Class VulnerabilityCheck
An image vulnerability check, which rejects images that violate the configured vulnerability rules.
Implements
Inherited Members
Namespace: Google.Apis.BinaryAuthorization.v1.Data
Assembly: Google.Apis.BinaryAuthorization.v1.dll
Syntax
public class VulnerabilityCheck : IDirectResponseSchemaProperties
AllowedCves
Optional. A list of specific CVEs to ignore even if the vulnerability level violates
maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis
note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either
projects/goog-vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305.
Declaration
[JsonProperty("allowedCves")]
public virtual IList<string> AllowedCves { get; set; }Property Value
| Type | Description |
|---|---|
| IList<string> |
BlockedCves
Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets
maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis
note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
project, e.g., an entry of CVE-2021-20305 will block vulnerabilities with a note name of either
projects/goog-vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305.
Declaration
[JsonProperty("blockedCves")]
public virtual IList<string> BlockedCves { get; set; }Property Value
| Type | Description |
|---|---|
| IList<string> |
ContainerAnalysisVulnerabilityProjects
Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is
expressed in the resource format of projects/[PROJECT_ID], e.g., projects/my-gcp-project. An attempt
will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check
against the vulnerability policy. If no valid scan is found in all projects configured here, an error will
be returned for the check. Maximum number of container_analysis_vulnerability_projects allowed in each
VulnerabilityCheck is 10.
Declaration
[JsonProperty("containerAnalysisVulnerabilityProjects")]
public virtual IList<string> ContainerAnalysisVulnerabilityProjects { get; set; }Property Value
| Type | Description |
|---|---|
| IList<string> |
ETag
The ETag of the item.
Declaration
public virtual string ETag { get; set; }Property Value
| Type | Description |
|---|---|
| string |
MaximumFixableSeverity
Required. The threshold for severity for which a fix is currently available. This field is required and must be set.
Declaration
[JsonProperty("maximumFixableSeverity")]
public virtual string MaximumFixableSeverity { get; set; }Property Value
| Type | Description |
|---|---|
| string |
MaximumUnfixableSeverity
Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set.
Declaration
[JsonProperty("maximumUnfixableSeverity")]
public virtual string MaximumUnfixableSeverity { get; set; }Property Value
| Type | Description |
|---|---|
| string |