grafeas-v1 0.8.0 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da3655f3c01320a55dc331822f48d3791ac0563009dc51013be01a0d287a5f73
4
- data.tar.gz: 76f0fb530d794296e6310945dce80d5d0b26577a9e602b4885b51cd7fc5d5193
3
+ metadata.gz: de858ed8e2692e2aab1ddabba338dcfcf7fd0d245f4a9dc7268dd28dbc48a1e5
4
+ data.tar.gz: 8ba74842862b74a9da43f0ec0110672b3f58377d34c1469c278f6264556c1ae0
5
5
  SHA512:
6
- metadata.gz: 78412400d6c0e9dc339b8c0ecf5cfa2f3c79d7e3f1c76ded9bedf7aa2e7c999408cd306b0e526503f38418e5f8959c17480275d30fa4cc05348f69e0134b6d3f
7
- data.tar.gz: 514f5e78f7bfe7b936c829cfa3c24ba9cec28f5ef800bc01b25ae9851ec95243ab427cd1d304499ea3548ee17850f9818a86d2d31f9b05b720225de8b45bad3b
6
+ metadata.gz: 56e84efe07a852c6c919991831f309478ea1e88c31e6929e420ce52adfae9bea3b4a2907d053e0305c9fc361e22306f17bbc09d6e98dde2830805ccaef7e4e4a
7
+ data.tar.gz: e2d99c15dcef124b695e7b13e0fc6d8cf168996e9f6ef744fc093bda536c3cb281609b80f3b11e7adba269d932949f6a5b0797ae254539d46142744307ba869a
data/README.md CHANGED
@@ -35,7 +35,7 @@ for class and method documentation.
35
35
 
36
36
  To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
37
37
  The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
38
- or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
38
+ or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
39
39
  that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
40
40
  and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
41
41
 
@@ -45,6 +45,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
45
45
  value :UPGRADE, 8
46
46
  value :COMPLIANCE, 9
47
47
  value :DSSE_ATTESTATION, 10
48
+ value :VULNERABILITY_ASSESSMENT, 11
48
49
  end
49
50
  end
50
51
  end
@@ -1498,9 +1498,9 @@ module Grafeas
1498
1498
  # * (`String`) The path to a service account key file in JSON format
1499
1499
  # * (`Hash`) A service account key as a Hash
1500
1500
  # * (`Google::Auth::Credentials`) A googleauth credentials object
1501
- # (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
1501
+ # (see the [googleauth docs](https://rubydoc.info/gems/googleauth/Google/Auth/Credentials))
1502
1502
  # * (`Signet::OAuth2::Client`) A signet oauth2 client object
1503
- # (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
1503
+ # (see the [signet docs](https://rubydoc.info/gems/signet/Signet/OAuth2/Client))
1504
1504
  # * (`GRPC::Core::Channel`) a gRPC channel with included credentials
1505
1505
  # * (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
1506
1506
  # * (`nil`) indicating no credentials
@@ -20,6 +20,7 @@ require 'grafeas/v1/dsse_attestation_pb'
20
20
  require 'grafeas/v1/image_pb'
21
21
  require 'grafeas/v1/package_pb'
22
22
  require 'grafeas/v1/upgrade_pb'
23
+ require 'grafeas/v1/vex_pb'
23
24
  require 'grafeas/v1/vulnerability_pb'
24
25
 
25
26
  Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -67,6 +68,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
67
68
  optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
68
69
  optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
69
70
  optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
71
+ optional :vulnerability_assessment, :message, 20, "grafeas.v1.VulnerabilityAssessmentNote"
70
72
  end
71
73
  end
72
74
  add_message "grafeas.v1.GetOccurrenceRequest" do
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Grafeas
21
21
  module V1
22
- VERSION = "0.8.0"
22
+ VERSION = "0.9.0"
23
23
  end
24
24
  end
@@ -0,0 +1,88 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/vex.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'grafeas/v1/common_pb'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("grafeas/v1/vex.proto", :syntax => :proto3) do
10
+ add_message "grafeas.v1.VulnerabilityAssessmentNote" do
11
+ optional :title, :string, 1
12
+ optional :short_description, :string, 2
13
+ optional :long_description, :string, 3
14
+ optional :language_code, :string, 4
15
+ optional :publisher, :message, 5, "grafeas.v1.VulnerabilityAssessmentNote.Publisher"
16
+ optional :product, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Product"
17
+ optional :assessment, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment"
18
+ end
19
+ add_message "grafeas.v1.VulnerabilityAssessmentNote.Publisher" do
20
+ optional :name, :string, 1
21
+ optional :issuing_authority, :string, 2
22
+ optional :publisher_namespace, :string, 3
23
+ end
24
+ add_message "grafeas.v1.VulnerabilityAssessmentNote.Product" do
25
+ optional :name, :string, 1
26
+ optional :id, :string, 2
27
+ oneof :identifier do
28
+ optional :generic_uri, :string, 3
29
+ end
30
+ end
31
+ add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment" do
32
+ optional :cve, :string, 1
33
+ optional :short_description, :string, 2
34
+ optional :long_description, :string, 3
35
