grafeas-v1 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: da3655f3c01320a55dc331822f48d3791ac0563009dc51013be01a0d287a5f73
-  data.tar.gz: 76f0fb530d794296e6310945dce80d5d0b26577a9e602b4885b51cd7fc5d5193
+  metadata.gz: de858ed8e2692e2aab1ddabba338dcfcf7fd0d245f4a9dc7268dd28dbc48a1e5
+  data.tar.gz: 8ba74842862b74a9da43f0ec0110672b3f58377d34c1469c278f6264556c1ae0
 SHA512:
-  metadata.gz: 78412400d6c0e9dc339b8c0ecf5cfa2f3c79d7e3f1c76ded9bedf7aa2e7c999408cd306b0e526503f38418e5f8959c17480275d30fa4cc05348f69e0134b6d3f
-  data.tar.gz: 514f5e78f7bfe7b936c829cfa3c24ba9cec28f5ef800bc01b25ae9851ec95243ab427cd1d304499ea3548ee17850f9818a86d2d31f9b05b720225de8b45bad3b
+  metadata.gz: 56e84efe07a852c6c919991831f309478ea1e88c31e6929e420ce52adfae9bea3b4a2907d053e0305c9fc361e22306f17bbc09d6e98dde2830805ccaef7e4e4a
+  data.tar.gz: e2d99c15dcef124b695e7b13e0fc6d8cf168996e9f6ef744fc093bda536c3cb281609b80f3b11e7adba269d932949f6a5b0797ae254539d46142744307ba869a

data/README.md

@@ -35,7 +35,7 @@ for class and method documentation.
 
 To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
 The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
-or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
+or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
 that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
 and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
 

data/lib/grafeas/v1/common_pb.rb

@@ -45,6 +45,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :UPGRADE, 8
       value :COMPLIANCE, 9
       value :DSSE_ATTESTATION, 10
+      value :VULNERABILITY_ASSESSMENT, 11
     end
   end
 end

data/lib/grafeas/v1/grafeas/client.rb

@@ -1498,9 +1498,9 @@ module Grafeas
         #    *  (`String`) The path to a service account key file in JSON format
         #    *  (`Hash`) A service account key as a Hash
         #    *  (`Google::Auth::Credentials`) A googleauth credentials object
-        #       (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
+        #       (see the [googleauth docs](https://rubydoc.info/gems/googleauth/Google/Auth/Credentials))
         #    *  (`Signet::OAuth2::Client`) A signet oauth2 client object
-        #       (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
+        #       (see the [signet docs](https://rubydoc.info/gems/signet/Signet/OAuth2/Client))
         #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
         #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
         #    *  (`nil`) indicating no credentials

data/lib/grafeas/v1/grafeas_pb.rb

@@ -20,6 +20,7 @@ require 'grafeas/v1/dsse_attestation_pb'
 require 'grafeas/v1/image_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/upgrade_pb'
+require 'grafeas/v1/vex_pb'
 require 'grafeas/v1/vulnerability_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -67,6 +68,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
         optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
         optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
+        optional :vulnerability_assessment, :message, 20, "grafeas.v1.VulnerabilityAssessmentNote"
       end
     end
     add_message "grafeas.v1.GetOccurrenceRequest" do

data/lib/grafeas/v1/version.rb

@@ -19,6 +19,6 @@
 
 module Grafeas
   module V1
-    VERSION = "0.8.0"
+    VERSION = "0.9.0"
   end
 end

