suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Synchronize new proto/yaml changes. 

PiperOrigin-RevId: 248194918
This commit is contained in:
Google APIs 2019-05-14 12:59:56 -07:00 committed by Copybara-Service
parent eb26914666
commit 329c297921
14 changed files with 2185 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
grafeas/artman_grafeas_v1.yaml Normal file
View File

@ -0,0 +1,56 @@
common:
api_name: grafeas
api_version: v1
organization_name: google-cloud
proto_deps:
- name: google-common-protos
- name: google-iam-v1
src_proto_paths:
- v1
service_yaml: grafeas_v1.yaml
gapic_yaml: v1/grafeas_gapic.yaml
artifacts:
- name: gapic_config
type: GAPIC_CONFIG
- name: java_gapic
type: GAPIC
language: JAVA
publish_targets:
- name: staging
type: GITHUB
location: git@github.com:googleapis/api-client-staging.git
directory_mappings:
- dest: generated/java/gapic-google-cloud-grafeas-v1
- name: grpc
dest: generated/java/grpc-google-cloud-grafeas-v1
- name: proto
dest: generated/java/proto-google-cloud-grafeas-v1
- name: java
type: GITHUB
location: git@github.com:GoogleCloudPlatform/google-cloud-java.git
directory_mappings:
- dest: google-cloud-grafeas
- name: python_gapic
type: GAPIC
language: PYTHON
- name: nodejs_gapic
type: GAPIC
language: NODEJS
- name: php_gapic
type: GAPIC
language: PHP
publish_targets:
- name: staging
type: GITHUB
location: git@github.com:googleapis/api-client-staging.git
directory_mappings:
- dest: generated/php/google-cloud-grafeas-v1
- name: go_gapic
type: GAPIC
language: GO
- name: ruby_gapic
type: GAPIC
language: RUBY
- name: csharp_gapic
type: GAPIC
language: CSHARP

53
grafeas/grafeas_v1.yaml Normal file
View File

@ -0,0 +1,53 @@
type: google.api.Service
config_version: 3
name: containeranalysis.googleapis.com
title: Container Analysis API
apis:
- name: grafeas.v1.Grafeas
documentation:
summary: |-
An implementation of the Grafeas API, which stores, and enables querying and
retrieval of critical metadata about all of your software artifacts.
overview: |-
The Container Analysis API allows you to store and retrieve metadata for a
container resource.
backend:
rules:
- selector: grafeas.v1.Grafeas.GetOccurrence
deadline: 30.0
- selector: grafeas.v1.Grafeas.ListOccurrences
deadline: 30.0
- selector: grafeas.v1.Grafeas.DeleteOccurrence
deadline: 30.0
- selector: grafeas.v1.Grafeas.CreateOccurrence
deadline: 30.0
- selector: grafeas.v1.Grafeas.BatchCreateOccurrences
deadline: 30.0
- selector: grafeas.v1.Grafeas.UpdateOccurrence
deadline: 30.0
- selector: grafeas.v1.Grafeas.GetOccurrenceNote
deadline: 30.0
- selector: grafeas.v1.Grafeas.GetNote
deadline: 30.0
- selector: grafeas.v1.Grafeas.ListNotes
deadline: 30.0
- selector: grafeas.v1.Grafeas.DeleteNote
deadline: 30.0
- selector: grafeas.v1.Grafeas.CreateNote
deadline: 30.0
- selector: grafeas.v1.Grafeas.BatchCreateNotes
deadline: 30.0
- selector: grafeas.v1.Grafeas.UpdateNote
deadline: 30.0
- selector: grafeas.v1.Grafeas.ListNoteOccurrences
deadline: 30.0
authentication:
rules:
- selector: '*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform

73
grafeas/v1/attestation.proto Normal file
View File

@ -0,0 +1,73 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "grafeas/v1/common.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// An attestation wrapper with a PGP-compatible signature. This message only
// supports `ATTACHED` signatures, where the payload that is signed is included
// alongside the signature itself in the same file.
// Note kind that represents a logical attestation "role" or "authority". For
// example, an organization might have one `Authority` for "QA" and one for
// "build". This note is intended to act strictly as a grouping mechanism for
// the attached occurrences (Attestations). This grouping mechanism also
// provides a security boundary, since IAM ACLs gate the ability for a principle
// to attach an occurrence to a given note. It also provides a single point of
// lookup to find all attached attestation occurrences, even if they don't all
// live in the same project.
message AttestationNote {
// This submessage provides human-readable hints about the purpose of the
// authority. Because the name of a note acts as its resource reference, it is
// important to disambiguate the canonical name of the Note (which might be a
// UUID for security purposes) from "readable" names more suitable for debug
// output. Note that these hints should not be used to look up authorities in
// security sensitive contexts, such as when looking up attestations to
// verify.
message Hint {
// Required. The human readable name of this attestation authority, for
// example "qa".
string human_readable_name = 1;
}
// Hint hints at the purpose of the attestation authority.
Hint hint = 1;
}
// Occurrence that represents a single "attestation". The authenticity of an
// attestation can be verified using the attached signature. If the verifier
// trusts the public key of the signer, then verifying the signature is
// sufficient to establish trust. In this circumstance, the authority to which
// this attestation is attached is primarily useful for lookup (how to find
// this attestation if you already know the authority and artifact to be
// verified) and intent (for which authority this attestation was intended to
// sign.
message AttestationOccurrence {
// Required. The serialized payload that is verified by one or more
// `signatures`.
bytes serialized_payload = 1;
// One or more signatures over `serialized_payload`. Verifier implementations
// should consider this attestation message verified if at least one
// `signature` verifies `serialized_payload`. See `Signature` in common.proto
// for more details on signature structure and verification.
repeated Signature signatures = 2;
}

