grafeas 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cf078d19b5abb46085c1f282826329a38222189dae4db4dd6ca021ef5374245f
4
- data.tar.gz: 91a5bf5b5bcc209704179c058020f827a66606656834200b6188b3b90d45d6b2
3
+ metadata.gz: d4c5e1fdbd025ab57c333bbd052c84bc8f86a12ac088169b1915d5472feaf62f
4
+ data.tar.gz: cc4f0da92b611b865ac61ae5f20e9a3b33b77ce4475865f12d10176f1c75ea2f
5
5
  SHA512:
6
- metadata.gz: a91b90e2b90c28357aede2ab29f6059516384462c4fcb5a8d53f903c9a1adcfbb56c7237a967c9669181b3dfb98ae9b6d823c8b4354d89fdaf1c3868f77dc23a
7
- data.tar.gz: f3488b8143b2b6043a5ac8bf56a004f33893874b469f1ca9bceb39b275957dabfca9b4eea18a249713116c6ce0a23068222a80e8953861c1b63b03bb55dca959
6
+ metadata.gz: e6f70184fd9354ec30e1d877ee2b027aa2ad1fd1ec21873a4e3e8ac2f0a926c7cb24e1403429e0c2a999855a8b1de6d33358fde368128fc640b42535ccc5e31f
7
+ data.tar.gz: 4ebc581d2b13f4fbb00604249475b76a2c0dd156436de085d763d19e0442b83b22485d92bebf695832cbba265a53b535604c1e9611e0327dabfaccb3b02a0aa7
@@ -22,6 +22,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
22
22
  value :DEPLOYMENT, 5
23
23
  value :DISCOVERY, 6
24
24
  value :ATTESTATION, 7
25
+ value :UPGRADE, 8
25
26
  end
26
27
  end
27
28
 
@@ -4,6 +4,7 @@
4
4
 
5
5
  require 'google/protobuf'
6
6
 
7
+ require 'google/protobuf/timestamp_pb'
7
8
  require 'google/rpc/status_pb'
8
9
  require 'grafeas/v1/common_pb'
9
10
  Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -14,6 +15,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
14
15
  optional :continuous_analysis, :enum, 1, "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis"
15
16
  optional :analysis_status, :enum, 2, "grafeas.v1.DiscoveryOccurrence.AnalysisStatus"
16
17
  optional :analysis_status_error, :message, 3, "google.rpc.Status"
18
+ optional :cpe, :string, 4
19
+ optional :last_scan_time, :message, 5, "google.protobuf.Timestamp"
17
20
  end
18
21
  add_enum "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis" do
19
22
  value :CONTINUOUS_ANALYSIS_UNSPECIFIED, 0
@@ -100,6 +100,9 @@ module Grafeas
100
100
 
101
101
  # This represents a logical "role" that can attest to artifacts.
102
102
  ATTESTATION = 7
103
+
104
+ # This represents an available package upgrade.
105
+ UPGRADE = 8
103
106
  end
104
107
  end
105
108
  end
@@ -36,6 +36,12 @@ module Grafeas
36
36
  # When an error is encountered this will contain a LocalizedMessage under
37
37
  # details to show to the user. The LocalizedMessage is output only and
38
38
  # populated by the API.
39
+ # @!attribute [rw] cpe
40
+ # @return [String]
41
+ # The CPE of the resource being scanned.
42
+ # @!attribute [rw] last_scan_time
43
+ # @return [Google::Protobuf::Timestamp]
44
+ # The last time this resource was scanned.
39
45
  class DiscoveryOccurrence
40
46
  # Analysis status for a resource. Currently for initial analysis only (not
41
47
  # updated in continuous analysis).
@@ -65,6 +65,9 @@ module Grafeas
65
65
  # @!attribute [rw] attestation
66
66
  # @return [Grafeas::V1::AttestationOccurrence]
67
67
  # Describes an attestation of an artifact.
68
+ # @!attribute [rw] upgrade
69
+ # @return [Grafeas::V1::UpgradeOccurrence]
70
+ # Describes an available package upgrade on the linked resource.
68
71
  class Occurrence; end
69
72
 
70
73
  # A type of analysis that can be done for a resource.
@@ -120,6 +123,9 @@ module Grafeas
120
123
  # @!attribute [rw] attestation
121
124
  # @return [Grafeas::V1::AttestationNote]
122
125
  # A note describing an attestation role.
126
+ # @!attribute [rw] upgrade
127
+ # @return [Grafeas::V1::UpgradeNote]
128
+ # A note describing available package upgrades.
123
129
  class Note; end
124
130
 