data/lib/grafeas/v1/vex_pb.rb

@@ -0,0 +1,88 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/vex.proto
+
+require 'google/protobuf'
+
+require 'grafeas/v1/common_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("grafeas/v1/vex.proto", :syntax => :proto3) do
+    add_message "grafeas.v1.VulnerabilityAssessmentNote" do
+      optional :title, :string, 1
+      optional :short_description, :string, 2
+      optional :long_description, :string, 3
+      optional :language_code, :string, 4
+      optional :publisher, :message, 5, "grafeas.v1.VulnerabilityAssessmentNote.Publisher"
+      optional :product, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Product"
+      optional :assessment, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment"
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Publisher" do
+      optional :name, :string, 1
+      optional :issuing_authority, :string, 2
+      optional :publisher_namespace, :string, 3
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Product" do
+      optional :name, :string, 1
+      optional :id, :string, 2
+      oneof :identifier do
+        optional :generic_uri, :string, 3
+      end
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment" do
+      optional :cve, :string, 1
+      optional :short_description, :string, 2
+      optional :long_description, :string, 3
+      repeated :related_uris, :message, 4, "grafeas.v1.RelatedUrl"
+      optional :state, :enum, 5, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
+      repeated :impacts, :string, 6
+      optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
+      repeated :remediations, :message, 8, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification" do
+      optional :justification_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType"
+      optional :details, :string, 2
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType" do
+      value :JUSTIFICATION_TYPE_UNSPECIFIED, 0
+      value :COMPONENT_NOT_PRESENT, 1
+      value :VULNERABLE_CODE_NOT_PRESENT, 2
+      value :VULNERABLE_CODE_NOT_IN_EXECUTE_PATH, 3
+      value :VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY, 4
+      value :INLINE_MITIGATIONS_ALREADY_EXIST, 5
+    end
+    add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation" do
+      optional :remediation_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType"
+      optional :details, :string, 2
+      optional :remediation_uri, :message, 3, "grafeas.v1.RelatedUrl"
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType" do
+      value :REMEDIATION_TYPE_UNSPECIFIED, 0
+      value :MITIGATION, 1
+      value :NO_FIX_PLANNED, 2
+      value :NONE_AVAILABLE, 3
+      value :VENDOR_FIX, 4
+      value :WORKAROUND, 5
+    end
+    add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State" do
+      value :STATE_UNSPECIFIED, 0
+      value :AFFECTED, 1
+      value :NOT_AFFECTED, 2
+      value :FIXED, 3
+      value :UNDER_INVESTIGATION, 4
+    end
+  end
+end
+
+module Grafeas
+  module V1
+    VulnerabilityAssessmentNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote").msgclass
+    VulnerabilityAssessmentNote::Publisher = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Publisher").msgclass
+    VulnerabilityAssessmentNote::Product = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Product").msgclass
+    VulnerabilityAssessmentNote::Assessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment").msgclass
+    VulnerabilityAssessmentNote::Assessment::Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification").msgclass
+    VulnerabilityAssessmentNote::Assessment::Justification::JustificationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType").enummodule
+    VulnerabilityAssessmentNote::Assessment::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation").msgclass
+    VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType").enummodule
+    VulnerabilityAssessmentNote::Assessment::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.State").enummodule
+  end
+end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -9,6 +9,7 @@ require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
 require 'grafeas/v1/severity_pb'
+require 'grafeas/v1/vex_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
@@ -61,6 +62,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :fix_available, :bool, 9
       optional :cvss_version, :enum, 11, "grafeas.v1.CVSSVersion"
       optional :cvss_v2, :message, 12, "grafeas.v1.CVSS"
+      optional :vex_assessment, :message, 13, "grafeas.v1.VulnerabilityOccurrence.VexAssessment"
     end
     add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
       optional :affected_cpe_uri, :string, 1
@@ -74,6 +76,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
       repeated :file_location, :message, 10, "grafeas.v1.FileLocation"
     end
+    add_message "grafeas.v1.VulnerabilityOccurrence.VexAssessment" do
+      optional :cve, :string, 1
+      repeated :related_uris, :message, 2, "grafeas.v1.RelatedUrl"
+      optional :note_name, :string, 3
+      optional :state, :enum, 4, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
+      repeated :impacts, :string, 5
+      repeated :remediations, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
+      optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
+    end
   end
 end
 
@@ -85,5 +96,6 @@ module Grafeas
     VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
     VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
     VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
+    VulnerabilityOccurrence::VexAssessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.VexAssessment").msgclass
   end
 end

data/proto_docs/grafeas/v1/common.rb

@@ -180,6 +180,9 @@ module Grafeas
 
       # This represents a DSSE attestation Note
       DSSE_ATTESTATION = 10
+
+      # This represents a Vulnerability Assessment.
+      VULNERABILITY_ASSESSMENT = 11
     end
   end
 end

data/proto_docs/grafeas/v1/grafeas.rb

@@ -148,6 +148,9 @@ module Grafeas
     # @!attribute [rw] dsse_attestation
     #   @return [::Grafeas::V1::DSSEAttestationNote]
     #     A note describing a dsse attestation note.
+    # @!attribute [rw] vulnerability_assessment
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote]
+    #     A note describing a vulnerability assessment.
     class Note
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/grafeas/v1/vex.rb

