Class: Google::Apis::BinaryauthorizationV1::VulnerabilityCheck

Inherits:

Object

• Object
• Google::Apis::BinaryauthorizationV1::VulnerabilityCheck

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

Instance Attribute Summary

• #allowed_cves ⇒ Array<String>

  Optional.

• #blocked_cves ⇒ Array<String>

  Optional.

• #container_analysis_vulnerability_projects ⇒ Array<String>

  Optional.

• #maximum_fixable_severity ⇒ String

  Required.

• #maximum_unfixable_severity ⇒ String

  Required.

Instance Method Summary

• #initialize(**args) ⇒ VulnerabilityCheck constructor

  A new instance of VulnerabilityCheck.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ VulnerabilityCheck

Returns a new instance of VulnerabilityCheck.

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1915

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allowed_cves ⇒ Array<String>

Optional. A list of specific CVEs to ignore even if the vulnerability level violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021- 20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/ CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property allowedCves

Returns:

• (Array<String>)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1878

def allowed_cves
  @allowed_cves
end

#blocked_cves ⇒ Array<String>

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021- 20305 will block vulnerabilities with a note name of either projects/goog- vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305. Corresponds to the JSON property blockedCves

Returns:

• (Array<String>)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1889

def blocked_cves
  @blocked_cves
end

#container_analysis_vulnerability_projects ⇒ Array<String>

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of projects/[ PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Maximum number of container_analysis_vulnerability_projects allowed in each VulnerabilityCheck is 10. Corresponds to the JSON property containerAnalysisVulnerabilityProjects

Returns:

• (Array<String>)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1901

def container_analysis_vulnerability_projects
  @container_analysis_vulnerability_projects
end

#maximum_fixable_severity ⇒ String

Required. The threshold for severity for which a fix is currently available. This field is required and must be set. Corresponds to the JSON property maximumFixableSeverity

Returns:

• (String)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1907

def maximum_fixable_severity
  @maximum_fixable_severity
end

#maximum_unfixable_severity ⇒ String

Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set. Corresponds to the JSON property maximumUnfixableSeverity

Returns:

• (String)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1913

def maximum_unfixable_severity
  @maximum_unfixable_severity
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1920

def update!(**args)
  @allowed_cves = args[:allowed_cves] if args.key?(:allowed_cves)
  @blocked_cves = args[:blocked_cves] if args.key?(:blocked_cves)
  @container_analysis_vulnerability_projects = args[:container_analysis_vulnerability_projects] if args.key?(:container_analysis_vulnerability_projects)
  @maximum_fixable_severity = args[:maximum_fixable_severity] if args.key?(:maximum_fixable_severity)
  @maximum_unfixable_severity = args[:maximum_unfixable_severity] if args.key?(:maximum_unfixable_severity)
end