96
grafeas/v1/build.proto Normal file
View File

@ -0,0 +1,96 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "grafeas/v1/provenance.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Note holding the version of the provider's builder and the signature of the
// provenance message in the build details occurrence.
message BuildNote {
// Required. Immutable. Version of the builder which produced this build.
string builder_version = 1;
// Signature of the build in occurrences pointing to this build note
// containing build details.
BuildSignature signature = 2;
}
// Message encapsulating the signature of the verified build.
message BuildSignature {
// Public key of the builder which can be used to verify that the related
// findings are valid and unchanged. If `key_type` is empty, this defaults
// to PEM encoded public keys.
//
// This field may be empty if `key_id` references an external key.
//
// For Cloud Build based signatures, this is a PEM encoded public
// key. To verify the Cloud Build signature, place the contents of
// this field into a file (public.pem). The signature field is base64-decoded
// into its binary representation in signature.bin, and the provenance bytes
// from `BuildDetails` are base64-decoded into a binary representation in
// signed.bin. OpenSSL can then verify the signature:
// `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
string public_key = 1;
// Required. Signature of the related `BuildProvenance`. In JSON, this is
// base-64 encoded.
bytes signature = 2;
// An ID for the key used to sign. This could be either an ID for the key
// stored in `public_key` (such as the ID or fingerprint for a PGP key, or the
// CN for a cert), or a reference to an external key (such as a reference to a
// key in Cloud Key Management Service).
string key_id = 3;
// Public key formats.
enum KeyType {
// `KeyType` is not set.
KEY_TYPE_UNSPECIFIED = 0;
// `PGP ASCII Armored` public key.
PGP_ASCII_ARMORED = 1;
// `PKIX PEM` public key.
PKIX_PEM = 2;
}
// The type of the key, either stored in `public_key` or referenced in
// `key_id`.
KeyType key_type = 4;
}
// Details of a build occurrence.
message BuildOccurrence {
// Required. The actual provenance for the build.
grafeas.v1.BuildProvenance provenance = 1;
// Serialized JSON representation of the provenance, used in generating the
// build signature in the corresponding build note. After verifying the
// signature, `provenance_bytes` can be unmarshalled and compared to the
// provenance to confirm that it is unchanged. A base64-encoded string
// representation of the provenance bytes is used for the signature in order
// to interoperate with openssl which expects this format for signature
// verification.
//
// The serialized form is captured both to avoid ambiguity in how the
// provenance is marshalled to json as well to prevent incompatibilities with
// future changes.
string provenance_bytes = 2;
}

101
grafeas/v1/common.proto Normal file
View File

@ -0,0 +1,101 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Kind represents the kinds of notes supported.
enum NoteKind {
// Unknown.
NOTE_KIND_UNSPECIFIED = 0;
// The note and occurrence represent a package vulnerability.
VULNERABILITY = 1;
// The note and occurrence assert build provenance.
BUILD = 2;
// This represents an image basis relationship.
IMAGE = 3;
// This represents a package installed via a package manager.
PACKAGE = 4;
// The note and occurrence track deployment events.
DEPLOYMENT = 5;
// The note and occurrence track the initial discovery status of a resource.
DISCOVERY = 6;
// This represents a logical "role" that can attest to artifacts.
ATTESTATION = 7;
}
// Metadata for any related URL information.
message RelatedUrl {
// Specific URL associated with the resource.
string url = 1;
// Label to describe usage of the URL.
string label = 2;
}
// Verifiers (e.g. Kritis implementations) MUST verify signatures
// with respect to the trust anchors defined in policy (e.g. a Kritis policy).
// Typically this means that the verifier has been configured with a map from
// `public_key_id` to public key material (and any required parameters, e.g.
// signing algorithm).
//
// In particular, verification implementations MUST NOT treat the signature
// `public_key_id` as anything more than a key lookup hint. The `public_key_id`
// DOES NOT validate or authenticate a public key; it only provides a mechanism
// for quickly selecting a public key ALREADY CONFIGURED on the verifier through
// a trusted channel. Verification implementations MUST reject signatures in any
// of the following circumstances:
// * The `public_key_id` is not recognized by the verifier.
// * The public key that `public_key_id` refers to does not verify the
// signature with respect to the payload.
//
// The `signature` contents SHOULD NOT be "attached" (where the payload is
// included with the serialized `signature` bytes). Verifiers MUST ignore any
// "attached" payload and only verify signatures with respect to explicitly
// provided payload (e.g. a `payload` field on the proto message that holds
// this Signature, or the canonical serialization of the proto message that
// holds this signature).
message Signature {
// The content of the signature, an opaque bytestring.
// The payload that this signature verifies MUST be unambiguously provided
// with the Signature during verification. A wrapper message might provide
// the payload explicitly. Alternatively, a message might have a canonical
// serialization that can always be unambiguously computed to derive the
// payload.
bytes signature = 1;
// The identifier for the public key that verifies this signature.
// * The `public_key_id` is required.
// * The `public_key_id` MUST be an RFC3986 conformant URI.
// * When possible, the `public_key_id` SHOULD be an immutable reference,
// such as a cryptographic digest.
//
// Examples of valid `public_key_id`s:
//
// OpenPGP V4 public key fingerprint:
// * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
// See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
// details on this scheme.
//
// RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
// serialization):
// * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
// * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
}

85
grafeas/v1/cvss.proto Normal file
View File

@ -0,0 +1,85 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Common Vulnerability Scoring System version 3.
// For details, see https://www.first.org/cvss/specification-document
message CVSSv3 {
// The base score is a function of the base metric scores.
float base_score = 1;
float exploitability_score = 2;
float impact_score = 3;
// Base Metrics
// Represents the intrinsic characteristics of a vulnerability that are
// constant over time and across user environments.
AttackVector attack_vector = 5;
AttackComplexity attack_complexity = 6;
PrivilegesRequired privileges_required = 7;
UserInteraction user_interaction = 8;
Scope scope = 9;
Impact confidentiality_impact = 10;
Impact integrity_impact = 11;
Impact availability_impact = 12;
enum AttackVector {
ATTACK_VECTOR_UNSPECIFIED = 0;
ATTACK_VECTOR_NETWORK = 1;
ATTACK_VECTOR_ADJACENT = 2;
ATTACK_VECTOR_LOCAL = 3;
ATTACK_VECTOR_PHYSICAL = 4;
}
enum AttackComplexity {
ATTACK_COMPLEXITY_UNSPECIFIED = 0;
ATTACK_COMPLEXITY_LOW = 1;
ATTACK_COMPLEXITY_HIGH = 2;
}
enum PrivilegesRequired {
PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
PRIVILEGES_REQUIRED_NONE = 1;
PRIVILEGES_REQUIRED_LOW = 2;
PRIVILEGES_REQUIRED_HIGH = 3;
}
enum UserInteraction {
USER_INTERACTION_UNSPECIFIED = 0;
USER_INTERACTION_NONE = 1;
USER_INTERACTION_REQUIRED = 2;
}
enum Scope {
SCOPE_UNSPECIFIED = 0;
SCOPE_UNCHANGED = 1;
SCOPE_CHANGED = 2;
}
enum Impact {
IMPACT_UNSPECIFIED = 0;
IMPACT_HIGH = 1;
IMPACT_LOW = 2;
IMPACT_NONE = 3;
}
}

