grafeas 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/grafeas/v1/common_pb.rb +1 -0
- data/lib/grafeas/v1/discovery_pb.rb +3 -0
- data/lib/grafeas/v1/doc/grafeas/v1/common.rb +3 -0
- data/lib/grafeas/v1/doc/grafeas/v1/discovery.rb +6 -0
- data/lib/grafeas/v1/doc/grafeas/v1/grafeas.rb +7 -1
- data/lib/grafeas/v1/doc/grafeas/v1/upgrade.rb +126 -0
- data/lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb +11 -2
- data/lib/grafeas/v1/grafeas_pb.rb +6 -1
- data/lib/grafeas/v1/upgrade_pb.rb +56 -0
- data/lib/grafeas/v1/vulnerability_pb.rb +3 -0
- data/lib/grafeas/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4c5e1fdbd025ab57c333bbd052c84bc8f86a12ac088169b1915d5472feaf62f
|
4
|
+
data.tar.gz: cc4f0da92b611b865ac61ae5f20e9a3b33b77ce4475865f12d10176f1c75ea2f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e6f70184fd9354ec30e1d877ee2b027aa2ad1fd1ec21873a4e3e8ac2f0a926c7cb24e1403429e0c2a999855a8b1de6d33358fde368128fc640b42535ccc5e31f
|
7
|
+
data.tar.gz: 4ebc581d2b13f4fbb00604249475b76a2c0dd156436de085d763d19e0442b83b22485d92bebf695832cbba265a53b535604c1e9611e0327dabfaccb3b02a0aa7
|
data/lib/grafeas/v1/common_pb.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
|
5
5
|
require 'google/protobuf'
|
6
6
|
|
7
|
+
require 'google/protobuf/timestamp_pb'
|
7
8
|
require 'google/rpc/status_pb'
|
8
9
|
require 'grafeas/v1/common_pb'
|
9
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -14,6 +15,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
15
|
optional :continuous_analysis, :enum, 1, "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis"
|
15
16
|
optional :analysis_status, :enum, 2, "grafeas.v1.DiscoveryOccurrence.AnalysisStatus"
|
16
17
|
optional :analysis_status_error, :message, 3, "google.rpc.Status"
|
18
|
+
optional :cpe, :string, 4
|
19
|
+
optional :last_scan_time, :message, 5, "google.protobuf.Timestamp"
