grafeas-v1 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1daaaa44e5b9e83a19f1f45058ab6d2e672add60b9d27e7527e0f107b7394a1
-  data.tar.gz: eb72b3a41d3b10d83144f76204fec229e76f44f0c8e9755032c3bbd8a4e1f20d
+  metadata.gz: 7298ad05fa42dba9994b498bce80a3939994613c7a827c1f8579d90706a822af
+  data.tar.gz: 748a285b37351c52e5e241ea50015d9547572c071935c6bf2bbac57dd9866c19
 SHA512:
-  metadata.gz: 801f61920ee568a3f11ccbd7d6a1b74aa50fe40b4b1d08daf2ff42b91b1044646b269ae4809c34642886a2fb3c61f7d07bfe9572bfa299ca5d7eab734361de89
-  data.tar.gz: f42da8bad4cbda5d8872400a7012811ed39dfd3e24c44333fb016218e33b06e22805ea6bf4ac3ba368df66309251d4e07eb30cb500f7b2380b9895097be0e63d
+  metadata.gz: '019f77652b634e657a86f6064923a3d0c5ae6b13a7de33d3dbf310f9bfd5ba328cf896ed6056303ed24fb844701da13aca92baeb6f976530d57c84525a0ba233'
+  data.tar.gz: dff13064655fc342f13844aeb0ea9bb98489d5026aad0140a3a98e8bb3f1a8504da40d09ff89692b3a1949743764953e18f5ef13f2fa7c5442b4f46cf2098f8d

data/lib/grafeas/v1/compliance_pb.rb

@@ -1,7 +1,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/compliance.proto
 
-require 'grafeas/v1/vulnerability_pb'
+require 'grafeas/v1/severity_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do

data/lib/grafeas/v1/cvss_pb.rb

@@ -52,6 +52,60 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :IMPACT_LOW, 2
       value :IMPACT_NONE, 3
     end
+    add_message "grafeas.v1.CVSS" do
+      optional :base_score, :float, 1
+      optional :exploitability_score, :float, 2
+      optional :impact_score, :float, 3
+      optional :attack_vector, :enum, 4, "grafeas.v1.CVSS.AttackVector"
+      optional :attack_complexity, :enum, 5, "grafeas.v1.CVSS.AttackComplexity"
+      optional :authentication, :enum, 6, "grafeas.v1.CVSS.Authentication"
+      optional :privileges_required, :enum, 7, "grafeas.v1.CVSS.PrivilegesRequired"
+      optional :user_interaction, :enum, 8, "grafeas.v1.CVSS.UserInteraction"
+      optional :scope, :enum, 9, "grafeas.v1.CVSS.Scope"
+      optional :confidentiality_impact, :enum, 10, "grafeas.v1.CVSS.Impact"
+      optional :integrity_impact, :enum, 11, "grafeas.v1.CVSS.Impact"
+      optional :availability_impact, :enum, 12, "grafeas.v1.CVSS.Impact"
+    end
+    add_enum "grafeas.v1.CVSS.AttackVector" do
+      value :ATTACK_VECTOR_UNSPECIFIED, 0
+      value :ATTACK_VECTOR_NETWORK, 1
+      value :ATTACK_VECTOR_ADJACENT, 2
+      value :ATTACK_VECTOR_LOCAL, 3
+      value :ATTACK_VECTOR_PHYSICAL, 4
+    end
+    add_enum "grafeas.v1.CVSS.AttackComplexity" do
+      value :ATTACK_COMPLEXITY_UNSPECIFIED, 0
+      value :ATTACK_COMPLEXITY_LOW, 1
+      value :ATTACK_COMPLEXITY_HIGH, 2
+    end
+    add_enum "grafeas.v1.CVSS.Authentication" do
+      value :AUTHENTICATION_UNSPECIFIED, 0
+      value :AUTHENTICATION_MULTIPLE, 1
+      value :AUTHENTICATION_SINGLE, 2
+      value :AUTHENTICATION_NONE, 3
+    end
+    add_enum "grafeas.v1.CVSS.PrivilegesRequired" do
+      value :PRIVILEGES_REQUIRED_UNSPECIFIED, 0
+      value :PRIVILEGES_REQUIRED_NONE, 1
+      value :PRIVILEGES_REQUIRED_LOW, 2
+      value :PRIVILEGES_REQUIRED_HIGH, 3
+    end
+    add_enum "grafeas.v1.CVSS.UserInteraction" do
+      value :USER_INTERACTION_UNSPECIFIED, 0
+      value :USER_INTERACTION_NONE, 1
+      value :USER_INTERACTION_REQUIRED, 2
+    end
+    add_enum "grafeas.v1.CVSS.Scope" do
+      value :SCOPE_UNSPECIFIED, 0
+      value :SCOPE_UNCHANGED, 1
+      value :SCOPE_CHANGED, 2
+    end
+    add_enum "grafeas.v1.CVSS.Impact" do
+      value :IMPACT_UNSPECIFIED, 0
+      value :IMPACT_HIGH, 1
+      value :IMPACT_LOW, 2
+      value :IMPACT_NONE, 3
+    end
   end
 end
 
