As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Grafeas Grafeas v1 API¶

class grafeas.grafeas_v1.types.AliasContext(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

An alias to a repo revision.

kind¶

The alias kind.

Type: grafeas.grafeas_v1.types.AliasContext.Kind

name¶

The alias name.

Type: str

class Kind(value)[source]¶

Bases: proto.enums.Enum

The type of an alias.

Values:

KIND_UNSPECIFIED (0):: Unknown.
FIXED (1):: Git tag.
MOVABLE (2):: Git branch.
OTHER (4):: Used to specify non-standard aliases. For example, if a Git repo has a ref named “refs/foo/bar”.

class grafeas.grafeas_v1.types.Architecture(value)[source]¶

Bases: proto.enums.Enum

Instruction set architectures supported by various package managers.

Values:

ARCHITECTURE_UNSPECIFIED (0):: Unknown architecture.
X86 (1):: X86 architecture.
X64 (2):: X64 architecture.

class grafeas.grafeas_v1.types.Artifact(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Artifact describes a build product.

checksum¶

Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.

Type: str

id¶

Artifact ID, if any; for container images, this will be a URL by digest like gcr.io/projectID/imagename@sha256:123456.

Type: str

names¶

Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to docker push. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.

Type: MutableSequence[str]

class grafeas.grafeas_v1.types.AttestationNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one Authority for “QA” and one for “build”. This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don’t all live in the same project.

hint¶

Hint hints at the purpose of the attestation authority.

Type: grafeas.grafeas_v1.types.AttestationNote.Hint

class Hint(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

human_readable_name¶

Required. The human readable name of this attestation authority, for example “qa”.

Type: str

class grafeas.grafeas_v1.types.AttestationOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

serialized_payload¶

Required. The serialized payload that is verified by one or more signatures.

Type: bytes

signatures¶

One or more signatures over serialized_payload. Verifier implementations should consider this attestation message verified if at least one signature verifies serialized_payload. See Signature in common.proto for more details on signature structure and verification.

Type: MutableSequence[grafeas.grafeas_v1.types.Signature]

jwts¶

One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the serialized_payload field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the serialized_payload SHOULD be left empty. Each JWT SHOULD encode a claim specific to the resource_uri of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.

Type: MutableSequence[grafeas.grafeas_v1.types.Jwt]

class grafeas.grafeas_v1.types.BaseImage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

BaseImage describes a base image of a container image.

name¶

The name of the base image.

Type: str

repository¶

The repository name in which the base image is from.

Type: str

layer_count¶

The number of layers that the base image is composed of.

Type: int

class grafeas.grafeas_v1.types.BatchCreateNotesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to create notes in batch.

parent¶

The name of the project in the form of projects/[PROJECT_ID], under which the notes are to be created.

Type: str

notes¶

The notes to create. Max allowed length is 1000.

Type: MutableMapping[str, grafeas.grafeas_v1.types.Note]

class NotesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶: Bases: proto.message.Message

class grafeas.grafeas_v1.types.BatchCreateNotesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Response for creating notes in batch.

notes¶

The notes that were created.

Type: MutableSequence[grafeas.grafeas_v1.types.Note]

class grafeas.grafeas_v1.types.BatchCreateOccurrencesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to create occurrences in batch.

parent¶

The name of the project in the form of projects/[PROJECT_ID], under which the occurrences are to be created.

Type: str

occurrences¶

The occurrences to create. Max allowed length is 1000.

Type: MutableSequence[grafeas.grafeas_v1.types.Occurrence]

class grafeas.grafeas_v1.types.BatchCreateOccurrencesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Response for creating occurrences in batch.

occurrences¶

The occurrences that were created.

Type: MutableSequence[grafeas.grafeas_v1.types.Occurrence]

class grafeas.grafeas_v1.types.BuildNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Note holding the version of the provider’s builder and the signature of the provenance message in the build details occurrence.

builder_version¶

Required. Immutable. Version of the builder which produced this build.

Type: str

class grafeas.grafeas_v1.types.BuildOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Details of a build occurrence.

provenance¶

The actual provenance for the build.

Type: grafeas.grafeas_v1.types.BuildProvenance

provenance_bytes¶

Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification.

The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.

Type: str

intoto_provenance¶

Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.

Type: grafeas.grafeas_v1.types.InTotoProvenance

intoto_statement¶

In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence’s envelope.