68
grafeas/v1/deployment.proto Normal file
View File

@ -0,0 +1,68 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// An artifact that can be deployed in some runtime.
message DeploymentNote {
// Required. Resource URI for the artifact being deployed.
repeated string resource_uri = 1;
}
// The period during which some deployable was active in a runtime.
message DeploymentOccurrence {
// Identity of the user that triggered this deployment.
string user_email = 1;
// Required. Beginning of the lifetime of this deployment.
google.protobuf.Timestamp deploy_time = 2;
// End of the lifetime of this deployment.
google.protobuf.Timestamp undeploy_time = 3;
// Configuration used to create this deployment.
string config = 4;
// Address of the runtime element hosting this deployment.
string address = 5;
// Output only. Resource URI for the artifact being deployed taken from
// the deployable field with the same name.
repeated string resource_uri = 6;
// Types of platforms.
enum Platform {
// Unknown.
PLATFORM_UNSPECIFIED = 0;
// Google Container Engine.
GKE = 1;
// Google App Engine: Flexible Environment.
FLEX = 2;
// Custom user-defined platform.
CUSTOM = 3;
}
// Platform hosting this deployment.
Platform platform = 7;
// next_id = 8;
}

76
grafeas/v1/discovery.proto Normal file
View File

@ -0,0 +1,76 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "google/rpc/status.proto";
import "grafeas/v1/common.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// A note that indicates a type of analysis a provider would perform. This note
// exists in a provider's project. A `Discovery` occurrence is created in a
// consumer's project at the start of analysis.
message DiscoveryNote {
// Required. Immutable. The kind of analysis that is handled by this
// discovery.
grafeas.v1.NoteKind analysis_kind = 1;
}
// Provides information about the analysis status of a discovered resource.
message DiscoveryOccurrence {
// Whether the resource is continuously analyzed.
enum ContinuousAnalysis {
// Unknown.
CONTINUOUS_ANALYSIS_UNSPECIFIED = 0;
// The resource is continuously analyzed.
ACTIVE = 1;
// The resource is ignored for continuous analysis.
INACTIVE = 2;
}
// Whether the resource is continuously analyzed.
ContinuousAnalysis continuous_analysis = 1;
// Analysis status for a resource. Currently for initial analysis only (not
// updated in continuous analysis).
enum AnalysisStatus {
// Unknown.
ANALYSIS_STATUS_UNSPECIFIED = 0;
// Resource is known but no action has been taken yet.
PENDING = 1;
// Resource is being analyzed.
SCANNING = 2;
// Analysis has finished successfully.
FINISHED_SUCCESS = 3;
// Analysis has finished unsuccessfully, the analysis itself is in a bad
// state.
FINISHED_FAILED = 4;
// The resource is known not to be supported
FINISHED_UNSUPPORTED = 5;
}
// The status of discovery for the resource.
AnalysisStatus analysis_status = 2;
// When an error is encountered this will contain a LocalizedMessage under
// details to show to the user. The LocalizedMessage is output only and
// populated by the API.
google.rpc.Status analysis_status_error = 3;
}