@@ -64,5 +118,13 @@ module Grafeas
     CVSSv3::UserInteraction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.UserInteraction").enummodule
     CVSSv3::Scope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.Scope").enummodule
     CVSSv3::Impact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSSv3.Impact").enummodule
+    CVSS = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS").msgclass
+    CVSS::AttackVector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.AttackVector").enummodule
+    CVSS::AttackComplexity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.AttackComplexity").enummodule
+    CVSS::Authentication = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Authentication").enummodule
+    CVSS::PrivilegesRequired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.PrivilegesRequired").enummodule
+    CVSS::UserInteraction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.UserInteraction").enummodule
+    CVSS::Scope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Scope").enummodule
+    CVSS::Impact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.CVSS.Impact").enummodule
   end
 end

data/lib/grafeas/v1/discovery_pb.rb

@@ -1,6 +1,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: grafeas/v1/discovery.proto
 
+require 'google/api/field_behavior_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/rpc/status_pb'
 require 'grafeas/v1/common_pb'
@@ -17,6 +18,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :analysis_status_error, :message, 3, "google.rpc.Status"
       optional :cpe, :string, 4
       optional :last_scan_time, :message, 5, "google.protobuf.Timestamp"
+      optional :archive_time, :message, 6, "google.protobuf.Timestamp"
     end
     add_enum "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis" do
       value :CONTINUOUS_ANALYSIS_UNSPECIFIED, 0

data/lib/grafeas/v1/severity_pb.rb

@@ -0,0 +1,23 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/severity.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/severity.proto", :syntax => :proto3) do
+    add_enum "grafeas.v1.Severity" do
+      value :SEVERITY_UNSPECIFIED, 0
+      value :MINIMAL, 1
+      value :LOW, 2
+      value :MEDIUM, 3
+      value :HIGH, 4
+      value :CRITICAL, 5
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
+  end
+end

data/lib/grafeas/v1/version.rb

@@ -19,6 +19,6 @@
 
 module Grafeas
   module V1
-    VERSION = "0.3.1"
+    VERSION = "0.4.0"
   end
 end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -6,6 +6,7 @@ require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
+require 'grafeas/v1/severity_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -48,7 +49,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :type, :string, 1
       optional :severity, :enum, 2, "grafeas.v1.Severity"
       optional :cvss_score, :float, 3
-      optional :cvssv3, :message, 10, "grafeas.v1.VulnerabilityOccurrence.CVSSV3"
+      optional :cvssv3, :message, 10, "grafeas.v1.CVSS"
       repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
       optional :short_description, :string, 5
       optional :long_description, :string, 6
@@ -56,10 +57,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :effective_severity, :enum, 8, "grafeas.v1.Severity"
       optional :fix_available, :bool, 9
     end
-    add_message "grafeas.v1.VulnerabilityOccurrence.CVSSV3" do
-      optional :base_score, :float, 1
-      optional :severity, :enum, 2, "grafeas.v1.Severity"
-    end
     add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
       optional :affected_cpe_uri, :string, 1
       optional :affected_package, :string, 2
@@ -71,14 +68,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :package_type, :string, 8
       optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
     end
-    add_enum "grafeas.v1.Severity" do
-      value :SEVERITY_UNSPECIFIED, 0
-      value :MINIMAL, 1
-      value :LOW, 2
-      value :MEDIUM, 3
-      value :HIGH, 4
-      value :CRITICAL, 5
-    end
   end
 end
 
