suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Synchronize new proto changes.

This commit is contained in:
Google APIs 2017-11-13 10:04:08 -08:00
parent e2aab8c06b
commit a38607948d
10 changed files with 1881 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
google/devtools/containeranalysis/README.md Normal file
View File

@ -0,0 +1,19 @@
# Instructions for updating the GAPIC IDLs and sanitized protos
<!--For more information, see go/fresh-source. -->
<!--* freshness: { owner: 'vtsao' reviewed: '2017-11-10' } *-->
Follow instructions at:
https://g3doc.corp.google.com/company/teams/veneer/user/user-guide.md#refreshing-existing-client-libraries
Additional steps:
1. Ensure `google-iam-v1` is under `proto_deps` in
`artman_containeranalysis.yaml`.
1. Diff the existing `containeranalysis_gapic.yaml` with the updated one that
was generated and ensure things like `flattening` and `required_fields`
contain the correct fields and not include deprecated fields like `name`.
See cl/175301075 for reference.
1. While we still support the deprecated
`google/devtools/source/v1/source_context.proto`, the sanitized
`provenance.proto` still seems to import it, remove the import statement.

35
google/devtools/containeranalysis/artman_containeranalysis.yaml Normal file
View File

@ -0,0 +1,35 @@
common:
api_name: containeranalysis
api_version: v1alpha1
organization_name: google-cloud
proto_deps:
- name: google-common-protos
- name: google-iam-v1
src_proto_paths:
- v1alpha1
service_yaml: containeranalysis.yaml
gapic_yaml: v1alpha1/containeranalysis_gapic.yaml
artifacts:
- name: gapic_config
type: GAPIC_CONFIG
- name: java_gapic
type: GAPIC
language: JAVA
- name: python_gapic
type: GAPIC
language: PYTHON
- name: nodejs_gapic
type: GAPIC
language: NODEJS
- name: php_gapic
type: GAPIC
language: PHP
- name: go_gapic
type: GAPIC
language: GO
- name: ruby_gapic
type: GAPIC
language: RUBY
- name: csharp_gapic
type: GAPIC
language: CSHARP

25
google/devtools/containeranalysis/containeranalysis.yaml Normal file
View File

@ -0,0 +1,25 @@
type: google.api.Service
config_version: 3
name: containeranalysis.googleapis.com
title: Container Analysis API
apis:
- name: google.devtools.containeranalysis.v1alpha1.ContainerAnalysis
types:
- name: google.devtools.containeranalysis.v1alpha1.OperationMetadata
documentation:
summary: |-
An implementation of the Grafeas API, which stores, and enables querying and
retrieval of critical metadata about all of your software artifacts.
overview: |-
The Container Analysis API allows you to store and retrieve metadata for a
container resource.
authentication:
rules:
- selector: '*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform

103
google/devtools/containeranalysis/v1alpha1/bill_of_materials.proto Normal file
View File

@ -0,0 +1,103 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
import "google/devtools/containeranalysis/v1alpha1/package_vulnerability.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// PackageManager provides metadata about available / installed packages.
message PackageManager {
// This represents a particular channel of distribution for a given package.
// e.g. Debian's jessie-backports dpkg mirror
message Distribution {
// The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
// denoting the package manager version distributing a package.
string cpe_uri = 1;
// The CPU architecture for which packages in this distribution
// channel were built
Architecture architecture = 2;
// The latest available version of this package in
// this distribution channel.
VulnerabilityType.Version latest_version = 3;
// A freeform string denoting the maintainer of this package.
string maintainer = 4;
// The distribution channel-specific homepage for this package.
string url = 6;
// The distribution channel-specific description of this package.
string description = 7;
}
// An occurrence of a particular package installation found within a
// system's filesystem.
// e.g. glibc was found in /var/lib/dpkg/status
message Location {
// The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
// denoting the package manager version distributing a package.
string cpe_uri = 1;
// The version installed at this location.
VulnerabilityType.Version version = 2;
// The path from which we gathered that this package/version is installed.
string path = 3;
}
// This represents a particular package that is distributed over
// various channels.
// e.g. glibc (aka libc6) is distributed by many, at various versions.
message Package {
// The name of the package.
string name = 1;
// The various channels by which a package is distributed.
repeated Distribution distribution = 10;
}
// This represents how a particular software package may be installed on
// a system.
message Installation {
// Output only. The name of the installed package.
string name = 1;
// All of the places within the filesystem versions of this package
// have been found.
repeated Location location = 2;
}
// Instruction set architectures supported by various package managers.
enum Architecture {
// Unknown architecture
ARCHITECTURE_UNSPECIFIED = 0;
// X86 architecture
X86 = 1;
// X64 architecture
X64 = 2;
}
}

650
google/devtools/containeranalysis/v1alpha1/containeranalysis.proto Normal file
View File