Type: grafeas.grafeas_v1.types.InTotoStatement

in_toto_slsa_provenance_v1¶

In-Toto Slsa Provenance V1 represents a slsa provenance meeting the slsa spec, wrapped in an in-toto statement. This allows for direct jsonification of a to-spec in-toto slsa statement with a to-spec slsa provenance.

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1

class grafeas.grafeas_v1.types.BuildProvenance(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

id¶

Required. Unique identifier of the build.

Type: str

project_id¶

ID of the project.

Type: str

commands¶

Commands requested by the build.

Type: MutableSequence[grafeas.grafeas_v1.types.Command]

built_artifacts¶

Output of the build.

Type: MutableSequence[grafeas.grafeas_v1.types.Artifact]

create_time¶

Time at which the build was created.

Type: google.protobuf.timestamp_pb2.Timestamp

start_time¶

Time at which execution of the build was started.

Type: google.protobuf.timestamp_pb2.Timestamp

end_time¶

Time at which execution of the build was finished.

Type: google.protobuf.timestamp_pb2.Timestamp

creator¶

E-mail address of the user who initiated this build. Note that this was the user’s e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.

Type: str

logs_uri¶

URI where any logs for this provenance were written.

Type: str

source_provenance¶

Details of the Source input to the build.

Type: grafeas.grafeas_v1.types.Source

trigger_id¶

Trigger identifier if the build was triggered automatically; empty if not.

Type: str

build_options¶

Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.

Type: MutableMapping[str, str]

builder_version¶

Version string of the builder at the time this build was executed.

Type: str

class BuildOptionsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶: Bases: proto.message.Message

class grafeas.grafeas_v1.types.BuilderConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

id¶

Type: str

class grafeas.grafeas_v1.types.CVSS(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version.

base_score¶

The base score is a function of the base metric scores.

Type: float

exploitability_score¶

Type: float

impact_score¶

Type: float

attack_vector¶

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

Type: grafeas.grafeas_v1.types.CVSS.AttackVector

attack_complexity¶

Type: grafeas.grafeas_v1.types.CVSS.AttackComplexity

authentication¶

Type: grafeas.grafeas_v1.types.CVSS.Authentication

privileges_required¶

Type: grafeas.grafeas_v1.types.CVSS.PrivilegesRequired

user_interaction¶

Type: grafeas.grafeas_v1.types.CVSS.UserInteraction

scope¶

Type: grafeas.grafeas_v1.types.CVSS.Scope

confidentiality_impact¶

Type: grafeas.grafeas_v1.types.CVSS.Impact

integrity_impact¶

Type: grafeas.grafeas_v1.types.CVSS.Impact

availability_impact¶

Type: grafeas.grafeas_v1.types.CVSS.Impact

class AttackComplexity(value)[source]¶

Bases: proto.enums.Enum

Values:

ATTACK_COMPLEXITY_UNSPECIFIED (0):: No description available.
ATTACK_COMPLEXITY_LOW (1):: No description available.
ATTACK_COMPLEXITY_HIGH (2):: No description available.
ATTACK_COMPLEXITY_MEDIUM (3):: No description available.

class AttackVector(value)[source]¶

Bases: proto.enums.Enum

Values:

ATTACK_VECTOR_UNSPECIFIED (0):: No description available.
ATTACK_VECTOR_NETWORK (1):: No description available.
ATTACK_VECTOR_ADJACENT (2):: No description available.
ATTACK_VECTOR_LOCAL (3):: No description available.
ATTACK_VECTOR_PHYSICAL (4):: No description available.

class Authentication(value)[source]¶

Bases: proto.enums.Enum

Values:

AUTHENTICATION_UNSPECIFIED (0):: No description available.
AUTHENTICATION_MULTIPLE (1):: No description available.
AUTHENTICATION_SINGLE (2):: No description available.
AUTHENTICATION_NONE (3):: No description available.

class Impact(value)[source]¶

Bases: proto.enums.Enum

Values:

IMPACT_UNSPECIFIED (0):: No description available.
IMPACT_HIGH (1):: No description available.
IMPACT_LOW (2):: No description available.
IMPACT_NONE (3):: No description available.
IMPACT_PARTIAL (4):: No description available.
IMPACT_COMPLETE (5):: No description available.

class PrivilegesRequired(value)[source]¶

Bases: proto.enums.Enum

Values:

