On January 1, 2020 this library will no longer support Python 2 on the latest released version. Previously released library versions will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Grafeas API Client¶

class grafeas.grafeas_v1.types.AliasContext¶

An alias to a repo revision.

kind¶: The alias kind.

name¶: The alias name.

kind: Field grafeas.v1.AliasContext.kind

name: Field grafeas.v1.AliasContext.name

class grafeas.grafeas_v1.types.Any¶

type_url¶: Field google.protobuf.Any.type_url

value¶: Field google.protobuf.Any.value

class grafeas.grafeas_v1.types.Artifact¶

Artifact describes a build product.

checksum¶: Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.

id¶: Artifact ID, if any; for container images, this will be a URL by digest like gcr.io/projectID/imagename@sha256:123456.

names¶: Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to docker push. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.

checksum: Field grafeas.v1.Artifact.checksum

id: Field grafeas.v1.Artifact.id

names: Field grafeas.v1.Artifact.names

class grafeas.grafeas_v1.types.AttestationNote¶

Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one Authority for “QA” and one for “build”. This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don’t all live in the same project.

hint¶: Hint hints at the purpose of the attestation authority.

class Hint¶

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

human_readable_name¶: Required. The human readable name of this attestation authority, for example “qa”.

human_readable_name: Field grafeas.v1.AttestationNote.Hint.human_readable_name

hint: Field grafeas.v1.AttestationNote.hint

class grafeas.grafeas_v1.types.AttestationOccurrence¶

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

serialized_payload¶: Required. The serialized payload that is verified by one or more signatures.

signatures¶: One or more signatures over serialized_payload. Verifier implementations should consider this attestation message verified if at least one signature verifies serialized_payload. See Signature in common.proto for more details on signature structure and verification.

serialized_payload: Field grafeas.v1.AttestationOccurrence.serialized_payload

signatures: Field grafeas.v1.AttestationOccurrence.signatures

class grafeas.grafeas_v1.types.BatchCreateNotesRequest¶

Request to create notes in batch.

parent¶: The name of the project in the form of projects/[PROJECT_ID], under which the notes are to be created.

notes¶: The notes to create. Max allowed length is 1000.

class NotesEntry¶

key¶: Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.key

value¶: Field grafeas.v1.BatchCreateNotesRequest.NotesEntry.value

notes: Field grafeas.v1.BatchCreateNotesRequest.notes

parent: Field grafeas.v1.BatchCreateNotesRequest.parent

class grafeas.grafeas_v1.types.BatchCreateNotesResponse¶

Response for creating notes in batch.

notes¶: The notes that were created.

notes: Field grafeas.v1.BatchCreateNotesResponse.notes

class grafeas.grafeas_v1.types.BatchCreateOccurrencesRequest¶

Request to create occurrences in batch.

parent¶: The name of the project in the form of projects/[PROJECT_ID], under which the occurrences are to be created.

occurrences¶: The occurrences to create. Max allowed length is 1000.

occurrences: Field grafeas.v1.BatchCreateOccurrencesRequest.occurrences

parent: Field grafeas.v1.BatchCreateOccurrencesRequest.parent

class grafeas.grafeas_v1.types.BatchCreateOccurrencesResponse¶

Response for creating occurrences in batch.

occurrences¶: The occurrences that were created.

occurrences: Field grafeas.v1.BatchCreateOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.BuildNote¶

Note holding the version of the provider’s builder and the signature of the provenance message in the build details occurrence.

builder_version¶: Required. Immutable. Version of the builder which produced this build.

builder_version: Field grafeas.v1.BuildNote.builder_version

class grafeas.grafeas_v1.types.BuildOccurrence¶

Details of a build occurrence.

provenance¶: Required. The actual provenance for the build.

provenance_bytes¶: Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.

provenance: Field grafeas.v1.BuildOccurrence.provenance

provenance_bytes: Field grafeas.v1.BuildOccurrence.provenance_bytes

class grafeas.grafeas_v1.types.BuildProvenance¶

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

id¶: Required. Unique identifier of the build.

project_id¶: ID of the project.

commands¶: Commands requested by the build.

built_artifacts¶: Output of the build.

create_time¶: Time at which the build was created.

start_time¶: Time at which execution of the build was started.

end_time¶: Time at which execution of the build was finished.

creator¶: E-mail address of the user who initiated this build. Note that this was the user’s e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.

logs_uri¶: URI where any logs for this provenance were written.

source_provenance¶: Details of the Source input to the build.

trigger_id¶: Trigger identifier if the build was triggered automatically; empty if not.

build_options¶: Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.

builder_version¶: Version string of the builder at the time this build was executed.

