a message in Python.
|
48
48
|
#
|
49
49
|
# foo = Foo(...)
|
50
50
|
# any = Any()
|
@@ -54,7 +54,7 @@ module Google
|
|
54
54
|
# any.Unpack(foo)
|
55
55
|
# ...
|
56
56
|
#
|
57
|
-
#
|
57
|
+
# Example 4: Pack and unpack a message in Go
|
58
58
|
#
|
59
59
|
# foo := &pb.Foo{...}
|
60
60
|
# any, err := anypb.New(foo)
|
@@ -75,7 +75,7 @@ module Google
|
|
75
75
|
#
|
76
76
|
#
|
77
77
|
# JSON
|
78
|
-
#
|
78
|
+
#
|
79
79
|
# The JSON representation of an `Any` value uses the regular
|
80
80
|
# representation of the deserialized, embedded message, with an
|
81
81
|
# additional field `@type` which contains the type URL. Example:
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Protobuf
|
22
|
+
# `Struct` represents a structured data value, consisting of fields
|
23
|
+
# which map to dynamically typed values. In some languages, `Struct`
|
24
|
+
# might be supported by a native representation. For example, in
|
25
|
+
# scripting languages like JS a struct is represented as an
|
26
|
+
# object. The details of that representation are described together
|
27
|
+
# with the proto support for the language.
|
28
|
+
#
|
29
|
+
# The JSON representation for `Struct` is JSON object.
|
30
|
+
# @!attribute [rw] fields
|
31
|
+
# @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
|
32
|
+
# Unordered map of dynamically typed values.
|
33
|
+
class Struct
|
34
|
+
include ::Google::Protobuf::MessageExts
|
35
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
36
|
+
|
37
|
+
# @!attribute [rw] key
|
38
|
+
# @return [::String]
|
39
|
+
# @!attribute [rw] value
|
40
|
+
# @return [::Google::Protobuf::Value]
|
41
|
+
class FieldsEntry
|
42
|
+
include ::Google::Protobuf::MessageExts
|
43
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# `Value` represents a dynamically typed value which can be either
