grafeas-v1 0.7.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 884fa0c5479da039df9323bdc5b1714e4f0e26da88c848b1542978527d8f5b5a
-  data.tar.gz: a5861d6ccdd43050aba04e6053916879d31c47083403f3362879908319252227
+  metadata.gz: de858ed8e2692e2aab1ddabba338dcfcf7fd0d245f4a9dc7268dd28dbc48a1e5
+  data.tar.gz: 8ba74842862b74a9da43f0ec0110672b3f58377d34c1469c278f6264556c1ae0
 SHA512:
-  metadata.gz: cd1f71ef3d8335ea5461522daaad312f148be61d8e86cd514aa0275161d427939554c00bca367e6631fe40de78b3bd5842811a3d909b4dca476cba24121841ae
-  data.tar.gz: 4b64e68af4cfcc64d88242ec7ac9e14b35518d7bf1b1eae72ef84eeb84e311bfc10ff559adc3359cef50821a562ae9d1d61935de2f04ff7ac0680b0b8f01db1d
+  metadata.gz: 56e84efe07a852c6c919991831f309478ea1e88c31e6929e420ce52adfae9bea3b4a2907d053e0305c9fc361e22306f17bbc09d6e98dde2830805ccaef7e4e4a
+  data.tar.gz: e2d99c15dcef124b695e7b13e0fc6d8cf168996e9f6ef744fc093bda536c3cb281609b80f3b11e7adba269d932949f6a5b0797ae254539d46142744307ba869a

data/README.md

@@ -1,6 +1,6 @@
 # Ruby Client for the Grafeas V1 API
 
-API Client library for the Grafeas V1 API
+An implementation of the Grafeas API, which stores, and enables querying and retrieval of critical metadata about all of your software artifacts.
 
 The Grafeas API stores, and enables querying and retrieval of, critical metadata about all of your software artifacts.
 
@@ -34,8 +34,8 @@ for class and method documentation.
 ## Enabling Logging
 
 To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
-or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
+The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
+or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
 that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
 and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
 

data/lib/grafeas/v1/common_pb.rb

@@ -45,6 +45,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :UPGRADE, 8
       value :COMPLIANCE, 9
       value :DSSE_ATTESTATION, 10
+      value :VULNERABILITY_ASSESSMENT, 11
     end
   end
 end

data/lib/grafeas/v1/grafeas/client.rb

@@ -333,13 +333,11 @@ module Grafeas
         #   # Call the list_occurrences method.
         #   result = client.list_occurrences request
         #
-        #   # The returned object is of type Gapic::PagedEnumerable. You can
-        #   # iterate over all elements by calling #each, and the enumerable
-        #   # will lazily make API calls to fetch subsequent pages. Other
-        #   # methods are also available for managing paging directly.
-        #   result.each do |response|
+        #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+        #   # over elements, and API calls will be issued to fetch pages as needed.
+        #   result.each do |item|
         #     # Each element is of type ::Grafeas::V1::Occurrence.
-        #     p response
+        #     p item
         #   end
         #
         def list_occurrences request, options = nil
@@ -960,13 +958,11 @@ module Grafeas
         #   # Call the list_notes method.
         #   result = client.list_notes request
         #
-        #   # The returned object is of type Gapic::PagedEnumerable. You can
-        #   # iterate over all elements by calling #each, and the enumerable
-        #   # will lazily make API calls to fetch subsequent pages. Other
-        #   # methods are also available for managing paging directly.
-        #   result.each do |response|
+        #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+        #   # over elements, and API calls will be issued to fetch pages as needed.
+        #   result.each do |item|
         #     # Each element is of type ::Grafeas::V1::Note.
-        #     p response
+        #     p item
         #   end
         #
         def list_notes request, options = nil
@@ -1415,13 +1411,11 @@ module Grafeas
         #   # Call the list_note_occurrences method.
         #   result = client.list_note_occurrences request
         #
-        #   # The returned object is of type Gapic::PagedEnumerable. You can
-        #   # iterate over all elements by calling #each, and the enumerable
-        #   # will lazily make API calls to fetch subsequent pages. Other
-        #   # methods are also available for managing paging directly.
-        #   result.each do |response|
+        #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+        #   # over elements, and API calls will be issued to fetch pages as needed.
+        #   result.each do |item|
         #     # Each element is of type ::Grafeas::V1::Occurrence.
-        #     p response
+        #     p item
         #   end
         #
         def list_note_occurrences request, options = nil
@@ -1504,9 +1498,9 @@ module Grafeas
         #    *  (`String`) The path to a service account key file in JSON format
         #    *  (`Hash`) A service account key as a Hash
         #    *  (`Google::Auth::Credentials`) A googleauth credentials object
-        #       (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
+        #       (see the [googleauth docs](https://rubydoc.info/gems/googleauth/Google/Auth/Credentials))
         #    *  (`Signet::OAuth2::Client`) A signet oauth2 client object
-        #       (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
+        #       (see the [signet docs](https://rubydoc.info/gems/signet/Signet/OAuth2/Client))
         #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
         #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
         #    *  (`nil`) indicating no credentials