class BuildOptionsEntry¶

key¶: Field grafeas.v1.BuildProvenance.BuildOptionsEntry.key

value¶: Field grafeas.v1.BuildProvenance.BuildOptionsEntry.value

build_options: Field grafeas.v1.BuildProvenance.build_options

builder_version: Field grafeas.v1.BuildProvenance.builder_version

built_artifacts: Field grafeas.v1.BuildProvenance.built_artifacts

commands: Field grafeas.v1.BuildProvenance.commands

create_time: Field grafeas.v1.BuildProvenance.create_time

creator: Field grafeas.v1.BuildProvenance.creator

end_time: Field grafeas.v1.BuildProvenance.end_time

id: Field grafeas.v1.BuildProvenance.id

logs_uri: Field grafeas.v1.BuildProvenance.logs_uri

project_id: Field grafeas.v1.BuildProvenance.project_id

source_provenance: Field grafeas.v1.BuildProvenance.source_provenance

start_time: Field grafeas.v1.BuildProvenance.start_time

trigger_id: Field grafeas.v1.BuildProvenance.trigger_id

class grafeas.grafeas_v1.types.CVSSv3¶

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

base_score¶: The base score is a function of the base metric scores.

attack_vector¶: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

attack_complexity¶: Field grafeas.v1.CVSSv3.attack_complexity

attack_vector: Field grafeas.v1.CVSSv3.attack_vector

availability_impact¶: Field grafeas.v1.CVSSv3.availability_impact

base_score: Field grafeas.v1.CVSSv3.base_score

confidentiality_impact¶: Field grafeas.v1.CVSSv3.confidentiality_impact

exploitability_score¶: Field grafeas.v1.CVSSv3.exploitability_score

impact_score¶: Field grafeas.v1.CVSSv3.impact_score

integrity_impact¶: Field grafeas.v1.CVSSv3.integrity_impact

privileges_required¶: Field grafeas.v1.CVSSv3.privileges_required

scope¶: Field grafeas.v1.CVSSv3.scope

user_interaction¶: Field grafeas.v1.CVSSv3.user_interaction

class grafeas.grafeas_v1.types.CloudRepoSourceContext¶

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

repo_id¶: The ID of the repo.

revision¶: A revision in a Cloud Repo can be identified by either its revision ID or its alias.

revision_id¶: A revision ID.

alias_context¶: An alias, which may be a branch or tag.

alias_context: Field grafeas.v1.CloudRepoSourceContext.alias_context

repo_id: Field grafeas.v1.CloudRepoSourceContext.repo_id

revision_id: Field grafeas.v1.CloudRepoSourceContext.revision_id

class grafeas.grafeas_v1.types.Command¶

Command describes a step performed as part of the build pipeline.

name¶: Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to docker pull.

env¶: Environment variables set before running this command.

args¶: Command-line arguments used when executing this command.

dir¶: Working directory (relative to project source root) used when running this command.

id¶: Optional unique identifier for this command, used in wait_for to reference this command as a dependency.

wait_for¶: The ID(s) of the command(s) that this command depends on.

args: Field grafeas.v1.Command.args

dir: Field grafeas.v1.Command.dir

env: Field grafeas.v1.Command.env

id: Field grafeas.v1.Command.id

name: Field grafeas.v1.Command.name

wait_for: Field grafeas.v1.Command.wait_for

class grafeas.grafeas_v1.types.CreateNoteRequest¶

Request to create a new note.

parent¶: The name of the project in the form of projects/[PROJECT_ID], under which the note is to be created.

note_id¶: The ID to use for this note.

note¶: The note to create.

note: Field grafeas.v1.CreateNoteRequest.note

note_id: Field grafeas.v1.CreateNoteRequest.note_id

parent: Field grafeas.v1.CreateNoteRequest.parent

class grafeas.grafeas_v1.types.CreateOccurrenceRequest¶

Request to create a new occurrence.

parent¶: The name of the project in the form of projects/[PROJECT_ID], under which the occurrence is to be created.

occurrence¶: The occurrence to create.

occurrence: Field grafeas.v1.CreateOccurrenceRequest.occurrence

parent: Field grafeas.v1.CreateOccurrenceRequest.parent

class grafeas.grafeas_v1.types.DeleteNoteRequest¶

Request to delete a note.

name¶: The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

name: Field grafeas.v1.DeleteNoteRequest.name

class grafeas.grafeas_v1.types.DeleteOccurrenceRequest¶

Request to delete an occurrence.

name¶: The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name: Field grafeas.v1.DeleteOccurrenceRequest.name

class grafeas.grafeas_v1.types.DeploymentNote¶

An artifact that can be deployed in some runtime.

resource_uri¶: Required. Resource URI for the artifact being deployed.

resource_uri: Field grafeas.v1.DeploymentNote.resource_uri

class grafeas.grafeas_v1.types.DeploymentOccurrence¶

The period during which some deployable was active in a runtime.