PRIVILEGES_REQUIRED_UNSPECIFIED (0):: No description available.
PRIVILEGES_REQUIRED_NONE (1):: No description available.
PRIVILEGES_REQUIRED_LOW (2):: No description available.
PRIVILEGES_REQUIRED_HIGH (3):: No description available.

class Scope(value)[source]¶

Bases: proto.enums.Enum

Values:

SCOPE_UNSPECIFIED (0):: No description available.
SCOPE_UNCHANGED (1):: No description available.
SCOPE_CHANGED (2):: No description available.

class UserInteraction(value)[source]¶

Bases: proto.enums.Enum

Values:

USER_INTERACTION_UNSPECIFIED (0):: No description available.
USER_INTERACTION_NONE (1):: No description available.
USER_INTERACTION_REQUIRED (2):: No description available.

class grafeas.grafeas_v1.types.CVSSVersion(value)[source]¶

Bases: proto.enums.Enum

CVSS Version.

Values:

CVSS_VERSION_UNSPECIFIED (0):: No description available.
CVSS_VERSION_2 (1):: No description available.
CVSS_VERSION_3 (2):: No description available.

class grafeas.grafeas_v1.types.CVSSv3(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

base_score¶

The base score is a function of the base metric scores.

Type: float

exploitability_score¶

Type: float

impact_score¶

Type: float

attack_vector¶

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

Type: grafeas.grafeas_v1.types.CVSSv3.AttackVector

attack_complexity¶

Type: grafeas.grafeas_v1.types.CVSSv3.AttackComplexity

privileges_required¶

Type: grafeas.grafeas_v1.types.CVSSv3.PrivilegesRequired

user_interaction¶

Type: grafeas.grafeas_v1.types.CVSSv3.UserInteraction

scope¶

Type: grafeas.grafeas_v1.types.CVSSv3.Scope

confidentiality_impact¶

Type: grafeas.grafeas_v1.types.CVSSv3.Impact

integrity_impact¶

Type: grafeas.grafeas_v1.types.CVSSv3.Impact

availability_impact¶

Type: grafeas.grafeas_v1.types.CVSSv3.Impact

class AttackComplexity(value)[source]¶

Bases: proto.enums.Enum

Values:

ATTACK_COMPLEXITY_UNSPECIFIED (0):: No description available.
ATTACK_COMPLEXITY_LOW (1):: No description available.
ATTACK_COMPLEXITY_HIGH (2):: No description available.

class AttackVector(value)[source]¶

Bases: proto.enums.Enum

Values:

ATTACK_VECTOR_UNSPECIFIED (0):: No description available.
ATTACK_VECTOR_NETWORK (1):: No description available.
ATTACK_VECTOR_ADJACENT (2):: No description available.
ATTACK_VECTOR_LOCAL (3):: No description available.
ATTACK_VECTOR_PHYSICAL (4):: No description available.

class Impact(value)[source]¶

Bases: proto.enums.Enum

Values:

IMPACT_UNSPECIFIED (0):: No description available.
IMPACT_HIGH (1):: No description available.
IMPACT_LOW (2):: No description available.
IMPACT_NONE (3):: No description available.

class PrivilegesRequired(value)[source]¶

Bases: proto.enums.Enum

Values:

PRIVILEGES_REQUIRED_UNSPECIFIED (0):: No description available.
PRIVILEGES_REQUIRED_NONE (1):: No description available.
PRIVILEGES_REQUIRED_LOW (2):: No description available.
PRIVILEGES_REQUIRED_HIGH (3):: No description available.

class Scope(value)[source]¶

Bases: proto.enums.Enum

Values:

SCOPE_UNSPECIFIED (0):: No description available.
SCOPE_UNCHANGED (1):: No description available.
SCOPE_CHANGED (2):: No description available.

class UserInteraction(value)[source]¶

Bases: proto.enums.Enum

Values:

USER_INTERACTION_UNSPECIFIED (0):: No description available.
USER_INTERACTION_NONE (1):: No description available.
USER_INTERACTION_REQUIRED (2):: No description available.

class grafeas.grafeas_v1.types.CloudRepoSourceContext(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

repo_id¶

The ID of the repo.

Type: grafeas.grafeas_v1.types.RepoId

revision_id¶

A revision ID.

This field is a member of oneof revision.

Type: str

alias_context¶

An alias, which may be a branch or tag.

This field is a member of oneof revision.

