Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ VulnerabilityCheck

Returns a new instance of VulnerabilityCheck.



1467
1468
1469
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1467

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allowed_cvesArray<String>

Optional. A list of specific CVEs to ignore even if the vulnerability level violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e. g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/CUSTOM- PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property allowedCves

Returns:

  • (Array<String>) 


1432
1433
1434
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1432

def allowed_cves
  @allowed_cves
end

#blocked_cvesArray<String>

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will block vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021- 20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property blockedCves

Returns:

  • (Array<String>) 


1443
1444
1445
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1443

def blocked_cves
  @blocked_cves
end

#container_analysis_vulnerability_projectsArray<String>

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of projects/[ PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Corresponds to the JSON property containerAnalysisVulnerabilityProjects

Returns:

  • (Array<String>) 


1453
1454
1455
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1453

def container_analysis_vulnerability_projects
  @container_analysis_vulnerability_projects
end

#maximum_fixable_severityString

Required. The threshold for severity for which a fix is currently available. This field is required and must be set. Corresponds to the JSON property maximumFixableSeverity

Returns:

  • (String) 


1459
1460
1461
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1459

def maximum_fixable_severity
  @maximum_fixable_severity
end

#maximum_unfixable_severityString

Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set. Corresponds to the JSON property maximumUnfixableSeverity

Returns:

  • (String) 


1465
1466
1467
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1465

def maximum_unfixable_severity
  @maximum_unfixable_severity
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1472
1473
1474
1475
1476
1477
1478
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1472

def update!(**args)
  @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves)
  @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves)
  @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects)
  @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity)
  @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity)
end