grafeas-v1 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a1daaaa44e5b9e83a19f1f45058ab6d2e672add60b9d27e7527e0f107b7394a1
4
- data.tar.gz: eb72b3a41d3b10d83144f76204fec229e76f44f0c8e9755032c3bbd8a4e1f20d
3
+ metadata.gz: 7298ad05fa42dba9994b498bce80a3939994613c7a827c1f8579d90706a822af
4
+ data.tar.gz: 748a285b37351c52e5e241ea50015d9547572c071935c6bf2bbac57dd9866c19
5
5
  SHA512:
6
- metadata.gz: 801f61920ee568a3f11ccbd7d6a1b74aa50fe40b4b1d08daf2ff42b91b1044646b269ae4809c34642886a2fb3c61f7d07bfe9572bfa299ca5d7eab734361de89
7
- data.tar.gz: f42da8bad4cbda5d8872400a7012811ed39dfd3e24c44333fb016218e33b06e22805ea6bf4ac3ba368df66309251d4e07eb30cb500f7b2380b9895097be0e63d
6
+ metadata.gz: '019f77652b634e657a86f6064923a3d0c5ae6b13a7de33d3dbf310f9bfd5ba328cf896ed6056303ed24fb844701da13aca92baeb6f976530d57c84525a0ba233'
7
+ data.tar.gz: dff13064655fc342f13844aeb0ea9bb98489d5026aad0140a3a98e8bb3f1a8504da40d09ff89692b3a1949743764953e18f5ef13f2fa7c5442b4f46cf2098f8d
@@ -1,7 +1,7 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/compliance.proto
3
3
 
4
- require 'grafeas/v1/vulnerability_pb'
4
+ require 'grafeas/v1/severity_pb'
5
5
  require 'google/protobuf'
6
6
 
7
7
  Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -52,6 +52,60 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
52
52
  value :IMPACT_LOW, 2
53
53
  value :IMPACT_NONE, 3
54
54
  end
55
+ add_message "grafeas.v1.CVSS" do
56
+ optional :base_score, :float, 1
57
+ optional :exploitability_score, :float, 2
58
+ optional :impact_score, :float, 3
59
+ optional :attack_vector, :enum, 4, "grafeas.v1.CVSS.AttackVector"
60
+ optional :attack_complexity, :enum, 5, "grafeas.v1.CVSS.AttackComplexity"
61
+ optional :authentication, :enum, 6, "grafeas.v1.CVSS.Authentication"
62
+ optional :privileges_required, :enum, 7, "grafeas.v1.CVSS.PrivilegesRequired"
63
+ optional :user_interaction, :enum, 8, "grafeas.v1.CVSS.UserInteraction"
64
+ optional :scope, :enum, 9, "grafeas.v1.CVSS.Scope"
65
+ optional :confidentiality_impact, :enum, 10, "grafeas.v1.CVSS.Impact"
66
+ optional :integrity_impact, :enum, 11, "grafeas.v1.CVSS.Impact"
67
+ optional :availability_impact, :enum, 12, "grafeas.v1.CVSS.Impact"
68
+ end
69
+ add_enum "grafeas.v1.CVSS.AttackVector" do
70
+ value :ATTACK_VECTOR_UNSPECIFIED, 0
71
+ value :ATTACK_VECTOR_NETWORK, 1
72
+ value :ATTACK_VECTOR_ADJACENT, 2
73
+ value :ATTACK_VECTOR_LOCAL, 3
74
+ value :ATTACK_VECTOR_PHYSICAL, 4
75
+ end
76
+ add_enum "grafeas.v1.CVSS.AttackComplexity" do
77
+ value :ATTACK_COMPLEXITY_UNSPECIFIED, 0
78
+ value :ATTACK_COMPLEXITY_LOW, 1
79
+ value :ATTACK_COMPLEXITY_HIGH, 2
80
+ end
81
+ add_enum "grafeas.v1.CVSS.Authentication" do
82
+ value :AUTHENTICATION_UNSPECIFIED, 0
83
+ value :AUTHENTICATION_MULTIPLE, 1
84
+ value :AUTHENTICATION_SINGLE, 2
85
+ value :AUTHENTICATION_NONE, 3
86
+ end
87
+ add_enum "grafeas.v1.CVSS.PrivilegesRequired" do
88
+ value :PRIVILEGES_REQUIRED_UNSPECIFIED, 0
89
+ value :PRIVILEGES_REQUIRED_NONE, 1
90
+ value :PRIVILEGES_REQUIRED_LOW, 2
91
+ value :PRIVILEGES_REQUIRED_HIGH, 3
92
+ end
93
+ add_enum "grafeas.v1.CVSS.UserInteraction" do
94
+ value :USER_INTERACTION_UNSPECIFIED, 0
95
+ value :USER_INTERACTION_NONE, 1
96
+ value :USER_INTERACTION_REQUIRED, 2
97
+ end
98
+ add_enum "grafeas.v1.CVSS.Scope" do
99
+ value :SCOPE_UNSPECIFIED, 0
100
+ value :SCOPE_UNCHANGED, 1
101
+ value :SCOPE_CHANGED, 2
102
+ end
103
+ add_enum "grafeas.v1.CVSS.Impact" do
104
+ value :IMPACT_UNSPECIFIED, 0
105
+ value :IMPACT_HIGH, 1
106
+ value :IMPACT_LOW, 2
107
+ value :IMPACT_NONE, 3
108
+ end
55
109
  end
56
110
  end
57
111
 