data/lib/grafeas/v1/grafeas.rb

@@ -43,7 +43,7 @@ module Grafeas
     # there would be one note for the vulnerability and an occurrence for each
     # image with the vulnerability referring to that note.
     #
-    # To load this service and instantiate a client:
+    # @example Load this service and instantiate a gRPC client
     #
     #     require "grafeas/v1/grafeas"
     #     client = ::Grafeas::V1::Grafeas::Client.new

data/lib/grafeas/v1/grafeas_pb.rb

@@ -20,6 +20,7 @@ require 'grafeas/v1/dsse_attestation_pb'
 require 'grafeas/v1/image_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/upgrade_pb'
+require 'grafeas/v1/vex_pb'
 require 'grafeas/v1/vulnerability_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -67,6 +68,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
         optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
         optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
+        optional :vulnerability_assessment, :message, 20, "grafeas.v1.VulnerabilityAssessmentNote"
       end
     end
     add_message "grafeas.v1.GetOccurrenceRequest" do

data/lib/grafeas/v1/version.rb

@@ -19,6 +19,6 @@
 
 module Grafeas
   module V1
-    VERSION = "0.7.0"
+    VERSION = "0.9.0"
   end
 end

data/lib/grafeas/v1/vex_pb.rb

@@ -0,0 +1,88 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/vex.proto
+
+require 'google/protobuf'
+
+require 'grafeas/v1/common_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/vex.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.VulnerabilityAssessmentNote" do
+      optional :title, :string, 1
+      optional :short_description, :string, 2
+      optional :long_description, :string, 3
+      optional :language_code, :string, 4
+      optional :publisher, :message, 5, "grafeas.v1.VulnerabilityAssessmentNote.Publisher"
+      optional :product, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Product"
+      optional :assessment, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment"
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Publisher" do
+      optional :name, :string, 1
+      optional :issuing_authority, :string, 2
+      optional :publisher_namespace, :string, 3
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Product" do
+      optional :name, :string, 1
+      optional :id, :string, 2
+      oneof :identifier do
+        optional :generic_uri, :string, 3
+      end
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment" do
+      optional :cve, :string, 1
+      optional :short_description, :string, 2
+      optional :long_description, :string, 3
+      repeated :related_uris, :message, 4, "grafeas.v1.RelatedUrl"
+      optional :state, :enum, 5, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
+      repeated :impacts, :string, 6
+      optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
+      repeated :remediations, :message, 8, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification" do
+      optional :justification_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType"
+      optional :details, :string, 2
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType" do
+      value :JUSTIFICATION_TYPE_UNSPECIFIED, 0
+      value :COMPONENT_NOT_PRESENT, 1
+      value :VULNERABLE_CODE_NOT_PRESENT, 2
+      value :VULNERABLE_CODE_NOT_IN_EXECUTE_PATH, 3
+      value :VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY, 4
+      value :INLINE_MITIGATIONS_ALREADY_EXIST, 5
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation" do
+      optional :remediation_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType"
+      optional :details, :string, 2
+      optional :remediation_uri, :message, 3, "grafeas.v1.RelatedUrl"
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType" do
+      value :REMEDIATION_TYPE_UNSPECIFIED, 0
+      value :MITIGATION, 1
+      value :NO_FIX_PLANNED, 2
+      value :NONE_AVAILABLE, 3
+      value :VENDOR_FIX, 4
+      value :WORKAROUND, 5
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State" do
+      value :STATE_UNSPECIFIED, 0
+      value :AFFECTED, 1
+      value :NOT_AFFECTED, 2
+      value :FIXED, 3
+      value :UNDER_INVESTIGATION, 4
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    VulnerabilityAssessmentNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote").msgclass
+    VulnerabilityAssessmentNote::Publisher = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Publisher").msgclass
+    VulnerabilityAssessmentNote::Product = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Product").msgclass
+    VulnerabilityAssessmentNote::Assessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment").msgclass
+    VulnerabilityAssessmentNote::Assessment::Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification").msgclass
+    VulnerabilityAssessmentNote::Assessment::Justification::JustificationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType").enummodule
+    VulnerabilityAssessmentNote::Assessment::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation").msgclass
+    VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType").enummodule
+    VulnerabilityAssessmentNote::Assessment::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.State").enummodule
+  end
+end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -9,6 +9,7 @@ require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/severity_pb'
+require 'grafeas/v1/vex_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
@@ -20,6 +21,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :windows_details, :message, 5, "grafeas.v1.VulnerabilityNote.WindowsDetail"
       optional :source_update_time, :message, 6, "google.protobuf.Timestamp"
       optional :cvss_version, :enum, 7, "grafeas.v1.CVSSVersion"
+      optional :cvss_v2, :message, 8, "grafeas.v1.CVSS"
     end
     add_message "grafeas.v1.VulnerabilityNote.Detail" do
       optional :severity_name, :string, 1
@@ -59,6 +61,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :effective_severity, :enum, 8, "grafeas.v1.Severity"
       optional :fix_available, :bool, 9
       optional :cvss_version, :enum, 11, "grafeas.v1.CVSSVersion"
+      optional :cvss_v2, :message, 12, "grafeas.v1.CVSS"
+      optional :vex_assessment, :message, 13, "grafeas.v1.VulnerabilityOccurrence.VexAssessment"
     end
     add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
       optional :affected_cpe_uri, :string, 1
@@ -72,6 +76,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
       repeated :file_location, :message, 10, "grafeas.v1.FileLocation"
     end
+    add_message "grafeas.v1.VulnerabilityOccurrence.VexAssessment" do
+      optional :cve, :string, 1
+      repeated :related_uris, :message, 2, "grafeas.v1.RelatedUrl"
+      optional :note_name, :string, 3
+      optional :state, :enum, 4, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
+      repeated :impacts, :string, 5
+      repeated :remediations, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
+      optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
+    end
   end
 end
 
