grafeas 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf078d19b5abb46085c1f282826329a38222189dae4db4dd6ca021ef5374245f
-  data.tar.gz: 91a5bf5b5bcc209704179c058020f827a66606656834200b6188b3b90d45d6b2
+  metadata.gz: d4c5e1fdbd025ab57c333bbd052c84bc8f86a12ac088169b1915d5472feaf62f
+  data.tar.gz: cc4f0da92b611b865ac61ae5f20e9a3b33b77ce4475865f12d10176f1c75ea2f
 SHA512:
-  metadata.gz: a91b90e2b90c28357aede2ab29f6059516384462c4fcb5a8d53f903c9a1adcfbb56c7237a967c9669181b3dfb98ae9b6d823c8b4354d89fdaf1c3868f77dc23a
-  data.tar.gz: f3488b8143b2b6043a5ac8bf56a004f33893874b469f1ca9bceb39b275957dabfca9b4eea18a249713116c6ce0a23068222a80e8953861c1b63b03bb55dca959
+  metadata.gz: e6f70184fd9354ec30e1d877ee2b027aa2ad1fd1ec21873a4e3e8ac2f0a926c7cb24e1403429e0c2a999855a8b1de6d33358fde368128fc640b42535ccc5e31f
+  data.tar.gz: 4ebc581d2b13f4fbb00604249475b76a2c0dd156436de085d763d19e0442b83b22485d92bebf695832cbba265a53b535604c1e9611e0327dabfaccb3b02a0aa7

data/lib/grafeas/v1/common_pb.rb

@@ -22,6 +22,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     value :DEPLOYMENT, 5
     value :DISCOVERY, 6
     value :ATTESTATION, 7
+    value :UPGRADE, 8
   end
 end
 

data/lib/grafeas/v1/discovery_pb.rb

@@ -4,6 +4,7 @@
 
 require 'google/protobuf'
 
+require 'google/protobuf/timestamp_pb'
 require 'google/rpc/status_pb'
 require 'grafeas/v1/common_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -14,6 +15,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     optional :continuous_analysis, :enum, 1, "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis"
     optional :analysis_status, :enum, 2, "grafeas.v1.DiscoveryOccurrence.AnalysisStatus"
     optional :analysis_status_error, :message, 3, "google.rpc.Status"
+    optional :cpe, :string, 4
+    optional :last_scan_time, :message, 5, "google.protobuf.Timestamp"
   end
   add_enum "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis" do
     value :CONTINUOUS_ANALYSIS_UNSPECIFIED, 0

data/lib/grafeas/v1/doc/grafeas/v1/common.rb

@@ -100,6 +100,9 @@ module Grafeas
 
       # This represents a logical "role" that can attest to artifacts.
       ATTESTATION = 7
+
+      # This represents an available package upgrade.
+      UPGRADE = 8
     end
   end
 end

data/lib/grafeas/v1/doc/grafeas/v1/discovery.rb

@@ -36,6 +36,12 @@ module Grafeas
     #     When an error is encountered this will contain a LocalizedMessage under
     #     details to show to the user. The LocalizedMessage is output only and
     #     populated by the API.
+    # @!attribute [rw] cpe
+    #   @return [String]
+    #     The CPE of the resource being scanned.
+    # @!attribute [rw] last_scan_time
+    #   @return [Google::Protobuf::Timestamp]
+    #     The last time this resource was scanned.
     class DiscoveryOccurrence
       # Analysis status for a resource. Currently for initial analysis only (not
       # updated in continuous analysis).

data/lib/grafeas/v1/doc/grafeas/v1/grafeas.rb

@@ -65,6 +65,9 @@ module Grafeas
     # @!attribute [rw] attestation
     #   @return [Grafeas::V1::AttestationOccurrence]
     #     Describes an attestation of an artifact.
+    # @!attribute [rw] upgrade
+    #   @return [Grafeas::V1::UpgradeOccurrence]
+    #     Describes an available package upgrade on the linked resource.
     class Occurrence; end
 