user_email¶: Identity of the user that triggered this deployment.

deploy_time¶: Required. Beginning of the lifetime of this deployment.

undeploy_time¶: End of the lifetime of this deployment.

config¶: Configuration used to create this deployment.

address¶: Address of the runtime element hosting this deployment.

resource_uri¶: Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.

platform¶: Platform hosting this deployment.

address: Field grafeas.v1.DeploymentOccurrence.address

config: Field grafeas.v1.DeploymentOccurrence.config

deploy_time: Field grafeas.v1.DeploymentOccurrence.deploy_time

platform: Field grafeas.v1.DeploymentOccurrence.platform

resource_uri: Field grafeas.v1.DeploymentOccurrence.resource_uri

undeploy_time: Field grafeas.v1.DeploymentOccurrence.undeploy_time

user_email: Field grafeas.v1.DeploymentOccurrence.user_email

class grafeas.grafeas_v1.types.DiscoveryNote¶

A note that indicates a type of analysis a provider would perform. This note exists in a provider’s project. A Discovery occurrence is created in a consumer’s project at the start of analysis.

analysis_kind¶: Required. Immutable. The kind of analysis that is handled by this discovery.

analysis_kind: Field grafeas.v1.DiscoveryNote.analysis_kind

class grafeas.grafeas_v1.types.DiscoveryOccurrence¶

Provides information about the analysis status of a discovered resource.

continuous_analysis¶: Whether the resource is continuously analyzed.

analysis_status¶: The status of discovery for the resource.

analysis_status_error¶: When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.

cpe¶: The CPE of the resource being scanned.

last_scan_time¶: The last time this resource was scanned.

analysis_status: Field grafeas.v1.DiscoveryOccurrence.analysis_status

analysis_status_error: Field grafeas.v1.DiscoveryOccurrence.analysis_status_error

continuous_analysis: Field grafeas.v1.DiscoveryOccurrence.continuous_analysis

cpe: Field grafeas.v1.DiscoveryOccurrence.cpe

last_scan_time: Field grafeas.v1.DiscoveryOccurrence.last_scan_time

class grafeas.grafeas_v1.types.Distribution¶

This represents a particular channel of distribution for a given package. E.g., Debian’s jessie-backports dpkg mirror.

cpe_uri¶: Required. The cpe_uri in CPE format denoting the package manager version distributing a package.

architecture¶: The CPU architecture for which packages in this distribution channel were built.

latest_version¶: The latest available version of this package in this distribution channel.

maintainer¶: A freeform string denoting the maintainer of this package.

url¶: The distribution channel-specific homepage for this package.

description¶: The distribution channel-specific description of this package.

architecture: Field grafeas.v1.Distribution.architecture

cpe_uri: Field grafeas.v1.Distribution.cpe_uri

description: Field grafeas.v1.Distribution.description

latest_version: Field grafeas.v1.Distribution.latest_version

maintainer: Field grafeas.v1.Distribution.maintainer

url: Field grafeas.v1.Distribution.url

class grafeas.grafeas_v1.types.Empty¶

class grafeas.grafeas_v1.types.FieldMask¶

paths¶: Field google.protobuf.FieldMask.paths

class grafeas.grafeas_v1.types.FileHashes¶

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

file_hash¶: Required. Collection of file hashes.

file_hash: Field grafeas.v1.FileHashes.file_hash

class grafeas.grafeas_v1.types.Fingerprint¶

A set of properties that uniquely identify a given Docker image.

v1_name¶: Required. The layer ID of the final layer in the Docker image’s v1 representation.

v2_blob¶: Required. The ordered list of v2 blobs that represent a given image.

v2_name¶: Output only. The name of the image’s v2 blobs computed via: [bottom] := v2_blob[bottom][N] := sha256(v2_blob[N] + ” ” + v2_name[N+1]) Only the name of the final blob is kept.

v1_name: Field grafeas.v1.Fingerprint.v1_name

v2_blob: Field grafeas.v1.Fingerprint.v2_blob

v2_name: Field grafeas.v1.Fingerprint.v2_name

class grafeas.grafeas_v1.types.GerritSourceContext¶

A SourceContext referring to a Gerrit project.

host_uri¶: The URI of a running Gerrit instance.

gerrit_project¶: The full project name within the host. Projects may be nested, so “project/subproject” is a valid project name. The “repo name” is the hostURI/project.

revision¶: A revision in a Gerrit project can be identified by either its revision ID or its alias.

revision_id¶: A revision (commit) ID.

alias_context¶: An alias, which may be a branch or tag.

alias_context: Field grafeas.v1.GerritSourceContext.alias_context

gerrit_project: Field grafeas.v1.GerritSourceContext.gerrit_project

host_uri: Field grafeas.v1.GerritSourceContext.host_uri

revision_id: Field grafeas.v1.GerritSourceContext.revision_id

class grafeas.grafeas_v1.types.GetNoteRequest¶

Request to get a note.