Type: grafeas.grafeas_v1.types.AliasContext

class grafeas.grafeas_v1.types.Command(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Command describes a step performed as part of the build pipeline.

name¶

Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to docker pull.

Type: str

env¶

Environment variables set before running this command.

Type: MutableSequence[str]

args¶

Command-line arguments used when executing this command.

Type: MutableSequence[str]

dir_¶

Working directory (relative to project source root) used when running this command.

Type: str

id¶

Optional unique identifier for this command, used in wait_for to reference this command as a dependency.

Type: str

wait_for¶

The ID(s) of the command(s) that this command depends on.

Type: MutableSequence[str]

class grafeas.grafeas_v1.types.Completeness(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Indicates that the builder claims certain fields in this message to be complete.

arguments¶

If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.

Type: bool

environment¶

If true, the builder claims that recipe.environment is claimed to be complete.

Type: bool

materials¶

If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called “hermetic”.

Type: bool

class grafeas.grafeas_v1.types.ComplianceNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

title¶

The title that identifies this compliance check.

Type: str

description¶

A description about this compliance check.

Type: str

version¶

The OS and config versions the benchmark applies to.

Type: MutableSequence[grafeas.grafeas_v1.types.ComplianceVersion]

rationale¶

A rationale for the existence of this compliance check.

Type: str

remediation¶

A description of remediation steps if the compliance check fails.

Type: str

cis_benchmark¶

This field is a member of oneof compliance_type.

Type: grafeas.grafeas_v1.types.ComplianceNote.CisBenchmark

scan_instructions¶

Serialized scan instructions with a predefined format.

Type: bytes

impact¶

This field is a member of oneof potential_impact.

Type: str

class CisBenchmark(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A compliance check that is a CIS benchmark.

profile_level¶

Type: int

severity¶

Type: grafeas.grafeas_v1.types.Severity

class grafeas.grafeas_v1.types.ComplianceOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

non_compliant_files¶

Type: MutableSequence[grafeas.grafeas_v1.types.NonCompliantFile]

non_compliance_reason¶

Type: str

version¶

The OS and config version the benchmark was run on.

Type: grafeas.grafeas_v1.types.ComplianceVersion

class grafeas.grafeas_v1.types.ComplianceVersion(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Describes the CIS benchmark version that is applicable to a given OS and os version.

cpe_uri¶

The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.

Type: str

benchmark_document¶

The name of the document that defines this benchmark, e.g. “CIS Container-Optimized OS”.

Type: str

version¶

The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

Type: str

class grafeas.grafeas_v1.types.CreateNoteRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to create a new note.

parent¶

The name of the project in the form of projects/[PROJECT_ID], under which the note is to be created.

Type: str

note_id¶

The ID to use for this note.

Type: str

note¶

The note to create.

Type: grafeas.grafeas_v1.types.Note

class grafeas.grafeas_v1.types.CreateOccurrenceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to create a new occurrence.

parent¶

The name of the project in the form of projects/[PROJECT_ID], under which the occurrence is to be created.

Type: str

occurrence¶

The occurrence to create.

Type: grafeas.grafeas_v1.types.Occurrence

class grafeas.grafeas_v1.types.DSSEAttestationNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

hint¶

DSSEHint hints at the purpose of the attestation authority.

Type: grafeas.grafeas_v1.types.DSSEAttestationNote.DSSEHint

class DSSEHint(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

human_readable_name¶

Required. The human readable name of this attestation authority, for example “cloudbuild-prod”.

Type: str

class grafeas.grafeas_v1.types.DSSEAttestationOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

envelope¶

If doing something security critical, make sure to verify the signatures in this metadata.

Type: grafeas.grafeas_v1.types.Envelope

statement¶

This field is a member of oneof decoded_payload.

Type: grafeas.grafeas_v1.types.InTotoStatement

class grafeas.grafeas_v1.types.DeleteNoteRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to delete a note.

name¶

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Type: str

class grafeas.grafeas_v1.types.DeleteOccurrenceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to delete an occurrence.

name¶

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

Type: str

class grafeas.grafeas_v1.types.DeploymentNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

An artifact that can be deployed in some runtime.

resource_uri¶

Required. Resource URI for the artifact being deployed.

Type: MutableSequence[str]

class grafeas.grafeas_v1.types.DeploymentOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

The period during which some deployable was active in a runtime.

user_email¶

Identity of the user that triggered this deployment.

