Subscribe to notifications

Stay organized with collections Save and categorize content based on your preferences.

Programmatic notifications about updates on security metadata and new packages are published on Cloud Pub/Sub topics. Following is the list of the Cloud Pub/Sub topics:

Package On-boarding Topic

  • Topic Name : projects/cloud-aoss/topics/package_onboarding
  • Message : This topic contains information about new package versions that are added to Assured OSS and updates regarding its onboarding status.
  • Message Data Schema:
{
 "package_name" string
 "package_version" string
 "language" string
 "onboarding_status" string
 "notification_status" string
}
  • Message Data Attributes:
   "PackageName"     string
   "PackageVersion"  string
   "PackageLanguage" string
   "SchemaVersion"   string
   "GenerateTime"    string

Vulnerability Information Topic

  • Topic Name : projects/cloud-aoss/topics/vulnerability_information
  • Message : This topic contains information about new vulnerabilities detected in the system or if the metadata of any vulnerability is updated.
  • Message Data Schema:
{
 "vulnerability_id" string
 "notification_status" string
}
  • Message Data Attributes:
   "PackageName"     string
   "PackageVersion"  string
   "PackageLanguage" string
   "SchemaVersion"   string
   "GenerateTime"    string

You can create Pull subscriptions and Push subscriptions on the Pub/Sub topics listed earlier. To create these subscriptions, use the same service account or workload identity credentials that you use to access artifacts or metadata.

Pull Subscriptions:

For a pull subscription, use the following steps:

  1. Create a pull subscription either using Google Cloud console, gcloud CLI, or Pub/Sub API.
  2. After you have created the pull subscription, start polling for messages either by using client libraries or the gcloud CLI command line.

Push Subscriptions:

For a push subscription, you must have an HTTPS server with non-self-signed certificate accessible on the public web. Use the push subscription model in one of the following ways:

  • If you have a Google Cloud project and service account:

    Since Assured OSS provides permission to create subscriptions, you can create your own push subscription(s) and associate it with the endpoint of your choice.

  • If you don't have a Google Cloud project and service account:

    You can share HTTPs endpoints with the Assured OSS team. The Assured OSS team will create a push subscription and attach the endpoint with that subscription.

Learn more

Assured Open Source Software is part of the Software Delivery Shield solution. Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution that helps you to improve the security posture of developer workflows and tools, software dependencies, CI/CD systems used to build and deploy your software, and runtime environments such as Google Kubernetes Engine and Cloud Run. To learn how you can use Assured Open Source Software with other components of Software Delivery Shield to improve the security posture of your software supply chain, see Software Delivery Shield overview.

What's next?