Namespace Google.Apis.OnDemandScanning.v1.Data
Classes
AliasContext
An alias to a repo revision.
AnalysisCompleted
Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource.
AnalyzePackagesMetadata
AnalyzePackagesMetadata contains metadata for an active scan of a container image.
AnalyzePackagesMetadataV1
AnalyzePackagesMetadata contains metadata for an active scan of a container image.
AnalyzePackagesRequestV1
AnalyzePackagesRequest is the request to analyze a list of packages and create Vulnerability Occurrences for it.
AnalyzePackagesResponse
AnalyzePackagesResponse contains the information necessary to find results for the given scan.
AnalyzePackagesResponseV1
AnalyzePackagesResponse contains the information necessary to find results for the given scan.
Artifact
Artifact describes a build product.
AttestationOccurrence
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.
BinarySourceInfo
BuildDefinition
BuildMetadata
BuildOccurrence
Details of a build occurrence.
BuildProvenance
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.
BuilderConfig
CVSS
Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version.
Category
The category to which the update belongs.
CloudRepoSourceContext
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
Command
Command describes a step performed as part of the build pipeline.
Completeness
Indicates that the builder claims certain fields in this message to be complete.
ComplianceOccurrence
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
ComplianceVersion
Describes the CIS benchmark version that is applicable to a given OS and os version.
DSSEAttestationOccurrence
Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
DeploymentOccurrence
The period during which some deployable was active in a runtime.
DiscoveryOccurrence
Provides information about the analysis status of a discovered resource.
Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
Envelope
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.
EnvelopeSignature
FileHashes
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
FileLocation
Indicates the location at which a package was found.
Fingerprint
A set of properties that uniquely identify a given Docker image.
GerritSourceContext
A SourceContext referring to a Gerrit project.
GitSourceContext
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
GrafeasV1FileLocation
Indicates the location at which a package was found.
GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder
Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness
Indicates that the builder claims certain fields in this message to be complete.
GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource
Describes where the config file that kicked off the build came from. This is effectively a pointer to the source where buildConfig came from.
GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation
Identifies the event that kicked off the build.
GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata
Other properties of the build.
Hash
Container message for hash values.
Identity
The unique identifier of the update.
ImageOccurrence
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM .
InTotoProvenance
InTotoSlsaProvenanceV1
InTotoStatement
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
Jwt
LanguagePackageDependency
Indicates a language package available between this package and the customer's resource artifact.
Layer
Layer holds metadata specific to a layer of a Docker image.
License
License information.
ListOperationsResponse
The response message for Operations.ListOperations.
ListVulnerabilitiesResponseV1
ListVulnerabilitiesResponse contains a single page of vulnerabilities resulting from a scan.
Location
An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in
/var/lib/dpkg/status
.
Maintainer
Material
Metadata
Other properties of the build.
NonCompliantFile
Details about files that caused a compliance check to fail. display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'.
Occurrence
An instance of an analysis type that has been found on a resource.
Operation
This resource represents a long-running operation that is the result of a network API call.
PackageData
PackageIssue
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
PackageOccurrence
Details on how a particular software package was installed on a system.
PackageVersion
ProjectRepoId
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
ProvenanceBuilder
Recipe
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
RelatedUrl
Metadata for any related URL information.
Remediation
Specifies details on how to handle (and presumably, fix) a vulnerability.
RepoId
A unique identifier for a Cloud Repo.
ResourceDescriptor
RunDetails
SBOMReferenceOccurrence
The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more details.
SBOMStatus
The status of an SBOM generation.
SbomReferenceIntotoPayload
The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md for more details.
SbomReferenceIntotoPredicate
A predicate which describes the SBOM being referenced.
Signature
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in
policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g. signing algorithm). In particular,
verification implementations MUST NOT treat the signature public_key_id
as anything more than a key lookup
hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism for
quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification
implementations MUST reject signatures in any of the following circumstances: * The public_key_id
is not
recognized by the verifier. * The public key that public_key_id
refers to does not verify the signature with
respect to the payload. The signature
contents SHOULD NOT be "attached" (where the payload is included with
the serialized signature
bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with
respect to explicitly provided payload (e.g. a payload
field on the proto message that holds this Signature,
or the canonical serialization of the proto message that holds this signature).
SlsaBuilder
SlsaCompleteness
Indicates that the builder claims certain fields in this message to be complete.
SlsaMetadata
Other properties of the build.
SlsaProvenance
SlsaProvenanceV1
Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.
SlsaProvenanceZeroTwo
See full explanation of fields at slsa.dev/provenance/v0.2.
SlsaRecipe
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
Source
Source describes the location of the source used for the build.
SourceContext
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
Status
The Status
type defines a logical error model that is suitable for different programming environments,
including REST APIs and RPC APIs. It is used by gRPC. Each Status
message contains
three pieces of data: error code, error message, and error details. You can find out more about this error model
and how to work with it in the API Design Guide.
Subject
UpgradeDistribution
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
UpgradeOccurrence
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.
Version
Version contains structured information about the version of a package.
VexAssessment
VexAssessment provides all publisher provided Vex information that is related to this vulnerability.
VulnerabilityOccurrence
An occurrence of a severity vulnerability on a resource.
WindowsUpdate
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.