+ repeated :related_uris, :message, 4, "grafeas.v1.RelatedUrl"
36
+ optional :state, :enum, 5, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
37
+ repeated :impacts, :string, 6
38
+ optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
39
+ repeated :remediations, :message, 8, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
40
+ end
41
+ add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification" do
42
+ optional :justification_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType"
43
+ optional :details, :string, 2
44
+ end
45
+ add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType" do
46
+ value :JUSTIFICATION_TYPE_UNSPECIFIED, 0
47
+ value :COMPONENT_NOT_PRESENT, 1
48
+ value :VULNERABLE_CODE_NOT_PRESENT, 2
49
+ value :VULNERABLE_CODE_NOT_IN_EXECUTE_PATH, 3
50
+ value :VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY, 4
51
+ value :INLINE_MITIGATIONS_ALREADY_EXIST, 5
52
+ end
53
+ add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation" do
54
+ optional :remediation_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType"
55
+ optional :details, :string, 2
56
+ optional :remediation_uri, :message, 3, "grafeas.v1.RelatedUrl"
57
+ end
58
+ add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType" do
59
+ value :REMEDIATION_TYPE_UNSPECIFIED, 0
60
+ value :MITIGATION, 1
61
+ value :NO_FIX_PLANNED, 2
62
+ value :NONE_AVAILABLE, 3
63
+ value :VENDOR_FIX, 4
64
+ value :WORKAROUND, 5
65
+ end
66
+ add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State" do
67
+ value :STATE_UNSPECIFIED, 0
68
+ value :AFFECTED, 1
69
+ value :NOT_AFFECTED, 2
70
+ value :FIXED, 3
71
+ value :UNDER_INVESTIGATION, 4
72
+ end
73
+ end
74
+ end
75
+
76
+ module Grafeas
77
+ module V1
78
+ VulnerabilityAssessmentNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote").msgclass
79
+ VulnerabilityAssessmentNote::Publisher = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Publisher").msgclass
80
+ VulnerabilityAssessmentNote::Product = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Product").msgclass
81
+ VulnerabilityAssessmentNote::Assessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment").msgclass
82
+ VulnerabilityAssessmentNote::Assessment::Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification").msgclass
83
+ VulnerabilityAssessmentNote::Assessment::Justification::JustificationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType").enummodule
84
+ VulnerabilityAssessmentNote::Assessment::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation").msgclass
85
+ VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType").enummodule
86
+ VulnerabilityAssessmentNote::Assessment::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.State").enummodule
87
+ end
88
+ end
@@ -9,6 +9,7 @@ require 'grafeas/v1/common_pb'
9
9
  require 'grafeas/v1/cvss_pb'
10
10
  require 'grafeas/v1/package_pb'
11
11
  require 'grafeas/v1/severity_pb'
12
+ require 'grafeas/v1/vex_pb'
12
13
 
13
14
  Google::Protobuf::DescriptorPool.generated_pool.build do
14
15
  add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
@@ -61,6 +62,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
61
62
  optional :fix_available, :bool, 9
62
63
  optional :cvss_version, :enum, 11, "grafeas.v1.CVSSVersion"
63
64
  optional :cvss_v2, :message, 12, "grafeas.v1.CVSS"
65
+ optional :vex_assessment, :message, 13, "grafeas.v1.VulnerabilityOccurrence.VexAssessment"
64
66
  end
65
67
  add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
66
68
  optional :affected_cpe_uri, :string, 1
@@ -74,6 +76,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
74
76
  optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
75
77
  repeated :file_location, :message, 10, "grafeas.v1.FileLocation"
76
78
  end
79
+ add_message "grafeas.v1.VulnerabilityOccurrence.VexAssessment" do
80
+ optional :cve, :string, 1
81
+ repeated :related_uris, :message, 2, "grafeas.v1.RelatedUrl"
82
+ optional :note_name, :string, 3
83
+ optional :state, :enum, 4, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
84
+ repeated :impacts, :string, 5
85
+ repeated :remediations, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
86
+ optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
87
+ end
77
88
  end
78
89
  end
79
90
 
@@ -85,5 +96,6 @@ module Grafeas
85
96
  VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
86
97
  VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
87
98
  VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
99
+ VulnerabilityOccurrence::VexAssessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.VexAssessment").msgclass
88
100
  end
89
101
  end
@@ -180,6 +180,9 @@ module Grafeas
180
180
 
181
181
  # This represents a DSSE attestation Note
182
182
  DSSE_ATTESTATION = 10
183
+
184
+ # This represents a Vulnerability Assessment.