472
grafeas/v1/grafeas.proto Normal file
View File

@ -0,0 +1,472 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "google/api/annotations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "grafeas/v1/attestation.proto";
import "grafeas/v1/build.proto";
import "grafeas/v1/common.proto";
import "grafeas/v1/deployment.proto";
import "grafeas/v1/discovery.proto";
import "grafeas/v1/image.proto";
import "grafeas/v1/package.proto";
import "grafeas/v1/provenance.proto";
import "grafeas/v1/vulnerability.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// [Grafeas](grafeas.io) API.
//
// Retrieves analysis results of Cloud components such as Docker container
// images.
//
// Analysis results are stored as a series of occurrences. An `Occurrence`
// contains information about a specific analysis instance on a resource. An
// occurrence refers to a `Note`. A note contains details describing the
// analysis and is generally stored in a separate project, called a `Provider`.
// Multiple occurrences can refer to the same note.
//
// For example, an SSL vulnerability could affect multiple images. In this case,
// there would be one note for the vulnerability and an occurrence for each
// image with the vulnerability referring to that note.
service Grafeas {
// Gets the specified occurrence.
rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
get: "/v1/{name=projects/*/occurrences/*}"
};
}
// Lists occurrences for the specified project.
rpc ListOccurrences(ListOccurrencesRequest)
returns (ListOccurrencesResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*}/occurrences"
};
}
// Deletes the specified occurrence. For example, use this method to delete an
// occurrence when the occurrence is no longer applicable for the given
// resource.
rpc DeleteOccurrence(DeleteOccurrenceRequest)
returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=projects/*/occurrences/*}"
};
}
// Creates a new occurrence.
rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
post: "/v1/{parent=projects/*}/occurrences"
body: "occurrence"
};
}
// Creates new occurrences in batch.
rpc BatchCreateOccurrences(BatchCreateOccurrencesRequest)
returns (BatchCreateOccurrencesResponse) {
option (google.api.http) = {
post: "/v1/{parent=projects/*}/occurrences:batchCreate"
body: "*"
};
}
// Updates the specified occurrence.
rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
patch: "/v1/{name=projects/*/occurrences/*}"
body: "occurrence"
};
}
// Gets the note attached to the specified occurrence. Consumer projects can
// use this method to get a note that belongs to a provider project.
rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) {
option (google.api.http) = {
get: "/v1/{name=projects/*/occurrences/*}/notes"
};
}
// Gets the specified note.
rpc GetNote(GetNoteRequest) returns (Note) {
option (google.api.http) = {
get: "/v1/{name=projects/*/notes/*}"
};
}
// Lists notes for the specified project.
rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*}/notes"
};
}
// Deletes the specified note.
rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=projects/*/notes/*}"
};
}
// Creates a new note.
rpc CreateNote(CreateNoteRequest) returns (Note) {
option (google.api.http) = {
post: "/v1/{parent=projects/*}/notes"
body: "note"
};
}
// Creates new notes in batch.
rpc BatchCreateNotes(BatchCreateNotesRequest)
returns (BatchCreateNotesResponse) {
option (google.api.http) = {
post: "/v1/{parent=projects/*}/notes:batchCreate"
body: "*"
};
}
// Updates the specified note.
rpc UpdateNote(UpdateNoteRequest) returns (Note) {
option (google.api.http) = {
patch: "/v1/{name=projects/*/notes/*}"
body: "note"
};
}
// Lists occurrences referencing the specified note. Provider projects can use
// this method to get all occurrences across consumer projects referencing the
// specified note.
rpc ListNoteOccurrences(ListNoteOccurrencesRequest)
returns (ListNoteOccurrencesResponse) {
option (google.api.http) = {
get: "/v1/{name=projects/*/notes/*}/occurrences"
};
}
}
// An instance of an analysis type that has been found on a resource.
message Occurrence {
// Output only. The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
// Required. Immutable. The resource for which the occurrence applies.
Resource resource = 2;
// Required. Immutable. The analysis note associated with this occurrence, in
// the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be
// used as a filter in list requests.
string note_name = 3;
// Output only. This explicitly denotes which of the occurrence details are
// specified. This field can be used as a filter in list requests.
grafeas.v1.NoteKind kind = 4;
// A description of actions that can be taken to remedy the note.
string remediation = 5;
// Output only. The time this occurrence was created.
google.protobuf.Timestamp create_time = 6;
// Output only. The time this occurrence was last updated.
google.protobuf.Timestamp update_time = 7;
// Required. Immutable. Describes the details of the note kind found on this
// resource.
oneof details {
// Describes a security vulnerability.
grafeas.v1.VulnerabilityOccurrence vulnerability = 8;
// Describes a verifiable build.
grafeas.v1.BuildOccurrence build = 9;
// Describes how this resource derives from the basis in the associated
// note.
grafeas.v1.ImageOccurrence image = 10;
// Describes the installation of a package on the linked resource.
grafeas.v1.PackageOccurrence package = 11;
// Describes the deployment of an artifact on a runtime.
grafeas.v1.DeploymentOccurrence deployment = 12;
// Describes when a resource was discovered.
grafeas.v1.DiscoveryOccurrence discovery = 13;
// Describes an attestation of an artifact.
grafeas.v1.AttestationOccurrence attestation = 14;
}
// next_id = 15;
}
// An entity that can have metadata. For example, a Docker image.
message Resource {
// The name of the resource. For example, the name of a Docker image -
// "Debian".
string name = 1;
// Required. The unique URI of the resource. For example,
// `https://gcr.io/project/image@sha256:foo` for a Docker image.
string uri = 2;
// The hash of the resource content. For example, the Docker digest.
grafeas.v1.Hash content_hash = 3;
// next_id = 4;
}
// A type of analysis that can be done for a resource.
message Note {
// Output only. The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// A one sentence description of this note.
string short_description = 2;
// A detailed description of this note.
string long_description = 3;
// Output only. The type of analysis. This field can be used as a filter in
// list requests.
grafeas.v1.NoteKind kind = 4;
// URLs associated with this note.
repeated grafeas.v1.RelatedUrl related_url = 5;
// Time of expiration for this note. Empty if note does not expire.
google.protobuf.Timestamp expiration_time = 6;
// Output only. The time this note was created. This field can be used as a
// filter in list requests.
google.protobuf.Timestamp create_time = 7;
// Output only. The time this note was last updated. This field can be used as
// a filter in list requests.
google.protobuf.Timestamp update_time = 8;
// Other notes related to this note.
repeated string related_note_names = 9;
// Required. Immutable. The type of analysis this note represents.
oneof type {
// A note describing a package vulnerability.
grafeas.v1.VulnerabilityNote vulnerability = 10;
// A note describing build provenance for a verifiable build.
grafeas.v1.BuildNote build = 11;
// A note describing a base image.
grafeas.v1.ImageNote image = 12;
// A note describing a package hosted by various package managers.
grafeas.v1.PackageNote package = 13;
// A note describing something that can be deployed.
grafeas.v1.DeploymentNote deployment = 14;
// A note describing the initial analysis of a resource.
grafeas.v1.DiscoveryNote discovery = 15;
// A note describing an attestation role.
grafeas.v1.AttestationNote attestation = 16;
}
// next_id = 17;
}
// Request to get an occurrence.
message GetOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to list occurrences.
message ListOccurrencesRequest {
// The name of the project to list occurrences for in the form of
// `projects/[PROJECT_ID]`.
string parent = 1;
// The filter expression.
string filter = 2;
// Number of occurrences to return in the list. Must be positive. Max allowed
// page size is 1000. If not specified, page size defaults to 20.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
// next_id = 7;
}
// Response for listing occurrences.
message ListOccurrencesResponse {
// The occurrences requested.
repeated Occurrence occurrences = 1;
// The next pagination token in the list response. It should be used as
// `page_token` for the following request. An empty value means no more
// results.
string next_page_token = 2;
}
// Request to delete a occurrence.
message DeleteOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to create a new occurrence.
message CreateOccurrenceRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the occurrence is to be created.
string parent = 1;
// The occurrence to create.
Occurrence occurrence = 2;
}
// Request to update an occurrence.
message UpdateOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
// The updated occurrence.
Occurrence occurrence = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to get a note.
message GetNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
}
// Request to get the note to which the specified occurrence is attached.
message GetOccurrenceNoteRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to list notes.
message ListNotesRequest {
// The name of the project to list notes for in the form of
// `projects/[PROJECT_ID]`.
string parent = 1;
// The filter expression.
string filter = 2;
// Number of notes to return in the list. Must be positive. Max allowed page
// size is 1000. If not specified, page size defaults to 20.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response for listing notes.
message ListNotesResponse {
// The notes requested.
repeated Note notes = 1;
// The next pagination token in the list response. It should be used as
// `page_token` for the following request. An empty value means no more
// results.
string next_page_token = 2;
}
// Request to delete a note.
message DeleteNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
}
// Request to create a new note.
message CreateNoteRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the note is to be created.
string parent = 1;
// The ID to use for this note.
string note_id = 2;
// The note to create.
Note note = 3;
}
// Request to update a note.
message UpdateNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// The updated note.
Note note = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to list occurrences for a note.
message ListNoteOccurrencesRequest {
// The name of the note to list occurrences for in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// The filter expression.
string filter = 2;
// Number of occurrences to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response for listing occurrences for a note.
message ListNoteOccurrencesResponse {
// The occurrences attached to the specified note.
repeated Occurrence occurrences = 1;
// Token to provide to skip to a particular spot in the list.
string next_page_token = 2;
}
// Request to create notes in batch.
message BatchCreateNotesRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the notes are to be created.
string parent = 1;
// The notes to create. Max allowed length is 1000.
map<string, Note> notes = 2;
}
// Response for creating notes in batch.
message BatchCreateNotesResponse {
// The notes that were created.
repeated Note notes = 1;
}
// Request to create occurrences in batch.
message BatchCreateOccurrencesRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the occurrences are to be created.
string parent = 1;
// The occurrences to create. Max allowed length is 1000.
repeated Occurrence occurrences = 2;
}
// Response for creating occurrences in batch.
message BatchCreateOccurrencesResponse {
// The occurrences that were created.
repeated Occurrence occurrences = 1;
}