@@ -83,5 +96,6 @@ module Grafeas
     VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
     VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
     VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
+    VulnerabilityOccurrence::VexAssessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.VexAssessment").msgclass
   end
 end

data/lib/grafeas/v1.rb

@@ -21,9 +21,9 @@ require "grafeas/v1/version"
 
 module Grafeas
   ##
-  # To load this package, including all its services, and instantiate a client:
+  # API client module.
   #
-  # @example
+  # @example Load this package, including all its services, and instantiate a gRPC client
   #
   #     require "grafeas/v1"
   #     client = ::Grafeas::V1::Grafeas::Client.new

data/proto_docs/google/api/client.rb

@@ -0,0 +1,318 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # Required information for every language.
+    # @!attribute [rw] reference_docs_uri
+    #   @return [::String]
+    #     Link to automatically generated reference documentation.  Example:
+    #     https://cloud.google.com/nodejs/docs/reference/asset/latest
+    # @!attribute [rw] destinations
+    #   @return [::Array<::Google::Api::ClientLibraryDestination>]
+    #     The destination where API teams want this client library to be published.
+    class CommonLanguageSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details about how and where to publish client libraries.
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     Version of the API to apply these settings to.
+    # @!attribute [rw] launch_stage
+    #   @return [::Google::Api::LaunchStage]
+    #     Launch stage of this version of the API.
+    # @!attribute [rw] rest_numeric_enums
+    #   @return [::Boolean]
+    #     When using transport=rest, the client request will encode enums as
+    #     numbers rather than strings.
+    # @!attribute [rw] java_settings
+    #   @return [::Google::Api::JavaSettings]
+    #     Settings for legacy Java features, supported in the Service YAML.
+    # @!attribute [rw] cpp_settings
+    #   @return [::Google::Api::CppSettings]
+    #     Settings for C++ client libraries.
+    # @!attribute [rw] php_settings
+    #   @return [::Google::Api::PhpSettings]
+    #     Settings for PHP client libraries.
+    # @!attribute [rw] python_settings
+    #   @return [::Google::Api::PythonSettings]
+    #     Settings for Python client libraries.
+    # @!attribute [rw] node_settings
+    #   @return [::Google::Api::NodeSettings]
+    #     Settings for Node client libraries.
+    # @!attribute [rw] dotnet_settings
+    #   @return [::Google::Api::DotnetSettings]
+    #     Settings for .NET client libraries.
+    # @!attribute [rw] ruby_settings
+    #   @return [::Google::Api::RubySettings]
+    #     Settings for Ruby client libraries.
+    # @!attribute [rw] go_settings
+    #   @return [::Google::Api::GoSettings]
+    #     Settings for Go client libraries.
+    class ClientLibrarySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # This message configures the settings for publishing [Google Cloud Client
+    # libraries](https://cloud.google.com/apis/docs/cloud-client-libraries)
+    # generated from the service config.
+    # @!attribute [rw] method_settings
+    #   @return [::Array<::Google::Api::MethodSettings>]
+    #     A list of API method settings, e.g. the behavior for methods that use the
+    #     long-running operation pattern.
+    # @!attribute [rw] new_issue_uri
+    #   @return [::String]
+    #     Link to a place that API users can report issues.  Example:
+    #     https://issuetracker.google.com/issues/new?component=190865&template=1161103
+    # @!attribute [rw] documentation_uri
+    #   @return [::String]
+    #     Link to product home page.  Example:
+    #     https://cloud.google.com/asset-inventory/docs/overview
+    # @!attribute [rw] api_short_name
+    #   @return [::String]
+    #     Used as a tracking tag when collecting data about the APIs developer
+    #     relations artifacts like docs, packages delivered to package managers,
+    #     etc.  Example: "speech".
+    # @!attribute [rw] github_label
+    #   @return [::String]
+    #     GitHub label to apply to issues and pull requests opened for this API.
+    # @!attribute [rw] codeowner_github_teams
+    #   @return [::Array<::String>]
+    #     GitHub teams to be added to CODEOWNERS in the directory in GitHub
+    #     containing source code for the client libraries for this API.
+    # @!attribute [rw] doc_tag_prefix
+    #   @return [::String]
+    #     A prefix used in sample code when demarking regions to be included in
+    #     documentation.
+    # @!attribute [rw] organization
+    #   @return [::Google::Api::ClientLibraryOrganization]
+    #     For whom the client library is being published.
+    # @!attribute [rw] library_settings
+    #   @return [::Array<::Google::Api::ClientLibrarySettings>]
+    #     Client library settings.  If the same version string appears multiple
+    #     times in this list, then the last one wins.  Settings from earlier
+    #     settings with the same version string are discarded.
+    class Publishing
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Java client libraries.
+    # @!attribute [rw] library_package
+    #   @return [::String]
+    #     The package name to use in Java. Clobbers the java_package option