@ -0,0 +1,650 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
import "google/devtools/containeranalysis/v1alpha1/bill_of_materials.proto";
import "google/devtools/containeranalysis/v1alpha1/image_basis.proto";
import "google/devtools/containeranalysis/v1alpha1/package_vulnerability.proto";
import "google/devtools/containeranalysis/v1alpha1/provenance.proto";
import "google/iam/v1/iam_policy.proto";
import "google/iam/v1/policy.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/any.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// Retrieves the results of vulnerability scanning of cloud components such as
// container images. The Container Analysis API is an implementation of the
// [Grafeas](grafeas.io) API.
//
// The vulnerability results are stored as a series of Occurrences.
// An `Occurrence` contains information about a specific vulnerability in a
// resource. An `Occurrence` references a `Note`. A `Note` contains details
// about the vulnerability and is stored in a stored in a separate project.
// Multiple `Occurrences` can reference the same `Note`. For example, an SSL
// vulnerability could affect multiple packages in an image. In this case,
// there would be one `Note` for the vulnerability and an `Occurrence` for
// each package with the vulnerability referencing that `Note`.
service ContainerAnalysis {
// Returns the requested `Occurrence`.
rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = { get: "/v1alpha1/{name=projects/*/occurrences/*}" };
}
// Lists active `Occurrences` for a given project matching the filters.
rpc ListOccurrences(ListOccurrencesRequest) returns (ListOccurrencesResponse) {
option (google.api.http) = { get: "/v1alpha1/{parent=projects/*}/occurrences" };
}
// Deletes the given `Occurrence` from the system. Use this when
// an `Occurrence` is no longer applicable for the given resource.
rpc DeleteOccurrence(DeleteOccurrenceRequest) returns (google.protobuf.Empty) {
option (google.api.http) = { delete: "/v1alpha1/{name=projects/*/occurrences/*}" };
}
// Creates a new `Occurrence`. Use this method to create `Occurrences`
// for a resource.
rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = { post: "/v1alpha1/{parent=projects/*}/occurrences" body: "occurrence" };
}
// Updates an existing occurrence.
rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = { patch: "/v1alpha1/{name=projects/*/occurrences/*}" body: "occurrence" };
}
// Gets the `Note` attached to the given `Occurrence`.
rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) {
option (google.api.http) = { get: "/v1alpha1/{name=projects/*/occurrences/*}/notes" };
}
// Returns the requested `Note`.
rpc GetNote(GetNoteRequest) returns (Note) {
option (google.api.http) = { get: "/v1alpha1/{name=projects/*/notes/*}" };
}
// Lists all `Notes` for a given project.
rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) {
option (google.api.http) = { get: "/v1alpha1/{parent=projects/*}/notes" };
}
// Deletes the given `Note` from the system.
rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) {
option (google.api.http) = { delete: "/v1alpha1/{name=projects/*/notes/*}" };
}
// Creates a new `Note`.
rpc CreateNote(CreateNoteRequest) returns (Note) {
option (google.api.http) = { post: "/v1alpha1/{parent=projects/*}/notes" body: "note" };
}
// Updates an existing `Note`.
rpc UpdateNote(UpdateNoteRequest) returns (Note) {
option (google.api.http) = { patch: "/v1alpha1/{name=projects/*/notes/*}" body: "note" };
}
// Lists `Occurrences` referencing the specified `Note`. Use this method to
// get all occurrences referencing your `Note` across all your customer
// projects.
rpc ListNoteOccurrences(ListNoteOccurrencesRequest) returns (ListNoteOccurrencesResponse) {
option (google.api.http) = { get: "/v1alpha1/{name=projects/*/notes/*}/occurrences" };
}
// Gets a summary of the number and severity of occurrences.
rpc GetVulnzOccurrencesSummary(GetVulnzOccurrencesSummaryRequest) returns (GetVulnzOccurrencesSummaryResponse) {
option (google.api.http) = { get: "/v1alpha1/{parent=projects/*}/vulnzsummary" };
}
// Sets the access control policy on the specified `Note` or `Occurrence`.
// Requires `containeranalysis.notes.setIamPolicy` or
// `containeranalysis.occurrences.setIamPolicy` permission if the resource is
// a `Note` or an `Occurrence`, respectively.
// Attempting to call this method without these permissions will result in a `
// `PERMISSION_DENIED` error.
// Attempting to call this method on a non-existent resource will result in a
// `NOT_FOUND` error if the user has `containeranalysis.notes.list` permission
// on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or
// a `PERMISSION_DENIED` error otherwise. The resource takes the following
// formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences
// and projects/{projectid}/notes/{noteid} for notes
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = { post: "/v1alpha1/{resource=projects/*/notes/*}:setIamPolicy" body: "*" };
}
// Gets the access control policy for a note or an `Occurrence` resource.
// Requires `containeranalysis.notes.setIamPolicy` or
// `containeranalysis.occurrences.setIamPolicy` permission if the resource is
// a note or occurrence, respectively.
// Attempting to call this method on a resource without the required
// permission will result in a `PERMISSION_DENIED` error. Attempting to call
// this method on a non-existent resource will result in a `NOT_FOUND` error
// if the user has list permission on the project, or a `PERMISSION_DENIED`
// error otherwise. The resource takes the following formats:
// `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and
// projects/{PROJECT_ID}/notes/{NOTE_ID} for notes
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = { post: "/v1alpha1/{resource=projects/*/notes/*}:getIamPolicy" body: "*" };
}
// Returns the permissions that a caller has on the specified note or
// occurrence resource. Requires list permission on the project (for example,
// "storage.objects.list" on the containing bucket for testing permission of
// an object). Attempting to call this method on a non-existent resource will
// result in a `NOT_FOUND` error if the user has list permission on the
// project, or a `PERMISSION_DENIED` error otherwise. The resource takes the
// following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for
// `Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes`
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
option (google.api.http) = { post: "/v1alpha1/{resource=projects/*/notes/*}:testIamPermissions" body: "*" };
}
}
// `Occurrence` includes information about analysis occurrences for an image.
message Occurrence {
// Output only. The name of the `Occurrence` in the form
// "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