|
48
|
+
# null, a number, a string, a boolean, a recursive struct value, or a
|
49
|
+
# list of values. A producer of value is expected to set one of these
|
50
|
+
# variants. Absence of any variant indicates an error.
|
51
|
+
#
|
52
|
+
# The JSON representation for `Value` is JSON value.
|
53
|
+
# @!attribute [rw] null_value
|
54
|
+
# @return [::Google::Protobuf::NullValue]
|
55
|
+
# Represents a null value.
|
56
|
+
# @!attribute [rw] number_value
|
57
|
+
# @return [::Float]
|
58
|
+
# Represents a double value.
|
59
|
+
# @!attribute [rw] string_value
|
60
|
+
# @return [::String]
|
61
|
+
# Represents a string value.
|
62
|
+
# @!attribute [rw] bool_value
|
63
|
+
# @return [::Boolean]
|
64
|
+
# Represents a boolean value.
|
65
|
+
# @!attribute [rw] struct_value
|
66
|
+
# @return [::Google::Protobuf::Struct]
|
67
|
+
# Represents a structured value.
|
68
|
+
# @!attribute [rw] list_value
|
69
|
+
# @return [::Google::Protobuf::ListValue]
|
70
|
+
# Represents a repeated `Value`.
|
71
|
+
class Value
|
72
|
+
include ::Google::Protobuf::MessageExts
|
73
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
74
|
+
end
|
75
|
+
|
76
|
+
# `ListValue` is a wrapper around a repeated field of values.
|
77
|
+
#
|
78
|
+
# The JSON representation for `ListValue` is JSON array.
|
79
|
+
# @!attribute [rw] values
|
80
|
+
# @return [::Array<::Google::Protobuf::Value>]
|
81
|
+
# Repeated field of dynamically typed values.
|
82
|
+
class ListValue
|
83
|
+
include ::Google::Protobuf::MessageExts
|
84
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
85
|
+
end
|
86
|
+
|
87
|
+
# `NullValue` is a singleton enumeration to represent the null value for the
|
88
|
+
# `Value` type union.
|
89
|
+
#
|
90
|
+
# The JSON representation for `NullValue` is JSON `null`.
|
91
|
+
module NullValue
|
92
|
+
# Null value.
|
93
|
+
NULL_VALUE = 0
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
@@ -108,6 +108,44 @@ module Grafeas
|
|
108
108
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
109
109
|
end
|
110
110
|
|
111
|
+
# Indicates the location at which a package was found.
|
112
|
+
# @!attribute [rw] file_path
|
113
|
+
# @return [::String]
|
114
|
+
# For jars that are contained inside .war files, this filepath
|
115
|
+
# can indicate the path to war file combined with the path to jar file.
|
116
|
+
class FileLocation
|
117
|
+
include ::Google::Protobuf::MessageExts
|
118
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
119
|
+
end
|
120
|
+
|
121
|
+
# License information.
|
122
|
+
# @!attribute [rw] expression
|
123
|
+
# @return [::String]
|
124
|
+
# Often a single license can be used to represent the licensing terms.
|
125
|
+
# Sometimes it is necessary to include a choice of one or more licenses
|
126
|
+
# or some combination of license identifiers.
|
127
|
+
# Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT",
|
128
|
+
# "GPL-2.0-or-later WITH Bison-exception-2.2".
|
129
|
+
# @!attribute [rw] comments
|
130
|
+
# @return [::String]
|
131
|
+
# Comments
|
132
|
+
class License
|
133
|
+
include ::Google::Protobuf::MessageExts
|
134
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
135
|
+
end
|
136
|
+
|
137
|
+
# Digest information.
|
138
|
+
# @!attribute [rw] algo
|
139
|
+
# @return [::String]
|
140
|
+
# `SHA1`, `SHA512` etc.
|
141
|
+
# @!attribute [rw] digest_bytes
|
142
|
+
# @return [::String]
|
143
|
+
# Value of the digest.
|
144
|
+
class Digest
|
145
|
+
include ::Google::Protobuf::MessageExts
|
146
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
147
|
+
end
|
148
|
+
|
111
149
|
# Kind represents the kinds of notes supported.
|
112
150
|
module NoteKind
|
113
151
|
# Default value. This value is unused.
|
@@ -60,6 +60,10 @@ module Grafeas
|
|
60
60
|
# @return [::String]
|
61
61
|
# The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
|
62
62
|
# applicable to.
|
63
|
+
# @!attribute [rw] benchmark_document
|
64
|
+
# @return [::String]
|
65
|
+
# The name of the document that defines this benchmark, e.g. "CIS
|
66
|
+
# Container-Optimized OS".
|
63
67
|
# @!attribute [rw] version
|
64
68
|
# @return [::String]
|
65
69
|
# The version of the benchmark. This is set to the version of the OS-specific
|
@@ -107,5 +107,108 @@ module Grafeas
|
|
107
107
|
IMPACT_NONE = 3
|
108
108
|
end
|
109
109
|
