grafeas-v1 0.8.0 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/grafeas/v1/common_pb.rb +1 -0
- data/lib/grafeas/v1/grafeas/client.rb +2 -2
- data/lib/grafeas/v1/grafeas_pb.rb +2 -0
- data/lib/grafeas/v1/version.rb +1 -1
- data/lib/grafeas/v1/vex_pb.rb +88 -0
- data/lib/grafeas/v1/vulnerability_pb.rb +12 -0
- data/proto_docs/grafeas/v1/common.rb +3 -0
- data/proto_docs/grafeas/v1/grafeas.rb +3 -0
- data/proto_docs/grafeas/v1/vex.rb +231 -0
- data/proto_docs/grafeas/v1/vulnerability.rb +38 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de858ed8e2692e2aab1ddabba338dcfcf7fd0d245f4a9dc7268dd28dbc48a1e5
|
4
|
+
data.tar.gz: 8ba74842862b74a9da43f0ec0110672b3f58377d34c1469c278f6264556c1ae0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 56e84efe07a852c6c919991831f309478ea1e88c31e6929e420ce52adfae9bea3b4a2907d053e0305c9fc361e22306f17bbc09d6e98dde2830805ccaef7e4e4a
|
7
|
+
data.tar.gz: e2d99c15dcef124b695e7b13e0fc6d8cf168996e9f6ef744fc093bda536c3cb281609b80f3b11e7adba269d932949f6a5b0797ae254539d46142744307ba869a
|
data/README.md
CHANGED
@@ -35,7 +35,7 @@ for class and method documentation.
|
|
35
35
|
|
36
36
|
To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
|
37
37
|
The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
|
38
|
-
or a [`Google::Cloud::Logging::Logger`](https://
|
38
|
+
or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
|
39
39
|
that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
|
40
40
|
and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
|
41
41
|
|
data/lib/grafeas/v1/common_pb.rb
CHANGED
@@ -1498,9 +1498,9 @@ module Grafeas
|
|
1498
1498
|
# * (`String`) The path to a service account key file in JSON format
|
1499
1499
|
# * (`Hash`) A service account key as a Hash
|
1500
1500
|
# * (`Google::Auth::Credentials`) A googleauth credentials object
|
1501
|
-
# (see the [googleauth docs](https://
|
1501
|
+
# (see the [googleauth docs](https://rubydoc.info/gems/googleauth/Google/Auth/Credentials))
|
1502
1502
|
# * (`Signet::OAuth2::Client`) A signet oauth2 client object
|
1503
|
-
# (see the [signet docs](https://
|
1503
|
+
# (see the [signet docs](https://rubydoc.info/gems/signet/Signet/OAuth2/Client))
|
1504
1504
|
# * (`GRPC::Core::Channel`) a gRPC channel with included credentials
|
1505
1505
|
# * (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
|
1506
1506
|
# * (`nil`) indicating no credentials
|
@@ -20,6 +20,7 @@ require 'grafeas/v1/dsse_attestation_pb'
|
|
20
20
|
require 'grafeas/v1/image_pb'
|
21
21
|
require 'grafeas/v1/package_pb'
|
22
22
|
require 'grafeas/v1/upgrade_pb'
|
23
|
+
require 'grafeas/v1/vex_pb'
|
23
24
|
require 'grafeas/v1/vulnerability_pb'
|
24
25
|
|
25
26
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -67,6 +68,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
67
68
|
optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
|
68
69
|
optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
|
69
70
|
optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
|
71
|
+
optional :vulnerability_assessment, :message, 20, "grafeas.v1.VulnerabilityAssessmentNote"
|
70
72
|
end
|
71
73
|
end
|
72
74
|
add_message "grafeas.v1.GetOccurrenceRequest" do
|
data/lib/grafeas/v1/version.rb
CHANGED
@@ -0,0 +1,88 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/vex.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'grafeas/v1/common_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("grafeas/v1/vex.proto", :syntax => :proto3) do
|
10
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote" do
|
11
|
+
optional :title, :string, 1
|
12
|
+
optional :short_description, :string, 2
|
13
|
+
optional :long_description, :string, 3
|
14
|
+
optional :language_code, :string, 4
|
15
|
+
optional :publisher, :message, 5, "grafeas.v1.VulnerabilityAssessmentNote.Publisher"
|
16
|
+