|
17
20
|
end
|
18
21
|
add_enum "grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis" do
|
19
22
|
value :CONTINUOUS_ANALYSIS_UNSPECIFIED, 0
|
@@ -36,6 +36,12 @@ module Grafeas
|
|
36
36
|
# When an error is encountered this will contain a LocalizedMessage under
|
37
37
|
# details to show to the user. The LocalizedMessage is output only and
|
38
38
|
# populated by the API.
|
39
|
+
# @!attribute [rw] cpe
|
40
|
+
# @return [String]
|
41
|
+
# The CPE of the resource being scanned.
|
42
|
+
# @!attribute [rw] last_scan_time
|
43
|
+
# @return [Google::Protobuf::Timestamp]
|
44
|
+
# The last time this resource was scanned.
|
39
45
|
class DiscoveryOccurrence
|
40
46
|
# Analysis status for a resource. Currently for initial analysis only (not
|
41
47
|
# updated in continuous analysis).
|
@@ -65,6 +65,9 @@ module Grafeas
|
|
65
65
|
# @!attribute [rw] attestation
|
66
66
|
# @return [Grafeas::V1::AttestationOccurrence]
|
67
67
|
# Describes an attestation of an artifact.
|
68
|
+
# @!attribute [rw] upgrade
|
69
|
+
# @return [Grafeas::V1::UpgradeOccurrence]
|
70
|
+
# Describes an available package upgrade on the linked resource.
|
68
71
|
class Occurrence; end
|
69
72
|
|
70
73
|
# A type of analysis that can be done for a resource.
|
@@ -120,6 +123,9 @@ module Grafeas
|
|
120
123
|
# @!attribute [rw] attestation
|
121
124
|
# @return [Grafeas::V1::AttestationNote]
|
122
125
|
# A note describing an attestation role.
|
126
|
+
# @!attribute [rw] upgrade
|
127
|
+
# @return [Grafeas::V1::UpgradeNote]
|
128
|
+
# A note describing available package upgrades.
|
123
129
|
class Note; end
|
124
130
|
|
125
131
|
# Request to get an occurrence.
|
@@ -157,7 +163,7 @@ module Grafeas
|
|
157
163
|
# results.
|
158
164
|
class ListOccurrencesResponse; end
|
159
165
|
|
160
|
-
# Request to delete
|
166
|
+
# Request to delete an occurrence.
|
161
167
|
# @!attribute [rw] name
|
162
168
|
# @return [String]
|
163
169
|
# The name of the occurrence in the form of
|
@@ -0,0 +1,126 @@
|
|
1
|
+
# Copyright 2019 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
module Grafeas
|
17
|
+
module V1
|
18
|
+
# An Upgrade Note represents a potential upgrade of a package to a given
|
19
|
+
# version. For each package version combination (i.e. bash 4.0, bash 4.1,
|
20
|
+
# bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field
|
21
|
+
# represents the information related to the update.
|
22
|
+
# @!attribute [rw] package
|
23
|
+
# @return [String]
|
24
|
+
# Required for non-Windows OS. The package this Upgrade is for.
|
25
|
+
# @!attribute [rw] version
|
26
|
+
# @return [Grafeas::V1::Version]
|
27
|
+
# Required for non-Windows OS. The version of the package in machine + human
|
28
|
+
# readable form.
|
29
|
+
# @!attribute [rw] distributions
|
30
|
+
# @return [Array<Grafeas::V1::UpgradeDistribution>]
|
31
|
+
# Metadata about the upgrade for each specific operating system.
|
32
|
+
# @!attribute [rw] windows_update
|
33
|
+
# @return [Grafeas::V1::WindowsUpdate]
|
34
|
+
# Required for Windows OS. Represents the metadata about the Windows update.
|
35
|
+
class UpgradeNote; end
|
36
|
+
|
37
|
+
# The Upgrade Distribution represents metadata about the Upgrade for each
|
38
|
+
# operating system (CPE). Some distributions have additional metadata around
|
39
|
+
# updates, classifying them into various categories and severities.
|
40
|
+
# @!attribute [rw] cpe_uri
|
41
|
+
# @return [String]
|
42
|
+
# Required - The specific operating system this metadata applies to. See
|
43
|
+
# https://cpe.mitre.org/specification/.
|
44
|
+
# @!attribute [rw] classification
|
45
|
+
# @return [String]
|
46
|
+
# The operating system classification of this Upgrade, as specified by the
|
47
|
+
# upstream operating system upgrade feed. For Windows the classification is
|
48
|
+
# one of the category_ids listed at
|
49
|
+
# https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
|