string name = 1;
// The unique URL of the image or the container for which the `Occurrence`
// applies. For example, https://gcr.io/project/image@sha256:foo This field
// can be used as a filter in list requests.
string resource_url = 2;
// An analysis note associated with this image, in the form
// "providers/{provider_id}/notes/{NOTE_ID}"
// This field can be used as a filter in list requests.
string note_name = 3;
// Output only. This explicitly denotes which of the `Occurrence` details are
// specified. This field can be used as a filter in list requests.
Note.Kind kind = 6;
// Describes the details of the vulnerability `Note` found in this resource.
oneof details {
// Details of a security vulnerability note.
VulnerabilityType.VulnerabilityDetails vulnerability_details = 8;
// Build details for a verifiable build.
BuildDetails build_details = 7;
// Describes how this resource derives from the basis
// in the associated note.
DockerImage.Derived derived_image = 11;
// Describes the installation of a package on the linked resource.
PackageManager.Installation installation = 12;
// Describes the deployment of an artifact on a runtime.
Deployable.Deployment deployment = 14;
// Describes the initial scan status for this resource.
Discovery.Discovered discovered = 15;
}
// A description of actions that can be taken to remedy the `Note`
string remediation = 5;
// Output only. The time this `Occurrence` was created.
google.protobuf.Timestamp create_time = 9;
// Output only. The time this `Occurrence` was last updated.
google.protobuf.Timestamp update_time = 10;
}
// Provides a detailed description of a `Note`.
message Note {
// Metadata for any related URL information
message RelatedUrl {
// Specific URL to associate with the note
string url = 1;
// Label to describe usage of the URL
string label = 2;
}
// This must be 1:1 with members of our oneofs, it can be used for filtering
// Note and Occurrence on their kind.
enum Kind {
// Unknown
KIND_UNSPECIFIED = 0;
// The note and occurrence represent a package vulnerability.
PACKAGE_VULNERABILITY = 2;
// The note and occurrence assert build provenance.
BUILD_DETAILS = 3;
// This represents an image basis relationship.
IMAGE_BASIS = 4;
// This represents a package installed via a package manager.
PACKAGE_MANAGER = 5;
// The note and occurrence track deployment events.
DEPLOYABLE = 6;
// The note and occurrence track the initial discovery status of a resource.
DISCOVERY = 7;
}
// The name of the note in the form
// "providers/{provider_id}/notes/{NOTE_ID}"
string name = 1;
// A one sentence description of this `Note`.
string short_description = 3;
// A detailed description of this `Note`.
string long_description = 4;
// Output only. This explicitly denotes which kind of note is specified. This
// field can be used as a filter in list requests.
Kind kind = 9;
// The type of note.
oneof note_type {
// A package vulnerability type of note.
VulnerabilityType vulnerability_type = 6;
// Build provenance type for a verifiable build.
BuildType build_type = 8;
// A note describing a base image.
DockerImage.Basis base_image = 13;
// A note describing a package hosted by various package managers.
PackageManager.Package package = 14;
// A note describing something that can be deployed.
Deployable deployable = 17;
// A note describing a provider/analysis type.
Discovery discovery = 18;
}
// URLs associated with this note
repeated RelatedUrl related_url = 7;
// Time of expiration for this note, null if note does not expire.
google.protobuf.Timestamp expiration_time = 10;
// Output only. The time this note was created. This field can be used as a
// filter in list requests.
google.protobuf.Timestamp create_time = 11;
// Output only. The time this note was last updated. This field can be used as
// a filter in list requests.
google.protobuf.Timestamp update_time = 12;
}
// An artifact that can be deployed in some runtime.
message Deployable {
// The period during which some deployable was active in a runtime.
message Deployment {
// Types of platforms.
enum Platform {
// Unknown
PLATFORM_UNSPECIFIED = 0;
// Google Container Engine
GKE = 1;
// Google App Engine: Flexible Environment
FLEX = 2;
// Custom user-defined platform
CUSTOM = 3;
}
// Identity of the user that triggered this deployment.
string user_email = 1;
// Beginning of the lifetime of this deployment.
google.protobuf.Timestamp deploy_time = 2;
// End of the lifetime of this deployment.
google.protobuf.Timestamp undeploy_time = 3;
// Configuration used to create this deployment.
string config = 8;
// Address of the runtime element hosting this deployment.
string address = 5;
// Output only. Resource URI for the artifact being deployed taken from the
// deployable field with the same name.
repeated string resource_uri = 6;
// Platform hosting this deployment.
Platform platform = 7;
}
// Resource URI for the artifact being deployed.
repeated string resource_uri = 1;
}
// A note that indicates a type of analysis a provider would perform. This note
// exists in a provider's project. A `Discovery` occurrence is created in a
// consumer's project at the start of analysis. The occurrence's operation will
// indicate the status of the analysis. Absence of an occurrence linked to this
// note for a resource indicates that analysis hasn't started.
message Discovery {
// Provides information about the scan status of a discovered resource.
message Discovered {
// Output only. An operation that indicates the status of the current scan.
google.longrunning.Operation operation = 1;
}
// The kind of analysis that is handled by this discovery.
Note.Kind analysis_kind = 1;
}
// Note holding the version of the provider's builder and the signature of
// the provenance message in linked BuildDetails.
message BuildType {
// Version of the builder which produced this Note.
string builder_version = 1;
// Signature of the build in Occurrences pointing to the Note containing this
// `BuilderDetails`.
BuildSignature signature = 2;
}
// Message encapsulating the signature of the verified build.
message BuildSignature {
// Public key formats
enum KeyType {
// `KeyType` is not set.
KEY_TYPE_UNSPECIFIED = 0;
// `PGP ASCII Armored` public key.
PGP_ASCII_ARMORED = 1;
// `PKIX PEM` public key.
PKIX_PEM = 2;
}
// Public key of the builder which can be used to verify that the related
// findings are valid and unchanged. If `key_type` is empty, this defaults
// to PEM encoded public keys.
//
// This field may be empty if `key_id` references an external key.
//
// For Cloud Container Builder based signatures, this is a PEM encoded public
// key. To verify the Cloud Container Builder signature, place the contents of
// this field into a file (public.pem). The signature field is base64-decoded