Type: str

deploy_time¶

Required. Beginning of the lifetime of this deployment.

Type: google.protobuf.timestamp_pb2.Timestamp

undeploy_time¶

End of the lifetime of this deployment.

Type: google.protobuf.timestamp_pb2.Timestamp

config¶

Configuration used to create this deployment.

Type: str

address¶

Address of the runtime element hosting this deployment.

Type: str

resource_uri¶

Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.

Type: MutableSequence[str]

platform¶

Platform hosting this deployment.

Type: grafeas.grafeas_v1.types.DeploymentOccurrence.Platform

class Platform(value)[source]¶

Bases: proto.enums.Enum

Types of platforms.

Values:

PLATFORM_UNSPECIFIED (0):: Unknown.
GKE (1):: Google Container Engine.
FLEX (2):: Google App Engine: Flexible Environment.
CUSTOM (3):: Custom user-defined platform.

class grafeas.grafeas_v1.types.Digest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Digest information.

algo¶

SHA1, SHA512 etc.

Type: str

digest_bytes¶

Value of the digest.

Type: bytes

class grafeas.grafeas_v1.types.DiscoveryNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A note that indicates a type of analysis a provider would perform. This note exists in a provider’s project. A Discovery occurrence is created in a consumer’s project at the start of analysis.

analysis_kind¶

Required. Immutable. The kind of analysis that is handled by this discovery.

Type: grafeas.grafeas_v1.types.NoteKind

class grafeas.grafeas_v1.types.DiscoveryOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Provides information about the analysis status of a discovered resource.

continuous_analysis¶

Whether the resource is continuously analyzed.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.ContinuousAnalysis

analysis_status¶

The status of discovery for the resource.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.AnalysisStatus

analysis_completed¶

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.AnalysisCompleted

analysis_error¶

Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.

Type: MutableSequence[google.rpc.status_pb2.Status]

analysis_status_error¶

When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.

Type: google.rpc.status_pb2.Status

cpe¶

The CPE of the resource being scanned.

Type: str

last_scan_time¶

The last time this resource was scanned.

Type: google.protobuf.timestamp_pb2.Timestamp

archive_time¶

The time occurrences related to this discovery occurrence were archived.

Type: google.protobuf.timestamp_pb2.Timestamp

sbom_status¶

The status of an SBOM generation.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.SBOMStatus

vulnerability_attestation¶

The status of an vulnerability attestation generation.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.VulnerabilityAttestation

class AnalysisCompleted(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource.

analysis_type¶

Type: MutableSequence[str]

class AnalysisStatus(value)[source]¶

Bases: proto.enums.Enum

Analysis status for a resource. Currently for initial analysis only (not updated in continuous analysis).

Values:

ANALYSIS_STATUS_UNSPECIFIED (0):: Unknown.
PENDING (1):: Resource is known but no action has been taken yet.
SCANNING (2):: Resource is being analyzed.
FINISHED_SUCCESS (3):: Analysis has finished successfully.
COMPLETE (3):: Analysis has completed.
FINISHED_FAILED (4):: Analysis has finished unsuccessfully, the analysis itself is in a bad state.
FINISHED_UNSUPPORTED (5):: The resource is known not to be supported.

class ContinuousAnalysis(value)[source]¶

Bases: proto.enums.Enum

Whether the resource is continuously analyzed.

Values:

CONTINUOUS_ANALYSIS_UNSPECIFIED (0):: Unknown.
ACTIVE (1):: The resource is continuously analyzed.
INACTIVE (2):: The resource is ignored for continuous analysis.

class SBOMStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

The status of an SBOM generation.

sbom_state¶

The progress of the SBOM generation.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.SBOMStatus.SBOMState

error¶

If there was an error generating an SBOM, this will indicate what that error was.

Type: str

class SBOMState(value)[source]¶

Bases: proto.enums.Enum

An enum indicating the progress of the SBOM generation.

Values:

SBOM_STATE_UNSPECIFIED (0):: Default unknown state.
PENDING (1):: SBOM scanning is pending.
COMPLETE (2):: SBOM scanning has completed.

class VulnerabilityAttestation(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

The status of an vulnerability attestation generation.

last_attempt_time¶

The last time we attempted to generate an attestation.

Type: google.protobuf.timestamp_pb2.Timestamp

state¶

The success/failure state of the latest attestation attempt.