398
grafeas/v1/grafeas_gapic.yaml Normal file
View File

@ -0,0 +1,398 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 1.0.0
# The settings of generated code in a specific language.
language_settings:
java:
package_name: com.google.cloud.grafeas.v1
python:
package_name: google.cloud.grafeas_v1.gapic
go:
package_name: cloud.google.com/go/grafeas/apiv1
csharp:
package_name: Google.Cloud.Grafeas.V1
ruby:
package_name: Google::Cloud::Grafeas::V1
php:
package_name: Google\Cloud\Grafeas\V1
nodejs:
package_name: grafeas.v1
domain_layer_location: google-cloud
# A list of resource collection configurations.
# Consists of a name_pattern and an entity_name.
# The name_pattern is a pattern to describe the names of the resources of this
# collection, using the platform's conventions for URI patterns. A generator
# may use this to generate methods to compose and decompose such names. The
# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
# those will be taken as hints for the parameter names of the generated
# methods. If empty, no name methods are generated.
# The entity_name is the name to be used as a basis for generated methods and
# classes.
collections:
- name_pattern: projects/{project}
entity_name: project
language_overrides:
- language: csharp
common_resource_name: Google.Api.Gax.ResourceNames.ProjectName
- name_pattern: projects/{project}/notes/{note}
entity_name: note
language_overrides:
- language: csharp
common_resource_name: Grafeas.V1.NoteName
- name_pattern: projects/{project}/occurrences/{occurrence}
entity_name: occurrence
language_overrides:
- language: csharp
common_resource_name: Grafeas.V1.OccurrenceName
collection_oneofs:
- oneof_name: iam_resource_oneof
collection_names:
- note
- occurrence
# A list of API interface configurations.
interfaces:
# The fully qualified name of the API interface.
- name: grafeas.v1.Grafeas
# Definition for retryable codes.
retry_codes_def:
- name: idempotent
retry_codes:
- UNAVAILABLE
- DEADLINE_EXCEEDED
- name: non_idempotent
retry_codes: []
# Definition for retry/backoff parameters.
retry_params_def:
- name: default
initial_retry_delay_millis: 100
retry_delay_multiplier: 1.3
max_retry_delay_millis: 60000
initial_rpc_timeout_millis: 20000
rpc_timeout_multiplier: 1
max_rpc_timeout_millis: 20000
total_timeout_millis: 600000
# A list of method configurations.
# Common properties:
#
# name - The simple name of the method.
#
# flattening - Specifies the configuration for parameter flattening.
# Describes the parameter groups for which a generator should produce method
# overloads which allow a client to directly pass request message fields as
# method parameters. This information may or may not be used, depending on
# the target language.
# Consists of groups, which each represent a list of parameters to be
# flattened. Each parameter listed must be a field of the request message.
#
# required_fields - Fields that are always required for a request to be
# valid.
#
# resource_name_treatment - An enum that specifies how to treat the resource
# name formats defined in the field_name_patterns and
# response_field_name_patterns fields.
# UNSET: default value
# NONE: the collection configs will not be used by the generated code.
# VALIDATE: string fields will be validated by the client against the
# specified resource name formats.
# STATIC_TYPES: the client will use generated types for resource names.
#
# page_streaming - Specifies the configuration for paging.
# Describes information for generating a method which transforms a paging
# list RPC into a stream of resources.
# Consists of a request and a response.
# The request specifies request information of the list method. It defines
# which fields match the paging pattern in the request. The request consists
# of a page_size_field and a token_field. The page_size_field is the name of
# the optional field specifying the maximum number of elements to be
# returned in the response. The token_field is the name of the field in the
# request containing the page token.
# The response specifies response information of the list method. It defines
# which fields match the paging pattern in the response. The response
# consists of a token_field and a resources_field. The token_field is the
# name of the field in the response containing the next page token. The
# resources_field is the name of the field in the response containing the
# list of resources belonging to the page.
#
# retry_codes_name - Specifies the configuration for retryable codes. The
# name must be defined in interfaces.retry_codes_def.
#
# retry_params_name - Specifies the configuration for retry/backoff
# parameters. The name must be defined in interfaces.retry_params_def.
#
# field_name_patterns - Maps the field name of the request type to
# entity_name of interfaces.collections.
# Specifies the string pattern that the field must follow.
#
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: GetOccurrence
flattening:
groups:
- parameters:
- name
required_fields:
- name
resource_name_treatment: STATIC_TYPES
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 30000
- name: ListOccurrences
flattening:
groups:
- parameters:
- parent
- filter
required_fields:
- parent
resource_name_treatment: STATIC_TYPES
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: occurrences
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: DeleteOccurrence
flattening:
groups:
- parameters:
- name
required_fields:
- name
resource_name_treatment: STATIC_TYPES
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 30000
- name: CreateOccurrence
flattening:
groups:
- parameters:
- parent
- occurrence
required_fields:
- parent
- occurrence
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: BatchCreateOccurrences
flattening:
groups:
- parameters:
- parent
- occurrences
required_fields:
- parent
- occurrences
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: UpdateOccurrence
flattening:
groups:
- parameters:
- name
- occurrence
- update_mask
required_fields:
- name
- occurrence
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 30000
- name: GetOccurrenceNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
resource_name_treatment: STATIC_TYPES
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 30000
- name: GetNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
resource_name_treatment: STATIC_TYPES
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 30000
- name: ListNotes
flattening:
groups:
- parameters:
- parent
- filter
required_fields:
- parent
resource_name_treatment: STATIC_TYPES
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: notes
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: DeleteNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
resource_name_treatment: STATIC_TYPES
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 30000
- name: CreateNote
flattening:
groups:
- parameters:
- parent
- note_id
- note
required_fields:
- parent
- note_id
- note
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: BatchCreateNotes
flattening:
groups:
- parameters:
- parent
- notes
required_fields:
- parent
- notes
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 30000
- name: UpdateNote
flattening:
groups:
- parameters:
- name
- note
- update_mask
required_fields:
- name
- note
resource_name_treatment: STATIC_TYPES
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 30000
- name: ListNoteOccurrences
flattening:
groups:
- parameters:
- name
- filter
required_fields:
- name
resource_name_treatment: STATIC_TYPES
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: occurrences
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 30000
resource_name_generation:
- message_name: grafeas.v1.Occurrence
field_entity_map:
name: occurrence
- message_name: grafeas.v1.GetOccurrenceRequest
field_entity_map:
name: occurrence
- message_name: grafeas.v1.ListOccurrencesRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.DeleteOccurrenceRequest
field_entity_map:
name: occurrence
- message_name: grafeas.v1.CreateOccurrenceRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.UpdateOccurrenceRequest
field_entity_map:
name: occurrence
- message_name: grafeas.v1.BatchCreateOccurrencesRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.Note
field_entity_map:
name: note
- message_name: grafeas.v1.GetNoteRequest
field_entity_map:
name: note
- message_name: grafeas.v1.ListNotesRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.DeleteNoteRequest
field_entity_map:
name: note
- message_name: grafeas.v1.CreateNoteRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.UpdateNoteRequest
field_entity_map:
name: note
- message_name: grafeas.v1.BatchCreateNotesRequest
field_entity_map:
parent: project
- message_name: grafeas.v1.GetOccurrenceNoteRequest
field_entity_map:
name: occurrence
- message_name: grafeas.v1.ListNoteOccurrencesRequest
field_entity_map:
name: note