50
|
+
# @!attribute [rw] severity
|
51
|
+
# @return [String]
|
52
|
+
# The severity as specified by the upstream operating system.
|
53
|
+
# @!attribute [rw] cve
|
54
|
+
# @return [Array<String>]
|
55
|
+
# The cve tied to this Upgrade.
|
56
|
+
class UpgradeDistribution; end
|
57
|
+
|
58
|
+
# Windows Update represents the metadata about the update for the Windows
|
59
|
+
# operating system. The fields in this message come from the Windows Update API
|
60
|
+
# documented at
|
61
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
|
62
|
+
# @!attribute [rw] identity
|
63
|
+
# @return [Grafeas::V1::WindowsUpdate::Identity]
|
64
|
+
# Required - The unique identifier for the update.
|
65
|
+
# @!attribute [rw] title
|
66
|
+
# @return [String]
|
67
|
+
# The localized title of the update.
|
68
|
+
# @!attribute [rw] description
|
69
|
+
# @return [String]
|
70
|
+
# The localized description of the update.
|
71
|
+
# @!attribute [rw] categories
|
72
|
+
# @return [Array<Grafeas::V1::WindowsUpdate::Category>]
|
73
|
+
# The list of categories to which the update belongs.
|
74
|
+
# @!attribute [rw] kb_article_ids
|
75
|
+
# @return [Array<String>]
|
76
|
+
# The Microsoft Knowledge Base article IDs that are associated with the
|
77
|
+
# update.
|
78
|
+
# @!attribute [rw] support_url
|
79
|
+
# @return [String]
|
80
|
+
# The hyperlink to the support information for the update.
|
81
|
+
# @!attribute [rw] last_published_timestamp
|
82
|
+
# @return [Google::Protobuf::Timestamp]
|
83
|
+
# The last published timestamp of the update.
|
84
|
+
class WindowsUpdate
|
85
|
+
# The unique identifier of the update.
|
86
|
+
# @!attribute [rw] update_id
|
87
|
+
# @return [String]
|
88
|
+
# The revision independent identifier of the update.
|
89
|
+
# @!attribute [rw] revision
|
90
|
+
# @return [Integer]
|
91
|
+
# The revision number of the update.
|
92
|
+
class Identity; end
|
93
|
+
|
94
|
+
# The category to which the update belongs.
|
95
|
+
# @!attribute [rw] category_id
|
96
|
+
# @return [String]
|
97
|
+
# The identifier of the category.
|
98
|
+
# @!attribute [rw] name
|
99
|
+
# @return [String]
|
100
|
+
# The localized name of the category.
|
101
|
+
class Category; end
|
102
|
+
end
|
103
|
+
|
104
|
+
# An Upgrade Occurrence represents that a specific resource_url could install a
|
105
|
+
# specific upgrade. This presence is supplied via local sources (i.e. it is
|
106
|
+
# present in the mirror and the running system has noticed its availability).
|
107
|
+
# For Windows, both distribution and windows_update contain information for the
|
108
|
+
# Windows update.
|
109
|
+
# @!attribute [rw] package
|
110
|
+
# @return [String]
|
111
|
+
# Required for non-Windows OS. The package this Upgrade is for.
|
112
|
+
# @!attribute [rw] parsed_version
|
113
|
+
# @return [Grafeas::V1::Version]
|
114
|
+
# Required for non-Windows OS. The version of the package in a machine +
|
115
|
+
# human readable form.
|
116
|
+
# @!attribute [rw] distribution
|
117
|
+
# @return [Grafeas::V1::UpgradeDistribution]
|
118
|
+
# Metadata about the upgrade for available for the specific operating system
|
119
|
+
# for the resource_url. This allows efficient filtering, as well as
|
120
|
+
# making it easier to use the occurrence.
|
121
|
+
# @!attribute [rw] windows_update
|
122
|
+
# @return [Grafeas::V1::WindowsUpdate]
|
123
|
+
# Required for Windows OS. Represents the metadata about the Windows update.
|
124
|
+
class UpgradeOccurrence; end
|
125
|
+
end
|
126
|
+
end
|
@@ -35,6 +35,11 @@ module Grafeas
|
|
35
35
|
# model don't match a normal detail. Specifically Windows updates are done as
|
36
36
|
# patches, thus Windows vulnerabilities really are a missing package, rather
|
37
37
|
# than a package being at an incorrect version.
|
38
|
+
# @!attribute [rw] source_update_time
|
39
|
+
# @return [Google::Protobuf::Timestamp]
|