+    #     set in the protobuf. This should be used **only** by APIs
+    #     who have already set the language_settings.java.package_name" field
+    #     in gapic.yaml. API teams should use the protobuf java_package option
+    #     where possible.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          library_package: com.google.cloud.pubsub.v1
+    # @!attribute [rw] service_class_names
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Configure the Java class name to use instead of the service's for its
+    #     corresponding generated GAPIC client. Keys are fully-qualified
+    #     service names as they appear in the protobuf (including the full
+    #     the language_settings.java.interface_names" field in gapic.yaml. API
+    #     teams should otherwise use the service name as it appears in the
+    #     protobuf.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          service_class_names:
+    #            - google.pubsub.v1.Publisher: TopicAdmin
+    #            - google.pubsub.v1.Subscriber: SubscriptionAdmin
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class JavaSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class ServiceClassNamesEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Settings for C++ client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class CppSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Php client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PhpSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Python client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PythonSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Node client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class NodeSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Dotnet client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class DotnetSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Ruby client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class RubySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Go client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class GoSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Describes the generator configuration for a method.
+    # @!attribute [rw] selector
+    #   @return [::String]
+    #     The fully qualified name of the method, for which the options below apply.
+    #     This is used to find the method to apply the options.
+    # @!attribute [rw] long_running
+    #   @return [::Google::Api::MethodSettings::LongRunning]
+    #     Describes settings to use for long-running operations when generating
+    #     API methods for RPCs. Complements RPCs that use the annotations in
+    #     google/longrunning/operations.proto.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        method_behavior:
+    #          - selector: CreateAdDomain
+    #            long_running:
+    #              initial_poll_delay:
+    #                seconds: 60 # 1 minute
+    #              poll_delay_multiplier: 1.5
+    #              max_poll_delay:
+    #                seconds: 360 # 6 minutes
+    #              total_poll_timeout:
+    #                 seconds: 54000 # 90 minutes
+    class MethodSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Describes settings to use when generating API methods that use the
+      # long-running operation pattern.
+      # All default values below are from those used in the client library
+      # generators (e.g.
+      # [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)).
+      # @!attribute [rw] initial_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Initial delay after which the first poll request will be made.
+      #     Default value: 5 seconds.
+      # @!attribute [rw] poll_delay_multiplier
+      #   @return [::Float]
+      #     Multiplier to gradually increase delay between subsequent polls until it
+      #     reaches max_poll_delay.
+      #     Default value: 1.5.
+      # @!attribute [rw] max_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Maximum time between two subsequent poll requests.
+      #     Default value: 45 seconds.
+      # @!attribute [rw] total_poll_timeout
+      #   @return [::Google::Protobuf::Duration]
+      #     Total polling timeout.
+      #     Default value: 5 minutes.
+      class LongRunning
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # The organization for which the client libraries are being published.
+    # Affects the url where generated docs are published, etc.
+    module ClientLibraryOrganization
+      # Not useful.
+      CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED = 0
+
+      # Google Cloud Platform Org.
+      CLOUD = 1
+
+      # Ads (Advertising) Org.
+      ADS = 2
+
+      # Photos Org.
+      PHOTOS = 3
+
+      # Street View Org.
+      STREET_VIEW = 4
+    end
+
+    # To where should client libraries be published?
+    module ClientLibraryDestination
+      # Client libraries will neither be generated nor published to package
+      # managers.
+      CLIENT_LIBRARY_DESTINATION_UNSPECIFIED = 0
+
+      # Generate the client library in a repo under github.com/googleapis,
+      # but don't publish it to package managers.
+      GITHUB = 10
+
+      # Publish the library to package managers like nuget.org and npmjs.com.
+      PACKAGE_MANAGER = 20
+    end
+  end
+end