185
+ VULNERABILITY_ASSESSMENT = 11
183
186
  end
184
187
  end
185
188
  end
@@ -148,6 +148,9 @@ module Grafeas
148
148
  # @!attribute [rw] dsse_attestation
149
149
  # @return [::Grafeas::V1::DSSEAttestationNote]
150
150
  # A note describing a dsse attestation note.
151
+ # @!attribute [rw] vulnerability_assessment
152
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote]
153
+ # A note describing a vulnerability assessment.
151
154
  class Note
152
155
  include ::Google::Protobuf::MessageExts
153
156
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,231 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2023 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # A single VulnerabilityAssessmentNote represents
23
+ # one particular product's vulnerability assessment for one CVE.
24
+ # @!attribute [rw] title
25
+ # @return [::String]
26
+ # The title of the note. E.g. `Vex-Debian-11.4`
27
+ # @!attribute [rw] short_description
28
+ # @return [::String]
29
+ # A one sentence description of this Vex.
30
+ # @!attribute [rw] long_description
31
+ # @return [::String]
32
+ # A detailed description of this Vex.
33
+ # @!attribute [rw] language_code
34
+ # @return [::String]
35
+ # Identifies the language used by this document,
36
+ # corresponding to IETF BCP 47 / RFC 5646.
37
+ # @!attribute [rw] publisher
38
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Publisher]
39
+ # Publisher details of this Note.
40
+ # @!attribute [rw] product
41
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Product]
42
+ # The product affected by this vex.
43
+ # @!attribute [rw] assessment
44
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment]
45
+ # Represents a vulnerability assessment for the product.
46
+ class VulnerabilityAssessmentNote
47
+ include ::Google::Protobuf::MessageExts
48
+ extend ::Google::Protobuf::MessageExts::ClassMethods
49
+
50
+ # Publisher contains information about the publisher of
51
+ # this Note.
52
+ # (-- api-linter: core::0123::resource-annotation=disabled
53
+ # aip.dev/not-precedent: Publisher is not a separate resource. --)
54
+ # @!attribute [rw] name
55
+ # @return [::String]
56
+ # Name of the publisher.
57
+ # Examples: 'Google', 'Google Cloud Platform'.
58
+ # @!attribute [rw] issuing_authority
59
+ # @return [::String]
60
+ # Provides information about the authority of the issuing party to
61
+ # release the document, in particular, the party's constituency and
62
+ # responsibilities or other obligations.
63
+ # @!attribute [rw] publisher_namespace
64
+ # @return [::String]
65
+ # The context or namespace.
66
+ # Contains a URL which is under control of the issuing party and can
67
+ # be used as a globally unique identifier for that issuing party.
68
+ # Example: https://csaf.io
69
+ class Publisher
70
+ include ::Google::Protobuf::MessageExts
71
+ extend ::Google::Protobuf::MessageExts::ClassMethods
72
+ end
73
+
74
+ # Product contains information about a product and how to uniquely identify
75
+ # it.
76
+ # (-- api-linter: core::0123::resource-annotation=disabled
77
+ # aip.dev/not-precedent: Product is not a separate resource. --)
78
+ # @!attribute [rw] name
79
+ # @return [::String]
80
+ # Name of the product.
81
+ # @!attribute [rw] id
82
+ # @return [::String]
83
+ # Token that identifies a product so that it can be referred to from other
84
+ # parts in the document. There is no predefined format as long as it
85
+ # uniquely identifies a group in the context of the current document.
86
+ # @!attribute [rw] generic_uri
87
+ # @return [::String]
88
+ # Contains a URI which is vendor-specific.
89
+ # Example: The artifact repository URL of an image.
