grafeas-v1 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7298ad05fa42dba9994b498bce80a3939994613c7a827c1f8579d90706a822af
-  data.tar.gz: 748a285b37351c52e5e241ea50015d9547572c071935c6bf2bbac57dd9866c19
+  metadata.gz: 45fc05170db6cbed47e14932cd90ee121b11f4965c32585bd80d7e0aea3e7650
+  data.tar.gz: 1128f3362e4ece912f5425526d35bc49f0f4a51453575447f3666349e747a35d
 SHA512:
-  metadata.gz: '019f77652b634e657a86f6064923a3d0c5ae6b13a7de33d3dbf310f9bfd5ba328cf896ed6056303ed24fb844701da13aca92baeb6f976530d57c84525a0ba233'
-  data.tar.gz: dff13064655fc342f13844aeb0ea9bb98489d5026aad0140a3a98e8bb3f1a8504da40d09ff89692b3a1949743764953e18f5ef13f2fa7c5442b4f46cf2098f8d
+  metadata.gz: 062a178010e7462cf5a8feab1cf5848c454af11b28ec66eac280e1d26eb4b4e1ced59c9c48106f8e15aa07e523a876f0b1fbdfe0d16238f5b90ff123c9c53454
+  data.tar.gz: b6cff61e8c4c3dbf9db8092b2ef5dda1fc40497a83d3cada3bbb11d35e3174520a1cff21b288b3e7b95327e09bbb6c6de87e8a1cf6f8f20ebfb81acf693c8638

data/README.md

@@ -28,7 +28,7 @@ request = ::Grafeas::V1::GetOccurrenceRequest.new # (request fields as keyword a
 response = client.get_occurrence request
 ```
 
-View the [Client Library Documentation](https://googleapis.dev/ruby/grafeas-v1/latest)
+View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/grafeas-v1/latest)
 for class and method documentation.
 
 ## Enabling Logging
@@ -57,6 +57,11 @@ module GRPC
 end
 ```
 
+
+## Google Cloud Samples
+
+To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
+
 ## Supported Ruby Versions
 
 This library is supported on Ruby 2.5+.

data/lib/grafeas/v1/attestation_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/attestation.proto
 
-require 'grafeas/v1/common_pb'
 require 'google/protobuf'
 
+require 'grafeas/v1/common_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/attestation.proto", :syntax => :proto3) do
     add_message "grafeas.v1.AttestationNote" do

data/lib/grafeas/v1/build_pb.rb

@@ -1,10 +1,11 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/build.proto
 
+require 'google/protobuf'
+
 require 'grafeas/v1/intoto_provenance_pb'
 require 'grafeas/v1/intoto_statement_pb'
 require 'grafeas/v1/provenance_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/build.proto", :syntax => :proto3) do

data/lib/grafeas/v1/common_pb.rb

@@ -22,6 +22,17 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :sig, :bytes, 1
       optional :keyid, :string, 2
     end
+    add_message "grafeas.v1.FileLocation" do
+      optional :file_path, :string, 1
+    end
+    add_message "grafeas.v1.License" do
+      optional :expression, :string, 1
+      optional :comments, :string, 2
+    end
+    add_message "grafeas.v1.Digest" do
+      optional :algo, :string, 1
+      optional :digest_bytes, :bytes, 2
+    end
     add_enum "grafeas.v1.NoteKind" do
       value :NOTE_KIND_UNSPECIFIED, 0
       value :VULNERABILITY, 1
@@ -44,6 +55,9 @@ module Grafeas
     Signature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Signature").msgclass
     Envelope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Envelope").msgclass
     EnvelopeSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.EnvelopeSignature").msgclass
+    FileLocation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.FileLocation").msgclass
+    License = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.License").msgclass
+    Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Digest").msgclass
     NoteKind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.NoteKind").enummodule
   end
 end

data/lib/grafeas/v1/compliance_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/compliance.proto
 
-require 'grafeas/v1/severity_pb'
 require 'google/protobuf'
 
+require 'grafeas/v1/severity_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/compliance.proto", :syntax => :proto3) do
     add_message "grafeas.v1.ComplianceNote" do
@@ -23,6 +24,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "grafeas.v1.ComplianceVersion" do
       optional :cpe_uri, :string, 1
+      optional :benchmark_document, :string, 3
       optional :version, :string, 2
     end
     add_message "grafeas.v1.ComplianceOccurrence" do

data/lib/grafeas/v1/deployment_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/deployment.proto
 