@@ -64,5 +118,13 @@ module Grafeas
64
118
  CVSSv3::UserInteraction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.UserInteraction").enummodule
65
119
  CVSSv3::Scope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.Scope").enummodule
66
120
  CVSSv3::Impact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.Impact").enummodule
121
+ CVSS = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS").msgclass
122
+ CVSS::AttackVector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.AttackVector").enummodule
123
+ CVSS::AttackComplexity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.AttackComplexity").enummodule
124
+ CVSS::Authentication = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Authentication").enummodule
125
+ CVSS::PrivilegesRequired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.PrivilegesRequired").enummodule
126
+ CVSS::UserInteraction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.UserInteraction").enummodule
127
+ CVSS::Scope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Scope").enummodule
128
+ CVSS::Impact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Impact").enummodule
67
129
  end
68
130
  end
@@ -1,6 +1,7 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/discovery.proto
3
3
 
4
+ require 'google/api/field_behavior_pb'
4
5
  require 'google/protobuf/timestamp_pb'
5
6
  require 'google/rpc/status_pb'
6
7
  require 'grafeas/v1/common_pb'
@@ -17,6 +18,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
17
18
  optional :analysis_status_error, :message, 3, "google.rpc.Status"
18
19
  optional :cpe, :string, 4
19
20
  optional :last_scan_time, :message, 5, "google.protobuf.Timestamp"
21
+ optional :archive_time, :message, 6, "google.protobuf.Timestamp"
20
22
  end
21
23
  add_enum "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis" do
22
24
  value :CONTINUOUS_ANALYSIS_UNSPECIFIED, 0
@@ -0,0 +1,23 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/severity.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ Google::Protobuf::DescriptorPool.generated_pool.build do
7
+ add_file("grafeas/v1/severity.proto", :syntax => :proto3) do
8
+ add_enum "grafeas.v1.Severity" do
9
+ value :SEVERITY_UNSPECIFIED, 0
10
+ value :MINIMAL, 1
11
+ value :LOW, 2
12
+ value :MEDIUM, 3
13
+ value :HIGH, 4
14
+ value :CRITICAL, 5
15
+ end
16
+ end
17
+ end
18
+
19
+ module Grafeas
20
+ module V1
21
+ Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
22
+ end
23
+ end
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Grafeas
21
21
  module V1
22
- VERSION = "0.3.1"
22
+ VERSION = "0.4.0"
23
23
  end
24
24
  end
@@ -6,6 +6,7 @@ require 'google/protobuf/timestamp_pb'
6
6
  require 'grafeas/v1/common_pb'
7
7
  require 'grafeas/v1/cvss_pb'
8
8
  require 'grafeas/v1/package_pb'
9
+ require 'grafeas/v1/severity_pb'
9
10
  require 'google/protobuf'
10
11
 
11
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -48,7 +49,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
48
49
  optional :type, :string, 1
49
50
  optional :severity, :enum, 2, "grafeas.v1.Severity"
50
51
  optional :cvss_score, :float, 3
51
- optional :cvssv3, :message, 10, "grafeas.v1.VulnerabilityOccurrence.CVSSV3"
52
+ optional :cvssv3, :message, 10, "grafeas.v1.CVSS"
52
53
  repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
53
54
  optional :short_description, :string, 5
54
55
  optional :long_description, :string, 6
@@ -56,10 +57,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
56
57
  optional :effective_severity, :enum, 8, "grafeas.v1.Severity"
57
58
  optional :fix_available, :bool, 9
58
59
  end
59
- add_message "grafeas.v1.VulnerabilityOccurrence.CVSSV3" do
60
- optional :base_score, :float, 1
61
- optional :severity, :enum, 2, "grafeas.v1.Severity"
62
- end
63
60
  add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
64
61
  optional :affected_cpe_uri, :string, 1
65
62
  optional :affected_package, :string, 2
@@ -71,14 +68,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
71
68
  optional :package_type, :string, 8
72
69
  optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
73
70
  end
74
- add_enum "grafeas.v1.Severity" do
75
- value :SEVERITY_UNSPECIFIED, 0
76
- value :MINIMAL, 1
77
- value :LOW, 2
78
- value :MEDIUM, 3
79
- value :HIGH, 4
80
- value :CRITICAL, 5
81
- end
82
71
  end
83
72
  end
84
73
 