89
grafeas/v1/image.proto Normal file
View File

@ -0,0 +1,89 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Layer holds metadata specific to a layer of a Docker image.
message Layer {
// Required. The recovered Dockerfile directive used to construct this layer.
// See https://docs.docker.com/engine/reference/builder/ for more information.
string directive = 1;
// The recovered arguments to the Dockerfile directive.
string arguments = 2;
}
// A set of properties that uniquely identify a given Docker image.
message Fingerprint {
// Required. The layer ID of the final layer in the Docker image's v1
// representation.
string v1_name = 1;
// Required. The ordered list of v2 blobs that represent a given image.
repeated string v2_blob = 2;
// Output only. The name of the image's v2 blobs computed via:
// [bottom] := v2_blob[bottom]
// [N] := sha256(v2_blob[N] + " " + v2_name[N+1])
// Only the name of the final blob is kept.
string v2_name = 3;
}
// Basis describes the base image portion (Note) of the DockerImage
// relationship. Linked occurrences are derived from this or an
// equivalent image via:
// FROM <Basis.resource_url>
// Or an equivalent reference, e.g. a tag of the resource_url.
message ImageNote {
// Required. Immutable. The resource_url for the resource representing the
// basis of associated occurrence images.
string resource_url = 1;
// Required. Immutable. The fingerprint of the base image.
Fingerprint fingerprint = 2;
}
// Details of an image occurrence.
message ImageOccurrence {
// Required. Immutable. The child image derived from the base image.
Derived derived_image = 1;
}
// Derived describes the derived image portion (Occurrence) of the DockerImage
// relationship. This image would be produced from a Dockerfile with FROM
// <DockerImage.Basis in attached Note>.
message Derived {
// Required. The fingerprint of the derived image.
Fingerprint fingerprint = 1;
// Output only. The number of layers by which this image differs from the
// associated image basis.
int32 distance = 2;
// This contains layer-specific metadata, if populated it has length
// "distance" and is ordered with [distance] being the layer immediately
// following the base image and [1] being the final layer.
repeated Layer layer_info = 3;
// Output only. This contains the base image URL for the derived image
// occurrence.
string base_resource_url = 4;
}

131
grafeas/v1/package.proto Normal file
View File

@ -0,0 +1,131 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Instruction set architectures supported by various package managers.
enum Architecture {
// Unknown architecture.
ARCHITECTURE_UNSPECIFIED = 0;
// X86 architecture.
X86 = 1;
// X64 architecture.
X64 = 2;
}
// This represents a particular channel of distribution for a given package.
// E.g., Debian's jessie-backports dpkg mirror.
message Distribution {
// Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
// denoting the package manager version distributing a package.
string cpe_uri = 1;
// The CPU architecture for which packages in this distribution channel were
// built.
Architecture architecture = 2;
// The latest available version of this package in this distribution channel.
Version latest_version = 3;
// A freeform string denoting the maintainer of this package.
string maintainer = 4;
// The distribution channel-specific homepage for this package.
string url = 5;
// The distribution channel-specific description of this package.
string description = 6;
}
// An occurrence of a particular package installation found within a system's
// filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
message Location {
// Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
// denoting the package manager version distributing a package.
string cpe_uri = 1;
// The version installed at this location.
Version version = 2;
// The path from which we gathered that this package/version is installed.
string path = 3;
}
// This represents a particular package that is distributed over various
// channels. E.g., glibc (aka libc6) is distributed by many, at various
// versions.
message PackageNote {
// Required. Immutable. The name of the package.
string name = 1;
// The various channels by which a package is distributed.
repeated Distribution distribution = 10;
}
// Details of a package occurrence.
message PackageOccurrence {
// Required. Where the package was installed.
Installation installation = 1;
}
// This represents how a particular software package may be installed on a
// system.
message Installation {
// Output only. The name of the installed package.
string name = 1;
// Required. All of the places within the filesystem versions of this package
// have been found.
repeated Location location = 2;
}
// Version contains structured information about the version of a package.
message Version {
// Used to correct mistakes in the version numbering scheme.
int32 epoch = 1;
// Required only when version kind is NORMAL. The main part of the version
// name.
string name = 2;
// The iteration of the package build from the above version.
string revision = 3;
// Whether this is an ordinary package version or a sentinel MIN/MAX version.
enum VersionKind {
// Unknown.
VERSION_KIND_UNSPECIFIED = 0;
// A standard package version.
NORMAL = 1;
// A special version representing negative infinity.
MINIMUM = 2;
// A special version representing positive infinity.
MAXIMUM = 3;
};
// Required. Distinguishes between sentinel MIN/MAX versions and normal
// versions.
VersionKind kind = 4;
// Human readable version string. This string is of the form
// <epoch>:<name>-<revision> and is only set when kind is NORMAL.
string full_name = 5;
}