-require 'google/protobuf/timestamp_pb'
 require 'google/protobuf'
 
+require 'google/protobuf/timestamp_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/deployment.proto", :syntax => :proto3) do
     add_message "grafeas.v1.DeploymentNote" do

data/lib/grafeas/v1/discovery_pb.rb

@@ -1,11 +1,12 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/discovery.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/rpc/status_pb'
 require 'grafeas/v1/common_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/discovery.proto", :syntax => :proto3) do

data/lib/grafeas/v1/dsse_attestation_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/dsse_attestation.proto
 
+require 'google/protobuf'
+
 require 'grafeas/v1/common_pb'
 require 'grafeas/v1/intoto_statement_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/dsse_attestation.proto", :syntax => :proto3) do

data/lib/grafeas/v1/grafeas_pb.rb

@@ -1,6 +1,8 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/grafeas.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
@@ -19,7 +21,6 @@ require 'grafeas/v1/image_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/upgrade_pb'
 require 'grafeas/v1/vulnerability_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/grafeas.proto", :syntax => :proto3) do

data/lib/grafeas/v1/intoto_provenance_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/intoto_provenance.proto
 
+require 'google/protobuf'
+
 require 'google/protobuf/any_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/intoto_provenance.proto", :syntax => :proto3) do

data/lib/grafeas/v1/intoto_statement_pb.rb

@@ -1,9 +1,11 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/intoto_statement.proto
 
+require 'google/protobuf'
+
 require 'grafeas/v1/intoto_provenance_pb'
 require 'grafeas/v1/slsa_provenance_pb'
-require 'google/protobuf'
+require 'grafeas/v1/slsa_provenance_zero_two_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/intoto_statement.proto", :syntax => :proto3) do
@@ -14,6 +16,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       oneof :predicate do
         optional :provenance, :message, 4, "grafeas.v1.InTotoProvenance"
         optional :slsa_provenance, :message, 5, "grafeas.v1.SlsaProvenance"
+        optional :slsa_provenance_zero_two, :message, 6, "grafeas.v1.SlsaProvenanceZeroTwo"
       end
     end
     add_message "grafeas.v1.Subject" do

data/lib/grafeas/v1/package_pb.rb

@@ -3,6 +3,9 @@
 
 require 'google/protobuf'
 
+require 'google/api/field_behavior_pb'
+require 'grafeas/v1/common_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/package.proto", :syntax => :proto3) do
     add_message "grafeas.v1.Distribution" do
@@ -21,10 +24,24 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "grafeas.v1.PackageNote" do
       optional :name, :string, 1
       repeated :distribution, :message, 10, "grafeas.v1.Distribution"
+      optional :package_type, :string, 11
+      optional :cpe_uri, :string, 12
+      optional :architecture, :enum, 13, "grafeas.v1.Architecture"
+      optional :version, :message, 14, "grafeas.v1.Version"
+      optional :maintainer, :string, 15
+      optional :url, :string, 16
+      optional :description, :string, 17
+      optional :license, :message, 18, "grafeas.v1.License"
+      repeated :digest, :message, 19, "grafeas.v1.Digest"
     end
     add_message "grafeas.v1.PackageOccurrence" do
       optional :name, :string, 1
       repeated :location, :message, 2, "grafeas.v1.Location"
+      optional :package_type, :string, 3
+      optional :cpe_uri, :string, 4
+      optional :architecture, :enum, 5, "grafeas.v1.Architecture"
+      optional :license, :message, 6, "grafeas.v1.License"
+      optional :version, :message, 7, "grafeas.v1.Version"
     end
     add_message "grafeas.v1.Version" do
       optional :epoch, :int32, 1

data/lib/grafeas/v1/provenance_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/provenance.proto
 
-require 'google/protobuf/timestamp_pb'
 require 'google/protobuf'
 
+require 'google/protobuf/timestamp_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/provenance.proto", :syntax => :proto3) do
     add_message "grafeas.v1.BuildProvenance" do

data/lib/grafeas/v1/slsa_provenance_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/slsa_provenance.proto
 