data/proto_docs/google/api/launch_stage.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # The launch stage as defined by [Google Cloud Platform
+    # Launch Stages](https://cloud.google.com/terms/launch-stages).
+    module LaunchStage
+      # Do not use this default value.
+      LAUNCH_STAGE_UNSPECIFIED = 0
+
+      # The feature is not yet implemented. Users can not use it.
+      UNIMPLEMENTED = 6
+
+      # Prelaunch features are hidden from users and are only visible internally.
+      PRELAUNCH = 7
+
+      # Early Access features are limited to a closed group of testers. To use
+      # these features, you must sign up in advance and sign a Trusted Tester
+      # agreement (which includes confidentiality provisions). These features may
+      # be unstable, changed in backward-incompatible ways, and are not
+      # guaranteed to be released.
+      EARLY_ACCESS = 1
+
+      # Alpha is a limited availability test for releases before they are cleared
+      # for widespread use. By Alpha, all significant design issues are resolved
+      # and we are in the process of verifying functionality. Alpha customers
+      # need to apply for access, agree to applicable terms, and have their
+      # projects allowlisted. Alpha releases don't have to be feature complete,
+      # no SLAs are provided, and there are no technical support obligations, but
+      # they will be far enough along that customers can actually use them in
+      # test environments or for limited-use tests -- just like they would in
+      # normal production cases.
+      ALPHA = 2
+
+      # Beta is the point at which we are ready to open a release for any
+      # customer to use. There are no SLA or technical support obligations in a
+      # Beta release. Products will be complete from a feature perspective, but
+      # may have some open outstanding issues. Beta releases are suitable for
+      # limited production use cases.
+      BETA = 3
+
+      # GA features are open to all developers and are considered stable and
+      # fully qualified for production use.
+      GA = 4
+
+      # Deprecated features are scheduled to be shut down and removed. For more
+      # information, see the "Deprecation Policy" section of our [Terms of
+      # Service](https://cloud.google.com/terms/)
+      # and the [Google Cloud Platform Subject to the Deprecation
+      # Policy](https://cloud.google.com/terms/deprecation) documentation.
+      DEPRECATED = 5
+    end
+  end
+end