end
|
110
|
+
|
111
|
+
# Common Vulnerability Scoring System.
|
112
|
+
# For details, see https://www.first.org/cvss/specification-document
|
113
|
+
# This is a message we will try to use for storing various versions of CVSS
|
114
|
+
# rather than making a separate proto for storing a specific version.
|
115
|
+
# @!attribute [rw] base_score
|
116
|
+
# @return [::Float]
|
117
|
+
# The base score is a function of the base metric scores.
|
118
|
+
# @!attribute [rw] exploitability_score
|
119
|
+
# @return [::Float]
|
120
|
+
# @!attribute [rw] impact_score
|
121
|
+
# @return [::Float]
|
122
|
+
# @!attribute [rw] attack_vector
|
123
|
+
# @return [::Grafeas::V1::CVSS::AttackVector]
|
124
|
+
# Base Metrics
|
125
|
+
# Represents the intrinsic characteristics of a vulnerability that are
|
126
|
+
# constant over time and across user environments.
|
127
|
+
# @!attribute [rw] attack_complexity
|
128
|
+
# @return [::Grafeas::V1::CVSS::AttackComplexity]
|
129
|
+
# @!attribute [rw] authentication
|
130
|
+
# @return [::Grafeas::V1::CVSS::Authentication]
|
131
|
+
# @!attribute [rw] privileges_required
|
132
|
+
# @return [::Grafeas::V1::CVSS::PrivilegesRequired]
|
133
|
+
# @!attribute [rw] user_interaction
|
134
|
+
# @return [::Grafeas::V1::CVSS::UserInteraction]
|
135
|
+
# @!attribute [rw] scope
|
136
|
+
# @return [::Grafeas::V1::CVSS::Scope]
|
137
|
+
# @!attribute [rw] confidentiality_impact
|
138
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
139
|
+
# @!attribute [rw] integrity_impact
|
140
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
141
|
+
# @!attribute [rw] availability_impact
|
142
|
+
# @return [::Grafeas::V1::CVSS::Impact]
|
143
|
+
class CVSS
|
144
|
+
include ::Google::Protobuf::MessageExts
|
145
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
146
|
+
|
147
|
+
module AttackVector
|
148
|
+
ATTACK_VECTOR_UNSPECIFIED = 0
|
149
|
+
|
150
|
+
ATTACK_VECTOR_NETWORK = 1
|
151
|
+
|
152
|
+
ATTACK_VECTOR_ADJACENT = 2
|
153
|
+
|
154
|
+
ATTACK_VECTOR_LOCAL = 3
|
155
|
+
|
156
|
+
ATTACK_VECTOR_PHYSICAL = 4
|
157
|
+
end
|
158
|
+
|
159
|
+
module AttackComplexity
|
160
|
+
ATTACK_COMPLEXITY_UNSPECIFIED = 0
|
161
|
+
|
162
|
+
ATTACK_COMPLEXITY_LOW = 1
|
163
|
+
|
164
|
+
ATTACK_COMPLEXITY_HIGH = 2
|
165
|
+
end
|
166
|
+
|
167
|
+
module Authentication
|
168
|
+
AUTHENTICATION_UNSPECIFIED = 0
|
169
|
+
|
170
|
+
AUTHENTICATION_MULTIPLE = 1
|
171
|
+
|
172
|
+
AUTHENTICATION_SINGLE = 2
|
173
|
+
|
174
|
+
AUTHENTICATION_NONE = 3
|
175
|
+
end
|
176
|
+
|
177
|
+
module PrivilegesRequired
|
178
|
+
PRIVILEGES_REQUIRED_UNSPECIFIED = 0
|
179
|
+
|
180
|
+
PRIVILEGES_REQUIRED_NONE = 1
|
181
|
+
|
182
|
+
PRIVILEGES_REQUIRED_LOW = 2
|
183
|
+
|
184
|
+
PRIVILEGES_REQUIRED_HIGH = 3
|
185
|
+
end
|
186
|
+
|
187
|
+
module UserInteraction
|
188
|
+
USER_INTERACTION_UNSPECIFIED = 0
|
189
|
+
|
190
|
+
USER_INTERACTION_NONE = 1
|
191
|
+
|
192
|
+
USER_INTERACTION_REQUIRED = 2
|
193
|
+
end
|
194
|
+
|
195
|
+
module Scope
|
196
|
+
SCOPE_UNSPECIFIED = 0
|
197
|
+
|
198
|
+
SCOPE_UNCHANGED = 1
|
199
|
+
|
200
|
+
SCOPE_CHANGED = 2
|
201
|
+
end
|
202
|
+
|
203
|
+
module Impact
|
204
|
+
IMPACT_UNSPECIFIED = 0
|
205
|
+
|
206
|
+
IMPACT_HIGH = 1
|
207
|
+
|
208
|
+
IMPACT_LOW = 2
|
209
|
+
|
210
|
+
IMPACT_NONE = 3
|
211
|
+
end
|
212
|
+
end
|
110
213
|
end
|
111
214
|
end
|
@@ -49,6 +49,9 @@ module Grafeas
|
|
49
49
|
# @!attribute [rw] last_scan_time
|
50
50
|
# @return [::Google::Protobuf::Timestamp]
|
51
51
|
# The last time this resource was scanned.
|
52
|
+
# @!attribute [r] archive_time
|
53
|
+
# @return [::Google::Protobuf::Timestamp]
|
54
|
+
# The time occurrences related to this discovery occurrence were archived.
|
52
55
|
class DiscoveryOccurrence
|
53
56
|
include ::Google::Protobuf::MessageExts
|
54
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -35,6 +35,8 @@ module Grafeas
|
|
35
35
|
# @return [::Grafeas::V1::InTotoProvenance]
|
36
36
|
# @!attribute [rw] slsa_provenance
|
37
37
|
# @return [::Grafeas::V1::SlsaProvenance]
|
38
|
+
# @!attribute [rw] slsa_provenance_zero_two
|
39
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo]
|
38
40
|
class InTotoStatement
|
39
41
|
include ::Google::Protobuf::MessageExts
|
40
42
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -23,7 +23,7 @@ module Grafeas