+require 'google/protobuf'
+
 require 'google/protobuf/any_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/slsa_provenance.proto", :syntax => :proto3) do

data/lib/grafeas/v1/slsa_provenance_zero_two_pb.rb

@@ -0,0 +1,61 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/slsa_provenance_zero_two.proto
+
+require 'google/protobuf'
+
+require 'google/protobuf/struct_pb'
+require 'google/protobuf/timestamp_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/slsa_provenance_zero_two.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo" do
+      optional :builder, :message, 1, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaBuilder"
+      optional :build_type, :string, 2
+      optional :invocation, :message, 3, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaInvocation"
+      optional :build_config, :message, 4, "google.protobuf.Struct"
+      optional :metadata, :message, 5, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaMetadata"
+      repeated :materials, :message, 6, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaMaterial"
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaBuilder" do
+      optional :id, :string, 1
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaMaterial" do
+      optional :uri, :string, 1
+      map :digest, :string, :string, 2
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaInvocation" do
+      optional :config_source, :message, 1, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaConfigSource"
+      optional :parameters, :message, 2, "google.protobuf.Struct"
+      optional :environment, :message, 3, "google.protobuf.Struct"
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaConfigSource" do
+      optional :uri, :string, 1
+      map :digest, :string, :string, 2
+      optional :entry_point, :string, 3
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaMetadata" do
+      optional :build_invocation_id, :string, 1
+      optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
+      optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
+      optional :completeness, :message, 4, "grafeas.v1.SlsaProvenanceZeroTwo.SlsaCompleteness"
+      optional :reproducible, :bool, 5
+    end
+    add_message "grafeas.v1.SlsaProvenanceZeroTwo.SlsaCompleteness" do
+      optional :parameters, :bool, 1
+      optional :environment, :bool, 2
+      optional :materials, :bool, 3
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    SlsaProvenanceZeroTwo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo").msgclass
+    SlsaProvenanceZeroTwo::SlsaBuilder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaBuilder").msgclass
+    SlsaProvenanceZeroTwo::SlsaMaterial = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaMaterial").msgclass
+    SlsaProvenanceZeroTwo::SlsaInvocation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaInvocation").msgclass
+    SlsaProvenanceZeroTwo::SlsaConfigSource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaConfigSource").msgclass
+    SlsaProvenanceZeroTwo::SlsaMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaMetadata").msgclass
+    SlsaProvenanceZeroTwo::SlsaCompleteness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenanceZeroTwo.SlsaCompleteness").msgclass
+  end
+end

data/lib/grafeas/v1/upgrade_pb.rb

@@ -1,9 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/upgrade.proto
 
+require 'google/protobuf'
+
 require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/package_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/upgrade.proto", :syntax => :proto3) do

data/lib/grafeas/v1/version.rb

@@ -19,6 +19,6 @@
 
 module Grafeas
   module V1
-    VERSION = "0.4.0"
+    VERSION = "0.5.0"
   end
 end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -1,13 +1,14 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/vulnerability.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/severity_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
@@ -67,6 +68,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :fix_available, :bool, 7
       optional :package_type, :string, 8
       optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
+      repeated :file_location, :message, 10, "grafeas.v1.FileLocation"
     end
   end
 end

data/lib/grafeas/v1.rb

@@ -23,6 +23,8 @@ module Grafeas
   ##
   # To load this package, including all its services, and instantiate a client:
   #
+  # @example
+  #
   #     require "grafeas/v1"
   #     client = ::Grafeas::V1::Grafeas::Client.new
   #

data/proto_docs/google/protobuf/any.rb

@@ -44,7 +44,7 @@ module Google
     #       foo = any.unpack(Foo.class);
     #     }
     #
-    #  Example 3: Pack and unpack a message in Python.
+    # Example 3: Pack and unpack a message in Python.
     #
     #     foo = Foo(...)
     #     any = Any()
@@ -54,7 +54,7 @@ module Google
     #       any.Unpack(foo)
     #       ...
     #
-    #  Example 4: Pack and unpack a message in Go
+    # Example 4: Pack and unpack a message in Go
     #
     #      foo := &pb.Foo{...}
     #      any, err := anypb.New(foo)
@@ -75,7 +75,7 @@ module Google
     #
     #
     # JSON
-    # ====
+    #
     # The JSON representation of an `Any` value uses the regular
     # representation of the deserialized, embedded message, with an
     # additional field `@type` which contains the type URL. Example:

data/proto_docs/google/protobuf/struct.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Protobuf
+    # `Struct` represents a structured data value, consisting of fields
+    # which map to dynamically typed values. In some languages, `Struct`
+    # might be supported by a native representation. For example, in
+    # scripting languages like JS a struct is represented as an
+    # object. The details of that representation are described together
+    # with the proto support for the language.
+    #
+    # The JSON representation for `Struct` is JSON object.
+    # @!attribute [rw] fields
+    #   @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
+    #     Unordered map of dynamically typed values.
+    class Struct
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::Google::Protobuf::Value]
+      class FieldsEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # `Value` represents a dynamically typed value which can be either
+    # null, a number, a string, a boolean, a recursive struct value, or a
+    # list of values. A producer of value is expected to set one of these
+    # variants. Absence of any variant indicates an error.
+    #
+    # The JSON representation for `Value` is JSON value.
+    # @!attribute [rw] null_value
+    #   @return [::Google::Protobuf::NullValue]
+    #     Represents a null value.
+    # @!attribute [rw] number_value
+    #   @return [::Float]
+    #     Represents a double value.
+    # @!attribute [rw] string_value
+    #   @return [::String]
+    #     Represents a string value.
+    # @!attribute [rw] bool_value
+    #   @return [::Boolean]
+    #     Represents a boolean value.
+    # @!attribute [rw] struct_value
+    #   @return [::Google::Protobuf::Struct]
+    #     Represents a structured value.
+    # @!attribute [rw] list_value
+    #   @return [::Google::Protobuf::ListValue]
+    #     Represents a repeated `Value`.
+    class Value
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # `ListValue` is a wrapper around a repeated field of values.
+    #
+    # The JSON representation for `ListValue` is JSON array.
+    # @!attribute [rw] values
+    #   @return [::Array<::Google::Protobuf::Value>]
+    #     Repeated field of dynamically typed values.
+    class ListValue
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # `NullValue` is a singleton enumeration to represent the null value for the
+    # `Value` type union.
+    #
+    #  The JSON representation for `NullValue` is JSON `null`.
+    module NullValue
+      # Null value.
+      NULL_VALUE = 0
+    end
+  end
+end

data/proto_docs/grafeas/v1/common.rb

@@ -108,6 +108,44 @@ module Grafeas
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
+    # Indicates the location at which a package was found.
+    # @!attribute [rw] file_path
+    #   @return [::String]
+    #     For jars that are contained inside .war files, this filepath
+    #     can indicate the path to war file combined with the path to jar file.
+    class FileLocation
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # License information.
+    # @!attribute [rw] expression
+    #   @return [::String]
+    #     Often a single license can be used to represent the licensing terms.
+    #     Sometimes it is necessary to include a choice of one or more licenses
+    #     or some combination of license identifiers.
+    #     Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT",
+    #     "GPL-2.0-or-later WITH Bison-exception-2.2".
+    # @!attribute [rw] comments
+    #   @return [::String]
+    #     Comments
+    class License
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Digest information.
+    # @!attribute [rw] algo
+    #   @return [::String]
+    #     `SHA1`, `SHA512` etc.
+    # @!attribute [rw] digest_bytes
+    #   @return [::String]
+    #     Value of the digest.
+    class Digest
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # Kind represents the kinds of notes supported.
     module NoteKind
       # Default value. This value is unused.

data/proto_docs/grafeas/v1/compliance.rb

@@ -60,6 +60,10 @@ module Grafeas
     #   @return [::String]
     #     The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
     #     applicable to.
+    # @!attribute [rw] benchmark_document
+    #   @return [::String]
+    #     The name of the document that defines this benchmark, e.g. "CIS
+    #     Container-Optimized OS".
     # @!attribute [rw] version
     #   @return [::String]
     #     The version of the benchmark. This is set to the version of the OS-specific

data/proto_docs/grafeas/v1/cvss.rb

@@ -110,10 +110,8 @@ module Grafeas
 
     # Common Vulnerability Scoring System.
     # For details, see https://www.first.org/cvss/specification-document
-    # This is a message we will try to use for storing multiple versions of
-    # CVSS. The intention is that as new versions of CVSS scores get added, we
-    # will be able to modify this message rather than adding new protos for each
-    # new version of the score.
+    # This is a message we will try to use for storing various versions of CVSS
+    # rather than making a separate proto for storing a specific version.
     # @!attribute [rw] base_score
     #   @return [::Float]
     #     The base score is a function of the base metric scores.