275
grafeas/v1/provenance.proto Normal file
View File

@ -0,0 +1,275 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Provenance of a build. Contains all information needed to verify the full
// details about the build from source to completion.
message BuildProvenance {
// Required. Unique identifier of the build.
string id = 1;
// ID of the project.
string project_id = 2;
// Commands requested by the build.
repeated Command commands = 3;
// Output of the build.
repeated Artifact built_artifacts = 4;
// Time at which the build was created.
google.protobuf.Timestamp create_time = 5;
// Time at which execution of the build was started.
google.protobuf.Timestamp start_time = 6;
// Time at which execution of the build was finished.
google.protobuf.Timestamp end_time = 7;
// E-mail address of the user who initiated this build. Note that this was the
// user's e-mail address at the time the build was initiated; this address may
// not represent the same end-user for all time.
string creator = 8;
// URI where any logs for this provenance were written.
string logs_uri = 9;
// Details of the Source input to the build.
Source source_provenance = 10;
// Trigger identifier if the build was triggered automatically; empty if not.
string trigger_id = 11;
// Special options applied to this build. This is a catch-all field where
// build providers can enter any desired additional details.
map<string, string> build_options = 12;
// Version string of the builder at the time this build was executed.
string builder_version = 13;
// next_id = 14
}
// Source describes the location of the source used for the build.
message Source {
// If provided, the input binary artifacts for the build came from this
// location.
string artifact_storage_source_uri = 1;
// Hash(es) of the build source, which can be used to verify that the original
// source integrity was maintained in the build.
//
// The keys to this map are file paths used as build source and the values
// contain the hash values for those files.
//
// If the build source came in a single package such as a gzipped tarfile
// (.tar.gz), the FileHash will be for the single path to that file.
map<string, FileHashes> file_hashes = 2;
// If provided, the source code used for the build came from this location.
SourceContext context = 3;
// If provided, some of the source code used for the build may be found in
// these locations, in the case where the source repository had multiple
// remotes or submodules. This list will not include the context specified in
// the context field.
repeated SourceContext additional_contexts = 4;
}
// Container message for hashes of byte content of files, used in source
// messages to verify integrity of source input to the build.
message FileHashes {
// Required. Collection of file hashes.
repeated Hash file_hash = 1;
}
// Container message for hash values.
message Hash {
// Specifies the hash algorithm.
enum HashType {
// Unknown.
HASH_TYPE_UNSPECIFIED = 0;
// A SHA-256 hash.
SHA256 = 1;
}
// Required. The type of hash that was performed.
HashType type = 1;
// Required. The hash value.
bytes value = 2;
}
// Command describes a step performed as part of the build pipeline.
message Command {
// Required. Name of the command, as presented on the command line, or if the
// command is packaged as a Docker container, as presented to `docker pull`.
string name = 1;
// Environment variables set before running this command.
repeated string env = 2;
// Command-line arguments used when executing this command.
repeated string args = 3;
// Working directory (relative to project source root) used when running this
// command.
string dir = 4;
// Optional unique identifier for this command, used in wait_for to reference
// this command as a dependency.
string id = 5;
// The ID(s) of the command(s) that this command depends on.
repeated string wait_for = 6;
}
// Artifact describes a build product.
message Artifact {
// Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
// container.
string checksum = 1;
// Artifact ID, if any; for container images, this will be a URL by digest
// like `gcr.io/projectID/imagename@sha256:123456`.
string id = 2;
// Related artifact names. This may be the path to a binary or jar file, or in
// the case of a container build, the name used to push the container image to
// Google Container Registry, as presented to `docker push`. Note that a
// single Artifact ID can have multiple names, for example if two tags are
// applied to one image.
repeated string names = 3;
}
// A SourceContext is a reference to a tree of files. A SourceContext together
// with a path point to a unique revision of a single file or directory.
message SourceContext {
// A SourceContext can refer any one of the following types of repositories.
oneof context {
// A SourceContext referring to a revision in a Google Cloud Source Repo.
CloudRepoSourceContext cloud_repo = 1;
// A SourceContext referring to a Gerrit project.
GerritSourceContext gerrit = 2;
// A SourceContext referring to any third party Git repo (e.g., GitHub).
GitSourceContext git = 3;
}
// Labels with user defined metadata.
map<string, string> labels = 4;
}
// An alias to a repo revision.
message AliasContext {
// The type of an alias.
enum Kind {
// Unknown.
KIND_UNSPECIFIED = 0;
// Git tag.
FIXED = 1;
// Git branch.
MOVABLE = 2;
// Used to specify non-standard aliases. For example, if a Git repo has a
// ref named "refs/foo/bar".
OTHER = 4;
}
// The alias kind.
Kind kind = 1;
// The alias name.
string name = 2;
}
// A CloudRepoSourceContext denotes a particular revision in a Google Cloud
// Source Repo.
message CloudRepoSourceContext {
// The ID of the repo.
RepoId repo_id = 1;
// A revision in a Cloud Repo can be identified by either its revision ID or
// its alias.
oneof revision {
// A revision ID.
string revision_id = 2;
// An alias, which may be a branch or tag.
AliasContext alias_context = 3;
}
}
// A SourceContext referring to a Gerrit project.
message GerritSourceContext {
// The URI of a running Gerrit instance.
string host_uri = 1;
// The full project name within the host. Projects may be nested, so
// "project/subproject" is a valid project name. The "repo name" is the
// hostURI/project.
string gerrit_project = 2;
// A revision in a Gerrit project can be identified by either its revision ID
// or its alias.
oneof revision {
// A revision (commit) ID.
string revision_id = 3;
// An alias, which may be a branch or tag.
AliasContext alias_context = 4;
}
}
// A GitSourceContext denotes a particular revision in a third party Git
// repository (e.g., GitHub).
message GitSourceContext {
// Git repository URL.
string url = 1;
// Git commit hash.
string revision_id = 2;
}
// A unique identifier for a Cloud Repo.
message RepoId {
// A cloud repo can be identified by either its project ID and repository name
// combination, or its globally unique identifier.
oneof id {
// A combination of a project ID and a repo name.
ProjectRepoId project_repo_id = 1;
// A server-assigned, globally unique identifier.
string uid = 2;
}
}
// Selects a repo using a Google Cloud Platform project ID (e.g.,
// winged-cargo-31) and a repo name within that project.
message ProjectRepoId {
// The ID of the project.
string project_id = 1;
// The name of the repo. Leave empty for the default repo.
string repo_name = 2;
}