@@ -89,8 +78,6 @@ module Grafeas
89
78
  VulnerabilityNote::WindowsDetail = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail").msgclass
90
79
  VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
91
80
  VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
92
- VulnerabilityOccurrence::CVSSV3 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.CVSSV3").msgclass
93
81
  VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
94
- Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
95
82
  end
96
83
  end
@@ -107,5 +107,110 @@ module Grafeas
107
107
  IMPACT_NONE = 3
108
108
  end
109
109
  end
110
+
111
+ # Common Vulnerability Scoring System.
112
+ # For details, see https://www.first.org/cvss/specification-document
113
+ # This is a message we will try to use for storing multiple versions of
114
+ # CVSS. The intention is that as new versions of CVSS scores get added, we
115
+ # will be able to modify this message rather than adding new protos for each
116
+ # new version of the score.
117
+ # @!attribute [rw] base_score
118
+ # @return [::Float]
119
+ # The base score is a function of the base metric scores.
120
+ # @!attribute [rw] exploitability_score
121
+ # @return [::Float]
122
+ # @!attribute [rw] impact_score
123
+ # @return [::Float]
124
+ # @!attribute [rw] attack_vector
125
+ # @return [::Grafeas::V1::CVSS::AttackVector]
126
+ # Base Metrics
127
+ # Represents the intrinsic characteristics of a vulnerability that are
128
+ # constant over time and across user environments.
129
+ # @!attribute [rw] attack_complexity
130
+ # @return [::Grafeas::V1::CVSS::AttackComplexity]
131
+ # @!attribute [rw] authentication
132
+ # @return [::Grafeas::V1::CVSS::Authentication]
133
+ # @!attribute [rw] privileges_required
134
+ # @return [::Grafeas::V1::CVSS::PrivilegesRequired]
135
+ # @!attribute [rw] user_interaction
136
+ # @return [::Grafeas::V1::CVSS::UserInteraction]
137
+ # @!attribute [rw] scope
138
+ # @return [::Grafeas::V1::CVSS::Scope]
139
+ # @!attribute [rw] confidentiality_impact
140
+ # @return [::Grafeas::V1::CVSS::Impact]
141
+ # @!attribute [rw] integrity_impact
142
+ # @return [::Grafeas::V1::CVSS::Impact]
143
+ # @!attribute [rw] availability_impact
144
+ # @return [::Grafeas::V1::CVSS::Impact]
145
+ class CVSS
146
+ include ::Google::Protobuf::MessageExts
147
+ extend ::Google::Protobuf::MessageExts::ClassMethods
148
+
149
+ module AttackVector
150
+ ATTACK_VECTOR_UNSPECIFIED = 0
151
+
152
+ ATTACK_VECTOR_NETWORK = 1
153
+
154
+ ATTACK_VECTOR_ADJACENT = 2
155
+
156
+ ATTACK_VECTOR_LOCAL = 3
157
+
158
+ ATTACK_VECTOR_PHYSICAL = 4
159
+ end
160
+
161
+ module AttackComplexity
162
+ ATTACK_COMPLEXITY_UNSPECIFIED = 0
163
+
164
+ ATTACK_COMPLEXITY_LOW = 1
165
+
166
+ ATTACK_COMPLEXITY_HIGH = 2
167
+ end
168
+
169
+ module Authentication
170
+ AUTHENTICATION_UNSPECIFIED = 0
171
+
172
+ AUTHENTICATION_MULTIPLE = 1
173
+
174
+ AUTHENTICATION_SINGLE = 2
175
+
176
+ AUTHENTICATION_NONE = 3
177
+ end
178
+
179
+ module PrivilegesRequired
180
+ PRIVILEGES_REQUIRED_UNSPECIFIED = 0
181
+
182
+ PRIVILEGES_REQUIRED_NONE = 1
183
+
184
+ PRIVILEGES_REQUIRED_LOW = 2
185
+
186
+ PRIVILEGES_REQUIRED_HIGH = 3
187
+ end
188
+
189
+ module UserInteraction
190
+ USER_INTERACTION_UNSPECIFIED = 0
191
+
192
+ USER_INTERACTION_NONE = 1
193
+
194
+ USER_INTERACTION_REQUIRED = 2
195
+ end
196
+
197
+ module Scope
198
+ SCOPE_UNSPECIFIED = 0
199
+
200
+ SCOPE_UNCHANGED = 1
201
+
202
+ SCOPE_CHANGED = 2
203
+ end
204
+
205
+ module Impact
206
+ IMPACT_UNSPECIFIED = 0
207
+
208
+ IMPACT_HIGH = 1
209
+
210
+ IMPACT_LOW = 2
211
+
212
+ IMPACT_NONE = 3
213
+ end
214
+ end
110
215
  end
111
216
  end
@@ -49,6 +49,9 @@ module Grafeas
49
49
  # @!attribute [rw] last_scan_time
50
50
  # @return [::Google::Protobuf::Timestamp]
51
51
  # The last time this resource was scanned.
52
+ # @!attribute [r] archive_time
53
+ # @return [::Google::Protobuf::Timestamp]
54
+ # The time occurrences related to this discovery occurrence were archived.
52
55
  class DiscoveryOccurrence
53
56
  include ::Google::Protobuf::MessageExts
54
57
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Note provider assigned severity/impact ranking.
23
+ module Severity
24
+ # Unknown.
25
+ SEVERITY_UNSPECIFIED = 0
26
+
27
+ # Minimal severity.
28
+ MINIMAL = 1
29
+
30
+ # Low severity.
31
+ LOW = 2
32
+
33
+ # Medium severity.
34
+ MEDIUM = 3
35
+
36
+ # High severity.
37
+ HIGH = 4
38
+
39
+ # Critical severity.
40
+ CRITICAL = 5
41
+ end
42
+ end
43
+ end
@@ -168,7 +168,7 @@ module Grafeas
168
168
  # scale of 0 - 10 where 0 indicates low severity and 10 indicates high
169
169
  # severity.
170
170
  # @!attribute [rw] cvssv3
171
- # @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
171
+ # @return [::Grafeas::V1::CVSS]
172
172
  # The cvss v3 score for the vulnerability.
173
173
  # @!attribute [rw] package_issue
174
174
  # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
@@ -203,19 +203,6 @@ module Grafeas
203
203
  include ::Google::Protobuf::MessageExts
204
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
205
205
 