     # A type of analysis that can be done for a resource.
@@ -120,6 +123,9 @@ module Grafeas
     # @!attribute [rw] attestation
     #   @return [Grafeas::V1::AttestationNote]
     #     A note describing an attestation role.
+    # @!attribute [rw] upgrade
+    #   @return [Grafeas::V1::UpgradeNote]
+    #     A note describing available package upgrades.
     class Note; end
 
     # Request to get an occurrence.
@@ -157,7 +163,7 @@ module Grafeas
     #     results.
     class ListOccurrencesResponse; end
 
-    # Request to delete a occurrence.
+    # Request to delete an occurrence.
     # @!attribute [rw] name
     #   @return [String]
     #     The name of the occurrence in the form of

data/lib/grafeas/v1/doc/grafeas/v1/upgrade.rb

@@ -0,0 +1,126 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Grafeas
+  module V1
+    # An Upgrade Note represents a potential upgrade of a package to a given
+    # version. For each package version combination (i.e. bash 4.0, bash 4.1,
+    # bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field
+    # represents the information related to the update.
+    # @!attribute [rw] package
+    #   @return [String]
+    #     Required for non-Windows OS. The package this Upgrade is for.
+    # @!attribute [rw] version
+    #   @return [Grafeas::V1::Version]
+    #     Required for non-Windows OS. The version of the package in machine + human
+    #     readable form.
+    # @!attribute [rw] distributions
+    #   @return [Array<Grafeas::V1::UpgradeDistribution>]
+    #     Metadata about the upgrade for each specific operating system.
+    # @!attribute [rw] windows_update
+    #   @return [Grafeas::V1::WindowsUpdate]
+    #     Required for Windows OS. Represents the metadata about the Windows update.
+    class UpgradeNote; end
+
+    # The Upgrade Distribution represents metadata about the Upgrade for each
+    # operating system (CPE). Some distributions have additional metadata around
+    # updates, classifying them into various categories and severities.
+    # @!attribute [rw] cpe_uri
+    #   @return [String]
+    #     Required - The specific operating system this metadata applies to. See
+    #     https://cpe.mitre.org/specification/.
+    # @!attribute [rw] classification
+    #   @return [String]
+    #     The operating system classification of this Upgrade, as specified by the
+    #     upstream operating system upgrade feed. For Windows the classification is
+    #     one of the category_ids listed at
+    #     https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+    # @!attribute [rw] severity
+    #   @return [String]
+    #     The severity as specified by the upstream operating system.
+    # @!attribute [rw] cve
+    #   @return [Array<String>]
+    #     The cve tied to this Upgrade.
+    class UpgradeDistribution; end
+
+    # Windows Update represents the metadata about the update for the Windows
+    # operating system. The fields in this message come from the Windows Update API
+    # documented at
+    # https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
+    # @!attribute [rw] identity
+    #   @return [Grafeas::V1::WindowsUpdate::Identity]
+    #     Required - The unique identifier for the update.
+    # @!attribute [rw] title
+    #   @return [String]
+    #     The localized title of the update.
+    # @!attribute [rw] description
+    #   @return [String]
+    #     The localized description of the update.
+    # @!attribute [rw] categories
+    #   @return [Array<Grafeas::V1::WindowsUpdate::Category>]
+    #     The list of categories to which the update belongs.
+    # @!attribute [rw] kb_article_ids
+    #   @return [Array<String>]
+    #     The Microsoft Knowledge Base article IDs that are associated with the
+    #     update.
+    # @!attribute [rw] support_url
+    #   @return [String]
+    #     The hyperlink to the support information for the update.
+    # @!attribute [rw] last_published_timestamp
+    #   @return [Google::Protobuf::Timestamp]
+    #     The last published timestamp of the update.
+    class WindowsUpdate
+      # The unique identifier of the update.
+      # @!attribute [rw] update_id
+      #   @return [String]
+      #     The revision independent identifier of the update.
+      # @!attribute [rw] revision
+      #   @return [Integer]
+      #     The revision number of the update.
+      class Identity; end
+
+      # The category to which the update belongs.
+      # @!attribute [rw] category_id
+      #   @return [String]
+      #     The identifier of the category.
+      # @!attribute [rw] name
+      #   @return [String]
+      #     The localized name of the category.
+      class Category; end
+    end
+
+    # An Upgrade Occurrence represents that a specific resource_url could install a
+    # specific upgrade. This presence is supplied via local sources (i.e. it is
+    # present in the mirror and the running system has noticed its availability).
+    # For Windows, both distribution and windows_update contain information for the
+    # Windows update.
+    # @!attribute [rw] package
+    #   @return [String]
+    #     Required for non-Windows OS. The package this Upgrade is for.
+    # @!attribute [rw] parsed_version
+    #   @return [Grafeas::V1::Version]
+    #     Required for non-Windows OS. The version of the package in a machine +
+    #     human readable form.
+    # @!attribute [rw] distribution
+    #   @return [Grafeas::V1::UpgradeDistribution]
+    #     Metadata about the upgrade for available for the specific operating system
+    #     for the resource_url. This allows efficient filtering, as well as
+    #     making it easier to use the occurrence.
+    # @!attribute [rw] windows_update
+    #   @return [Grafeas::V1::WindowsUpdate]
+    #     Required for Windows OS. Represents the metadata about the Windows update.
+    class UpgradeOccurrence; end
+  end
+end