Type: grafeas.grafeas_v1.types.DiscoveryOccurrence.VulnerabilityAttestation.VulnerabilityAttestationState

error¶

If failure, the error reason for why the attestation generation failed.

Type: str

class VulnerabilityAttestationState(value)[source]¶

Bases: proto.enums.Enum

An enum indicating the state of the attestation generation.

Values:

VULNERABILITY_ATTESTATION_STATE_UNSPECIFIED (0):: Default unknown state.
SUCCESS (1):: Attestation was successfully generated and stored.
FAILURE (2):: Attestation was unsuccessfully generated and stored.

class grafeas.grafeas_v1.types.Distribution(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

This represents a particular channel of distribution for a given package. E.g., Debian’s jessie-backports dpkg mirror.

cpe_uri¶

The cpe_uri in CPE format denoting the package manager version distributing a package.

Type: str

architecture¶

The CPU architecture for which packages in this distribution channel were built.

Type: grafeas.grafeas_v1.types.Architecture

latest_version¶

The latest available version of this package in this distribution channel.

Type: grafeas.grafeas_v1.types.Version

maintainer¶

A freeform string denoting the maintainer of this package.

Type: str

url¶

The distribution channel-specific homepage for this package.

Type: str

description¶

The distribution channel-specific description of this package.

Type: str

class grafeas.grafeas_v1.types.Envelope(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.

payload¶

Type: bytes

payload_type¶

Type: str

signatures¶

Type: MutableSequence[grafeas.grafeas_v1.types.EnvelopeSignature]

class grafeas.grafeas_v1.types.EnvelopeSignature(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

sig¶

Type: bytes

keyid¶

Type: str

class grafeas.grafeas_v1.types.FileHashes(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

file_hash¶

Required. Collection of file hashes.

Type: MutableSequence[grafeas.grafeas_v1.types.Hash]

class grafeas.grafeas_v1.types.FileLocation(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Indicates the location at which a package was found.

file_path¶

For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

Type: str

layer_details¶

Each package found in a file should have its own layer metadata (that is, information from the origin layer of the package).

Type: grafeas.grafeas_v1.types.LayerDetails

class grafeas.grafeas_v1.types.Fingerprint(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A set of properties that uniquely identify a given Docker image.

v1_name¶

Required. The layer ID of the final layer in the Docker image’s v1 representation.

Type: str

v2_blob¶

Required. The ordered list of v2 blobs that represent a given image.

Type: MutableSequence[str]

v2_name¶

Output only. The name of the image’s v2 blobs computed via: [bottom] := v2_blob[bottom] [N] := sha256(v2_blob[N] + ” ” + v2_name[N+1]) Only the name of the final blob is kept.

Type: str

class grafeas.grafeas_v1.types.GerritSourceContext(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A SourceContext referring to a Gerrit project.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

host_uri¶

The URI of a running Gerrit instance.

Type: str

gerrit_project¶

The full project name within the host. Projects may be nested, so “project/subproject” is a valid project name. The “repo name” is the hostURI/project.

Type: str

revision_id¶

A revision (commit) ID.

This field is a member of oneof revision.

Type: str

alias_context¶

An alias, which may be a branch or tag.

This field is a member of oneof revision.

Type: grafeas.grafeas_v1.types.AliasContext

class grafeas.grafeas_v1.types.GetNoteRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to get a note.

name¶

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Type: str

class grafeas.grafeas_v1.types.GetOccurrenceNoteRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to get the note to which the specified occurrence is attached.

name¶

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

Type: str

class grafeas.grafeas_v1.types.GetOccurrenceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to get an occurrence.

name¶

The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID].

Type: str

class grafeas.grafeas_v1.types.GitSourceContext(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

url¶

Git repository URL.

Type: str

revision_id¶

Git commit hash.

Type: str

class grafeas.grafeas_v1.types.Hash(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Container message for hash values.

type_¶

Required. The type of hash that was performed, e.g. “SHA-256”.

Type: str

value¶

Required. The hash value.

Type: bytes

class grafeas.grafeas_v1.types.ImageNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.

resource_url¶

Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.

Type: str

fingerprint¶

Required. Immutable. The fingerprint of the base image.

Type: grafeas.grafeas_v1.types.Fingerprint

class grafeas.grafeas_v1.types.ImageOccurrence(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.

fingerprint¶

Required. The fingerprint of the derived image.