optional :product, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Product"
|
17
|
+
optional :assessment, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment"
|
18
|
+
end
|
19
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote.Publisher" do
|
20
|
+
optional :name, :string, 1
|
21
|
+
optional :issuing_authority, :string, 2
|
22
|
+
optional :publisher_namespace, :string, 3
|
23
|
+
end
|
24
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote.Product" do
|
25
|
+
optional :name, :string, 1
|
26
|
+
optional :id, :string, 2
|
27
|
+
oneof :identifier do
|
28
|
+
optional :generic_uri, :string, 3
|
29
|
+
end
|
30
|
+
end
|
31
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment" do
|
32
|
+
optional :cve, :string, 1
|
33
|
+
optional :short_description, :string, 2
|
34
|
+
optional :long_description, :string, 3
|
35
|
+
repeated :related_uris, :message, 4, "grafeas.v1.RelatedUrl"
|
36
|
+
optional :state, :enum, 5, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
|
37
|
+
repeated :impacts, :string, 6
|
38
|
+
optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
|
39
|
+
repeated :remediations, :message, 8, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
|
40
|
+
end
|
41
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification" do
|
42
|
+
optional :justification_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType"
|
43
|
+
optional :details, :string, 2
|
44
|
+
end
|
45
|
+
add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType" do
|
46
|
+
value :JUSTIFICATION_TYPE_UNSPECIFIED, 0
|
47
|
+
value :COMPONENT_NOT_PRESENT, 1
|
48
|
+
value :VULNERABLE_CODE_NOT_PRESENT, 2
|
49
|
+
value :VULNERABLE_CODE_NOT_IN_EXECUTE_PATH, 3
|
50
|
+
value :VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY, 4
|
51
|
+
value :INLINE_MITIGATIONS_ALREADY_EXIST, 5
|
52
|
+
end
|
53
|
+
add_message "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation" do
|
54
|
+
optional :remediation_type, :enum, 1, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType"
|
55
|
+
optional :details, :string, 2
|
56
|
+
optional :remediation_uri, :message, 3, "grafeas.v1.RelatedUrl"
|
57
|
+
end
|
58
|
+
add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType" do
|
59
|
+
value :REMEDIATION_TYPE_UNSPECIFIED, 0
|
60
|
+
value :MITIGATION, 1
|
61
|
+
value :NO_FIX_PLANNED, 2
|
62
|
+
value :NONE_AVAILABLE, 3
|
63
|
+
value :VENDOR_FIX, 4
|
64
|
+
value :WORKAROUND, 5
|
65
|
+
end
|
66
|
+
add_enum "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State" do
|
67
|
+
value :STATE_UNSPECIFIED, 0
|
68
|
+
value :AFFECTED, 1
|
69
|
+
value :NOT_AFFECTED, 2
|
70
|
+
value :FIXED, 3
|
71
|
+
value :UNDER_INVESTIGATION, 4
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
module Grafeas
|
77
|
+
module V1
|
78
|
+
VulnerabilityAssessmentNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote").msgclass
|
79
|
+
VulnerabilityAssessmentNote::Publisher = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Publisher").msgclass
|
80
|
+
VulnerabilityAssessmentNote::Product = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Product").msgclass
|
81
|
+
VulnerabilityAssessmentNote::Assessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment").msgclass
|
82
|
+
VulnerabilityAssessmentNote::Assessment::Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification").msgclass
|
83
|
+
VulnerabilityAssessmentNote::Assessment::Justification::JustificationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType").enummodule
|
84
|
+
VulnerabilityAssessmentNote::Assessment::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation").msgclass
|
85
|
+
VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType").enummodule
|
86
|
+
VulnerabilityAssessmentNote::Assessment::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityAssessmentNote.Assessment.State").enummodule
