Classes
AliasContext
An alias to a repo revision.
AliasContext.Types
Container for nested types declared in the AliasContext message type.
Artifact
Artifact describes a build product.
AttestationNote
Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one Authority
for "QA" and one for
"build". This note is intended to act strictly as a grouping mechanism for
the attached occurrences (Attestations). This grouping mechanism also
provides a security boundary, since IAM ACLs gate the ability for a principle
to attach an occurrence to a given note. It also provides a single point of
lookup to find all attached attestation occurrences, even if they don't all
live in the same project.
AttestationNote.Types
Container for nested types declared in the AttestationNote message type.
AttestationNote.Types.Hint
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
AttestationOccurrence
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.
BatchCreateNotesRequest
Request to create notes in batch.
BatchCreateNotesResponse
Response for creating notes in batch.
BatchCreateOccurrencesRequest
Request to create occurrences in batch.
BatchCreateOccurrencesResponse
Response for creating occurrences in batch.
BuildNote
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
BuildOccurrence
Details of a build occurrence.
BuildProvenance
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.
CloudRepoSourceContext
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
Command
Command describes a step performed as part of the build pipeline.
CreateNoteRequest
Request to create a new note.
CreateOccurrenceRequest
Request to create a new occurrence.
CVSSv3
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document
CVSSv3.Types
Container for nested types declared in the CVSSv3 message type.
DeleteNoteRequest
Request to delete a note.
DeleteOccurrenceRequest
Request to delete an occurrence.
DeploymentNote
An artifact that can be deployed in some runtime.
DeploymentOccurrence
The period during which some deployable was active in a runtime.
DeploymentOccurrence.Types
Container for nested types declared in the DeploymentOccurrence message type.
DiscoveryNote
A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A Discovery
occurrence is created in a
consumer's project at the start of analysis.
DiscoveryOccurrence
Provides information about the analysis status of a discovered resource.
DiscoveryOccurrence.Types
Container for nested types declared in the DiscoveryOccurrence message type.
Distribution
This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
FileHashes
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
Fingerprint
A set of properties that uniquely identify a given Docker image.
GerritSourceContext
A SourceContext referring to a Gerrit project.
GetNoteRequest
Request to get a note.
GetOccurrenceNoteRequest
Request to get the note to which the specified occurrence is attached.
GetOccurrenceRequest
Request to get an occurrence.
GitSourceContext
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
Grafeas
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.
Grafeas.GrafeasBase
Base class for server-side implementations of Grafeas
Grafeas.GrafeasClient
Client for Grafeas
GrafeasClient
Grafeas client wrapper, for convenient use.
GrafeasClientBuilder
Builder class for GrafeasClient to provide simple configuration of credentials, endpoint etc.
GrafeasClientImpl
Grafeas client wrapper implementation, for convenient use.
GrafeasSettings
Settings for GrafeasClient instances.
Hash
Container message for hash values.
ImageNote
Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.
ImageOccurrence
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.
Layer
Layer holds metadata specific to a layer of a Docker image.
ListNoteOccurrencesRequest
Request to list occurrences for a note.
ListNoteOccurrencesResponse
Response for listing occurrences for a note.
ListNotesRequest
Request to list notes.
ListNotesResponse
Response for listing notes.
ListOccurrencesRequest
Request to list occurrences.
ListOccurrencesResponse
Response for listing occurrences.
Location
An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in /var/lib/dpkg/status
.
Note
A type of analysis that can be done for a resource.
NoteName
Resource name for the Note
resource.
Occurrence
An instance of an analysis type that has been found on a resource.
OccurrenceName
Resource name for the Occurrence
resource.
PackageNote
This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.
PackageOccurrence
Details on how a particular software package was installed on a system.
ProjectName
Resource name for the Project
resource.
ProjectRepoId
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
RelatedUrl
Metadata for any related URL information.
RepoId
A unique identifier for a Cloud Repo.
Signature
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_id
is not recognized by the verifier. - The public key that
public_key_id
refers to does not verify the signature with respect to the payload.
The signature
contents SHOULD NOT be "attached" (where the payload is
included with the serialized signature
bytes). Verifiers MUST ignore any
"attached" payload and only verify signatures with respect to explicitly
provided payload (e.g. a payload
field on the proto message that holds
this Signature, or the canonical serialization of the proto message that
holds this signature).
Source
Source describes the location of the source used for the build.
SourceContext
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
UpdateNoteRequest
Request to update a note.
UpdateOccurrenceRequest
Request to update an occurrence.
UpgradeDistribution
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
UpgradeNote
An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.
UpgradeOccurrence
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.
Version
Version contains structured information about the version of a package.
Version.Types
Container for nested types declared in the Version message type.
VulnerabilityNote
A security vulnerability that can be found in resources.
VulnerabilityNote.Types
Container for nested types declared in the VulnerabilityNote message type.
VulnerabilityNote.Types.Detail
A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
VulnerabilityNote.Types.WindowsDetail
VulnerabilityNote.Types.WindowsDetail.Types
Container for nested types declared in the WindowsDetail message type.
VulnerabilityNote.Types.WindowsDetail.Types.KnowledgeBase
VulnerabilityOccurrence
An occurrence of a severity vulnerability on a resource.
VulnerabilityOccurrence.Types
Container for nested types declared in the VulnerabilityOccurrence message type.
VulnerabilityOccurrence.Types.PackageIssue
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
WindowsUpdate
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
WindowsUpdate.Types
Container for nested types declared in the WindowsUpdate message type.
WindowsUpdate.Types.Category
The category to which the update belongs.
WindowsUpdate.Types.Identity
The unique identifier of the update.
Enums
AliasContext.Types.Kind
The type of an alias.
Architecture
Instruction set architectures supported by various package managers.
CloudRepoSourceContext.RevisionOneofCase
Enum of possible cases for the "revision" oneof.
CVSSv3.Types.AttackComplexity
CVSSv3.Types.AttackVector
CVSSv3.Types.Impact
CVSSv3.Types.PrivilegesRequired
CVSSv3.Types.Scope
CVSSv3.Types.UserInteraction
DeploymentOccurrence.Types.Platform
Types of platforms.
DiscoveryOccurrence.Types.AnalysisStatus
Analysis status for a resource. Currently for initial analysis only (not updated in continuous analysis).
DiscoveryOccurrence.Types.ContinuousAnalysis
Whether the resource is continuously analyzed.
GerritSourceContext.RevisionOneofCase
Enum of possible cases for the "revision" oneof.
Note.TypeOneofCase
Enum of possible cases for the "type" oneof.
NoteKind
Kind represents the kinds of notes supported.
NoteName.ResourceNameType
The possible contents of NoteName.
Occurrence.DetailsOneofCase
Enum of possible cases for the "details" oneof.
OccurrenceName.ResourceNameType
The possible contents of OccurrenceName.
ProjectName.ResourceNameType
The possible contents of ProjectName.
RepoId.IdOneofCase
Enum of possible cases for the "id" oneof.
Severity
Note provider assigned severity/impact ranking.
SourceContext.ContextOneofCase
Enum of possible cases for the "context" oneof.
Version.Types.VersionKind
Whether this is an ordinary package version or a sentinel MIN/MAX version.