name¶: The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

name: Field grafeas.v1.GetNoteRequest.name

class grafeas.grafeas_v1.types.GetOccurrenceNoteRequest¶

Request to get the note to which the specified occurrence is attached.

name¶: The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name: Field grafeas.v1.GetOccurrenceNoteRequest.name

class grafeas.grafeas_v1.types.GetOccurrenceRequest¶

Request to get an occurrence.

name¶: The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

name: Field grafeas.v1.GetOccurrenceRequest.name

class grafeas.grafeas_v1.types.GitSourceContext¶

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

url¶: Git repository URL.

revision_id¶: Git commit hash.

revision_id: Field grafeas.v1.GitSourceContext.revision_id

url: Field grafeas.v1.GitSourceContext.url

class grafeas.grafeas_v1.types.Hash¶

Container message for hash values.

type¶: Required. The type of hash that was performed, e.g. “SHA-256”.

value¶: Required. The hash value.

type: Field grafeas.v1.Hash.type

value: Field grafeas.v1.Hash.value

class grafeas.grafeas_v1.types.ImageNote¶

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url.

resource_url¶: Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint¶: Required. Immutable. The fingerprint of the base image.

fingerprint: Field grafeas.v1.ImageNote.fingerprint

resource_url: Field grafeas.v1.ImageNote.resource_url

class grafeas.grafeas_v1.types.ImageOccurrence¶

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM .

fingerprint¶: Required. The fingerprint of the derived image.

distance¶: Output only. The number of layers by which this image differs from the associated image basis.

layer_info¶: This contains layer-specific metadata, if populated it has length “distance” and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.

base_resource_url¶: Output only. This contains the base image URL for the derived image occurrence.

base_resource_url: Field grafeas.v1.ImageOccurrence.base_resource_url

distance: Field grafeas.v1.ImageOccurrence.distance

fingerprint: Field grafeas.v1.ImageOccurrence.fingerprint

layer_info: Field grafeas.v1.ImageOccurrence.layer_info

class grafeas.grafeas_v1.types.Layer¶

Layer holds metadata specific to a layer of a Docker image.

directive¶: Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.

arguments¶: The recovered arguments to the Dockerfile directive.

arguments: Field grafeas.v1.Layer.arguments

directive: Field grafeas.v1.Layer.directive

class grafeas.grafeas_v1.types.ListNoteOccurrencesRequest¶

Request to list occurrences for a note.

name¶: The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

filter¶: The filter expression.

page_size¶: Number of occurrences to return in the list.

page_token¶: Token to provide to skip to a particular spot in the list.

filter: Field grafeas.v1.ListNoteOccurrencesRequest.filter

name: Field grafeas.v1.ListNoteOccurrencesRequest.name

page_size: Field grafeas.v1.ListNoteOccurrencesRequest.page_size

page_token: Field grafeas.v1.ListNoteOccurrencesRequest.page_token

class grafeas.grafeas_v1.types.ListNoteOccurrencesResponse¶

Response for listing occurrences for a note.

occurrences¶: The occurrences attached to the specified note.

next_page_token¶: Token to provide to skip to a particular spot in the list.

next_page_token: Field grafeas.v1.ListNoteOccurrencesResponse.next_page_token

occurrences: Field grafeas.v1.ListNoteOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.ListNotesRequest¶

Request to list notes.

parent¶: The name of the project to list notes for in the form of projects/[PROJECT_ID].

filter¶: The filter expression.

page_size¶: Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

page_token¶: Token to provide to skip to a particular spot in the list.

filter: Field grafeas.v1.ListNotesRequest.filter

page_size: Field grafeas.v1.ListNotesRequest.page_size

page_token: Field grafeas.v1.ListNotesRequest.page_token

parent: Field grafeas.v1.ListNotesRequest.parent

class grafeas.grafeas_v1.types.ListNotesResponse¶

Response for listing notes.

notes¶: The notes requested.

next_page_token¶: The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

next_page_token: Field grafeas.v1.ListNotesResponse.next_page_token

notes: Field grafeas.v1.ListNotesResponse.notes

class grafeas.grafeas_v1.types.ListOccurrencesRequest¶

Request to list occurrences.

parent¶: The name of the project to list occurrences for in the form of projects/[PROJECT_ID].

filter¶: The filter expression.

page_size¶: Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

page_token¶: Token to provide to skip to a particular spot in the list.

filter: Field grafeas.v1.ListOccurrencesRequest.filter

page_size: Field grafeas.v1.ListOccurrencesRequest.page_size

page_token: Field grafeas.v1.ListOccurrencesRequest.page_token

parent: Field grafeas.v1.ListOccurrencesRequest.parent

class grafeas.grafeas_v1.types.ListOccurrencesResponse¶

Response for listing occurrences.