data/lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb

@@ -35,6 +35,11 @@ module Grafeas
     #     model don't match a normal detail. Specifically Windows updates are done as
     #     patches, thus Windows vulnerabilities really are a missing package, rather
     #     than a package being at an incorrect version.
+    # @!attribute [rw] source_update_time
+    #   @return [Google::Protobuf::Timestamp]
+    #     The time this information was last changed at the source. This is an
+    #     upstream timestamp from the underlying information source - e.g. Ubuntu
+    #     security tracker.
     class VulnerabilityNote
       # A detail for a distro and package affected by this vulnerability and its
       # associated fix (if one is available).
@@ -92,6 +97,11 @@ module Grafeas
       #   @return [true, false]
       #     Whether this detail is obsolete. Occurrences are expected not to point to
       #     obsolete details.
+      # @!attribute [rw] source_update_time
+      #   @return [Google::Protobuf::Timestamp]
+      #     The time this information was last changed at the source. This is an
+      #     upstream timestamp from the underlying information source - e.g. Ubuntu
+      #     security tracker.
       class Detail; end
 
       # @!attribute [rw] cpe_uri
@@ -151,8 +161,7 @@ module Grafeas
     # @!attribute [rw] effective_severity
     #   @return [Grafeas::V1::Severity]
     #     The distro assigned severity for this vulnerability when it is available,
-    #     and note provider assigned severity when distro has not yet assigned a
-    #     severity for this vulnerability.
+    #     otherwise this is the note provider assigned severity.
     # @!attribute [rw] fix_available
     #   @return [true, false]
     #     Output only. Whether at least one of the affected packages has a fix

data/lib/grafeas/v1/grafeas_pb.rb

@@ -5,6 +5,9 @@
 require 'google/protobuf'
 
 require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/protobuf/empty_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
@@ -15,7 +18,7 @@ require 'grafeas/v1/deployment_pb'
 require 'grafeas/v1/discovery_pb'
 require 'grafeas/v1/image_pb'
 require 'grafeas/v1/package_pb'
-require 'grafeas/v1/provenance_pb'
+require 'grafeas/v1/upgrade_pb'
 require 'grafeas/v1/vulnerability_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_message "grafeas.v1.Occurrence" do
@@ -34,6 +37,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :deployment, :message, 12, "grafeas.v1.DeploymentOccurrence"
       optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
       optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
+      optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
     end
   end
   add_message "grafeas.v1.Note" do
@@ -54,6 +58,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :deployment, :message, 14, "grafeas.v1.DeploymentNote"
       optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
       optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
+      optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
     end
   end
   add_message "grafeas.v1.GetOccurrenceRequest" do