data/proto_docs/google/protobuf/duration.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Protobuf
+    # A Duration represents a signed, fixed-length span of time represented
+    # as a count of seconds and fractions of seconds at nanosecond
+    # resolution. It is independent of any calendar and concepts like "day"
+    # or "month". It is related to Timestamp in that the difference between
+    # two Timestamp values is a Duration and it can be added or subtracted
+    # from a Timestamp. Range is approximately +-10,000 years.
+    #
+    # # Examples
+    #
+    # Example 1: Compute Duration from two Timestamps in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Timestamp end = ...;
+    #     Duration duration = ...;
+    #
+    #     duration.seconds = end.seconds - start.seconds;
+    #     duration.nanos = end.nanos - start.nanos;
+    #
+    #     if (duration.seconds < 0 && duration.nanos > 0) {
+    #       duration.seconds += 1;
+    #       duration.nanos -= 1000000000;
+    #     } else if (duration.seconds > 0 && duration.nanos < 0) {
+    #       duration.seconds -= 1;
+    #       duration.nanos += 1000000000;
+    #     }
+    #
+    # Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Duration duration = ...;
+    #     Timestamp end = ...;
+    #
+    #     end.seconds = start.seconds + duration.seconds;
+    #     end.nanos = start.nanos + duration.nanos;
+    #
+    #     if (end.nanos < 0) {
+    #       end.seconds -= 1;
+    #       end.nanos += 1000000000;
+    #     } else if (end.nanos >= 1000000000) {
+    #       end.seconds += 1;
+    #       end.nanos -= 1000000000;
+    #     }
+    #
+    # Example 3: Compute Duration from datetime.timedelta in Python.
+    #
+    #     td = datetime.timedelta(days=3, minutes=10)
+    #     duration = Duration()
+    #     duration.FromTimedelta(td)
+    #
+    # # JSON Mapping
+    #
+    # In JSON format, the Duration type is encoded as a string rather than an
+    # object, where the string ends in the suffix "s" (indicating seconds) and
+    # is preceded by the number of seconds, with nanoseconds expressed as
+    # fractional seconds. For example, 3 seconds with 0 nanoseconds should be
+    # encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should
+    # be expressed in JSON format as "3.000000001s", and 3 seconds and 1
+    # microsecond should be expressed in JSON format as "3.000001s".
+    # @!attribute [rw] seconds
+    #   @return [::Integer]
+    #     Signed seconds of the span of time. Must be from -315,576,000,000
+    #     to +315,576,000,000 inclusive. Note: these bounds are computed from:
+    #     60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
+    # @!attribute [rw] nanos
+    #   @return [::Integer]
+    #     Signed fractions of a second at nanosecond resolution of the span
+    #     of time. Durations less than one second are represented with a 0
+    #     `seconds` field and a positive or negative `nanos` field. For durations
+    #     of one second or more, a non-zero value for the `nanos` field must be
+    #     of the same sign as the `seconds` field. Must be from -999,999,999
+    #     to +999,999,999 inclusive.
+    class Duration
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/google/rpc/status.rb

@@ -28,12 +28,14 @@ module Google
     # [API Design Guide](https://cloud.google.com/apis/design/errors).
     # @!attribute [rw] code
     #   @return [::Integer]
-    #     The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+    #     The status code, which should be an enum value of
+    #     [google.rpc.Code][google.rpc.Code].
     # @!attribute [rw] message
     #   @return [::String]
     #     A developer-facing error message, which should be in English. Any
     #     user-facing error message should be localized and sent in the
-    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized by the client.
+    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized
+    #     by the client.
     # @!attribute [rw] details
     #   @return [::Array<::Google::Protobuf::Any>]
     #     A list of messages that carry the error details.  There is a common set of

data/proto_docs/grafeas/v1/common.rb

@@ -180,6 +180,9 @@ module Grafeas
 
       # This represents a DSSE attestation Note
       DSSE_ATTESTATION = 10
+
+      # This represents a Vulnerability Assessment.
+      VULNERABILITY_ASSESSMENT = 11
     end
   end
 end

data/proto_docs/grafeas/v1/grafeas.rb

@@ -148,6 +148,9 @@ module Grafeas
     # @!attribute [rw] dsse_attestation
     #   @return [::Grafeas::V1::DSSEAttestationNote]
     #     A note describing a dsse attestation note.
+    # @!attribute [rw] vulnerability_assessment
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote]
+    #     A note describing a vulnerability assessment.
     class Note
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/vex.rb