|
|
23
23
|
# E.g., Debian's jessie-backports dpkg mirror.
|
24
24
|
# @!attribute [rw] cpe_uri
|
25
25
|
# @return [::String]
|
26
|
-
#
|
26
|
+
# The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
|
27
27
|
# denoting the package manager version distributing a package.
|
28
28
|
# @!attribute [rw] architecture
|
29
29
|
# @return [::Grafeas::V1::Architecture]
|
@@ -50,10 +50,11 @@ module Grafeas
|
|
50
50
|
# filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
|
51
51
|
# @!attribute [rw] cpe_uri
|
52
52
|
# @return [::String]
|
53
|
-
#
|
54
|
-
#
|
53
|
+
# Deprecated.
|
54
|
+
# The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
|
55
55
|
# @!attribute [rw] version
|
56
56
|
# @return [::Grafeas::V1::Version]
|
57
|
+
# Deprecated.
|
57
58
|
# The version installed at this location.
|
58
59
|
# @!attribute [rw] path
|
59
60
|
# @return [::String]
|
@@ -63,28 +64,78 @@ module Grafeas
|
|
63
64
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
64
65
|
end
|
65
66
|
|
66
|
-
#
|
67
|
-
# channels. E.g., glibc (aka libc6) is distributed by many, at various
|
68
|
-
# versions.
|
67
|
+
# PackageNote represents a particular package version.
|
69
68
|
# @!attribute [rw] name
|
70
69
|
# @return [::String]
|
71
|
-
#
|
70
|
+
# The name of the package.
|
72
71
|
# @!attribute [rw] distribution
|
73
72
|
# @return [::Array<::Grafeas::V1::Distribution>]
|
73
|
+
# Deprecated.
|
74
74
|
# The various channels by which a package is distributed.
|
75
|
+
# @!attribute [rw] package_type
|
76
|
+
# @return [::String]
|
77
|
+
# The type of package; whether native or non native (e.g., ruby gems,
|
78
|
+
# node.js packages, etc.).
|
79
|
+
# @!attribute [rw] cpe_uri
|
80
|
+
# @return [::String]
|
81
|
+
# The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
|
82
|
+
# denoting the package manager version distributing a package.
|
83
|
+
# The cpe_uri will be blank for language packages.
|
84
|
+
# @!attribute [rw] architecture
|
85
|
+
# @return [::Grafeas::V1::Architecture]
|
86
|
+
# The CPU architecture for which packages in this distribution channel were
|
87
|
+
# built. Architecture will be blank for language packages.
|
88
|
+
# @!attribute [rw] version
|
89
|
+
# @return [::Grafeas::V1::Version]
|
90
|
+
# The version of the package.
|
91
|
+
# @!attribute [rw] maintainer
|
92
|
+
# @return [::String]
|
93
|
+
# A freeform text denoting the maintainer of this package.
|
94
|
+
# @!attribute [rw] url
|
95
|
+
# @return [::String]
|
96
|
+
# The homepage for this package.
|
97
|
+
# @!attribute [rw] description
|
98
|
+
# @return [::String]
|
99
|
+
# The description of this package.
|
100
|
+
# @!attribute [rw] license
|
101
|
+
# @return [::Grafeas::V1::License]
|
102
|
+
# Licenses that have been declared by the authors of the package.
|
103
|
+
# @!attribute [rw] digest
|
104
|
+
# @return [::Array<::Grafeas::V1::Digest>]
|
105
|
+
# Hash value, typically a file digest, that allows unique
|
106
|
+
# identification a specific package.
|
75
107
|
class PackageNote
|
76
108
|
include ::Google::Protobuf::MessageExts
|
77
109
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
78
110
|
end
|
79
111
|
|
80
112
|
# Details on how a particular software package was installed on a system.
|
81
|
-
# @!attribute [
|
113
|
+
# @!attribute [r] name
|
82
114
|
# @return [::String]
|
83
|
-
#
|
115
|
+
# The name of the installed package.
|
84
116
|
# @!attribute [rw] location
|
85
117
|
# @return [::Array<::Grafeas::V1::Location>]
|
86
|
-
#
|
118
|
+
# All of the places within the filesystem versions of this package
|
87
119
|
# have been found.
|
120
|
+