90
+ class Product
91
+ include ::Google::Protobuf::MessageExts
92
+ extend ::Google::Protobuf::MessageExts::ClassMethods
93
+ end
94
+
95
+ # Assessment provides all information that is related to a single
96
+ # vulnerability for this product.
97
+ # @!attribute [rw] cve
98
+ # @return [::String]
99
+ # Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
100
+ # tracking number for the vulnerability.
101
+ # @!attribute [rw] short_description
102
+ # @return [::String]
103
+ # A one sentence description of this Vex.
104
+ # @!attribute [rw] long_description
105
+ # @return [::String]
106
+ # A detailed description of this Vex.
107
+ # @!attribute [rw] related_uris
108
+ # @return [::Array<::Grafeas::V1::RelatedUrl>]
109
+ # Holds a list of references associated with this vulnerability item and
110
+ # assessment. These uris have additional information about the
111
+ # vulnerability and the assessment itself. E.g. Link to a document which
112
+ # details how this assessment concluded the state of this vulnerability.
113
+ # @!attribute [rw] state
114
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
115
+ # Provides the state of this Vulnerability assessment.
116
+ # @!attribute [rw] impacts
117
+ # @return [::Array<::String>]
118
+ # Contains information about the impact of this vulnerability,
119
+ # this will change with time.
120
+ # @!attribute [rw] justification
121
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
122
+ # Justification provides the justification when the state of the
123
+ # assessment if NOT_AFFECTED.
124
+ # @!attribute [rw] remediations
125
+ # @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
126
+ # Specifies details on how to handle (and presumably, fix) a vulnerability.
127
+ class Assessment
128
+ include ::Google::Protobuf::MessageExts
129
+ extend ::Google::Protobuf::MessageExts::ClassMethods
130
+
131
+ # Justification provides the justification when the state of the
132
+ # assessment if NOT_AFFECTED.
133
+ # @!attribute [rw] justification_type
134
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
135
+ # The justification type for this vulnerability.
136
+ # @!attribute [rw] details
137
+ # @return [::String]
138
+ # Additional details on why this justification was chosen.
139
+ class Justification
140
+ include ::Google::Protobuf::MessageExts
141
+ extend ::Google::Protobuf::MessageExts::ClassMethods
142
+
143
+ # Provides the type of justification.
144
+ module JustificationType
145
+ # JUSTIFICATION_TYPE_UNSPECIFIED.
146
+ JUSTIFICATION_TYPE_UNSPECIFIED = 0
147
+
148
+ # The vulnerable component is not present in the product.
149
+ COMPONENT_NOT_PRESENT = 1
150
+
151
+ # The vulnerable code is not present. Typically this case
152
+ # occurs when source code is configured or built in a way that excludes
153
+ # the vulnerable code.
154
+ VULNERABLE_CODE_NOT_PRESENT = 2
155
+
156
+ # The vulnerable code can not be executed.
157
+ # Typically this case occurs when the product includes the vulnerable
158
+ # code but does not call or use the vulnerable code.
159
+ VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3
160
+
161
+ # The vulnerable code cannot be controlled by an attacker to exploit
162
+ # the vulnerability.
163
+ VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4
164
+
165
+ # The product includes built-in protections or features that prevent
166
+ # exploitation of the vulnerability. These built-in protections cannot
167
+ # be subverted by the attacker and cannot be configured or disabled by
168
+ # the user. These mitigations completely prevent exploitation based on
169
+ # known attack vectors.
170
+ INLINE_MITIGATIONS_ALREADY_EXIST = 5
171
+ end
172
+ end
173
+
174
+ # Specifies details on how to handle (and presumably, fix) a vulnerability.
175
+ # @!attribute [rw] remediation_type
176
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
177
+ # The type of remediation that can be applied.
178
+ # @!attribute [rw] details
179
+ # @return [::String]
180
+ # Contains a comprehensive human-readable discussion of the remediation.
181
+ # @!attribute [rw] remediation_uri
182
+ # @return [::Grafeas::V1::RelatedUrl]
183
+ # Contains the URL where to obtain the remediation.
184
+ class Remediation
185
+ include ::Google::Protobuf::MessageExts
186
+ extend ::Google::Protobuf::MessageExts::ClassMethods
187
+
188
+ # The type of remediation that can be applied.
189
+ module RemediationType
190
+ # No remediation type specified.
191
+ REMEDIATION_TYPE_UNSPECIFIED = 0
192
+
193
+ # A MITIGATION is available.