|
87
|
+
end
|
88
|
+
end
|
@@ -9,6 +9,7 @@ require 'grafeas/v1/common_pb'
|
|
9
9
|
require 'grafeas/v1/cvss_pb'
|
10
10
|
require 'grafeas/v1/package_pb'
|
11
11
|
require 'grafeas/v1/severity_pb'
|
12
|
+
require 'grafeas/v1/vex_pb'
|
12
13
|
|
13
14
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
14
15
|
add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
|
@@ -61,6 +62,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
61
62
|
optional :fix_available, :bool, 9
|
62
63
|
optional :cvss_version, :enum, 11, "grafeas.v1.CVSSVersion"
|
63
64
|
optional :cvss_v2, :message, 12, "grafeas.v1.CVSS"
|
65
|
+
optional :vex_assessment, :message, 13, "grafeas.v1.VulnerabilityOccurrence.VexAssessment"
|
64
66
|
end
|
65
67
|
add_message "grafeas.v1.VulnerabilityOccurrence.PackageIssue" do
|
66
68
|
optional :affected_cpe_uri, :string, 1
|
@@ -74,6 +76,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
74
76
|
optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
|
75
77
|
repeated :file_location, :message, 10, "grafeas.v1.FileLocation"
|
76
78
|
end
|
79
|
+
add_message "grafeas.v1.VulnerabilityOccurrence.VexAssessment" do
|
80
|
+
optional :cve, :string, 1
|
81
|
+
repeated :related_uris, :message, 2, "grafeas.v1.RelatedUrl"
|
82
|
+
optional :note_name, :string, 3
|
83
|
+
optional :state, :enum, 4, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.State"
|
84
|
+
repeated :impacts, :string, 5
|
85
|
+
repeated :remediations, :message, 6, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation"
|
86
|
+
optional :justification, :message, 7, "grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification"
|
87
|
+
end
|
77
88
|
end
|
78
89
|
end
|
79
90
|
|
@@ -85,5 +96,6 @@ module Grafeas
|
|
85
96
|
VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
|
86
97
|
VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
|
87
98
|
VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
|
99
|
+
VulnerabilityOccurrence::VexAssessment = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.VexAssessment").msgclass
|
88
100
|
end
|
89
101
|
end
|
@@ -148,6 +148,9 @@ module Grafeas
|
|
148
148
|
# @!attribute [rw] dsse_attestation
|
149
149
|
# @return [::Grafeas::V1::DSSEAttestationNote]
|
150
150
|
# A note describing a dsse attestation note.
|
151
|
+
# @!attribute [rw] vulnerability_assessment
|
152
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote]
|
153
|
+
# A note describing a vulnerability assessment.
|
151
154
|
class Note
|
152
155
|
include ::Google::Protobuf::MessageExts
|
153
156
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -0,0 +1,231 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2023 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# A single VulnerabilityAssessmentNote represents
|
23
|
+
# one particular product's vulnerability assessment for one CVE.
|
24
|
+
# @!attribute [rw] title
|
25
|
+
# @return [::String]
|
26
|
+
# The title of the note. E.g. `Vex-Debian-11.4`
|
27
|
+
# @!attribute [rw] short_description
|
28
|
+
# @return [::String]
|
29
|
+
# A one sentence description of this Vex.
|
30
|
+
# @!attribute [rw] long_description
|
31
|
+
# @return [::String]
|
32
|
+
# A detailed description of this Vex.
|
33
|
+
# @!attribute [rw] language_code
|
34
|
+
# @return [::String]
|
35
|
+
# Identifies the language used by this document,
|
36
|
+
# corresponding to IETF BCP 47 / RFC 5646.
|
37
|
+
# @!attribute [rw] publisher
|
38
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Publisher]
|
39
|
+
# Publisher details of this Note.
|
40
|
+
# @!attribute [rw] product
|
41
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Product]
|
42
|
+
# The product affected by this vex.
|
43
|
+
# @!attribute [rw] assessment
|
44
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment]