Type: grafeas.grafeas_v1.types.Fingerprint

distance¶

Output only. The number of layers by which this image differs from the associated image basis.

Type: int

layer_info¶

This contains layer-specific metadata, if populated it has length “distance” and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.

Type: MutableSequence[grafeas.grafeas_v1.types.Layer]

base_resource_url¶

Output only. This contains the base image URL for the derived image occurrence.

Type: str

class grafeas.grafeas_v1.types.InTotoProvenance(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

builder_config¶

required

Type: grafeas.grafeas_v1.types.BuilderConfig

recipe¶

Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).

Type: grafeas.grafeas_v1.types.Recipe

metadata¶

Type: grafeas.grafeas_v1.types.Metadata

materials¶

The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.

Type: MutableSequence[str]

class grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

type_¶

InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement

Type: str

subject¶

Type: MutableSequence[grafeas.grafeas_v1.types.Subject]

predicate_type¶

Type: str

predicate¶

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.SlsaProvenanceV1

class BuildDefinition(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

build_type¶

Type: str

external_parameters¶

Type: google.protobuf.struct_pb2.Struct

internal_parameters¶

Type: google.protobuf.struct_pb2.Struct

resolved_dependencies¶

Type: MutableSequence[grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.ResourceDescriptor]

class BuildMetadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

invocation_id¶

Type: str

started_on¶

Type: google.protobuf.timestamp_pb2.Timestamp

finished_on¶

Type: google.protobuf.timestamp_pb2.Timestamp

class ProvenanceBuilder(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

id¶

Type: str

version¶

Type: MutableMapping[str, str]

builder_dependencies¶

Type: MutableSequence[grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.ResourceDescriptor]

class VersionEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶: Bases: proto.message.Message

class ResourceDescriptor(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

name¶

Type: str

uri¶

Type: str

digest¶

Type: MutableMapping[str, str]

content¶

Type: bytes

download_location¶

Type: str

media_type¶

Type: str

annotations¶

Type: MutableMapping[str, google.protobuf.struct_pb2.Value]

class AnnotationsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶: Bases: proto.message.Message

class DigestEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶: Bases: proto.message.Message

class RunDetails(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

builder¶

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.ProvenanceBuilder

metadata¶

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.BuildMetadata

byproducts¶

Type: MutableSequence[grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.ResourceDescriptor]

class SlsaProvenanceV1(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.

build_definition¶

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.BuildDefinition

run_details¶

Type: grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1.RunDetails

class grafeas.grafeas_v1.types.InTotoStatement(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always “application/vnd.in-toto+json”.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

type_¶

Always https://in-toto.io/Statement/v0.1.

Type: str

subject¶

Type: MutableSequence[grafeas.grafeas_v1.types.Subject]

predicate_type¶

https://slsa.dev/provenance/v0.1 for SlsaProvenance.

Type: str

provenance¶

This field is a member of oneof predicate.

Type: grafeas.grafeas_v1.types.InTotoProvenance

slsa_provenance¶

This field is a member of oneof predicate.

Type: grafeas.grafeas_v1.types.SlsaProvenance

slsa_provenance_zero_two¶

This field is a member of oneof predicate.

Type: grafeas.grafeas_v1.types.SlsaProvenanceZeroTwo

class grafeas.grafeas_v1.types.Jwt(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

compact_jwt¶

The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see:

https://tools.ietf.org/html/rfc7515.html#section-3.1

Type: str

class grafeas.grafeas_v1.types.Layer(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Layer holds metadata specific to a layer of a Docker image.

directive¶

Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.

Type: str

arguments¶

The recovered arguments to the Dockerfile directive.

Type: str

class grafeas.grafeas_v1.types.LayerDetails(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Details about the layer a package was found in.

index¶

The index of the layer in the container image.

Type: int

diff_id¶

The diff ID (typically a sha256 hash) of the layer in the container image.

Type: str

chain_id¶

The layer chain ID (sha256 hash) of the layer in the container image. https://github.com/opencontainers/image-spec/blob/main/config.md#layer-chainid

Type: str

command¶

The layer build command that was used to build the layer. This may not be found in all layers depending on how the container image is built.

Type: str

base_images¶

The base images the layer is found within.