40
|
+
# The time this information was last changed at the source. This is an
|
41
|
+
# upstream timestamp from the underlying information source - e.g. Ubuntu
|
42
|
+
# security tracker.
|
38
43
|
class VulnerabilityNote
|
39
44
|
# A detail for a distro and package affected by this vulnerability and its
|
40
45
|
# associated fix (if one is available).
|
@@ -92,6 +97,11 @@ module Grafeas
|
|
92
97
|
# @return [true, false]
|
93
98
|
# Whether this detail is obsolete. Occurrences are expected not to point to
|
94
99
|
# obsolete details.
|
100
|
+
# @!attribute [rw] source_update_time
|
101
|
+
# @return [Google::Protobuf::Timestamp]
|
102
|
+
# The time this information was last changed at the source. This is an
|
103
|
+
# upstream timestamp from the underlying information source - e.g. Ubuntu
|
104
|
+
# security tracker.
|
95
105
|
class Detail; end
|
96
106
|
|
97
107
|
# @!attribute [rw] cpe_uri
|
@@ -151,8 +161,7 @@ module Grafeas
|
|
151
161
|
# @!attribute [rw] effective_severity
|
152
162
|
# @return [Grafeas::V1::Severity]
|
153
163
|
# The distro assigned severity for this vulnerability when it is available,
|
154
|
-
#
|
155
|
-
# severity for this vulnerability.
|
164
|
+
# otherwise this is the note provider assigned severity.
|
156
165
|
# @!attribute [rw] fix_available
|
157
166
|
# @return [true, false]
|
158
167
|
# Output only. Whether at least one of the affected packages has a fix
|
@@ -5,6 +5,9 @@
|
|
5
5
|
require 'google/protobuf'
|
6
6
|
|
7
7
|
require 'google/api/annotations_pb'
|
8
|
+
require 'google/api/client_pb'
|
9
|
+
require 'google/api/field_behavior_pb'
|
10
|
+
require 'google/api/resource_pb'
|
8
11
|
require 'google/protobuf/empty_pb'
|
9
12
|
require 'google/protobuf/field_mask_pb'
|
10
13
|
require 'google/protobuf/timestamp_pb'
|
@@ -15,7 +18,7 @@ require 'grafeas/v1/deployment_pb'
|
|
15
18
|
require 'grafeas/v1/discovery_pb'
|
16
19
|
require 'grafeas/v1/image_pb'
|
17
20
|
require 'grafeas/v1/package_pb'
|
18
|
-
require 'grafeas/v1/
|
21
|
+
require 'grafeas/v1/upgrade_pb'
|
19
22
|
require 'grafeas/v1/vulnerability_pb'
|
20
23
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
21
24
|
add_message "grafeas.v1.Occurrence" do
|
@@ -34,6 +37,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
34
37
|
optional :deployment, :message, 12, "grafeas.v1.DeploymentOccurrence"
|
35
38
|
optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
|
36
39
|
optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
|
40
|
+
optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
|
37
41
|
end
|
38
42
|
end
|
39
43
|
add_message "grafeas.v1.Note" do
|
@@ -54,6 +58,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
54
58
|
optional :deployment, :message, 14, "grafeas.v1.DeploymentNote"
|
55
59
|
optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
|
56
60
|
optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
|
61
|
+
optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
|
57
62
|
end
|
58
63
|
end
|
59
64
|
add_message "grafeas.v1.GetOccurrenceRequest" do
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/upgrade.proto
|
3
|
+
|
4
|
+
|
5
|
+
require 'google/protobuf'
|
6
|
+
|
7
|
+
require 'google/protobuf/timestamp_pb'
|
8
|
+
require 'grafeas/v1/package_pb'
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_message "grafeas.v1.UpgradeNote" do
|
11
|
+
optional :package, :string, 1
|
12
|
+
optional :version, :message, 2, "grafeas.v1.Version"
|
13
|
+
repeated :distributions, :message, 3, "grafeas.v1.UpgradeDistribution"
|
14
|
+
optional :windows_update, :message, 4, "grafeas.v1.WindowsUpdate"
|
15
|
+
end
|
16
|
+
add_message "grafeas.v1.UpgradeDistribution" do
|
17
|
+
optional :cpe_uri, :string, 1
|
18
|
+
optional :classification, :string, 2
|
19
|
+
optional :severity, :string, 3
|
20
|
+
repeated :cve, :string, 4
|
21
|
+
end
|
22
|
+
add_message "grafeas.v1.WindowsUpdate" do