|
45
|
+
# Represents a vulnerability assessment for the product.
|
46
|
+
class VulnerabilityAssessmentNote
|
47
|
+
include ::Google::Protobuf::MessageExts
|
48
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
49
|
+
|
50
|
+
# Publisher contains information about the publisher of
|
51
|
+
# this Note.
|
52
|
+
# (-- api-linter: core::0123::resource-annotation=disabled
|
53
|
+
# aip.dev/not-precedent: Publisher is not a separate resource. --)
|
54
|
+
# @!attribute [rw] name
|
55
|
+
# @return [::String]
|
56
|
+
# Name of the publisher.
|
57
|
+
# Examples: 'Google', 'Google Cloud Platform'.
|
58
|
+
# @!attribute [rw] issuing_authority
|
59
|
+
# @return [::String]
|
60
|
+
# Provides information about the authority of the issuing party to
|
61
|
+
# release the document, in particular, the party's constituency and
|
62
|
+
# responsibilities or other obligations.
|
63
|
+
# @!attribute [rw] publisher_namespace
|
64
|
+
# @return [::String]
|
65
|
+
# The context or namespace.
|
66
|
+
# Contains a URL which is under control of the issuing party and can
|
67
|
+
# be used as a globally unique identifier for that issuing party.
|
68
|
+
# Example: https://csaf.io
|
69
|
+
class Publisher
|
70
|
+
include ::Google::Protobuf::MessageExts
|
71
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
72
|
+
end
|
73
|
+
|
74
|
+
# Product contains information about a product and how to uniquely identify
|
75
|
+
# it.
|
76
|
+
# (-- api-linter: core::0123::resource-annotation=disabled
|
77
|
+
# aip.dev/not-precedent: Product is not a separate resource. --)
|
78
|
+
# @!attribute [rw] name
|
79
|
+
# @return [::String]
|
80
|
+
# Name of the product.
|
81
|
+
# @!attribute [rw] id
|
82
|
+
# @return [::String]
|
83
|
+
# Token that identifies a product so that it can be referred to from other
|
84
|
+
# parts in the document. There is no predefined format as long as it
|
85
|
+
# uniquely identifies a group in the context of the current document.
|
86
|
+
# @!attribute [rw] generic_uri
|
87
|
+
# @return [::String]
|
88
|
+
# Contains a URI which is vendor-specific.
|
89
|
+
# Example: The artifact repository URL of an image.
|
90
|
+
class Product
|
91
|
+
include ::Google::Protobuf::MessageExts
|
92
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
93
|
+
end
|
94
|
+
|
95
|
+
# Assessment provides all information that is related to a single
|
96
|
+
# vulnerability for this product.
|
97
|
+
# @!attribute [rw] cve
|
98
|
+
# @return [::String]
|
99
|
+
# Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
|
100
|
+
# tracking number for the vulnerability.
|
101
|
+
# @!attribute [rw] short_description
|
102
|
+
# @return [::String]
|
103
|
+
# A one sentence description of this Vex.
|
104
|
+
# @!attribute [rw] long_description
|
105
|
+
# @return [::String]
|
106
|
+
# A detailed description of this Vex.
|
107
|
+
# @!attribute [rw] related_uris
|
108
|
+
# @return [::Array<::Grafeas::V1::RelatedUrl>]
|
109
|
+
# Holds a list of references associated with this vulnerability item and
|
110
|
+
# assessment. These uris have additional information about the
|
111
|
+
# vulnerability and the assessment itself. E.g. Link to a document which
|
112
|
+
# details how this assessment concluded the state of this vulnerability.
|
113
|
+
# @!attribute [rw] state
|
114
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
|
115
|
+
# Provides the state of this Vulnerability assessment.
|
116
|
+
# @!attribute [rw] impacts
|
117
|
+
# @return [::Array<::String>]
|
118
|
+
# Contains information about the impact of this vulnerability,
|
119
|
+
# this will change with time.
|
120
|
+
# @!attribute [rw] justification
|
121
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
|
122
|
+
# Justification provides the justification when the state of the
|
123
|
+
# assessment if NOT_AFFECTED.
|
124
|
+