data/lib/grafeas/v1/upgrade_pb.rb

@@ -0,0 +1,56 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: grafeas/v1/upgrade.proto
+
+
+require 'google/protobuf'
+
+require 'google/protobuf/timestamp_pb'
+require 'grafeas/v1/package_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "grafeas.v1.UpgradeNote" do
+    optional :package, :string, 1
+    optional :version, :message, 2, "grafeas.v1.Version"
+    repeated :distributions, :message, 3, "grafeas.v1.UpgradeDistribution"
+    optional :windows_update, :message, 4, "grafeas.v1.WindowsUpdate"
+  end
+  add_message "grafeas.v1.UpgradeDistribution" do
+    optional :cpe_uri, :string, 1
+    optional :classification, :string, 2
+    optional :severity, :string, 3
+    repeated :cve, :string, 4
+  end
+  add_message "grafeas.v1.WindowsUpdate" do
+    optional :identity, :message, 1, "grafeas.v1.WindowsUpdate.Identity"
+    optional :title, :string, 2
+    optional :description, :string, 3
+    repeated :categories, :message, 4, "grafeas.v1.WindowsUpdate.Category"
+    repeated :kb_article_ids, :string, 5
+    optional :support_url, :string, 6
+    optional :last_published_timestamp, :message, 7, "google.protobuf.Timestamp"
+  end
+  add_message "grafeas.v1.WindowsUpdate.Identity" do
+    optional :update_id, :string, 1
+    optional :revision, :int32, 2
+  end
+  add_message "grafeas.v1.WindowsUpdate.Category" do
+    optional :category_id, :string, 1
+    optional :name, :string, 2
+  end
+  add_message "grafeas.v1.UpgradeOccurrence" do
+    optional :package, :string, 1
+    optional :parsed_version, :message, 3, "grafeas.v1.Version"
+    optional :distribution, :message, 4, "grafeas.v1.UpgradeDistribution"
+    optional :windows_update, :message, 5, "grafeas.v1.WindowsUpdate"
+  end
+end
+
+module Grafeas
+  module V1
+    UpgradeNote = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeNote").msgclass
+    UpgradeDistribution = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeDistribution").msgclass
+    WindowsUpdate = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate").msgclass
+    WindowsUpdate::Identity = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Identity").msgclass
+    WindowsUpdate::Category = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Category").msgclass
+    UpgradeOccurrence = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeOccurrence").msgclass
+  end
+end

data/lib/grafeas/v1/vulnerability_pb.rb

@@ -4,6 +4,7 @@
 
 require 'google/protobuf'
 
+require 'google/protobuf/timestamp_pb'
 require 'grafeas/v1/common_pb'
 require 'grafeas/v1/cvss_pb'
 require 'grafeas/v1/package_pb'
@@ -14,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     repeated :details, :message, 3, "grafeas.v1.VulnerabilityNote.Detail"
     optional :cvss_v3, :message, 4, "grafeas.v1.CVSSv3"
     repeated :windows_details, :message, 5, "grafeas.v1.VulnerabilityNote.WindowsDetail"
+    optional :source_update_time, :message, 6, "google.protobuf.Timestamp"
   end
   add_message "grafeas.v1.VulnerabilityNote.Detail" do
     optional :severity_name, :string, 1
@@ -27,6 +29,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     optional :fixed_package, :string, 9
     optional :fixed_version, :message, 10, "grafeas.v1.Version"
     optional :is_obsolete, :bool, 11
+    optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
   end
   add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
     optional :cpe_uri, :string, 1

data/lib/grafeas/version.rb

@@ -14,5 +14,5 @@
 
 
 module Grafeas
-  VERSION = "0.1.1".freeze
+  VERSION = "0.2.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafeas
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-07 00:00:00.000000000 Z
+date: 2020-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-gax
@@ -182,6 +182,7 @@ files:
 - lib/grafeas/v1/doc/grafeas/v1/image.rb
 - lib/grafeas/v1/doc/grafeas/v1/package.rb
 - lib/grafeas/v1/doc/grafeas/v1/provenance.rb
+- lib/grafeas/v1/doc/grafeas/v1/upgrade.rb
 - lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb
 - lib/grafeas/v1/grafeas_client.rb
 - lib/grafeas/v1/grafeas_client_config.json
@@ -190,6 +191,7 @@ files:
 - lib/grafeas/v1/image_pb.rb
 - lib/grafeas/v1/package_pb.rb
 - lib/grafeas/v1/provenance_pb.rb
+- lib/grafeas/v1/upgrade_pb.rb
 - lib/grafeas/v1/vulnerability_pb.rb
 - lib/grafeas/version.rb
 homepage: https://github.com/googleapis/googleapis