@@ -0,0 +1,231 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # A single VulnerabilityAssessmentNote represents
+    # one particular product's vulnerability assessment for one CVE.
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     The title of the note. E.g. `Vex-Debian-11.4`
+    # @!attribute [rw] short_description
+    #   @return [::String]
+    #     A one sentence description of this Vex.
+    # @!attribute [rw] long_description
+    #   @return [::String]
+    #     A detailed description of this Vex.
+    # @!attribute [rw] language_code
+    #   @return [::String]
+    #     Identifies the language used by this document,
+    #     corresponding to IETF BCP 47 / RFC 5646.
+    # @!attribute [rw] publisher
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Publisher]
+    #     Publisher details of this Note.
+    # @!attribute [rw] product
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Product]
+    #     The product affected by this vex.
+    # @!attribute [rw] assessment
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment]
+    #     Represents a vulnerability assessment for the product.
+    class VulnerabilityAssessmentNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Publisher contains information about the publisher of
+      # this Note.
+      # (-- api-linter: core::0123::resource-annotation=disabled
+      #     aip.dev/not-precedent: Publisher is not a separate resource. --)
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Name of the publisher.
+      #     Examples: 'Google', 'Google Cloud Platform'.
+      # @!attribute [rw] issuing_authority
+      #   @return [::String]
+      #     Provides information about the authority of the issuing party to
+      #     release the document, in particular, the party's constituency and
+      #     responsibilities or other obligations.
+      # @!attribute [rw] publisher_namespace
+      #   @return [::String]
+      #     The context or namespace.
+      #     Contains a URL which is under control of the issuing party and can
+      #     be used as a globally unique identifier for that issuing party.
+      #     Example: https://csaf.io
+      class Publisher
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Product contains information about a product and how to uniquely identify
+      # it.
+      # (-- api-linter: core::0123::resource-annotation=disabled
+      #     aip.dev/not-precedent: Product is not a separate resource. --)
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Name of the product.
+      # @!attribute [rw] id
+      #   @return [::String]
+      #     Token that identifies a product so that it can be referred to from other
+      #     parts in the document. There is no predefined format as long as it
+      #     uniquely identifies a group in the context of the current document.
+      # @!attribute [rw] generic_uri
+      #   @return [::String]
+      #     Contains a URI which is vendor-specific.
+      #     Example: The artifact repository URL of an image.
+      class Product
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Assessment provides all information that is related to a single
+      # vulnerability for this product.
+      # @!attribute [rw] cve
+      #   @return [::String]
+      #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
+      #     tracking number for the vulnerability.
+      # @!attribute [rw] short_description
+      #   @return [::String]
+      #     A one sentence description of this Vex.
+      # @!attribute [rw] long_description
+      #   @return [::String]
+      #     A detailed description of this Vex.
+      # @!attribute [rw] related_uris
+      #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+      #     Holds a list of references associated with this vulnerability item and
+      #     assessment. These uris have additional information about the
+      #     vulnerability and the assessment itself. E.g. Link to a document which
+      #     details how this assessment concluded the state of this vulnerability.
+      # @!attribute [rw] state
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
+      #     Provides the state of this Vulnerability assessment.
+      # @!attribute [rw] impacts
+      #   @return [::Array<::String>]
+      #     Contains information about the impact of this vulnerability,
+      #     this will change with time.
+      # @!attribute [rw] justification
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
+      #     Justification provides the justification when the state of the
+      #     assessment if NOT_AFFECTED.
+      # @!attribute [rw] remediations
+      #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
+      #     Specifies details on how to handle (and presumably, fix) a vulnerability.
+      class Assessment
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # Justification provides the justification when the state of the
+        # assessment if NOT_AFFECTED.
+        # @!attribute [rw] justification_type
+        #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
+        #     The justification type for this vulnerability.
+        # @!attribute [rw] details
+        #   @return [::String]
+        #     Additional details on why this justification was chosen.
+        class Justification
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Provides the type of justification.
+          module JustificationType
+            # JUSTIFICATION_TYPE_UNSPECIFIED.
+            JUSTIFICATION_TYPE_UNSPECIFIED = 0
+
+            # The vulnerable component is not present in the product.
+            COMPONENT_NOT_PRESENT = 1
+
+            # The vulnerable code is not present. Typically this case
+            # occurs when source code is configured or built in a way that excludes
+            # the vulnerable code.
+            VULNERABLE_CODE_NOT_PRESENT = 2
+
+            # The vulnerable code can not be executed.
+            # Typically this case occurs when the product includes the vulnerable
+            # code but does not call or use the vulnerable code.
+            VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3
+
+            # The vulnerable code cannot be controlled by an attacker to exploit
+            # the vulnerability.
+            VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4
+
+            # The product includes built-in protections or features that prevent
+            # exploitation of the vulnerability. These built-in protections cannot