# @!attribute [rw] remediations
|
125
|
+
# @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
|
126
|
+
# Specifies details on how to handle (and presumably, fix) a vulnerability.
|
127
|
+
class Assessment
|
128
|
+
include ::Google::Protobuf::MessageExts
|
129
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
130
|
+
|
131
|
+
# Justification provides the justification when the state of the
|
132
|
+
# assessment if NOT_AFFECTED.
|
133
|
+
# @!attribute [rw] justification_type
|
134
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
|
135
|
+
# The justification type for this vulnerability.
|
136
|
+
# @!attribute [rw] details
|
137
|
+
# @return [::String]
|
138
|
+
# Additional details on why this justification was chosen.
|
139
|
+
class Justification
|
140
|
+
include ::Google::Protobuf::MessageExts
|
141
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
142
|
+
|
143
|
+
# Provides the type of justification.
|
144
|
+
module JustificationType
|
145
|
+
# JUSTIFICATION_TYPE_UNSPECIFIED.
|
146
|
+
JUSTIFICATION_TYPE_UNSPECIFIED = 0
|
147
|
+
|
148
|
+
# The vulnerable component is not present in the product.
|
149
|
+
COMPONENT_NOT_PRESENT = 1
|
150
|
+
|
151
|
+
# The vulnerable code is not present. Typically this case
|
152
|
+
# occurs when source code is configured or built in a way that excludes
|
153
|
+
# the vulnerable code.
|
154
|
+
VULNERABLE_CODE_NOT_PRESENT = 2
|
155
|
+
|
156
|
+
# The vulnerable code can not be executed.
|
157
|
+
# Typically this case occurs when the product includes the vulnerable
|
158
|
+
# code but does not call or use the vulnerable code.
|
159
|
+
VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3
|
160
|
+
|
161
|
+
# The vulnerable code cannot be controlled by an attacker to exploit
|
162
|
+
# the vulnerability.
|
163
|
+
VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4
|
164
|
+
|
165
|
+
# The product includes built-in protections or features that prevent
|
166
|
+
# exploitation of the vulnerability. These built-in protections cannot
|
167
|
+
# be subverted by the attacker and cannot be configured or disabled by
|
168
|
+
# the user. These mitigations completely prevent exploitation based on
|
169
|
+
# known attack vectors.
|
170
|
+
INLINE_MITIGATIONS_ALREADY_EXIST = 5
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
# Specifies details on how to handle (and presumably, fix) a vulnerability.
|
175
|
+
# @!attribute [rw] remediation_type
|
176
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
|
177
|
+
# The type of remediation that can be applied.
|
178
|
+
# @!attribute [rw] details
|
179
|
+
# @return [::String]
|
180
|
+
# Contains a comprehensive human-readable discussion of the remediation.
|
181
|
+
# @!attribute [rw] remediation_uri
|
182
|
+
# @return [::Grafeas::V1::RelatedUrl]
|
183
|
+
# Contains the URL where to obtain the remediation.
|
184
|
+
class Remediation
|
185
|
+
include ::Google::Protobuf::MessageExts
|
186
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
187
|
+
|
188
|
+
# The type of remediation that can be applied.
|
189
|
+
module RemediationType
|
190
|
+
# No remediation type specified.
|
191
|
+
REMEDIATION_TYPE_UNSPECIFIED = 0
|
192
|
+
|
193
|
+
# A MITIGATION is available.
|
194
|
+
MITIGATION = 1
|
195
|
+
|
196
|
+
# No fix is planned.
|
197
|
+
NO_FIX_PLANNED = 2
|
198
|
+
|
199
|
+
# Not available.
|
200
|
+
NONE_AVAILABLE = 3
|
201
|
+
|
202
|
+
# A vendor fix is available.
|
203
|
+
VENDOR_FIX = 4
|
204
|
+
|
205
|
+
# A workaround is available.
|
206
|
+
WORKAROUND = 5
|
207
|
+
end
|
208
|
+
end
|
209
|
+
|
210
|
+
# Provides the state of this Vulnerability assessment.
|
211
|
+
module State
|
212
|
+
# No state is specified.
|
213
|
+
STATE_UNSPECIFIED = 0
|
214
|
+
|
215
|
+
# This product is known to be affected by this vulnerability.
|
216
|
+
AFFECTED = 1
|
217
|