// into its binary representation in signature.bin, and the provenance bytes
// from `BuildDetails` are base64-decoded into a binary representation in
// signed.bin. OpenSSL can then verify the signature:
// `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
string public_key = 1;
// Signature of the related `BuildProvenance`, encoded in a base64 string.
string signature = 2;
// An Id for the key used to sign. This could be either an Id for the key
// stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
// CN for a cert), or a reference to an external key (such as a reference to a
// key in Cloud Key Management Service).
string key_id = 3;
// The type of the key, either stored in `public_key` or referenced in
// `key_id`
KeyType key_type = 4;
}
// Message encapsulating build provenance details.
message BuildDetails {
// The actual provenance
BuildProvenance provenance = 1;
// Serialized JSON representation of the provenance, used in generating the
// `BuildSignature` in the corresponding Result. After verifying the
// signature, `provenance_bytes` can be unmarshalled and compared to the
// provenance to confirm that it is unchanged. A base64-encoded string
// representation of the provenance bytes is used for the signature in order
// to interoperate with openssl which expects this format for signature
// verification.
//
// The serialized form is captured both to avoid ambiguity in how the
// provenance is marshalled to json as well to prevent incompatibilities with
// future changes.
string provenance_bytes = 2;
}
// Request to get a Occurrence.
message GetOccurrenceRequest {
// The name of the occurrence of the form
// "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
string name = 1;
}
// Request to list occurrences.
message ListOccurrencesRequest {
// The name field contains the project Id. For example:
// "projects/{project_id}
// @Deprecated
string name = 1;
// This contains the project Id for example: projects/{project_id}.
string parent = 5;
// The filter expression.
string filter = 2;
// Number of occurrences to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response including listed active occurrences.
message ListOccurrencesResponse {
// The occurrences requested.
repeated Occurrence occurrences = 1;
// The next pagination token in the list response. It should be used as
// `page_token` for the following request. An empty value means no more
// results.
string next_page_token = 2;
}
// Request to delete a occurrence
message DeleteOccurrenceRequest {
// The name of the occurrence in the form of
// "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
string name = 1;
}
// Request to insert a new occurrence.
message CreateOccurrenceRequest {
// The name of the project. Should be of the form "projects/{project_id}".
// @Deprecated
string name = 1;
// This field contains the project Id for example: "projects/{project_id}"
string parent = 3;
// The occurrence to be inserted
Occurrence occurrence = 2;
}
// Request to update an existing occurrence
message UpdateOccurrenceRequest {
// The name of the occurrence.
// Should be of the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}".
string name = 1;
// The updated occurrence.
Occurrence occurrence = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to get a Note.
message GetNoteRequest {
// The name of the note in the form of
// "providers/{provider_id}/notes/{NOTE_ID}"
string name = 1;
}
// Request to get the note to which this occurrence is attached.
message GetOccurrenceNoteRequest {
// The name of the occurrence in the form
// "projects/{project_id}/occurrences/{OCCURRENCE_ID}"
string name = 1;
}
// Request to list notes.
message ListNotesRequest {
// The name field will contain the project Id for example:
// "providers/{provider_id}
// @Deprecated
string name = 1;
// This field contains the project Id for example:
// "project/{project_id}
string parent = 5;
// The filter expression.
string filter = 2;
// Number of notes to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response including listed notes.
message ListNotesResponse {
// The occurrences requested
repeated Note notes = 1;
// The next pagination token in the list response. It should be used as
// page_token for the following request. An empty value means no more result.
string next_page_token = 2;
}
// Request to delete a note
message DeleteNoteRequest {
// The name of the note in the form of
// "providers/{provider_id}/notes/{NOTE_ID}"
string name = 1;
}
// Request to insert a new note
message CreateNoteRequest {
// The name of the project.
// Should be of the form "providers/{provider_id}".
// @Deprecated
string name = 1;
// This field contains the project Id for example:
// "project/{project_id}
string parent = 4;
// The ID to use for this note.
string note_id = 2;
// The Note to be inserted
Note note = 3;
}
// Request to update an existing note
message UpdateNoteRequest {
// The name of the note.
// Should be of the form "projects/{provider_id}/notes/{note_id}".
string name = 1;
// The updated note.
Note note = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to list occurrences.
message ListNoteOccurrencesRequest {
// The name field will contain the note name for example:
// "provider/{provider_id}/notes/{note_id}"
string name = 1;
// The filter expression.
string filter = 2;
// Number of notes to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response including listed occurrences for a note.
message ListNoteOccurrencesResponse {
// The occurrences attached to the specified note.
repeated Occurrence occurrences = 1;
// Token to receive the next page of notes.
string next_page_token = 2;
}
// Metadata for all operations used and required for all operations
// that created by Container Analysis Providers
message OperationMetadata {
// Output only. The time this operation was created.
google.protobuf.Timestamp create_time = 1;
// Output only. The time that this operation was marked completed or failed.
google.protobuf.Timestamp end_time = 2;
}
// Request to get the vulnz summary for some set of vulnerability Occurrences.
message GetVulnzOccurrencesSummaryRequest {
// This contains the project Id for example: projects/{project_id}
string parent = 1;
// The filter expression.
string filter = 2;
}
// A summary of how many vulnz occurrences there are per severity type.
// counts by groups, or if we should have different summary messages
// like this.
message GetVulnzOccurrencesSummaryResponse {
// The number of occurrences created for a specific severity.
message SeverityCount {
// The severity of the occurrences.
VulnerabilityType.Severity severity = 1;
// The number of occurrences with the severity.
int64 count = 2;
}
// A map of how many occurrences were found for each severity.
repeated SeverityCount counts = 1;
}