@@ -89,8 +78,6 @@ module Grafeas
     VulnerabilityNote::WindowsDetail = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail").msgclass
     VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
     VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
-    VulnerabilityOccurrence::CVSSV3 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.CVSSV3").msgclass
     VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
-    Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
   end
 end

data/proto_docs/grafeas/v1/cvss.rb

@@ -107,5 +107,110 @@ module Grafeas
         IMPACT_NONE = 3
       end
     end
+
+    # Common Vulnerability Scoring System.
+    # For details, see https://www.first.org/cvss/specification-document
+    # This is a message we will try to use for storing multiple versions of
+    # CVSS. The intention is that as new versions of CVSS scores get added, we
+    # will be able to modify this message rather than adding new protos for each
+    # new version of the score.
+    # @!attribute [rw] base_score
+    #   @return [::Float]
+    #     The base score is a function of the base metric scores.
+    # @!attribute [rw] exploitability_score
+    #   @return [::Float]
+    # @!attribute [rw] impact_score
+    #   @return [::Float]
+    # @!attribute [rw] attack_vector
+    #   @return [::Grafeas::V1::CVSS::AttackVector]
+    #     Base Metrics
+    #     Represents the intrinsic characteristics of a vulnerability that are
+    #     constant over time and across user environments.
+    # @!attribute [rw] attack_complexity
+    #   @return [::Grafeas::V1::CVSS::AttackComplexity]
+    # @!attribute [rw] authentication
+    #   @return [::Grafeas::V1::CVSS::Authentication]
+    # @!attribute [rw] privileges_required
+    #   @return [::Grafeas::V1::CVSS::PrivilegesRequired]
+    # @!attribute [rw] user_interaction
+    #   @return [::Grafeas::V1::CVSS::UserInteraction]
+    # @!attribute [rw] scope
+    #   @return [::Grafeas::V1::CVSS::Scope]
+    # @!attribute [rw] confidentiality_impact
+    #   @return [::Grafeas::V1::CVSS::Impact]
+    # @!attribute [rw] integrity_impact
+    #   @return [::Grafeas::V1::CVSS::Impact]
+    # @!attribute [rw] availability_impact
+    #   @return [::Grafeas::V1::CVSS::Impact]
+    class CVSS
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      module AttackVector
+        ATTACK_VECTOR_UNSPECIFIED = 0
+
+        ATTACK_VECTOR_NETWORK = 1
+
+        ATTACK_VECTOR_ADJACENT = 2
+
+        ATTACK_VECTOR_LOCAL = 3
+
+        ATTACK_VECTOR_PHYSICAL = 4
+      end
+
+      module AttackComplexity
+        ATTACK_COMPLEXITY_UNSPECIFIED = 0
+
+        ATTACK_COMPLEXITY_LOW = 1
+
+        ATTACK_COMPLEXITY_HIGH = 2
+      end
+
+      module Authentication
+        AUTHENTICATION_UNSPECIFIED = 0
+
+        AUTHENTICATION_MULTIPLE = 1
+
+        AUTHENTICATION_SINGLE = 2
+
+        AUTHENTICATION_NONE = 3
+      end
+
+      module PrivilegesRequired
+        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
+
+        PRIVILEGES_REQUIRED_NONE = 1
+
+        PRIVILEGES_REQUIRED_LOW = 2
+
+        PRIVILEGES_REQUIRED_HIGH = 3
+      end
+
+      module UserInteraction
+        USER_INTERACTION_UNSPECIFIED = 0
+
+        USER_INTERACTION_NONE = 1
+
+        USER_INTERACTION_REQUIRED = 2
+      end
+
+      module Scope
+        SCOPE_UNSPECIFIED = 0
+
+        SCOPE_UNCHANGED = 1
+
+        SCOPE_CHANGED = 2
+      end
+
+      module Impact
+        IMPACT_UNSPECIFIED = 0
+
+        IMPACT_HIGH = 1
+
+        IMPACT_LOW = 2
+
+        IMPACT_NONE = 3
+      end
+    end
   end
 end