125
131
  # Request to get an occurrence.
@@ -157,7 +163,7 @@ module Grafeas
157
163
  # results.
158
164
  class ListOccurrencesResponse; end
159
165
 
160
- # Request to delete a occurrence.
166
+ # Request to delete an occurrence.
161
167
  # @!attribute [rw] name
162
168
  # @return [String]
163
169
  # The name of the occurrence in the form of
@@ -0,0 +1,126 @@
1
+ # Copyright 2019 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # https://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ module Grafeas
17
+ module V1
18
+ # An Upgrade Note represents a potential upgrade of a package to a given
19
+ # version. For each package version combination (i.e. bash 4.0, bash 4.1,
20
+ # bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field
21
+ # represents the information related to the update.
22
+ # @!attribute [rw] package
23
+ # @return [String]
24
+ # Required for non-Windows OS. The package this Upgrade is for.
25
+ # @!attribute [rw] version
26
+ # @return [Grafeas::V1::Version]
27
+ # Required for non-Windows OS. The version of the package in machine + human
28
+ # readable form.
29
+ # @!attribute [rw] distributions
30
+ # @return [Array<Grafeas::V1::UpgradeDistribution>]
31
+ # Metadata about the upgrade for each specific operating system.
32
+ # @!attribute [rw] windows_update
33
+ # @return [Grafeas::V1::WindowsUpdate]
34
+ # Required for Windows OS. Represents the metadata about the Windows update.
35
+ class UpgradeNote; end
36
+
37
+ # The Upgrade Distribution represents metadata about the Upgrade for each
38
+ # operating system (CPE). Some distributions have additional metadata around
39
+ # updates, classifying them into various categories and severities.
40
+ # @!attribute [rw] cpe_uri
41
+ # @return [String]
42
+ # Required - The specific operating system this metadata applies to. See
43
+ # https://cpe.mitre.org/specification/.
44
+ # @!attribute [rw] classification
45
+ # @return [String]
46
+ # The operating system classification of this Upgrade, as specified by the
47
+ # upstream operating system upgrade feed. For Windows the classification is
48
+ # one of the category_ids listed at
49
+ # https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
50
+ # @!attribute [rw] severity
51
+ # @return [String]
52
+ # The severity as specified by the upstream operating system.
53
+ # @!attribute [rw] cve
54
+ # @return [Array<String>]
55
+ # The cve tied to this Upgrade.
56
+ class UpgradeDistribution; end
57
+
58
+ # Windows Update represents the metadata about the update for the Windows
59
+ # operating system. The fields in this message come from the Windows Update API
60
+ # documented at
61
+ # https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
62
+ # @!attribute [rw] identity
63
+ # @return [Grafeas::V1::WindowsUpdate::Identity]
64
+ # Required - The unique identifier for the update.
65
+ # @!attribute [rw] title
66
+ # @return [String]
67
+ # The localized title of the update.
68
+ # @!attribute [rw] description
69
+ # @return [String]
70
+ # The localized description of the update.
71
+ # @!attribute [rw] categories
72
+ # @return [Array<Grafeas::V1::WindowsUpdate::Category>]
73
+ # The list of categories to which the update belongs.
74
+ # @!attribute [rw] kb_article_ids
75
+ # @return [Array<String>]
76
+ # The Microsoft Knowledge Base article IDs that are associated with the
77
+ # update.
78
+ # @!attribute [rw] support_url
79
+ # @return [String]
80
+ # The hyperlink to the support information for the update.
81
+ # @!attribute [rw] last_published_timestamp
82
+ # @return [Google::Protobuf::Timestamp]
83
+ # The last published timestamp of the update.
84
+ class WindowsUpdate
85
+ # The unique identifier of the update.
86
+ # @!attribute [rw] update_id
87
+ # @return [String]
88
+ # The revision independent identifier of the update.
89
+ # @!attribute [rw] revision
90
+ # @return [Integer]
91
+ # The revision number of the update.
92
+ class Identity; end
93
+
94
+ # The category to which the update belongs.
95
+ # @!attribute [rw] category_id
96
+ # @return [String]
97
+ # The identifier of the category.
98
+ # @!attribute [rw] name
99
+ # @return [String]
100
+ # The localized name of the category.
101
+ class Category; end
102
+ end
103
+
104
+ # An Upgrade Occurrence represents that a specific resource_url could install a
105
+ # specific upgrade. This presence is supplied via local sources (i.e. it is
106
+ # present in the mirror and the running system has noticed its availability).
107
+ # For Windows, both distribution and windows_update contain information for the
108
+ # Windows update.
109
+ # @!attribute [rw] package
110
+ # @return [String]
111
+ # Required for non-Windows OS. The package this Upgrade is for.
112
+ # @!attribute [rw] parsed_version
113
+ # @return [Grafeas::V1::Version]
114
+ # Required for non-Windows OS. The version of the package in a machine +
115
+ # human readable form.
116
+ # @!attribute [rw] distribution
117
+ # @return [Grafeas::V1::UpgradeDistribution]
118
+ # Metadata about the upgrade for available for the specific operating system
119
+ # for the resource_url. This allows efficient filtering, as well as
120
+ # making it easier to use the occurrence.
121
+ # @!attribute [rw] windows_update
122
+ # @return [Grafeas::V1::WindowsUpdate]
123
+ # Required for Windows OS. Represents the metadata about the Windows update.
124
+ class UpgradeOccurrence; end
125
+ end
126
+ end
@@ -35,6 +35,11 @@ module Grafeas
35
35
  # model don't match a normal detail. Specifically Windows updates are done as
36
36
  # patches, thus Windows vulnerabilities really are a missing package, rather
37
37
  # than a package being at an incorrect version.
38
+ # @!attribute [rw] source_update_time
39
+ # @return [Google::Protobuf::Timestamp]
40
+ # The time this information was last changed at the source. This is an
41
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
42
+ # security tracker.
38
43
  class VulnerabilityNote
39
44
  # A detail for a distro and package affected by this vulnerability and its
40
45
  # associated fix (if one is available).
@@ -92,6 +97,11 @@ module Grafeas
92
97
  # @return [true, false]
93
98
  # Whether this detail is obsolete. Occurrences are expected not to point to
94
99
  # obsolete details.
100
+ # @!attribute [rw] source_update_time
101
+ # @return [Google::Protobuf::Timestamp]
102
+ # The time this information was last changed at the source. This is an
103
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
104
+ # security tracker.
95
105
  class Detail; end
96
106
 