Type: MutableSequence[grafeas.grafeas_v1.types.BaseImage]

class grafeas.grafeas_v1.types.License(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

License information.

expression¶

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: “LGPL-2.1-only OR MIT”, “LGPL-2.1-only AND MIT”, “GPL-2.0-or-later WITH Bison-exception-2.2”.

Type: str

comments¶

Comments

Type: str

class grafeas.grafeas_v1.types.ListNoteOccurrencesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to list occurrences for a note.

name¶

The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Type: str

filter¶

The filter expression.

Type: str

page_size¶

Number of occurrences to return in the list.

Type: int

page_token¶

Token to provide to skip to a particular spot in the list.

Type: str

class grafeas.grafeas_v1.types.ListNoteOccurrencesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Response for listing occurrences for a note.

occurrences¶

The occurrences attached to the specified note.

Type: MutableSequence[grafeas.grafeas_v1.types.Occurrence]

next_page_token¶

Token to provide to skip to a particular spot in the list.

Type: str

class grafeas.grafeas_v1.types.ListNotesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to list notes.

parent¶

The name of the project to list notes for in the form of projects/[PROJECT_ID].

Type: str

filter¶

The filter expression.

Type: str

page_size¶

Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

Type: int

page_token¶

Token to provide to skip to a particular spot in the list.

Type: str

class grafeas.grafeas_v1.types.ListNotesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Response for listing notes.

notes¶

The notes requested.

Type: MutableSequence[grafeas.grafeas_v1.types.Note]

next_page_token¶

The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

Type: str

class grafeas.grafeas_v1.types.ListOccurrencesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Request to list occurrences.

parent¶

The name of the project to list occurrences for in the form of projects/[PROJECT_ID].

Type: str

filter¶

The filter expression.

Type: str

page_size¶

Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.

Type: int

page_token¶

Token to provide to skip to a particular spot in the list.

Type: str

class grafeas.grafeas_v1.types.ListOccurrencesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Response for listing occurrences.

occurrences¶

The occurrences requested.

Type: MutableSequence[grafeas.grafeas_v1.types.Occurrence]

next_page_token¶

The next pagination token in the list response. It should be used as page_token for the following request. An empty value means no more results.

Type: str

class grafeas.grafeas_v1.types.Location(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

An occurrence of a particular package installation found within a system’s filesystem. E.g., glibc was found in /var/lib/dpkg/status.

cpe_uri¶

Deprecated. The CPE URI in CPE format

Type: str

version¶

Deprecated. The version installed at this location.

Type: grafeas.grafeas_v1.types.Version

path¶

The path from which we gathered that this package/version is installed.

Type: str

class grafeas.grafeas_v1.types.Metadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Other properties of the build.

build_invocation_id¶

Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.

Type: str

build_started_on¶

The timestamp of when the build started.

Type: google.protobuf.timestamp_pb2.Timestamp

build_finished_on¶

The timestamp of when the build completed.

Type: google.protobuf.timestamp_pb2.Timestamp

completeness¶

Indicates that the builder claims certain fields in this message to be complete.

Type: grafeas.grafeas_v1.types.Completeness

reproducible¶

If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.

Type: bool

class grafeas.grafeas_v1.types.NonCompliantFile(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

Details about files that caused a compliance check to fail.

path¶

Empty if display_command is set.

Type: str

display_command¶

Command to display the non-compliant files.

Type: str

reason¶

Explains why a file is non compliant for a CIS check.

Type: str

class grafeas.grafeas_v1.types.Note(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶

Bases: proto.message.Message

A type of analysis that can be done for a resource.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

name¶

Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Type: str

short_description¶

A one sentence description of this note.

Type: str

long_description¶

A detailed description of this note.

Type: str

kind¶

Output only. The type of analysis. This field can be used as a filter in list requests.

Type: grafeas.grafeas_v1.types.NoteKind

related_url¶

URLs associated with this note.

Type: MutableSequence[grafeas.grafeas_v1.types.RelatedUrl]

expiration_time¶

Time of expiration for this note. Empty if note does not expire.

Type: google.protobuf.timestamp_pb2.Timestamp

create_time¶

Output only. The time this note was created. This field can be used as a filter in list requests.

Type: google.protobuf.timestamp_pb2.Timestamp

update_time¶

Output only. The time this note was last updated. This field can be used as a filter in list requests.

Type: google.protobuf.timestamp_pb2.Timestamp

related_note_names¶

Other notes related to this note.

Type: MutableSequence[str]

vulnerability¶

A note describing a package vulnerability.