data/proto_docs/grafeas/v1/discovery.rb

@@ -49,6 +49,9 @@ module Grafeas
     # @!attribute [rw] last_scan_time
     #   @return [::Google::Protobuf::Timestamp]
     #     The last time this resource was scanned.
+    # @!attribute [r] archive_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     The time occurrences related to this discovery occurrence were archived.
     class DiscoveryOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/severity.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note provider assigned severity/impact ranking.
+    module Severity
+      # Unknown.
+      SEVERITY_UNSPECIFIED = 0
+
+      # Minimal severity.
+      MINIMAL = 1
+
+      # Low severity.
+      LOW = 2
+
+      # Medium severity.
+      MEDIUM = 3
+
+      # High severity.
+      HIGH = 4
+
+      # Critical severity.
+      CRITICAL = 5
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -168,7 +168,7 @@ module Grafeas
     #     scale of 0 - 10 where 0 indicates low severity and 10 indicates high
     #     severity.
     # @!attribute [rw] cvssv3
-    #   @return [::Grafeas::V1::VulnerabilityOccurrence::CVSSV3]
+    #   @return [::Grafeas::V1::CVSS]
     #     The cvss v3 score for the vulnerability.
     # @!attribute [rw] package_issue
     #   @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
@@ -203,19 +203,6 @@ module Grafeas
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
 
-      # The CVSS v3 score for this vulnerability.
-      # @!attribute [rw] base_score
-      #   @return [::Float]
-      #     The base score for for this vulnerability according to cvss v3.
-      # @!attribute [rw] severity
-      #   @return [::Grafeas::V1::Severity]
-      #     The severity rating assigned to this vulnerability by vulnerability
-      #     provider.
-      class CVSSV3
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
       # A detail for a distro and package this vulnerability occurrence was found
       # in and its associated fix (if one is available).
       # @!attribute [rw] affected_cpe_uri
@@ -258,26 +245,5 @@ module Grafeas
         extend ::Google::Protobuf::MessageExts::ClassMethods
       end
     end
-
-    # Note provider assigned severity/impact ranking.
-    module Severity
-      # Unknown.
-      SEVERITY_UNSPECIFIED = 0
-
-      # Minimal severity.
-      MINIMAL = 1
-
-      # Low severity.
-      LOW = 2
-
-      # Medium severity.
-      MEDIUM = 3
-
-      # High severity.
-      HIGH = 4
-
-      # Critical severity.
-      CRITICAL = 5
-    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-11 00:00:00.000000000 Z
+date: 2022-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -188,6 +188,7 @@ files:
 - lib/grafeas/v1/intoto_statement_pb.rb
 - lib/grafeas/v1/package_pb.rb
 - lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/severity_pb.rb
 - lib/grafeas/v1/slsa_provenance_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
@@ -214,6 +215,7 @@ files:
 - proto_docs/grafeas/v1/intoto_statement.rb
 - proto_docs/grafeas/v1/package.rb
 - proto_docs/grafeas/v1/provenance.rb
+- proto_docs/grafeas/v1/severity.rb
 - proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/upgrade.rb
 - proto_docs/grafeas/v1/vulnerability.rb
@@ -236,7 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.4
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: API Client library for the Grafeas V1 API