occurrences¶: The occurrences requested.

next_page_token¶: The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

next_page_token: Field grafeas.v1.ListOccurrencesResponse.next_page_token

occurrences: Field grafeas.v1.ListOccurrencesResponse.occurrences

class grafeas.grafeas_v1.types.Location¶

An occurrence of a particular package installation found within a system’s filesystem. E.g., glibc was found in /var/lib/dpkg/status.

cpe_uri¶: Required. The CPE URI in CPE format denoting the package manager version distributing a package.

version¶: The version installed at this location.

path¶: The path from which we gathered that this package/version is installed.

cpe_uri: Field grafeas.v1.Location.cpe_uri

path: Field grafeas.v1.Location.path

version: Field grafeas.v1.Location.version

class grafeas.grafeas_v1.types.Note¶

A type of analysis that can be done for a resource.

name¶: Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

short_description¶: A one sentence description of this note.

long_description¶: A detailed description of this note.

kind¶: Output only. The type of analysis. This field can be used as a filter in list requests.

related_url¶: URLs associated with this note.

expiration_time¶: Time of expiration for this note. Empty if note does not expire.

create_time¶: Output only. The time this note was created. This field can be used as a filter in list requests.

update_time¶: Output only. The time this note was last updated. This field can be used as a filter in list requests.

related_note_names¶: Other notes related to this note.

type¶: Required. Immutable. The type of analysis this note represents.

vulnerability¶: A note describing a package vulnerability.

build¶: A note describing build provenance for a verifiable build.

image¶: A note describing a base image.

package¶: A note describing a package hosted by various package managers.

deployment¶: A note describing something that can be deployed.

discovery¶: A note describing the initial analysis of a resource.

attestation¶: A note describing an attestation role.

upgrade¶: A note describing available package upgrades.

attestation: Field grafeas.v1.Note.attestation

build: Field grafeas.v1.Note.build

create_time: Field grafeas.v1.Note.create_time

deployment: Field grafeas.v1.Note.deployment

discovery: Field grafeas.v1.Note.discovery

expiration_time: Field grafeas.v1.Note.expiration_time

image: Field grafeas.v1.Note.image

kind: Field grafeas.v1.Note.kind

long_description: Field grafeas.v1.Note.long_description

name: Field grafeas.v1.Note.name

package: Field grafeas.v1.Note.package

related_note_names: Field grafeas.v1.Note.related_note_names

related_url: Field grafeas.v1.Note.related_url

short_description: Field grafeas.v1.Note.short_description

update_time: Field grafeas.v1.Note.update_time

upgrade: Field grafeas.v1.Note.upgrade

vulnerability: Field grafeas.v1.Note.vulnerability

class grafeas.grafeas_v1.types.Occurrence¶

An instance of an analysis type that has been found on a resource.

name¶: Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

resource_uri¶: Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

note_name¶: Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

kind¶: Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

remediation¶: A description of actions that can be taken to remedy the note.

create_time¶: Output only. The time this occurrence was created.

update_time¶: Output only. The time this occurrence was last updated.

details¶: Required. Immutable. Describes the details of the note kind found on this resource.

vulnerability¶: Describes a security vulnerability.

build¶: Describes a verifiable build.

image¶: Describes how this resource derives from the basis in the associated note.

package¶: Describes the installation of a package on the linked resource.

deployment¶: Describes the deployment of an artifact on a runtime.

discovery¶: Describes when a resource was discovered.

attestation¶: Describes an attestation of an artifact.

upgrade¶: Describes an available package upgrade on the linked resource.

attestation: Field grafeas.v1.Occurrence.attestation

build: Field grafeas.v1.Occurrence.build

create_time: Field grafeas.v1.Occurrence.create_time

deployment: Field grafeas.v1.Occurrence.deployment

discovery: Field grafeas.v1.Occurrence.discovery

image: Field grafeas.v1.Occurrence.image

kind: Field grafeas.v1.Occurrence.kind

name: Field grafeas.v1.Occurrence.name

note_name: Field grafeas.v1.Occurrence.note_name

package: Field grafeas.v1.Occurrence.package

remediation: Field grafeas.v1.Occurrence.remediation

resource_uri: Field grafeas.v1.Occurrence.resource_uri

update_time: Field grafeas.v1.Occurrence.update_time

upgrade: Field grafeas.v1.Occurrence.upgrade

vulnerability: Field grafeas.v1.Occurrence.vulnerability

class grafeas.grafeas_v1.types.PackageNote¶

This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.

name¶: Required. Immutable. The name of the package.

distribution¶: The various channels by which a package is distributed.