357
google/devtools/containeranalysis/v1alpha1/containeranalysis_gapic.yaml Normal file
View File

@ -0,0 +1,357 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 1.0.0
# The settings of generated code in a specific language.
language_settings:
java:
package_name: com.google.cloud.devtools.containeranalysis.v1alpha1
python:
package_name: google.cloud.devtools.containeranalysis_v1alpha1.gapic
go:
package_name: cloud.google.com/go/devtools/containeranalysis/apiv1alpha1
csharp:
package_name: Google.Devtools.Containeranalysis.V1alpha1
ruby:
package_name: Google::Cloud::Devtools::Containeranalysis::V1alpha1
php:
package_name: Google\Cloud\Devtools\Containeranalysis\V1alpha1
nodejs:
package_name: containeranalysis.v1alpha1
# The configuration for the license header to put on generated files.
license_header:
# The file containing the copyright line(s).
copyright_file: copyright-google.txt
# The file containing the raw license header without any copyright line(s).
license_file: license-header-apache-2.0.txt
# A list of API interface configurations.
interfaces:
# The fully qualified name of the API interface.
- name: google.devtools.containeranalysis.v1alpha1.ContainerAnalysis
# A list of resource collection configurations.
# Consists of a name_pattern and an entity_name.
# The name_pattern is a pattern to describe the names of the resources of this
# collection, using the platform's conventions for URI patterns. A generator
# may use this to generate methods to compose and decompose such names. The
# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
# those will be taken as hints for the parameter names of the generated
# methods. If empty, no name methods are generated.
# The entity_name is the name to be used as a basis for generated methods and
# classes.
collections:
- name_pattern: projects/{project}
entity_name: project
- name_pattern: projects/{project}/notes/{note}
entity_name: note
- name_pattern: projects/{project}/occurrences/{occurrence}
entity_name: occurrence
# Definition for retryable codes.
retry_codes_def:
- name: idempotent
retry_codes:
- UNAVAILABLE
- DEADLINE_EXCEEDED
- name: non_idempotent
retry_codes: []
# Definition for retry/backoff parameters.
retry_params_def:
- name: default
initial_retry_delay_millis: 100
retry_delay_multiplier: 1.3
max_retry_delay_millis: 60000
initial_rpc_timeout_millis: 20000
rpc_timeout_multiplier: 1
max_rpc_timeout_millis: 20000
total_timeout_millis: 600000
# A list of method configurations.
# Common properties:
# name - The simple name of the method.
# flattening - Specifies the configuration for parameter flattening.
# Describes the parameter groups for which a generator should produce
# method overloads which allow a client to directly pass request message
# fields as method parameters. This information may or may not be used,
# depending on the target language.
# Consists of groups, which each represent a list of parameters to be
# flattened. Each parameter listed must be a field of the request
# message.
# required_fields - Fields that are always required for a request to be
# valid.
# request_object_method - Turns on or off the generation of a method whose
# sole parameter is a request object. Not all languages will generate
# this method.
# resource_name_treatment - An enum that specifies how to treat the
# resource name formats defined in the field_name_patterns
# and response_field_name_patterns fields.
# UNSET: default value
# NONE: the collection configs will not be used by the generated code.
# VALIDATE: string fields will be validated by the client against the
# specified resource name formats.
# STATIC_TYPES: the client will use generated types for resource names.
# page_streaming - Specifies the configuration for paging.
# Describes information for generating a method which transforms a
# paging list RPC into a stream of resources.
# Consists of a request and a response.
# The request specifies request information of the list method. It
# defines which fields match the paging pattern in the request. The
# request consists of a page_size_field and a token_field. The
# page_size_field is the name of the optional field specifying the
# maximum number of elements to be returned in the response. The
# token_field is the name of the field in the request containing the
# page token.
# The response specifies response information of the list method. It
# defines which fields match the paging pattern in the response. The
# response consists of a token_field and a resources_field. The
# token_field is the name of the field in the response containing the
# next page token. The resources_field is the name of the field in the
# response containing the list of resources belonging to the page.
# retry_codes_name - Specifies the configuration for retryable codes. The
# name must be defined in interfaces.retry_codes_def.
# retry_params_name - Specifies the configuration for retry/backoff
# parameters. The name must be defined in interfaces.retry_params_def.
# field_name_patterns - Maps the field name of the request type to
# entity_name of interfaces.collections.
# Specifies the string pattern that the field must follow.
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: GetOccurrence
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: false
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 60000
- name: ListOccurrences
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
request_object_method: true
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: occurrences
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: DeleteOccurrence
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: false
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 60000
- name: CreateOccurrence
flattening:
groups:
- parameters:
- parent
- occurrence
required_fields:
- parent
- occurrence
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: UpdateOccurrence
flattening:
groups:
- parameters:
- name
- occurrence
required_fields:
- name
- occurrence
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 60000
- name: GetOccurrenceNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: false
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: occurrence
timeout_millis: 60000
- name: GetNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: false
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 60000
- name: ListNotes
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
request_object_method: true
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: notes
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: DeleteNote
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: false
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 60000
- name: CreateNote
flattening:
groups:
- parameters:
- parent
- note_id
- note
required_fields:
- parent
- note_id
- note
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: UpdateNote
flattening:
groups:
- parameters:
- name
- note
required_fields:
- name
- note
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 60000
- name: ListNoteOccurrences
flattening:
groups:
- parameters:
- name
required_fields:
- name
request_object_method: true
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: occurrences
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: note
timeout_millis: 60000
- name: GetVulnzOccurrencesSummary
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
request_object_method: true
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: SetIamPolicy
flattening:
groups:
- parameters:
- resource
- policy
required_fields:
- resource
- policy
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
resource: note
timeout_millis: 60000
- name: GetIamPolicy
flattening:
groups:
- parameters:
- resource
required_fields:
- resource
request_object_method: false
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
resource: note
timeout_millis: 60000
- name: TestIamPermissions
flattening:
groups:
- parameters:
- resource
- permissions
required_fields:
- resource
- permissions
request_object_method: true
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
resource: note
timeout_millis: 60000