97
107
  # @!attribute [rw] cpe_uri
@@ -151,8 +161,7 @@ module Grafeas
151
161
  # @!attribute [rw] effective_severity
152
162
  # @return [Grafeas::V1::Severity]
153
163
  # The distro assigned severity for this vulnerability when it is available,
154
- # and note provider assigned severity when distro has not yet assigned a
155
- # severity for this vulnerability.
164
+ # otherwise this is the note provider assigned severity.
156
165
  # @!attribute [rw] fix_available
157
166
  # @return [true, false]
158
167
  # Output only. Whether at least one of the affected packages has a fix
@@ -5,6 +5,9 @@
5
5
  require 'google/protobuf'
6
6
 
7
7
  require 'google/api/annotations_pb'
8
+ require 'google/api/client_pb'
9
+ require 'google/api/field_behavior_pb'
10
+ require 'google/api/resource_pb'
8
11
  require 'google/protobuf/empty_pb'
9
12
  require 'google/protobuf/field_mask_pb'
10
13
  require 'google/protobuf/timestamp_pb'
@@ -15,7 +18,7 @@ require 'grafeas/v1/deployment_pb'
15
18
  require 'grafeas/v1/discovery_pb'
16
19
  require 'grafeas/v1/image_pb'
17
20
  require 'grafeas/v1/package_pb'
18
- require 'grafeas/v1/provenance_pb'
21
+ require 'grafeas/v1/upgrade_pb'
19
22
  require 'grafeas/v1/vulnerability_pb'
20
23
  Google::Protobuf::DescriptorPool.generated_pool.build do
21
24
  add_message "grafeas.v1.Occurrence" do
@@ -34,6 +37,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
34
37
  optional :deployment, :message, 12, "grafeas.v1.DeploymentOccurrence"
35
38
  optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
36
39
  optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
40
+ optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
37
41
  end
38
42
  end
39
43
  add_message "grafeas.v1.Note" do
@@ -54,6 +58,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
54
58
  optional :deployment, :message, 14, "grafeas.v1.DeploymentNote"
55
59
  optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
56
60
  optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
61
+ optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
57
62
  end
58
63
  end
59
64
  add_message "grafeas.v1.GetOccurrenceRequest" do
@@ -0,0 +1,56 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/upgrade.proto
3
+
4
+
5
+ require 'google/protobuf'
6
+
7
+ require 'google/protobuf/timestamp_pb'
8
+ require 'grafeas/v1/package_pb'
9
+ Google::Protobuf::DescriptorPool.generated_pool.build do
10
+ add_message "grafeas.v1.UpgradeNote" do
11
+ optional :package, :string, 1
12
+ optional :version, :message, 2, "grafeas.v1.Version"
13
+ repeated :distributions, :message, 3, "grafeas.v1.UpgradeDistribution"
14
+ optional :windows_update, :message, 4, "grafeas.v1.WindowsUpdate"
15
+ end
16
+ add_message "grafeas.v1.UpgradeDistribution" do
17
+ optional :cpe_uri, :string, 1
18
+ optional :classification, :string, 2
19
+ optional :severity, :string, 3
20
+ repeated :cve, :string, 4
21
+ end
22
+ add_message "grafeas.v1.WindowsUpdate" do
23
+ optional :identity, :message, 1, "grafeas.v1.WindowsUpdate.Identity"
24
+ optional :title, :string, 2
25
+ optional :description, :string, 3
26
+ repeated :categories, :message, 4, "grafeas.v1.WindowsUpdate.Category"
27
+ repeated :kb_article_ids, :string, 5
28
+ optional :support_url, :string, 6
29
+ optional :last_published_timestamp, :message, 7, "google.protobuf.Timestamp"
30
+ end
31
+ add_message "grafeas.v1.WindowsUpdate.Identity" do
32
+ optional :update_id, :string, 1
33
+ optional :revision, :int32, 2
34
+ end
35
+ add_message "grafeas.v1.WindowsUpdate.Category" do
36
+ optional :category_id, :string, 1
37
+ optional :name, :string, 2
38
+ end
39
+ add_message "grafeas.v1.UpgradeOccurrence" do
40
+ optional :package, :string, 1
41
+ optional :parsed_version, :message, 3, "grafeas.v1.Version"
42
+ optional :distribution, :message, 4, "grafeas.v1.UpgradeDistribution"
43
+ optional :windows_update, :message, 5, "grafeas.v1.WindowsUpdate"
44
+ end
45
+ end
46
+
47
+ module Grafeas
48
+ module V1
49
+ UpgradeNote = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeNote").msgclass
50
+ UpgradeDistribution = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeDistribution").msgclass
51
+ WindowsUpdate = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate").msgclass
52
+ WindowsUpdate::Identity = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Identity").msgclass
53
+ WindowsUpdate::Category = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Category").msgclass
54
+ UpgradeOccurrence = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeOccurrence").msgclass
55
+ end
56
+ end
@@ -4,6 +4,7 @@
4
4
 