@@ -0,0 +1,231 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # A single VulnerabilityAssessmentNote represents
+    # one particular product's vulnerability assessment for one CVE.
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     The title of the note. E.g. `Vex-Debian-11.4`
+    # @!attribute [rw] short_description
+    #   @return [::String]
+    #     A one sentence description of this Vex.
+    # @!attribute [rw] long_description
+    #   @return [::String]
+    #     A detailed description of this Vex.
+    # @!attribute [rw] language_code
+    #   @return [::String]
+    #     Identifies the language used by this document,
+    #     corresponding to IETF BCP 47 / RFC 5646.
+    # @!attribute [rw] publisher
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Publisher]
+    #     Publisher details of this Note.
+    # @!attribute [rw] product
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Product]
+    #     The product affected by this vex.
+    # @!attribute [rw] assessment
+    #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment]
+    #     Represents a vulnerability assessment for the product.
+    class VulnerabilityAssessmentNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Publisher contains information about the publisher of
+      # this Note.
+      # (-- api-linter: core::0123::resource-annotation=disabled
+      #     aip.dev/not-precedent: Publisher is not a separate resource. --)
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Name of the publisher.
+      #     Examples: 'Google', 'Google Cloud Platform'.
+      # @!attribute [rw] issuing_authority
+      #   @return [::String]
+      #     Provides information about the authority of the issuing party to
+      #     release the document, in particular, the party's constituency and
+      #     responsibilities or other obligations.
+      # @!attribute [rw] publisher_namespace
+      #   @return [::String]
+      #     The context or namespace.
+      #     Contains a URL which is under control of the issuing party and can
+      #     be used as a globally unique identifier for that issuing party.
+      #     Example: https://csaf.io
+      class Publisher
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Product contains information about a product and how to uniquely identify
+      # it.
+      # (-- api-linter: core::0123::resource-annotation=disabled
+      #     aip.dev/not-precedent: Product is not a separate resource. --)
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Name of the product.
+      # @!attribute [rw] id
+      #   @return [::String]
+      #     Token that identifies a product so that it can be referred to from other
+      #     parts in the document. There is no predefined format as long as it
+      #     uniquely identifies a group in the context of the current document.
+      # @!attribute [rw] generic_uri
+      #   @return [::String]
+      #     Contains a URI which is vendor-specific.
+      #     Example: The artifact repository URL of an image.
+      class Product
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Assessment provides all information that is related to a single
+      # vulnerability for this product.
+      # @!attribute [rw] cve
+      #   @return [::String]
+      #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
+      #     tracking number for the vulnerability.
+      # @!attribute [rw] short_description
+      #   @return [::String]
+      #     A one sentence description of this Vex.
+      # @!attribute [rw] long_description
+      #   @return [::String]
+      #     A detailed description of this Vex.
+      # @!attribute [rw] related_uris
+      #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+      #     Holds a list of references associated with this vulnerability item and
+      #     assessment. These uris have additional information about the
+      #     vulnerability and the assessment itself. E.g. Link to a document which
+      #     details how this assessment concluded the state of this vulnerability.
+      # @!attribute [rw] state
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
+      #     Provides the state of this Vulnerability assessment.
+      # @!attribute [rw] impacts
+      #   @return [::Array<::String>]
+      #     Contains information about the impact of this vulnerability,
+      #     this will change with time.
+      # @!attribute [rw] justification
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
+      #     Justification provides the justification when the state of the
+      #     assessment if NOT_AFFECTED.
+      # @!attribute [rw] remediations
+      #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
+      #     Specifies details on how to handle (and presumably, fix) a vulnerability.
+      class Assessment
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # Justification provides the justification when the state of the
+        # assessment if NOT_AFFECTED.
+        # @!attribute [rw] justification_type
+        #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
+        #     The justification type for this vulnerability.
+        # @!attribute [rw] details
+        #   @return [::String]
+        #     Additional details on why this justification was chosen.
+        class Justification
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Provides the type of justification.
+          module JustificationType
+            # JUSTIFICATION_TYPE_UNSPECIFIED.
+            JUSTIFICATION_TYPE_UNSPECIFIED = 0
+
+            # The vulnerable component is not present in the product.
+            COMPONENT_NOT_PRESENT = 1
+
+            # The vulnerable code is not present. Typically this case
+            # occurs when source code is configured or built in a way that excludes
+            # the vulnerable code.
+            VULNERABLE_CODE_NOT_PRESENT = 2
+
+            # The vulnerable code can not be executed.
+            # Typically this case occurs when the product includes the vulnerable
+            # code but does not call or use the vulnerable code.
+            VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3
+
+            # The vulnerable code cannot be controlled by an attacker to exploit
+            # the vulnerability.
+            VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4
+
+            # The product includes built-in protections or features that prevent
+            # exploitation of the vulnerability. These built-in protections cannot
+            # be subverted by the attacker and cannot be configured or disabled by
+            # the user. These mitigations completely prevent exploitation based on
+            # known attack vectors.
+            INLINE_MITIGATIONS_ALREADY_EXIST = 5
+          end
+        end
+
+        # Specifies details on how to handle (and presumably, fix) a vulnerability.
+        # @!attribute [rw] remediation_type
+        #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
+        #     The type of remediation that can be applied.
+        # @!attribute [rw] details
+        #   @return [::String]
+        #     Contains a comprehensive human-readable discussion of the remediation.
+        # @!attribute [rw] remediation_uri
+        #   @return [::Grafeas::V1::RelatedUrl]
+        #     Contains the URL where to obtain the remediation.
+        class Remediation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of remediation that can be applied.
+          module RemediationType
+            # No remediation type specified.
+            REMEDIATION_TYPE_UNSPECIFIED = 0
+
+            # A MITIGATION is available.
+            MITIGATION = 1
+
+            # No fix is planned.
+            NO_FIX_PLANNED = 2
+
+            # Not available.
+            NONE_AVAILABLE = 3
+
+            # A vendor fix is available.
+            VENDOR_FIX = 4
+
+            # A workaround is available.
+            WORKAROUND = 5
+          end
+        end
+
+        # Provides the state of this Vulnerability assessment.
+        module State
+          # No state is specified.
+          STATE_UNSPECIFIED = 0
+
+          # This product is known to be affected by this vulnerability.
+          AFFECTED = 1
+
+          # This product is known to be not affected by this vulnerability.
+          NOT_AFFECTED = 2
+
+          # This product contains a fix for this vulnerability.
+          FIXED = 3
+
+          # It is not known yet whether these versions are or are not affected
+          # by the vulnerability. However, it is still under investigation.
+          UNDER_INVESTIGATION = 4
+        end
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/vulnerability.rb