data/proto_docs/grafeas/v1/intoto_statement.rb

@@ -35,6 +35,8 @@ module Grafeas
     #   @return [::Grafeas::V1::InTotoProvenance]
     # @!attribute [rw] slsa_provenance
     #   @return [::Grafeas::V1::SlsaProvenance]
+    # @!attribute [rw] slsa_provenance_zero_two
+    #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo]
     class InTotoStatement
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/package.rb

@@ -23,7 +23,7 @@ module Grafeas
     # E.g., Debian's jessie-backports dpkg mirror.
     # @!attribute [rw] cpe_uri
     #   @return [::String]
-    #     Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
+    #     The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
     #     denoting the package manager version distributing a package.
     # @!attribute [rw] architecture
     #   @return [::Grafeas::V1::Architecture]
@@ -50,10 +50,11 @@ module Grafeas
     # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
     # @!attribute [rw] cpe_uri
     #   @return [::String]
-    #     Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
-    #     denoting the package manager version distributing a package.
+    #     Deprecated.
+    #     The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
     # @!attribute [rw] version
     #   @return [::Grafeas::V1::Version]
+    #     Deprecated.
     #     The version installed at this location.
     # @!attribute [rw] path
     #   @return [::String]
@@ -63,28 +64,78 @@ module Grafeas
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
-    # This represents a particular package that is distributed over various
-    # channels. E.g., glibc (aka libc6) is distributed by many, at various
-    # versions.
+    # PackageNote represents a particular package version.
     # @!attribute [rw] name
     #   @return [::String]
-    #     Required. Immutable. The name of the package.
+    #     The name of the package.
     # @!attribute [rw] distribution
     #   @return [::Array<::Grafeas::V1::Distribution>]
+    #     Deprecated.
     #     The various channels by which a package is distributed.
+    # @!attribute [rw] package_type
+    #   @return [::String]
+    #     The type of package; whether native or non native (e.g., ruby gems,
+    #     node.js packages, etc.).
+    # @!attribute [rw] cpe_uri
+    #   @return [::String]
+    #     The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
+    #     denoting the package manager version distributing a package.
+    #     The cpe_uri will be blank for language packages.
+    # @!attribute [rw] architecture
+    #   @return [::Grafeas::V1::Architecture]
+    #     The CPU architecture for which packages in this distribution channel were
+    #     built. Architecture will be blank for language packages.
+    # @!attribute [rw] version
+    #   @return [::Grafeas::V1::Version]
+    #     The version of the package.
+    # @!attribute [rw] maintainer
+    #   @return [::String]
+    #     A freeform text denoting the maintainer of this package.
+    # @!attribute [rw] url
+    #   @return [::String]
+    #     The homepage for this package.
+    # @!attribute [rw] description
+    #   @return [::String]
+    #     The description of this package.
+    # @!attribute [rw] license
+    #   @return [::Grafeas::V1::License]
+    #     Licenses that have been declared by the authors of the package.
+    # @!attribute [rw] digest
+    #   @return [::Array<::Grafeas::V1::Digest>]
+    #     Hash value, typically a file digest, that allows unique
+    #     identification a specific package.
     class PackageNote
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
     # Details on how a particular software package was installed on a system.
-    # @!attribute [rw] name
+    # @!attribute [r] name
     #   @return [::String]
-    #     Output only. The name of the installed package.
+    #     The name of the installed package.
     # @!attribute [rw] location
     #   @return [::Array<::Grafeas::V1::Location>]
-    #     Required. All of the places within the filesystem versions of this package
+    #     All of the places within the filesystem versions of this package
     #     have been found.
+    # @!attribute [r] package_type
+    #   @return [::String]
+    #     The type of package; whether native or non native (e.g., ruby gems,
+    #     node.js packages, etc.).
+    # @!attribute [r] cpe_uri
+    #   @return [::String]
+    #     The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
+    #     denoting the package manager version distributing a package.
+    #     The cpe_uri will be blank for language packages.
+    # @!attribute [r] architecture
+    #   @return [::Grafeas::V1::Architecture]
+    #     The CPU architecture for which packages in this distribution channel were
+    #     built. Architecture will be blank for language packages.
+    # @!attribute [rw] license
+    #   @return [::Grafeas::V1::License]
+    #     Licenses that have been declared by the authors of the package.
+    # @!attribute [r] version
+    #   @return [::Grafeas::V1::Version]
+    #     The version of the package.