|
23
|
+
optional :identity, :message, 1, "grafeas.v1.WindowsUpdate.Identity"
|
24
|
+
optional :title, :string, 2
|
25
|
+
optional :description, :string, 3
|
26
|
+
repeated :categories, :message, 4, "grafeas.v1.WindowsUpdate.Category"
|
27
|
+
repeated :kb_article_ids, :string, 5
|
28
|
+
optional :support_url, :string, 6
|
29
|
+
optional :last_published_timestamp, :message, 7, "google.protobuf.Timestamp"
|
30
|
+
end
|
31
|
+
add_message "grafeas.v1.WindowsUpdate.Identity" do
|
32
|
+
optional :update_id, :string, 1
|
33
|
+
optional :revision, :int32, 2
|
34
|
+
end
|
35
|
+
add_message "grafeas.v1.WindowsUpdate.Category" do
|
36
|
+
optional :category_id, :string, 1
|
37
|
+
optional :name, :string, 2
|
38
|
+
end
|
39
|
+
add_message "grafeas.v1.UpgradeOccurrence" do
|
40
|
+
optional :package, :string, 1
|
41
|
+
optional :parsed_version, :message, 3, "grafeas.v1.Version"
|
42
|
+
optional :distribution, :message, 4, "grafeas.v1.UpgradeDistribution"
|
43
|
+
optional :windows_update, :message, 5, "grafeas.v1.WindowsUpdate"
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
module Grafeas
|
48
|
+
module V1
|
49
|
+
UpgradeNote = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeNote").msgclass
|
50
|
+
UpgradeDistribution = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeDistribution").msgclass
|
51
|
+
WindowsUpdate = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate").msgclass
|
52
|
+
WindowsUpdate::Identity = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Identity").msgclass
|
53
|
+
WindowsUpdate::Category = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.WindowsUpdate.Category").msgclass
|
54
|
+
UpgradeOccurrence = Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.UpgradeOccurrence").msgclass
|
55
|
+
end
|
56
|
+
end
|
@@ -4,6 +4,7 @@
|
|
4
4
|
|
5
5
|
require 'google/protobuf'
|
6
6
|
|
7
|
+
require 'google/protobuf/timestamp_pb'
|
7
8
|
require 'grafeas/v1/common_pb'
|
8
9
|
require 'grafeas/v1/cvss_pb'
|
9
10
|
require 'grafeas/v1/package_pb'
|
@@ -14,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
15
|
repeated :details, :message, 3, "grafeas.v1.VulnerabilityNote.Detail"
|
15
16
|
optional :cvss_v3, :message, 4, "grafeas.v1.CVSSv3"
|
16
17
|
repeated :windows_details, :message, 5, "grafeas.v1.VulnerabilityNote.WindowsDetail"
|
18
|
+
optional :source_update_time, :message, 6, "google.protobuf.Timestamp"
|
17
19
|
end
|
18
20
|
add_message "grafeas.v1.VulnerabilityNote.Detail" do
|
19
21
|
optional :severity_name, :string, 1
|
@@ -27,6 +29,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
27
29
|
optional :fixed_package, :string, 9
|
28
30
|
optional :fixed_version, :message, 10, "grafeas.v1.Version"
|
29
31
|
optional :is_obsolete, :bool, 11
|
32
|
+
optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
|
30
33
|
end
|
31
34
|
add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
|
32
35
|
optional :cpe_uri, :string, 1
|
data/lib/grafeas/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: grafeas
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-01-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-gax
|
@@ -182,6 +182,7 @@ files:
|
|
182
182
|
- lib/grafeas/v1/doc/grafeas/v1/image.rb
|
183
183
|
- lib/grafeas/v1/doc/grafeas/v1/package.rb
|
184
184
|
- lib/grafeas/v1/doc/grafeas/v1/provenance.rb
|
185
|
+
- lib/grafeas/v1/doc/grafeas/v1/upgrade.rb
|
185
186
|
- lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb
|
186
187
|
- lib/grafeas/v1/grafeas_client.rb
|
187
188
|
- lib/grafeas/v1/grafeas_client_config.json
|
@@ -190,6 +191,7 @@ files:
|
|
190
191
|
- lib/grafeas/v1/image_pb.rb
|
191
192
|
- lib/grafeas/v1/package_pb.rb
|
192
193
|
- lib/grafeas/v1/provenance_pb.rb
|
194
|
+
- lib/grafeas/v1/upgrade_pb.rb
|
193
195
|
- lib/grafeas/v1/vulnerability_pb.rb
|
194
196
|
- lib/grafeas/version.rb
|
195
197
|
homepage: https://github.com/googleapis/googleapis
|