206
- # The CVSS v3 score for this vulnerability.
207
- # @!attribute [rw] base_score
208
- # @return [::Float]
209
- # The base score for for this vulnerability according to cvss v3.
210
- # @!attribute [rw] severity
211
- # @return [::Grafeas::V1::Severity]
212
- # The severity rating assigned to this vulnerability by vulnerability
213
- # provider.
214
- class CVSSV3
215
- include ::Google::Protobuf::MessageExts
216
- extend ::Google::Protobuf::MessageExts::ClassMethods
217
- end
218
-
219
206
  # A detail for a distro and package this vulnerability occurrence was found
220
207
  # in and its associated fix (if one is available).
221
208
  # @!attribute [rw] affected_cpe_uri
@@ -258,26 +245,5 @@ module Grafeas
258
245
  extend ::Google::Protobuf::MessageExts::ClassMethods
259
246
  end
260
247
  end
261
-
262
- # Note provider assigned severity/impact ranking.
263
- module Severity
264
- # Unknown.
265
- SEVERITY_UNSPECIFIED = 0
266
-
267
- # Minimal severity.
268
- MINIMAL = 1
269
-
270
- # Low severity.
271
- LOW = 2
272
-
273
- # Medium severity.
274
- MEDIUM = 3
275
-
276
- # High severity.
277
- HIGH = 4
278
-
279
- # Critical severity.
280
- CRITICAL = 5
281
- end
282
248
  end
283
249
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grafeas-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-11 00:00:00.000000000 Z
11
+ date: 2022-01-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -188,6 +188,7 @@ files:
188
188
  - lib/grafeas/v1/intoto_statement_pb.rb
189
189
  - lib/grafeas/v1/package_pb.rb
190
190
  - lib/grafeas/v1/provenance_pb.rb
191
+ - lib/grafeas/v1/severity_pb.rb
191
192
  - lib/grafeas/v1/slsa_provenance_pb.rb
192
193
  - lib/grafeas/v1/upgrade_pb.rb
193
194
  - lib/grafeas/v1/version.rb
@@ -214,6 +215,7 @@ files:
214
215
  - proto_docs/grafeas/v1/intoto_statement.rb
215
216
  - proto_docs/grafeas/v1/package.rb
216
217
  - proto_docs/grafeas/v1/provenance.rb
218
+ - proto_docs/grafeas/v1/severity.rb
217
219
  - proto_docs/grafeas/v1/slsa_provenance.rb
218
220
  - proto_docs/grafeas/v1/upgrade.rb
219
221
  - proto_docs/grafeas/v1/vulnerability.rb
@@ -236,7 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
236
238
  - !ruby/object:Gem::Version
237
239
  version: '0'
238
240
  requirements: []
239
- rubygems_version: 3.3.4
241
+ rubygems_version: 3.3.5
240
242
  signing_key:
241
243
  specification_version: 4
242
244
  summary: API Client library for the Grafeas V1 API