# @!attribute [r] package_type
|
121
|
+
# @return [::String]
|
122
|
+
# The type of package; whether native or non native (e.g., ruby gems,
|
123
|
+
# node.js packages, etc.).
|
124
|
+
# @!attribute [r] cpe_uri
|
125
|
+
# @return [::String]
|
126
|
+
# The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
|
127
|
+
# denoting the package manager version distributing a package.
|
128
|
+
# The cpe_uri will be blank for language packages.
|
129
|
+
# @!attribute [r] architecture
|
130
|
+
# @return [::Grafeas::V1::Architecture]
|
131
|
+
# The CPU architecture for which packages in this distribution channel were
|
132
|
+
# built. Architecture will be blank for language packages.
|
133
|
+
# @!attribute [rw] license
|
134
|
+
# @return [::Grafeas::V1::License]
|
135
|
+
# Licenses that have been declared by the authors of the package.
|
136
|
+
# @!attribute [r] version
|
137
|
+
# @return [::Grafeas::V1::Version]
|
138
|
+
# The version of the package.
|
88
139
|
class PackageOccurrence
|
89
140
|
include ::Google::Protobuf::MessageExts
|
90
141
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Note provider assigned severity/impact ranking.
|
23
|
+
module Severity
|
24
|
+
# Unknown.
|
25
|
+
SEVERITY_UNSPECIFIED = 0
|
26
|
+
|
27
|
+
# Minimal severity.
|
28
|
+
MINIMAL = 1
|
29
|
+
|
30
|
+
# Low severity.
|
31
|
+
LOW = 2
|
32
|
+
|
33
|
+
# Medium severity.
|
34
|
+
MEDIUM = 3
|
35
|
+
|
36
|
+
# High severity.
|
37
|
+
HIGH = 4
|
38
|
+
|
39
|
+
# Critical severity.
|
40
|
+
CRITICAL = 5
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,131 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# @!attribute [rw] builder
|
23
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaBuilder]
|
24
|
+
# @!attribute [rw] build_type
|
25
|
+
# @return [::String]
|
26
|
+
# @!attribute [rw] invocation
|
27
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaInvocation]
|
28
|
+
# @!attribute [rw] build_config
|
29
|
+
# @return [::Google::Protobuf::Struct]
|
30
|
+
# @!attribute [rw] metadata
|
31
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMetadata]
|
32
|
+
# @!attribute [rw] materials
|
33
|
+
# @return [::Array<::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMaterial>]
|
34
|
+
class SlsaProvenanceZeroTwo
|
35
|
+
include ::Google::Protobuf::MessageExts
|
36
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
37
|
+
|
38
|
+
# Identifies the entity that executed the recipe, which is trusted to have
|
39
|
+
# correctly performed the operation and populated this provenance.
|
40
|
+
# @!attribute [rw] id
|
41
|
+
# @return [::String]
|
42
|
+
class SlsaBuilder
|
43
|
+
include ::Google::Protobuf::MessageExts
|
44
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
45
|
+
end
|
46
|
+
|
47
|
+
# The collection of artifacts that influenced the build including sources,
|
48
|
+
# dependencies, build tools, base images, and so on.
|
49
|
+
# @!attribute [rw] uri
|
50
|
+
# @return [::String]
|
51
|
+
# @!attribute [rw] digest
|
52
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
53
|
+
class SlsaMaterial
|
54
|
+
include ::Google::Protobuf::MessageExts
|
55
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
56
|
+
|
57
|
+
# @!attribute [rw] key
|
58
|
+
# @return [::String]
|
59
|
+
# @!attribute [rw] value
|
60
|
+
# @return [::String]
|
61
|
+
class DigestEntry
|
62
|
+
include ::Google::Protobuf::MessageExts
|
63
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
# Identifies the event that kicked off the build.
|
68
|
+
# @!attribute [rw] config_source
|
69
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaConfigSource]