+            # be subverted by the attacker and cannot be configured or disabled by
+            # the user. These mitigations completely prevent exploitation based on
+            # known attack vectors.
+            INLINE_MITIGATIONS_ALREADY_EXIST = 5
+          end
+        end
+
+        # Specifies details on how to handle (and presumably, fix) a vulnerability.
+        # @!attribute [rw] remediation_type
+        #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
+        #     The type of remediation that can be applied.
+        # @!attribute [rw] details
+        #   @return [::String]
+        #     Contains a comprehensive human-readable discussion of the remediation.
+        # @!attribute [rw] remediation_uri
+        #   @return [::Grafeas::V1::RelatedUrl]
+        #     Contains the URL where to obtain the remediation.
+        class Remediation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of remediation that can be applied.
+          module RemediationType
+            # No remediation type specified.
+            REMEDIATION_TYPE_UNSPECIFIED = 0
+
+            # A MITIGATION is available.
+            MITIGATION = 1
+
+            # No fix is planned.
+            NO_FIX_PLANNED = 2
+
+            # Not available.
+            NONE_AVAILABLE = 3
+
+            # A vendor fix is available.
+            VENDOR_FIX = 4
+
+            # A workaround is available.
+            WORKAROUND = 5
+          end
+        end
+
+        # Provides the state of this Vulnerability assessment.
+        module State
+          # No state is specified.
+          STATE_UNSPECIFIED = 0
+
+          # This product is known to be affected by this vulnerability.
+          AFFECTED = 1
+
+          # This product is known to be not affected by this vulnerability.
+          NOT_AFFECTED = 2
+
+          # This product contains a fix for this vulnerability.
+          FIXED = 3
+
+          # It is not known yet whether these versions are or are not affected
+          # by the vulnerability. However, it is still under investigation.
+          UNDER_INVESTIGATION = 4
+        end
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -47,6 +47,9 @@ module Grafeas
     # @!attribute [rw] cvss_version
     #   @return [::Grafeas::V1::CVSSVersion]
     #     CVSS version used to populate cvss_score and severity.
+    # @!attribute [rw] cvss_v2
+    #   @return [::Grafeas::V1::CVSS]
+    #     The full description of the v2 CVSS for this vulnerability.
     class VulnerabilityNote
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -205,6 +208,11 @@ module Grafeas
     # @!attribute [rw] cvss_version
     #   @return [::Grafeas::V1::CVSSVersion]
     #     Output only. CVSS version used to populate cvss_score and severity.
+    # @!attribute [rw] cvss_v2
+    #   @return [::Grafeas::V1::CVSS]
+    #     The cvss v2 score for the vulnerability.
+    # @!attribute [rw] vex_assessment
+    #   @return [::Grafeas::V1::VulnerabilityOccurrence::VexAssessment]
     class VulnerabilityOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -253,6 +261,42 @@ module Grafeas
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
       end
+
+      # VexAssessment provides all publisher provided Vex information that is
+      # related to this vulnerability.
+      # @!attribute [rw] cve
+      #   @return [::String]
+      #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
+      #     tracking number for the vulnerability.
+      # @!attribute [rw] related_uris
+      #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+      #     Holds a list of references associated with this vulnerability item and
+      #     assessment.
+      # @!attribute [rw] note_name
+      #   @return [::String]
+      #     The VulnerabilityAssessment note from which this VexAssessment was
+      #     generated.
+      #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
+      #     (-- api-linter: core::0122::name-suffix=disabled
+      #         aip.dev/not-precedent: The suffix is kept for consistency. --)
+      # @!attribute [rw] state
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
+      #     Provides the state of this Vulnerability assessment.
+      # @!attribute [rw] impacts
+      #   @return [::Array<::String>]
+      #     Contains information about the impact of this vulnerability,
+      #     this will change with time.
+      # @!attribute [rw] remediations
+      #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
+      #     Specifies details on how to handle (and presumably, fix) a vulnerability.
+      # @!attribute [rw] justification
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
+      #     Justification provides the justification when the state of the
+      #     assessment if NOT_AFFECTED.
+      class VexAssessment
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-03 00:00:00.000000000 Z
+date: 2023-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: 0.18.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: 0.18.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -50,14 +50,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.26.1
+        version: 1.26.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.26.1
+        version: 1.26.3
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -193,11 +193,15 @@ files:
 - lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
+- lib/grafeas/v1/vex_pb.rb
 - lib/grafeas/v1/vulnerability_pb.rb
 - proto_docs/README.md
+- proto_docs/google/api/client.rb
 - proto_docs/google/api/field_behavior.rb
+- proto_docs/google/api/launch_stage.rb
 - proto_docs/google/api/resource.rb
 - proto_docs/google/protobuf/any.rb
+- proto_docs/google/protobuf/duration.rb
 - proto_docs/google/protobuf/empty.rb
 - proto_docs/google/protobuf/field_mask.rb
 - proto_docs/google/protobuf/struct.rb
@@ -221,6 +225,7 @@ files:
 - proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/slsa_provenance_zero_two.rb
 - proto_docs/grafeas/v1/upgrade.rb
+- proto_docs/grafeas/v1/vex.rb
 - proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses:
@@ -241,8 +246,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.14
+rubygems_version: 3.4.2
 signing_key: 
 specification_version: 4
-summary: API Client library for the Grafeas V1 API
+summary: An implementation of the Grafeas API, which stores, and enables querying
+  and retrieval of critical metadata about all of your software artifacts.
 test_files: []