149
google/devtools/containeranalysis/v1alpha1/image_basis.proto Normal file
View File

@ -0,0 +1,149 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// DockerImage holds types defining base image notes
// and derived image occurrences.
message DockerImage {
// Layer holds metadata specific to a layer of a Docker image.
message Layer {
// Instructions from dockerfile
enum Directive {
// Default value for unsupported/missing directive
DIRECTIVE_UNSPECIFIED = 0;
// https://docs.docker.com/reference/builder/#maintainer
MAINTAINER = 1;
// https://docs.docker.com/reference/builder/#run
RUN = 2;
// https://docs.docker.com/reference/builder/#cmd
CMD = 3;
// https://docs.docker.com/reference/builder/#label
LABEL = 4;
// https://docs.docker.com/reference/builder/#expose
EXPOSE = 5;
// https://docs.docker.com/reference/builder/#env
ENV = 6;
// https://docs.docker.com/reference/builder/#add
ADD = 7;
// https://docs.docker.com/reference/builder/#copy
COPY = 8;
// https://docs.docker.com/reference/builder/#entrypoint
ENTRYPOINT = 9;
// https://docs.docker.com/reference/builder/#volume
VOLUME = 10;
// https://docs.docker.com/reference/builder/#user
USER = 11;
// https://docs.docker.com/reference/builder/#workdir
WORKDIR = 12;
// https://docs.docker.com/reference/builder/#arg
ARG = 13;
// https://docs.docker.com/reference/builder/#onbuild
ONBUILD = 14;
// https://docs.docker.com/reference/builder/#stopsignal
STOPSIGNAL = 15;
// https://docs.docker.com/reference/builder/#healthcheck
HEALTHCHECK = 16;
// https://docs.docker.com/reference/builder/#shell
SHELL = 17;
}
// The recovered Dockerfile directive used to construct this layer.
Directive directive = 1;
// The recovered arguments to the Dockerfile directive.
string arguments = 2;
}
// A set of properties that uniquely identify a given Docker image.
message Fingerprint {
// The layer-id of the final layer in the Docker image's v1
// representation.
// This field can be used as a filter in list requests.
string v1_name = 1;
// The ordered list of v2 blobs that represent a given image.
repeated string v2_blob = 2;
// Output only. The name of the image's v2 blobs computed via:
// [bottom] := v2_blob[bottom]
// [N] := sha256(v2_blob[N] + " " + v2_name[N+1])
// Only the name of the final blob is kept.
// This field can be used as a filter in list requests.
string v2_name = 3;
}
// Basis describes the base image portion (Note) of the DockerImage
// relationship. Linked occurrences are derived from this or an
// equivalent image via:
// FROM <Basis.resource_url>
// Or an equivalent reference, e.g. a tag of the resource_url.
message Basis {
// The resource_url for the resource representing the basis of
// associated occurrence images.
string resource_url = 1;
// The fingerprint of the base image
Fingerprint fingerprint = 2;
}
// Derived describes the derived image portion (Occurrence) of the
// DockerImage relationship. This image would be produced from a Dockerfile
// with FROM <DockerImage.Basis in attached Note>.
message Derived {
// The fingerprint of the derived image
Fingerprint fingerprint = 1;
// Output only. The number of layers by which this image differs from
// the associated image basis.
uint32 distance = 2;
// This contains layer-specific metadata, if populated it
// has length "distance" and is ordered with [distance] being the
// layer immediately following the base image and [1]
// being the final layer.
repeated Layer layer_info = 3;
// Output only.This contains the base image url for the derived image
// Occurrence
string base_resource_url = 4;
}
}

178
google/devtools/containeranalysis/v1alpha1/package_vulnerability.proto Normal file
View File