212
grafeas/v1/vulnerability.proto Normal file
View File

@ -0,0 +1,212 @@
// Copyright 2019 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1;
import "grafeas/v1/common.proto";
import "grafeas/v1/cvss.proto";
import "grafeas/v1/package.proto";
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
// Note provider-assigned severity/impact ranking.
enum Severity {
// Unknown.
SEVERITY_UNSPECIFIED = 0;
// Minimal severity.
MINIMAL = 1;
// Low severity.
LOW = 2;
// Medium severity.
MEDIUM = 3;
// High severity.
HIGH = 4;
// Critical severity.
CRITICAL = 5;
}
// Vulnerability provides metadata about a security vulnerability in a Note.
message VulnerabilityNote {
// The CVSS score for this vulnerability.
float cvss_score = 1;
// Note provider assigned impact of the vulnerability.
Severity severity = 2;
// All information about the package to specifically identify this
// vulnerability. One entry per (version range and cpe_uri) the package
// vulnerability has manifested in.
repeated Detail details = 3;
// Identifies all appearances of this vulnerability in the package for a
// specific distro/location. For example: glibc in
// cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
message Detail {
// Required. The CPE URI in
// [cpe format](https://cpe.mitre.org/specification/) in which the
// vulnerability manifests. Examples include distro or storage location for
// vulnerable jar.
string cpe_uri = 1;
// Required. The name of the package where the vulnerability was found.
string package = 2;
// The min version of the package in which the vulnerability exists.
grafeas.v1.Version min_affected_version = 3;
// The max version of the package in which the vulnerability exists.
grafeas.v1.Version max_affected_version = 4;
// The severity (eg: distro assigned severity) for this vulnerability.
string severity_name = 5;
// A vendor-specific description of this note.
string description = 6;
// The fix for this specific package version.
VulnerabilityLocation fixed_location = 7;
// The type of package; whether native or non native(ruby gems, node.js
// packages etc).
string package_type = 8;
// Whether this detail is obsolete. Occurrences are expected not to point to
// obsolete details.
bool is_obsolete = 9;
}
// The full description of the CVSSv3.
CVSSv3 cvss_v3 = 4;
// Windows details get their own format because the information format and
// model don't match a normal detail. Specifically Windows updates are done as
// patches, thus Windows vulnerabilities really are a missing package, rather
// than a package being at an incorrect version.
repeated WindowsDetail windows_details = 5;
message WindowsDetail {
// Required. The CPE URI in
// [cpe format](https://cpe.mitre.org/specification/) in which the
// vulnerability manifests. Examples include distro or storage location for
// vulnerable jar.
string cpe_uri = 1;
// Required. The name of the vulnerability.
string name = 2;
// The description of the vulnerability.
string description = 3;
// Required. The names of the KBs which have hotfixes to mitigate this
// vulnerability. Note that there may be multiple hotfixes (and thus
// multiple KBs) that mitigate a given vulnerability. Currently any listed
// kb's presence is considered a fix.
repeated KnowledgeBase fixing_kbs = 4;
message KnowledgeBase {
// The KB name (generally of the form KB[0-9]+ i.e. KB123456).
string name = 1;
// A link to the KB in the Windows update catalog -
// https://www.catalog.update.microsoft.com/
string url = 2;
}
}
// Next free ID is 6.
}
// Details of a vulnerability Occurrence.
message VulnerabilityOccurrence {
// The type of package; whether native or non native(ruby gems, node.js
// packages etc)
string type = 1;
// Output only. The note provider assigned Severity of the vulnerability.
Severity severity = 2;
// Output only. The CVSS score of this vulnerability. CVSS score is on a
// scale of 0-10 where 0 indicates low severity and 10 indicates high
// severity.
float cvss_score = 3;
// Required. The set of affected locations and their fixes (if available)
// within the associated resource.
repeated PackageIssue package_issue = 4;
// Output only. A one sentence description of this vulnerability.
string short_description = 5;
// Output only. A detailed description of this vulnerability.
string long_description = 6;
// Output only. URLs related to this vulnerability.
repeated grafeas.v1.RelatedUrl related_urls = 7;
// The distro assigned severity for this vulnerability when it is
// available, and note provider assigned severity when distro has not yet
// assigned a severity for this vulnerability.
Severity effective_severity = 8;
// Output only. True if at least one of the affected packages
// has a fix available.
bool fix_available = 9;
}
// This message wraps a package, version and cpe_uri affected by a vulnerability
// and its associated fix (if one is available).
message PackageIssue {
// Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
// format. Examples include distro or storage location for vulnerable jar.
string affected_cpe_uri = 1;
// Required. The package being described.
string affected_package = 2;
// Required. The affected version of the vulnerability.
grafeas.v1.Version affected_version = 3;
// The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
// format. Examples include distro or storage location for vulnerable jar.
// It is possible for fixed_cpe_uri to be different from affected_cpe_uri.
string fixed_cpe_uri = 4;
// The package in which fix is available. It is possible for fixed_package
// to be different from affected_package.
string fixed_package = 5;
// Required. The fixed version of the vulnerability. Setting this to
// Version.MAXIMUM implies no fix is available.
grafeas.v1.Version fixed_version = 6;
// Required. True if at a fix is available for this package.
bool fix_available = 7;
}
// The location of the vulnerability.
message VulnerabilityLocation {
// Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
// format. Examples include distro or storage location for vulnerable jar.
string cpe_uri = 1;
// Required. The package being described.
string package = 2;
// Required. The version of the package being described.
grafeas.v1.Version version = 3;
}