|
70
|
+
# @!attribute [rw] parameters
|
71
|
+
# @return [::Google::Protobuf::Struct]
|
72
|
+
# @!attribute [rw] environment
|
73
|
+
# @return [::Google::Protobuf::Struct]
|
74
|
+
class SlsaInvocation
|
75
|
+
include ::Google::Protobuf::MessageExts
|
76
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
77
|
+
end
|
78
|
+
|
79
|
+
# Describes where the config file that kicked off the build came from.
|
80
|
+
# This is effectively a pointer to the source where buildConfig came from.
|
81
|
+
# @!attribute [rw] uri
|
82
|
+
# @return [::String]
|
83
|
+
# @!attribute [rw] digest
|
84
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
85
|
+
# @!attribute [rw] entry_point
|
86
|
+
# @return [::String]
|
87
|
+
class SlsaConfigSource
|
88
|
+
include ::Google::Protobuf::MessageExts
|
89
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
90
|
+
|
91
|
+
# @!attribute [rw] key
|
92
|
+
# @return [::String]
|
93
|
+
# @!attribute [rw] value
|
94
|
+
# @return [::String]
|
95
|
+
class DigestEntry
|
96
|
+
include ::Google::Protobuf::MessageExts
|
97
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
# Other properties of the build.
|
102
|
+
# @!attribute [rw] build_invocation_id
|
103
|
+
# @return [::String]
|
104
|
+
# @!attribute [rw] build_started_on
|
105
|
+
# @return [::Google::Protobuf::Timestamp]
|
106
|
+
# @!attribute [rw] build_finished_on
|
107
|
+
# @return [::Google::Protobuf::Timestamp]
|
108
|
+
# @!attribute [rw] completeness
|
109
|
+
# @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaCompleteness]
|
110
|
+
# @!attribute [rw] reproducible
|
111
|
+
# @return [::Boolean]
|
112
|
+
class SlsaMetadata
|
113
|
+
include ::Google::Protobuf::MessageExts
|
114
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
115
|
+
end
|
116
|
+
|
117
|
+
# Indicates that the builder claims certain fields in this message to be
|
118
|
+
# complete.
|
119
|
+
# @!attribute [rw] parameters
|
120
|
+
# @return [::Boolean]
|
121
|
+
# @!attribute [rw] environment
|
122
|
+
# @return [::Boolean]
|
123
|
+
# @!attribute [rw] materials
|
124
|
+
# @return [::Boolean]
|
125
|
+
class SlsaCompleteness
|
126
|
+
include ::Google::Protobuf::MessageExts
|
127
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
@@ -168,7 +168,7 @@ module Grafeas
|
|
168
168
|
# scale of 0 - 10 where 0 indicates low severity and 10 indicates high
|
169
169
|
# severity.
|
170
170
|
# @!attribute [rw] cvssv3
|
171
|
-
# @return [::Grafeas::V1::
|
171
|
+
# @return [::Grafeas::V1::CVSS]
|
172
172
|
# The cvss v3 score for the vulnerability.
|
173
173
|
# @!attribute [rw] package_issue
|
174
174
|
# @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
|
@@ -203,19 +203,6 @@ module Grafeas
|
|
203
203
|
include ::Google::Protobuf::MessageExts
|
204
204
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
205
205
|
|
206
|
-
# The CVSS v3 score for this vulnerability.
|
207
|
-
# @!attribute [rw] base_score
|
208
|
-
# @return [::Float]
|
209
|
-
# The base score for for this vulnerability according to cvss v3.
|
210
|
-
# @!attribute [rw] severity
|
211
|
-
# @return [::Grafeas::V1::Severity]
|
212
|
-
# The severity rating assigned to this vulnerability by vulnerability
|
213
|
-
# provider.
|
214
|
-
class CVSSV3
|
215
|
-
include ::Google::Protobuf::MessageExts
|
216
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
217
|
-
end
|
218
|
-
|
219
206
|
# A detail for a distro and package this vulnerability occurrence was found
|
220
207
|
# in and its associated fix (if one is available).
|
221
208
|
# @!attribute [rw] affected_cpe_uri
|
@@ -253,31 +240,13 @@ module Grafeas
|
|
253
240
|
# The distro or language system assigned severity for this vulnerability
|
254
241
|
# when that is available and note provider assigned severity when it is not
|
255
242
|
# available.
|
243
|
+
# @!attribute [rw] file_location
|
244
|
+
# @return [::Array<::Grafeas::V1::FileLocation>]
|
245
|
+
# The location at which this package was found.
|
256
246
|
class PackageIssue
|
257
247
|
include ::Google::Protobuf::MessageExts
|
258
248
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
259
249
|
end
|
260
250
|
end
|
261
|
-
|
262
|
-
# Note provider assigned severity/impact ranking.
|
263
|
-
module Severity
|
264
|
-
# Unknown.
|
265
|
-
SEVERITY_UNSPECIFIED = 0
|
266
|
-
|
267
|
-
# Minimal severity.
|
268
|
-
MINIMAL = 1
|
269
|
-
|
270
|
-
# Low severity.
|
271
|
-
LOW = 2
|
272
|
-
|
273
|
-
# Medium severity.
|
274
|
-
MEDIUM = 3
|
275
|
-
|
276
|
-
# High severity.
|
277
|
-
HIGH = 4
|
278
|
-
|
279
|
-
# Critical severity.
|
280
|
-
CRITICAL = 5
|
281
|
-
end
|
282
251
|
end
|
283
252
|
end
|