@ -0,0 +1,178 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// VulnerabilityType provides metadata about a security vulnerability.
message VulnerabilityType {
// Version contains structured information about the version of the package.
// For a discussion of this in Debian/Ubuntu:
// http://serverfault.com/questions/604541/debian-packages-version-convention
// For a discussion of this in Redhat/Fedora/Centos:
// http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
message Version {
// Whether this is an ordinary package version or a
// sentinel MIN/MAX version.
enum VersionKind {
// A standard package version, defined by the other fields.
NORMAL = 0;
// A special version representing negative infinity,
// other fields are ignored.
MINIMUM = 1;
// A special version representing positive infinity,
// other fields are ignored.
MAXIMUM = 2;
}
// Used to correct mistakes in the version numbering scheme.
int32 epoch = 1;
// The main part of the version name.
string name = 2;
// The iteration of the package build from the above version.
string revision = 3;
// Distinguish between sentinel MIN/MAX versions and normal versions.
// If kind is not NORMAL, then the other fields are ignored.
VersionKind kind = 5;
}
// Identifies all occurrences of this vulnerability in the package for a
// specific distro/location
// For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
message Detail {
// The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
// which the vulnerability manifests. Examples include distro or storage
// location for vulnerable jar.
// This field can be used as a filter in list requests.
string cpe_uri = 1;
// The name of the package where the vulnerability was found.
// This field can be used as a filter in list requests.
string package = 8;
// The min version of the package in which the vulnerability exists.
Version min_affected_version = 6;
// The max version of the package in which the vulnerability exists.
// This field can be used as a filter in list requests.
Version max_affected_version = 7;
// The severity (eg: distro assigned severity) for this vulnerability.
string severity_name = 4;
// A vendor-specific description of this note.
string description = 9;
// The fix for this specific package version.
VulnerabilityLocation fixed_location = 5;
// The type of package; whether native or non native(ruby gems,
// node.js packages etc)
string package_type = 10;
}
// Used by Occurrence to point to where the vulnerability exists and how
// to fix it.
message VulnerabilityDetails {
// The type of package; whether native or non native(ruby gems,
// node.js packages etc)
string type = 3;
// Output only. The note provider assigned Severity of the vulnerability.
Severity severity = 4;
// Output only. The CVSS score of this vulnerability. CVSS score is on a
// scale of 0-10 where 0 indicates low severity and 10 indicates high
// severity.
float cvss_score = 5;
// The set of affected locations and their fixes (if available) within
// the associated resource.
repeated PackageIssue package_issue = 6;
}
// This message wraps a location affected by a vulnerability and its
// associated fix (if one is available).
message PackageIssue {
// The location of the vulnerability.
VulnerabilityLocation affected_location = 1;
// The location of the available fix for vulnerability.
VulnerabilityLocation fixed_location = 2;
// The severity (eg: distro assigned severity) for this vulnerability.
string severity_name = 3;
}
// The location of the vulnerability
message VulnerabilityLocation {
// The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
// format. Examples include distro or storage location for vulnerable jar.
// This field can be used as a filter in list requests.
string cpe_uri = 1;
// The package being described.
string package = 2;
// The version of the package being described.
// This field can be used as a filter in list requests.
Version version = 4;
}
// Note provider-assigned severity/impact ranking
enum Severity {
// Unknown Impact
SEVERITY_UNSPECIFIED = 0;
// Minimal Impact
MINIMAL = 1;
// Low Impact
LOW = 2;
// Medium Impact
MEDIUM = 3;
// High Impact
HIGH = 4;
// Critical Impact
CRITICAL = 5;
}
// The CVSS score for this Vulnerability.
float cvss_score = 2;
// Note provider assigned impact of the vulnerability
Severity severity = 3;
// All information about the package to specifically identify this
// vulnerability. One entry per (version range and cpe_uri) the
// package vulnerability has manifested in.
repeated Detail details = 4;
}

224
google/devtools/containeranalysis/v1alpha1/provenance.proto Normal file
View File