@@ -211,6 +211,8 @@ module Grafeas
     # @!attribute [rw] cvss_v2
     #   @return [::Grafeas::V1::CVSS]
     #     The cvss v2 score for the vulnerability.
+    # @!attribute [rw] vex_assessment
+    #   @return [::Grafeas::V1::VulnerabilityOccurrence::VexAssessment]
     class VulnerabilityOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -259,6 +261,42 @@ module Grafeas
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
       end
+
+      # VexAssessment provides all publisher provided Vex information that is
+      # related to this vulnerability.
+      # @!attribute [rw] cve
+      #   @return [::String]
+      #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
+      #     tracking number for the vulnerability.
+      # @!attribute [rw] related_uris
+      #   @return [::Array<::Grafeas::V1::RelatedUrl>]
+      #     Holds a list of references associated with this vulnerability item and
+      #     assessment.
+      # @!attribute [rw] note_name
+      #   @return [::String]
+      #     The VulnerabilityAssessment note from which this VexAssessment was
+      #     generated.
+      #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
+      #     (-- api-linter: core::0122::name-suffix=disabled
+      #         aip.dev/not-precedent: The suffix is kept for consistency. --)
+      # @!attribute [rw] state
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
+      #     Provides the state of this Vulnerability assessment.
+      # @!attribute [rw] impacts
+      #   @return [::Array<::String>]
+      #     Contains information about the impact of this vulnerability,
+      #     this will change with time.
+      # @!attribute [rw] remediations
+      #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
+      #     Specifies details on how to handle (and presumably, fix) a vulnerability.
+      # @!attribute [rw] justification
+      #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
+      #     Justification provides the justification when the state of the
+      #     assessment if NOT_AFFECTED.
+      class VexAssessment
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas-v1
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-06 00:00:00.000000000 Z
+date: 2023-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -193,6 +193,7 @@ files:
 - lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
 - lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/version.rb
+- lib/grafeas/v1/vex_pb.rb
 - lib/grafeas/v1/vulnerability_pb.rb
 - proto_docs/README.md
 - proto_docs/google/api/client.rb
@@ -224,6 +225,7 @@ files:
 - proto_docs/grafeas/v1/slsa_provenance.rb
 - proto_docs/grafeas/v1/slsa_provenance_zero_two.rb
 - proto_docs/grafeas/v1/upgrade.rb
+- proto_docs/grafeas/v1/vex.rb
 - proto_docs/grafeas/v1/vulnerability.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses: