Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck
- Inherits:
-
Object
- Object
- Google::Apis::BinaryauthorizationV1::VulnerabilityCheck
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb
Overview
An image vulnerability check, which rejects images that violate the configured vulnerability rules.
Instance Attribute Summary collapse
-
#allowed_cves ⇒ Array<String>
Optional.
-
#blocked_cves ⇒ Array<String>
Optional.
-
#container_analysis_vulnerability_projects ⇒ Array<String>
Optional.
-
#maximum_fixable_severity ⇒ String
Required.
-
#maximum_unfixable_severity ⇒ String
Required.
Instance Method Summary collapse
-
#initialize(**args) ⇒ VulnerabilityCheck
constructor
A new instance of VulnerabilityCheck.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ VulnerabilityCheck
Returns a new instance of VulnerabilityCheck.
1619 1620 1621 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1619 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allowed_cves ⇒ Array<String>
Optional. A list of specific CVEs to ignore even if the vulnerability level
violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are
listed in the format of Container Analysis note id. For example: - CVE-2021-
20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a
note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/
CUSTOM-PROJECT/notes/CVE-2021-20305.
Corresponds to the JSON property allowedCves
1582 1583 1584 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1582 def allowed_cves @allowed_cves end |
#blocked_cves ⇒ Array<String>
Optional. A list of specific CVEs to always raise warnings about even if the
vulnerability level meets maximumUnfixableSeverity or
maximumFixableSeverity. CVEs are listed in the format of Container Analysis
note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are
applicable regardless of note provider project, e.g., an entry of CVE-2021-
20305 will block vulnerabilities with a note name of either projects/goog-
vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305.
Corresponds to the JSON property blockedCves
1593 1594 1595 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1593 def blocked_cves @blocked_cves end |
#container_analysis_vulnerability_projects ⇒ Array<String>
Optional. The projects where vulnerabilities are stored as Container Analysis
Occurrences. Each project is expressed in the resource format of projects/[
PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for
each project to fetch vulnerabilities, and all valid vulnerabilities will be
used to check against the vulnerability policy. If no valid scan is found in
all projects configured here, an error will be returned for the check. Maximum
number of container_analysis_vulnerability_projects allowed in each
VulnerabilityCheck is 10.
Corresponds to the JSON property containerAnalysisVulnerabilityProjects
1605 1606 1607 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1605 def container_analysis_vulnerability_projects @container_analysis_vulnerability_projects end |
#maximum_fixable_severity ⇒ String
Required. The threshold for severity for which a fix is currently available.
This field is required and must be set.
Corresponds to the JSON property maximumFixableSeverity
1611 1612 1613 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1611 def maximum_fixable_severity @maximum_fixable_severity end |
#maximum_unfixable_severity ⇒ String
Required. The threshold for severity for which a fix isn't currently available.
This field is required and must be set.
Corresponds to the JSON property maximumUnfixableSeverity
1617 1618 1619 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1617 def maximum_unfixable_severity @maximum_unfixable_severity end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1624 1625 1626 1627 1628 1629 1630 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1624 def update!(**args) @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves) @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves) @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects) @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity) @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity) end |