+
|
218
|
+
# This product is known to be not affected by this vulnerability.
|
219
|
+
NOT_AFFECTED = 2
|
220
|
+
|
221
|
+
# This product contains a fix for this vulnerability.
|
222
|
+
FIXED = 3
|
223
|
+
|
224
|
+
# It is not known yet whether these versions are or are not affected
|
225
|
+
# by the vulnerability. However, it is still under investigation.
|
226
|
+
UNDER_INVESTIGATION = 4
|
227
|
+
end
|
228
|
+
end
|
229
|
+
end
|
230
|
+
end
|
231
|
+
end
|
@@ -211,6 +211,8 @@ module Grafeas
|
|
211
211
|
# @!attribute [rw] cvss_v2
|
212
212
|
# @return [::Grafeas::V1::CVSS]
|
213
213
|
# The cvss v2 score for the vulnerability.
|
214
|
+
# @!attribute [rw] vex_assessment
|
215
|
+
# @return [::Grafeas::V1::VulnerabilityOccurrence::VexAssessment]
|
214
216
|
class VulnerabilityOccurrence
|
215
217
|
include ::Google::Protobuf::MessageExts
|
216
218
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -259,6 +261,42 @@ module Grafeas
|
|
259
261
|
include ::Google::Protobuf::MessageExts
|
260
262
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
261
263
|
end
|
264
|
+
|
265
|
+
# VexAssessment provides all publisher provided Vex information that is
|
266
|
+
# related to this vulnerability.
|
267
|
+
# @!attribute [rw] cve
|
268
|
+
# @return [::String]
|
269
|
+
# Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
|
270
|
+
# tracking number for the vulnerability.
|
271
|
+
# @!attribute [rw] related_uris
|
272
|
+
# @return [::Array<::Grafeas::V1::RelatedUrl>]
|
273
|
+
# Holds a list of references associated with this vulnerability item and
|
274
|
+
# assessment.
|
275
|
+
# @!attribute [rw] note_name
|
276
|
+
# @return [::String]
|
277
|
+
# The VulnerabilityAssessment note from which this VexAssessment was
|
278
|
+
# generated.
|
279
|
+
# This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
|
280
|
+
# (-- api-linter: core::0122::name-suffix=disabled
|
281
|
+
# aip.dev/not-precedent: The suffix is kept for consistency. --)
|
282
|
+
# @!attribute [rw] state
|
283
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
|
284
|
+
# Provides the state of this Vulnerability assessment.
|
285
|
+
# @!attribute [rw] impacts
|
286
|
+
# @return [::Array<::String>]
|
287
|
+
# Contains information about the impact of this vulnerability,
|
288
|
+
# this will change with time.
|
289
|
+
# @!attribute [rw] remediations
|
290
|
+
# @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
|
291
|
+
# Specifies details on how to handle (and presumably, fix) a vulnerability.
|
292
|
+
# @!attribute [rw] justification
|
293
|
+
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
|
294
|
+
# Justification provides the justification when the state of the
|
295
|
+
# assessment if NOT_AFFECTED.
|
296
|
+
class VexAssessment
|
297
|
+
include ::Google::Protobuf::MessageExts
|
298
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
299
|
+
end
|
262
300
|
end
|
263
301
|
end
|
264
302
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: grafeas-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-03-
|
11
|
+
date: 2023-03-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|
@@ -193,6 +193,7 @@ files:
|
|
193
193
|
- lib/grafeas/v1/slsa_provenance_zero_two_pb.rb
|
194
194
|
- lib/grafeas/v1/upgrade_pb.rb
|
195
195
|
- lib/grafeas/v1/version.rb
|
196
|
+
- lib/grafeas/v1/vex_pb.rb
|
196
197
|
- lib/grafeas/v1/vulnerability_pb.rb
|
197
198
|
- proto_docs/README.md
|
198
199
|
- proto_docs/google/api/client.rb
|
@@ -224,6 +225,7 @@ files:
|
|
224
225
|
- proto_docs/grafeas/v1/slsa_provenance.rb
|
225
226
|
- proto_docs/grafeas/v1/slsa_provenance_zero_two.rb
|
226
227
|
- proto_docs/grafeas/v1/upgrade.rb
|
228
|
+
- proto_docs/grafeas/v1/vex.rb
|
227
229
|
- proto_docs/grafeas/v1/vulnerability.rb
|
228
230
|
homepage: https://github.com/googleapis/google-cloud-ruby
|
229
231
|
licenses:
|