5
5
  require 'google/protobuf'
6
6
 
7
+ require 'google/protobuf/timestamp_pb'
7
8
  require 'grafeas/v1/common_pb'
8
9
  require 'grafeas/v1/cvss_pb'
9
10
  require 'grafeas/v1/package_pb'
@@ -14,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
14
15
  repeated :details, :message, 3, "grafeas.v1.VulnerabilityNote.Detail"
15
16
  optional :cvss_v3, :message, 4, "grafeas.v1.CVSSv3"
16
17
  repeated :windows_details, :message, 5, "grafeas.v1.VulnerabilityNote.WindowsDetail"
18
+ optional :source_update_time, :message, 6, "google.protobuf.Timestamp"
17
19
  end
18
20
  add_message "grafeas.v1.VulnerabilityNote.Detail" do
19
21
  optional :severity_name, :string, 1
@@ -27,6 +29,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
27
29
  optional :fixed_package, :string, 9
28
30
  optional :fixed_version, :message, 10, "grafeas.v1.Version"
29
31
  optional :is_obsolete, :bool, 11
32
+ optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
30
33
  end
31
34
  add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
32
35
  optional :cpe_uri, :string, 1
@@ -14,5 +14,5 @@
14
14
 
15
15
 
16
16
  module Grafeas
17
- VERSION = "0.1.1".freeze
17
+ VERSION = "0.2.0".freeze
18
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grafeas
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-07 00:00:00.000000000 Z
11
+ date: 2020-01-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-gax
@@ -182,6 +182,7 @@ files:
182
182
  - lib/grafeas/v1/doc/grafeas/v1/image.rb
183
183
  - lib/grafeas/v1/doc/grafeas/v1/package.rb
184
184
  - lib/grafeas/v1/doc/grafeas/v1/provenance.rb
185
+ - lib/grafeas/v1/doc/grafeas/v1/upgrade.rb
185
186
  - lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb
186
187
  - lib/grafeas/v1/grafeas_client.rb
187
188
  - lib/grafeas/v1/grafeas_client_config.json
@@ -190,6 +191,7 @@ files:
190
191
  - lib/grafeas/v1/image_pb.rb
191
192
  - lib/grafeas/v1/package_pb.rb
192
193
  - lib/grafeas/v1/provenance_pb.rb
194
+ - lib/grafeas/v1/upgrade_pb.rb
193
195
  - lib/grafeas/v1/vulnerability_pb.rb
194
196
  - lib/grafeas/version.rb
195
197
  homepage: https://github.com/googleapis/googleapis