Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ VulnerabilityCheck

Returns a new instance of VulnerabilityCheck.



1488
1489
1490
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1488

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allowed_cvesArray<String>

Optional. A list of specific CVEs to ignore even if the vulnerability level violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021- 20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/ CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property allowedCves

Returns:

  • (Array<String>) 


1453
1454
1455
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1453

def allowed_cves
  @allowed_cves
end

#blocked_cvesArray<String>

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021- 20305 will block vulnerabilities with a note name of either projects/goog- vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property blockedCves

Returns:

  • (Array<String>) 


1464
1465
1466
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1464

def blocked_cves
  @blocked_cves
end

#container_analysis_vulnerability_projectsArray<String>

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of projects/[ PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Corresponds to the JSON property containerAnalysisVulnerabilityProjects

Returns:

  • (Array<String>) 


1474
1475
1476
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1474

def container_analysis_vulnerability_projects
  @container_analysis_vulnerability_projects
end

#maximum_fixable_severityString

Required. The threshold for severity for which a fix is currently available. This field is required and must be set. Corresponds to the JSON property maximumFixableSeverity

Returns:

  • (String) 


1480
1481
1482
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1480

def maximum_fixable_severity
  @maximum_fixable_severity
end

#maximum_unfixable_severityString

Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set. Corresponds to the JSON property maximumUnfixableSeverity

Returns:

  • (String) 


1486
1487
1488
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1486

def maximum_unfixable_severity
  @maximum_unfixable_severity
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1493
1494
1495
1496
1497
1498
1499
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1493

def update!(**args)
  @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves)
  @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves)
  @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects)
  @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity)
  @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity)
end