     class PackageOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/slsa_provenance_zero_two.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # @!attribute [rw] builder
+    #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaBuilder]
+    # @!attribute [rw] build_type
+    #   @return [::String]
+    # @!attribute [rw] invocation
+    #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaInvocation]
+    # @!attribute [rw] build_config
+    #   @return [::Google::Protobuf::Struct]
+    # @!attribute [rw] metadata
+    #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMetadata]
+    # @!attribute [rw] materials
+    #   @return [::Array<::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaMaterial>]
+    class SlsaProvenanceZeroTwo
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Identifies the entity that executed the recipe, which is trusted to have
+      # correctly performed the operation and populated this provenance.
+      # @!attribute [rw] id
+      #   @return [::String]
+      class SlsaBuilder
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # The collection of artifacts that influenced the build including sources,
+      # dependencies, build tools, base images, and so on.
+      # @!attribute [rw] uri
+      #   @return [::String]
+      # @!attribute [rw] digest
+      #   @return [::Google::Protobuf::Map{::String => ::String}]
+      class SlsaMaterial
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] key
+        #   @return [::String]
+        # @!attribute [rw] value
+        #   @return [::String]
+        class DigestEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+
+      # Identifies the event that kicked off the build.
+      # @!attribute [rw] config_source
+      #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaConfigSource]
+      # @!attribute [rw] parameters
+      #   @return [::Google::Protobuf::Struct]
+      # @!attribute [rw] environment
+      #   @return [::Google::Protobuf::Struct]
+      class SlsaInvocation
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Describes where the config file that kicked off the build came from.
+      # This is effectively a pointer to the source where buildConfig came from.
+      # @!attribute [rw] uri
+      #   @return [::String]
+      # @!attribute [rw] digest
+      #   @return [::Google::Protobuf::Map{::String => ::String}]
+      # @!attribute [rw] entry_point
+      #   @return [::String]
+      class SlsaConfigSource
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] key
+        #   @return [::String]
+        # @!attribute [rw] value
+        #   @return [::String]
+        class DigestEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+
+      # Other properties of the build.
+      # @!attribute [rw] build_invocation_id
+      #   @return [::String]
+      # @!attribute [rw] build_started_on
+      #   @return [::Google::Protobuf::Timestamp]
+      # @!attribute [rw] build_finished_on
+      #   @return [::Google::Protobuf::Timestamp]
+      # @!attribute [rw] completeness
+      #   @return [::Grafeas::V1::SlsaProvenanceZeroTwo::SlsaCompleteness]
+      # @!attribute [rw] reproducible
+      #   @return [::Boolean]
+      class SlsaMetadata
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Indicates that the builder claims certain fields in this message to be
+      # complete.
+      # @!attribute [rw] parameters
+      #   @return [::Boolean]
+      # @!attribute [rw] environment
+      #   @return [::Boolean]
+      # @!attribute [rw] materials
+      #   @return [::Boolean]
+      class SlsaCompleteness
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -240,6 +240,9 @@ module Grafeas
       #     The distro or language system assigned severity for this vulnerability
       #     when that is available and note provider assigned severity when it is not
       #     available.
+      # @!attribute [rw] file_location
+      #   @return [::Array<::Grafeas::V1::FileLocation>]
+      #     The location at which this package was found.
       class PackageIssue
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-13 00:00:00.000000000 Z
+date: 2022-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -190,6 +190,7 @@ files:
 - lib/grafeas/v1/provenance_pb.rb
 - lib/grafeas/v1/severity_pb.rb
 - lib/grafeas/v1/slsa_provenance_pb.rb
+- lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
 - lib/grafeas/v1/vulnerability_pb.rb
@@ -199,6 +200,7 @@ files:
 - proto_docs/google/protobuf/any.rb
 - proto_docs/google/protobuf/empty.rb
 - proto_docs/google/protobuf/field_mask.rb
+- proto_docs/google/protobuf/struct.rb
 - proto_docs/google/protobuf/timestamp.rb
 - proto_docs/google/rpc/status.rb
 - proto_docs/grafeas/v1/attestation.rb
@@ -217,6 +219,7 @@ files:
 - proto_docs/grafeas/v1/provenance.rb
 - proto_docs/grafeas/v1/severity.rb
 - proto_docs/grafeas/v1/slsa_provenance.rb
+- proto_docs/grafeas/v1/slsa_provenance_zero_two.rb
 - proto_docs/grafeas/v1/upgrade.rb
 - proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
@@ -238,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.5
+rubygems_version: 3.3.14
 signing_key: 
 specification_version: 4
 summary: API Client library for the Grafeas V1 API