Class Check
A single check to perform against a Pod. Checks are grouped into CheckSet objects, which are defined by the
top-level policy.
Implements
Inherited Members
Namespace: Google.Apis.BinaryAuthorization.v1.Data
Assembly: Google.Apis.BinaryAuthorization.v1.dll
Syntax
public class Check : IDirectResponseSchemaProperties
AlwaysDeny
Optional. A special-case check that always denies. Note that this still only applies when the scope of the
CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for
testing, or to set the default behavior for all unmatched scopes to "deny".
Declaration
[JsonProperty("alwaysDeny")]
public virtual bool? AlwaysDeny { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
DisplayName
Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
Declaration
[JsonProperty("displayName")]
public virtual string DisplayName { get; set; }Property Value
| Type | Description |
|---|---|
| string |
ETag
The ETag of the item.
Declaration
public virtual string ETag { get; set; }Property Value
| Type | Description |
|---|---|
| string |
ImageAllowlist
Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.
Declaration
[JsonProperty("imageAllowlist")]
public virtual ImageAllowlist ImageAllowlist { get; set; }Property Value
| Type | Description |
|---|---|
| ImageAllowlist |
ImageFreshnessCheck
Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.
Declaration
[JsonProperty("imageFreshnessCheck")]
public virtual ImageFreshnessCheck ImageFreshnessCheck { get; set; }Property Value
| Type | Description |
|---|---|
| ImageFreshnessCheck |
SigstoreSignatureCheck
Optional. Require that an image was signed by Cosign with a trusted key. This check requires that both the image and signature are stored in Artifact Registry.
Declaration
[JsonProperty("sigstoreSignatureCheck")]
public virtual SigstoreSignatureCheck SigstoreSignatureCheck { get; set; }Property Value
| Type | Description |
|---|---|
| SigstoreSignatureCheck |
SimpleSigningAttestationCheck
Optional. Require a SimpleSigning-type attestation for every image in the deployment.
Declaration
[JsonProperty("simpleSigningAttestationCheck")]
public virtual SimpleSigningAttestationCheck SimpleSigningAttestationCheck { get; set; }Property Value
| Type | Description |
|---|---|
| SimpleSigningAttestationCheck |
SlsaCheck
Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.
Declaration
[JsonProperty("slsaCheck")]
public virtual SlsaCheck SlsaCheck { get; set; }Property Value
| Type | Description |
|---|---|
| SlsaCheck |
TrustedDirectoryCheck
Optional. Require that an image lives in a trusted directory.
Declaration
[JsonProperty("trustedDirectoryCheck")]
public virtual TrustedDirectoryCheck TrustedDirectoryCheck { get; set; }Property Value
| Type | Description |
|---|---|
| TrustedDirectoryCheck |
VulnerabilityCheck
Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.
Declaration
[JsonProperty("vulnerabilityCheck")]
public virtual VulnerabilityCheck VulnerabilityCheck { get; set; }Property Value
| Type | Description |
|---|---|
| VulnerabilityCheck |