@ -0,0 +1,224 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
import "google/devtools/containeranalysis/v1alpha1/source_context.proto";
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// Provenance of a build. Contains all information needed to verify the full
// details about the build from source to completion.
message BuildProvenance {
// Unique identifier of the build.
string id = 1;
// ID of the project.
string project_id = 2;
// Commands requested by the build.
repeated Command commands = 5;
// Output of the build.
repeated Artifact built_artifacts = 6;
// Time at which the build was created.
google.protobuf.Timestamp create_time = 7;
// Time at which execution of the build was started.
google.protobuf.Timestamp start_time = 8;
// Time at which execution of the build was finished.
google.protobuf.Timestamp finish_time = 9;
// E-mail address of the user who initiated this build. Note that this was the
// user's e-mail address at the time the build was initiated; this address may
// not represent the same end-user for all time.
string creator = 11;
// Google Cloud Storage bucket where logs were written.
string logs_bucket = 13;
// Details of the Source input to the build.
Source source_provenance = 14;
// Trigger identifier if the build was triggered automatically; empty if not.
string trigger_id = 15;
// Special options applied to this build. This is a catch-all field where
// build providers can enter any desired additional details.
map<string, string> build_options = 16;
// Version string of the builder at the time this build was executed.
string builder_version = 17;
}
// Source describes the location of the source used for the build.
message Source {
// Source location information.
oneof source {
// If provided, get the source from this location in in Google Cloud
// Storage.
StorageSource storage_source = 1;
// If provided, get source from this location in a Cloud Repo.
RepoSource repo_source = 2;
}
// If provided, the input binary artifacts for the build came from this
// location.
StorageSource artifact_storage_source = 4;
// Hash(es) of the build source, which can be used to verify that the original
// source integrity was maintained in the build.
//
// The keys to this map are file paths used as build source and the values
// contain the hash values for those files.
//
// If the build source came in a single package such as a gzipped tarfile
// (.tar.gz), the FileHash will be for the single path to that file.
map<string, FileHashes> file_hashes = 3;
// If provided, the source code used for the build came from this location.
SourceContext context = 7;
// If provided, some of the source code used for the build may be found in
// these locations, in the case where the source repository had multiple
// remotes or submodules. This list will not include the context specified in
// the context field.
repeated SourceContext additional_contexts = 8;
}
// Container message for hashes of byte content of files, used in Source
// messages to verify integrity of source input to the build.
message FileHashes {
// Collection of file hashes.
repeated Hash file_hash = 1;
}
// Container message for hash values.
message Hash {
// Specifies the hash algorithm, if any.
enum HashType {
// No hash requested.
NONE = 0;
// A sha256 hash.
SHA256 = 1;
}
// The type of hash that was performed.
HashType type = 1;
// The hash value.
bytes value = 2;
}
// StorageSource describes the location of the source in an archive file in
// Google Cloud Storage.
message StorageSource {
// Google Cloud Storage bucket containing source (see [Bucket Name
// Requirements]
// (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
string bucket = 1;
// Google Cloud Storage object containing source.
string object = 2;
// Google Cloud Storage generation for the object.
int64 generation = 3;
}
// RepoSource describes the location of the source in a Google Cloud Source
// Repository.
message RepoSource {
// ID of the project that owns the repo.
string project_id = 1;
// Name of the repo.
string repo_name = 2;
// A revision within the source repository must be specified in
// one of these ways.
oneof revision {
// Name of the branch to build.
string branch_name = 3;
// Name of the tag to build.
string tag_name = 4;
// Explicit commit SHA to build.
string commit_sha = 5;
}
}
// Command describes a step performed as part of the build pipeline.
message Command {
// Name of the command, as presented on the command line, or if the command is
// packaged as a Docker container, as presented to `docker pull`.
string name = 1;
// Environment variables set before running this Command.
repeated string env = 2;
// Command-line arguments used when executing this Command.
repeated string args = 3;
// Working directory (relative to project source root) used when running
// this Command.
string dir = 4;
// Optional unique identifier for this Command, used in wait_for to reference
// this Command as a dependency.
string id = 5;
// The ID(s) of the Command(s) that this Command depends on.
repeated string wait_for = 6;
}
// Artifact describes a build product.
message Artifact {
// Name of the artifact. This may be the path to a binary or jar file, or in
// the case of a container build, the name used to push the container image to
// Google Container Registry, as presented to `docker push`.
//
// This field is deprecated in favor of the plural `names` field; it continues
// to exist here to allow existing BuildProvenance serialized to json in
// google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to
// deserialize back into proto.
string name = 1;
// Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
// container.
string checksum = 2;
// Artifact ID, if any; for container images, this will be a URL by digest
// like gcr.io/projectID/imagename@sha256:123456
string id = 3;
// Related artifact names. This may be the path to a binary or jar file, or in
// the case of a container build, the name used to push the container image to
// Google Container Registry, as presented to `docker push`. Note that a
// single Artifact ID can have multiple names, for example if two tags are
// applied to one image.
repeated string names = 4;
}

141
google/devtools/containeranalysis/v1alpha1/source_context.proto Normal file
View File

@ -0,0 +1,141 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.devtools.containeranalysis.v1alpha1;
import "google/api/annotations.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";
// A SourceContext is a reference to a tree of files. A SourceContext together
// with a path point to a unique revision of a single file or directory.
message SourceContext {
// A SourceContext can refer any one of the following types of repositories.
oneof context {
// A SourceContext referring to a revision in a Google Cloud Source Repo.
CloudRepoSourceContext cloud_repo = 1;
// A SourceContext referring to a Gerrit project.
GerritSourceContext gerrit = 2;
// A SourceContext referring to any third party Git repo (e.g., GitHub).
GitSourceContext git = 3;
}
// Labels with user defined metadata.
map<string, string> labels = 4;
}
// An alias to a repo revision.
message AliasContext {
// The type of an alias.
enum Kind {
// Unknown.
KIND_UNSPECIFIED = 0;
// Git tag.
FIXED = 1;
// Git branch.
MOVABLE = 2;
// Used to specify non-standard aliases. For example, if a Git repo has a
// ref named "refs/foo/bar".
OTHER = 4;
}
// The alias kind.
Kind kind = 1;
// The alias name.
string name = 2;
}
// A CloudRepoSourceContext denotes a particular revision in a Google Cloud
// Source Repo.
message CloudRepoSourceContext {
// The ID of the repo.
RepoId repo_id = 1;
// A revision in a Cloud Repo can be identified by either its revision ID or
// its alias.
oneof revision {
// A revision ID.
string revision_id = 2;
// An alias, which may be a branch or tag.
AliasContext alias_context = 3;
}
}
// A SourceContext referring to a Gerrit project.
message GerritSourceContext {
// The URI of a running Gerrit instance.
string host_uri = 1;
// The full project name within the host. Projects may be nested, so
// "project/subproject" is a valid project name. The "repo name" is
// the hostURI/project.
string gerrit_project = 2;
// A revision in a Gerrit project can be identified by either its revision ID
// or its alias.
oneof revision {
// A revision (commit) ID.
string revision_id = 3;
// An alias, which may be a branch or tag.
AliasContext alias_context = 4;
}
}
// A GitSourceContext denotes a particular revision in a third party Git
// repository (e.g., GitHub).
message GitSourceContext {
// Git repository URL.
string url = 1;
// Required.
// Git commit hash.
string revision_id = 2;
}
// A unique identifier for a Cloud Repo.
message RepoId {
// A cloud repo can be identified by either its project ID and repository name
// combination, or its globally unique identifier.
oneof id {
// A combination of a project ID and a repo name.
ProjectRepoId project_repo_id = 1;
// A server-assigned, globally unique identifier.
string uid = 2;
}
}
// Selects a repo using a Google Cloud Platform project ID (e.g.,
// winged-cargo-31) and a repo name within that project.
message ProjectRepoId {
// The ID of the project.
string project_id = 1;
// The name of the repo. Leave empty for the default repo.
string repo_name = 2;
}