Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck
- Inherits:
-
Object
- Object
- Google::Apis::BinaryauthorizationV1::VulnerabilityCheck
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb
Overview
An image vulnerability check, which rejects images that violate the configured vulnerability rules.
Instance Attribute Summary collapse
-
#allowed_cves ⇒ Array<String>
Optional.
-
#blocked_cves ⇒ Array<String>
Optional.
-
#container_analysis_vulnerability_projects ⇒ Array<String>
Optional.
-
#maximum_fixable_severity ⇒ String
Required.
-
#maximum_unfixable_severity ⇒ String
Required.
Instance Method Summary collapse
-
#initialize(**args) ⇒ VulnerabilityCheck
constructor
A new instance of VulnerabilityCheck.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ VulnerabilityCheck
Returns a new instance of VulnerabilityCheck.
1908 1909 1910 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1908 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allowed_cves ⇒ Array<String>
Optional. A list of specific CVEs to ignore even if the vulnerability level
violates maximumUnfixableSeverity
or maximumFixableSeverity
. CVEs are
listed in the format of Container Analysis note id. For example: - CVE-2021-
20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
project, e.g., an entry of CVE-2021-20305
will allow vulnerabilities with a
note name of either projects/goog-vulnz/notes/CVE-2021-20305
or projects/
CUSTOM-PROJECT/notes/CVE-2021-20305
.
Corresponds to the JSON property allowedCves
1871 1872 1873 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1871 def allowed_cves @allowed_cves end |
#blocked_cves ⇒ Array<String>
Optional. A list of specific CVEs to always raise warnings about even if the
vulnerability level meets maximumUnfixableSeverity
or
maximumFixableSeverity
. CVEs are listed in the format of Container Analysis
note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are
applicable regardless of note provider project, e.g., an entry of CVE-2021-
20305
will block vulnerabilities with a note name of either projects/goog-
vulnz/notes/CVE-2021-20305
or projects/CUSTOM-PROJECT/notes/CVE-2021-20305
.
Corresponds to the JSON property blockedCves
1882 1883 1884 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1882 def blocked_cves @blocked_cves end |
#container_analysis_vulnerability_projects ⇒ Array<String>
Optional. The projects where vulnerabilities are stored as Container Analysis
Occurrences. Each project is expressed in the resource format of projects/[
PROJECT_ID]
, e.g., projects/my-gcp-project
. An attempt will be made for
each project to fetch vulnerabilities, and all valid vulnerabilities will be
used to check against the vulnerability policy. If no valid scan is found in
all projects configured here, an error will be returned for the check. Maximum
number of container_analysis_vulnerability_projects
allowed in each
VulnerabilityCheck
is 10.
Corresponds to the JSON property containerAnalysisVulnerabilityProjects
1894 1895 1896 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1894 def container_analysis_vulnerability_projects @container_analysis_vulnerability_projects end |
#maximum_fixable_severity ⇒ String
Required. The threshold for severity for which a fix is currently available.
This field is required and must be set.
Corresponds to the JSON property maximumFixableSeverity
1900 1901 1902 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1900 def maximum_fixable_severity @maximum_fixable_severity end |
#maximum_unfixable_severity ⇒ String
Required. The threshold for severity for which a fix isn't currently available.
This field is required and must be set.
Corresponds to the JSON property maximumUnfixableSeverity
1906 1907 1908 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1906 def maximum_unfixable_severity @maximum_unfixable_severity end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1913 1914 1915 1916 1917 1918 1919 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1913 def update!(**args) @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves) @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves) @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects) @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity) @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity) end |