distribution: Field grafeas.v1.PackageNote.distribution

name: Field grafeas.v1.PackageNote.name

class grafeas.grafeas_v1.types.PackageOccurrence¶

Details on how a particular software package was installed on a system.

name¶: Output only. The name of the installed package.

location¶: Required. All of the places within the filesystem versions of this package have been found.

location: Field grafeas.v1.PackageOccurrence.location

name: Field grafeas.v1.PackageOccurrence.name

class grafeas.grafeas_v1.types.ProjectRepoId¶

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

project_id¶: The ID of the project.

repo_name¶: The name of the repo. Leave empty for the default repo.

project_id: Field grafeas.v1.ProjectRepoId.project_id

repo_name: Field grafeas.v1.ProjectRepoId.repo_name

class grafeas.grafeas_v1.types.RelatedUrl¶

Metadata for any related URL information.

url¶: Specific URL associated with the resource.

label¶: Label to describe usage of the URL.

label: Field grafeas.v1.RelatedUrl.label

url: Field grafeas.v1.RelatedUrl.url

class grafeas.grafeas_v1.types.RepoId¶

A unique identifier for a Cloud Repo.

id¶: A cloud repo can be identified by either its project ID and repository name combination, or its globally unique identifier.

project_repo_id¶: A combination of a project ID and a repo name.

uid¶: A server-assigned, globally unique identifier.

project_repo_id: Field grafeas.v1.RepoId.project_repo_id

uid: Field grafeas.v1.RepoId.uid

class grafeas.grafeas_v1.types.Signature¶

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm).

In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The public_key_id is not recognized by the verifier. * The public key that public_key_id refers to does not verify the signature with respect to the payload.

The signature contents SHOULD NOT be “attached” (where the payload is included with the serialized signature bytes). Verifiers MUST ignore any “attached” payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

signature¶: The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

public_key_id¶: The identifier for the public key that verifies this signature. * The public_key_id is required. * The public_key_id MUST be an RFC3986 conformant URI. * When possible, the public_key_id SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid public_key_ids: OpenPGP V4 public key fingerprint: * “openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA” See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU” * “nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9 bf89791ba95a1271589a5”

public_key_id: Field grafeas.v1.Signature.public_key_id

signature: Field grafeas.v1.Signature.signature

class grafeas.grafeas_v1.types.Source¶

Source describes the location of the source used for the build.

artifact_storage_source_uri¶: If provided, the input binary artifacts for the build came from this location.

file_hashes¶: Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.

context¶: If provided, the source code used for the build came from this location.

additional_contexts¶: If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.

class FileHashesEntry¶

key¶: Field grafeas.v1.Source.FileHashesEntry.key

value¶: Field grafeas.v1.Source.FileHashesEntry.value

additional_contexts: Field grafeas.v1.Source.additional_contexts

artifact_storage_source_uri: Field grafeas.v1.Source.artifact_storage_source_uri

context: Field grafeas.v1.Source.context

file_hashes: Field grafeas.v1.Source.file_hashes

class grafeas.grafeas_v1.types.SourceContext¶

A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.

context¶: A SourceContext can refer any one of the following types of repositories.

cloud_repo¶: A SourceContext referring to a revision in a Google Cloud Source Repo.

gerrit¶: A SourceContext referring to a Gerrit project.

git¶: A SourceContext referring to any third party Git repo (e.g., GitHub).

labels¶: Labels with user defined metadata.

class LabelsEntry¶

key¶: Field grafeas.v1.SourceContext.LabelsEntry.key

value¶: Field grafeas.v1.SourceContext.LabelsEntry.value

cloud_repo: Field grafeas.v1.SourceContext.cloud_repo

gerrit: Field grafeas.v1.SourceContext.gerrit

git: Field grafeas.v1.SourceContext.git

labels: Field grafeas.v1.SourceContext.labels

class grafeas.grafeas_v1.types.Status¶

code¶: Field google.rpc.Status.code

details¶: Field google.rpc.Status.details

message¶: Field google.rpc.Status.message

class grafeas.grafeas_v1.types.Timestamp¶

nanos¶: Field google.protobuf.Timestamp.nanos

seconds¶: Field google.protobuf.Timestamp.seconds

class grafeas.grafeas_v1.types.UpdateNoteRequest¶

Request to update a note.

name¶: The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

note¶: The updated note.

update_mask¶: The fields to update.

name: Field grafeas.v1.UpdateNoteRequest.name

note: Field grafeas.v1.UpdateNoteRequest.note

update_mask: Field grafeas.v1.UpdateNoteRequest.update_mask

class grafeas.grafeas_v1.types.UpdateOccurrenceRequest¶

Request to update an occurrence.

name¶: The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

occurrence¶: The updated occurrence.

update_mask¶: The fields to update.