194
+ MITIGATION = 1
195
+
196
+ # No fix is planned.
197
+ NO_FIX_PLANNED = 2
198
+
199
+ # Not available.
200
+ NONE_AVAILABLE = 3
201
+
202
+ # A vendor fix is available.
203
+ VENDOR_FIX = 4
204
+
205
+ # A workaround is available.
206
+ WORKAROUND = 5
207
+ end
208
+ end
209
+
210
+ # Provides the state of this Vulnerability assessment.
211
+ module State
212
+ # No state is specified.
213
+ STATE_UNSPECIFIED = 0
214
+
215
+ # This product is known to be affected by this vulnerability.
216
+ AFFECTED = 1
217
+
218
+ # This product is known to be not affected by this vulnerability.
219
+ NOT_AFFECTED = 2
220
+
221
+ # This product contains a fix for this vulnerability.
222
+ FIXED = 3
223
+
224
+ # It is not known yet whether these versions are or are not affected
225
+ # by the vulnerability. However, it is still under investigation.
226
+ UNDER_INVESTIGATION = 4
227
+ end
228
+ end
229
+ end
230
+ end
231
+ end
@@ -211,6 +211,8 @@ module Grafeas
211
211
  # @!attribute [rw] cvss_v2
212
212
  # @return [::Grafeas::V1::CVSS]
213
213
  # The cvss v2 score for the vulnerability.
214
+ # @!attribute [rw] vex_assessment
215
+ # @return [::Grafeas::V1::VulnerabilityOccurrence::VexAssessment]
214
216
  class VulnerabilityOccurrence
215
217
  include ::Google::Protobuf::MessageExts
216
218
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -259,6 +261,42 @@ module Grafeas
259
261
  include ::Google::Protobuf::MessageExts
260
262
  extend ::Google::Protobuf::MessageExts::ClassMethods
261
263
  end
264
+
265
+ # VexAssessment provides all publisher provided Vex information that is
266
+ # related to this vulnerability.
267
+ # @!attribute [rw] cve
268
+ # @return [::String]
269
+ # Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
270
+ # tracking number for the vulnerability.
271
+ # @!attribute [rw] related_uris
272
+ # @return [::Array<::Grafeas::V1::RelatedUrl>]
273
+ # Holds a list of references associated with this vulnerability item and
274
+ # assessment.
275
+ # @!attribute [rw] note_name
276
+ # @return [::String]
277
+ # The VulnerabilityAssessment note from which this VexAssessment was
278
+ # generated.
279
+ # This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
280
+ # (-- api-linter: core::0122::name-suffix=disabled
281
+ # aip.dev/not-precedent: The suffix is kept for consistency. --)
282
+ # @!attribute [rw] state
283
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
284
+ # Provides the state of this Vulnerability assessment.
285
+ # @!attribute [rw] impacts
286
+ # @return [::Array<::String>]
287
+ # Contains information about the impact of this vulnerability,
288
+ # this will change with time.
289
+ # @!attribute [rw] remediations
290
+ # @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
291
+ # Specifies details on how to handle (and presumably, fix) a vulnerability.
292
+ # @!attribute [rw] justification
293
+ # @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
294
+ # Justification provides the justification when the state of the
295
+ # assessment if NOT_AFFECTED.
296
+ class VexAssessment
297
+ include ::Google::Protobuf::MessageExts
298
+ extend ::Google::Protobuf::MessageExts::ClassMethods
299
+ end
262
300
  end
263
301
  end
264
302
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grafeas-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-06 00:00:00.000000000 Z
11
+ date: 2023-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -193,6 +193,7 @@ files:
193
193
  - lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
194
194
  - lib/grafeas/v1/upgrade_pb.rb
195
195
  - lib/grafeas/v1/version.rb
196
+ - lib/grafeas/v1/vex_pb.rb
196
197
  - lib/grafeas/v1/vulnerability_pb.rb
197
198
  - proto_docs/README.md
198
199
  - proto_docs/google/api/client.rb
@@ -224,6 +225,7 @@ files:
224
225
  - proto_docs/grafeas/v1/slsa_provenance.rb
225
226
  - proto_docs/grafeas/v1/slsa_provenance_zero_two.rb
226
227
  - proto_docs/grafeas/v1/upgrade.rb
228
+ - proto_docs/grafeas/v1/vex.rb
227
229
  - proto_docs/grafeas/v1/vulnerability.rb
228
230
  homepage: https://github.com/googleapis/google-cloud-ruby
229
231
  licenses: