Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ VulnerabilityCheck

Returns a new instance of VulnerabilityCheck.



1472
1473
1474
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1472

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allowed_cvesArray<String>

Optional. A list of specific CVEs to ignore even if the vulnerability level violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021- 20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/ CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property allowedCves

Returns:

  • (Array<String>) 


1437
1438
1439
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1437

def allowed_cves
  @allowed_cves
end

#blocked_cvesArray<String>

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021- 20305 will block vulnerabilities with a note name of either projects/goog- vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property blockedCves

Returns:

  • (Array<String>) 


1448
1449
1450
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1448

def blocked_cves
  @blocked_cves
end

#container_analysis_vulnerability_projectsArray<String>

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of projects/[ PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Corresponds to the JSON property containerAnalysisVulnerabilityProjects

Returns:

  • (Array<String>) 


1458
1459
1460
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1458

def container_analysis_vulnerability_projects
  @container_analysis_vulnerability_projects
end

#maximum_fixable_severityString

Required. The threshold for severity for which a fix is currently available. This field is required and must be set. Corresponds to the JSON property maximumFixableSeverity

Returns:

  • (String) 


1464
1465
1466
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1464

def maximum_fixable_severity
  @maximum_fixable_severity
end

#maximum_unfixable_severityString

Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set. Corresponds to the JSON property maximumUnfixableSeverity

Returns:

  • (String) 


1470
1471
1472
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1470

def maximum_unfixable_severity
  @maximum_unfixable_severity
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1477
1478
1479
1480
1481
1482
1483
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1477

def update!(**args)
  @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves)
  @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves)
  @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects)
  @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity)
  @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity)
end