name: Field grafeas.v1.UpdateOccurrenceRequest.name

occurrence: Field grafeas.v1.UpdateOccurrenceRequest.occurrence

update_mask: Field grafeas.v1.UpdateOccurrenceRequest.update_mask

class grafeas.grafeas_v1.types.UpgradeDistribution¶

The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.

cpe_uri¶: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.

classification¶: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous- versions/windows/desktop/ff357803(v=vs.85)

severity¶: The severity as specified by the upstream operating system.

cve¶: The cve tied to this Upgrade.

classification: Field grafeas.v1.UpgradeDistribution.classification

cpe_uri: Field grafeas.v1.UpgradeDistribution.cpe_uri

cve: Field grafeas.v1.UpgradeDistribution.cve

severity: Field grafeas.v1.UpgradeDistribution.severity

class grafeas.grafeas_v1.types.UpgradeNote¶

An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.

package¶: Required for non-Windows OS. The package this Upgrade is for.

version¶: Required for non-Windows OS. The version of the package in machine + human readable form.

distributions¶: Metadata about the upgrade for each specific operating system.

windows_update¶: Required for Windows OS. Represents the metadata about the Windows update.

distributions: Field grafeas.v1.UpgradeNote.distributions

package: Field grafeas.v1.UpgradeNote.package

version: Field grafeas.v1.UpgradeNote.version

windows_update: Field grafeas.v1.UpgradeNote.windows_update

class grafeas.grafeas_v1.types.UpgradeOccurrence¶

An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.

package¶: Required for non-Windows OS. The package this Upgrade is for.

parsed_version¶: Required for non-Windows OS. The version of the package in a machine + human readable form.

distribution¶: Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.

windows_update¶: Required for Windows OS. Represents the metadata about the Windows update.

distribution: Field grafeas.v1.UpgradeOccurrence.distribution

package: Field grafeas.v1.UpgradeOccurrence.package

parsed_version: Field grafeas.v1.UpgradeOccurrence.parsed_version

windows_update: Field grafeas.v1.UpgradeOccurrence.windows_update

class grafeas.grafeas_v1.types.Version¶

Version contains structured information about the version of a package.

epoch¶: Used to correct mistakes in the version numbering scheme.

name¶: Required only when version kind is NORMAL. The main part of the version name.

revision¶: The iteration of the package build from the above version.

kind¶: Required. Distinguishes between sentinel MIN/MAX versions and normal versions.

full_name¶: Human readable version string. This string is of the form :- and is only set when kind is NORMAL.

epoch: Field grafeas.v1.Version.epoch

full_name: Field grafeas.v1.Version.full_name

kind: Field grafeas.v1.Version.kind

name: Field grafeas.v1.Version.name

revision: Field grafeas.v1.Version.revision

class grafeas.grafeas_v1.types.VulnerabilityNote¶

A security vulnerability that can be found in resources.

cvss_score¶: The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

severity¶: The note provider assigned severity of this vulnerability.

details¶: Details of all known distros and packages affected by this vulnerability.

cvss_v3¶: The full description of the CVSSv3 for this vulnerability.

windows_details¶: Windows details get their own format because the information format and model don’t match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

source_update_time¶: The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

class Detail¶

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

severity_name¶: The distro assigned severity of this vulnerability.

description¶: A vendor-specific description of this vulnerability.

package_type¶: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

affected_cpe_uri¶: Required. The CPE URI this vulnerability affects.

affected_package¶: Required. The package this vulnerability affects.

affected_version_start¶: The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

affected_version_end¶: The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

fixed_cpe_uri¶: The distro recommended CPE URI to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.

fixed_package¶: The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.

fixed_version¶: The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.

is_obsolete¶: Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

source_update_time¶: The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

affected_cpe_uri: Field grafeas.v1.VulnerabilityNote.Detail.affected_cpe_uri

affected_package: Field grafeas.v1.VulnerabilityNote.Detail.affected_package

affected_version_end: Field grafeas.v1.VulnerabilityNote.Detail.affected_version_end

affected_version_start: Field grafeas.v1.VulnerabilityNote.Detail.affected_version_start

description: Field grafeas.v1.VulnerabilityNote.Detail.description

fixed_cpe_uri: Field grafeas.v1.VulnerabilityNote.Detail.fixed_cpe_uri

fixed_package: Field grafeas.v1.VulnerabilityNote.Detail.fixed_package

fixed_version: Field grafeas.v1.VulnerabilityNote.Detail.fixed_version

is_obsolete: Field grafeas.v1.VulnerabilityNote.Detail.is_obsolete

package_type: Field grafeas.v1.VulnerabilityNote.Detail.package_type

severity_name: Field grafeas.v1.VulnerabilityNote.Detail.severity_name

source_update_time: Field grafeas.v1.VulnerabilityNote.Detail.source_update_time

class WindowsDetail¶

cpe_uri¶: Required. The CPE URI this vulnerability affects.

name¶: Required. The name of this vulnerability.

description¶: The description of this vulnerability.

fixing_kbs¶: Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.

class KnowledgeBase¶

name¶: The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).

url¶: A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).

name: Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.name

url: Field grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase.url

cpe_uri: Field grafeas.v1.VulnerabilityNote.WindowsDetail.cpe_uri

description: Field grafeas.v1.VulnerabilityNote.WindowsDetail.description

fixing_kbs: Field grafeas.v1.VulnerabilityNote.WindowsDetail.fixing_kbs

name: Field grafeas.v1.VulnerabilityNote.WindowsDetail.name

cvss_score: Field grafeas.v1.VulnerabilityNote.cvss_score

cvss_v3: Field grafeas.v1.VulnerabilityNote.cvss_v3

details: Field grafeas.v1.VulnerabilityNote.details

severity: Field grafeas.v1.VulnerabilityNote.severity

source_update_time: Field grafeas.v1.VulnerabilityNote.source_update_time

windows_details: Field grafeas.v1.VulnerabilityNote.windows_details

class grafeas.grafeas_v1.types.VulnerabilityOccurrence¶

An occurrence of a severity vulnerability on a resource.

type¶: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

severity¶: Output only. The note provider assigned severity of this vulnerability.

cvss_score¶: Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

package_issue¶: Required. The set of affected locations and their fixes (if available) within the associated resource.

short_description¶: Output only. A one sentence description of this vulnerability.

long_description¶: Output only. A detailed description of this vulnerability.

related_urls¶: Output only. URLs related to this vulnerability.

effective_severity¶: The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.

fix_available¶: Output only. Whether at least one of the affected packages has a fix available.

class PackageIssue¶

A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).

affected_cpe_uri¶: Required. The CPE URI this vulnerability was found in.

affected_package¶: Required. The package this vulnerability was found in.

affected_version¶: Required. The version of the package that is installed on the resource affected by this vulnerability.

fixed_cpe_uri¶: The CPE URI this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.

fixed_package¶: The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.

fixed_version¶: Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.

fix_available¶: Output only. Whether a fix is available for this package.

affected_cpe_uri: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_cpe_uri

affected_package: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_package

affected_version: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.affected_version

fix_available: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fix_available

fixed_cpe_uri: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_cpe_uri

fixed_package: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_package

fixed_version: Field grafeas.v1.VulnerabilityOccurrence.PackageIssue.fixed_version

cvss_score: Field grafeas.v1.VulnerabilityOccurrence.cvss_score

effective_severity: Field grafeas.v1.VulnerabilityOccurrence.effective_severity

fix_available: Field grafeas.v1.VulnerabilityOccurrence.fix_available

long_description: Field grafeas.v1.VulnerabilityOccurrence.long_description

package_issue: Field grafeas.v1.VulnerabilityOccurrence.package_issue

related_urls: Field grafeas.v1.VulnerabilityOccurrence.related_urls

severity: Field grafeas.v1.VulnerabilityOccurrence.severity

short_description: Field grafeas.v1.VulnerabilityOccurrence.short_description

type: Field grafeas.v1.VulnerabilityOccurrence.type

class grafeas.grafeas_v1.types.WindowsUpdate¶

Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.

identity¶: Required - The unique identifier for the update.

title¶: The localized title of the update.

description¶: The localized description of the update.

categories¶: The list of categories to which the update belongs.

kb_article_ids¶: The Microsoft Knowledge Base article IDs that are associated with the update.

support_url¶: The hyperlink to the support information for the update.

last_published_timestamp¶: The last published timestamp of the update.

class Category¶

The category to which the update belongs.

category_id¶: The identifier of the category.

name¶: The localized name of the category.

category_id: Field grafeas.v1.WindowsUpdate.Category.category_id

name: Field grafeas.v1.WindowsUpdate.Category.name

class Identity¶

The unique identifier of the update.

update_id¶: The revision independent identifier of the update.

revision¶: The revision number of the update.

revision: Field grafeas.v1.WindowsUpdate.Identity.revision

update_id: Field grafeas.v1.WindowsUpdate.Identity.update_id

categories: Field grafeas.v1.WindowsUpdate.categories

description: Field grafeas.v1.WindowsUpdate.description

identity: Field grafeas.v1.WindowsUpdate.identity

kb_article_ids: Field grafeas.v1.WindowsUpdate.kb_article_ids

last_published_timestamp: Field grafeas.v1.WindowsUpdate.last_published_timestamp

support_url: Field grafeas.v1.WindowsUpdate.support_url

title: Field grafeas.v1.WindowsUpdate.title

Types for Grafeas API Client¶

grafeas

Navigation

Related Topics