- 2.54.0 (latest)
- 2.53.0
- 2.52.0
- 2.50.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.38.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.25.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.5
- 2.3.1
- 2.2.3
- 2.1.3
A client to Container Analysis API
The interfaces provided are listed below, along with usage samples.
GrafeasClient
Service Description: Grafeas API.
Retrieves analysis results of Cloud components such as Docker container images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information
about a specific analysis instance on a resource. An occurrence refers to a Note
. A note
contains details describing the analysis and is generally stored in a separate project, called a
Provider
. Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.
Sample for GrafeasClient:
// This snippet has been automatically generated for illustrative purposes only.
// It may require modifications to work in your environment.
try (GrafeasClient grafeasClient = GrafeasClient.create()) {
OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
Occurrence response = grafeasClient.getOccurrence(name);
}
Classes
AliasContext
An alias to a repo revision.
Protobuf type grafeas.v1.AliasContext
AliasContext.Builder
An alias to a repo revision.
Protobuf type grafeas.v1.AliasContext
Artifact
Artifact describes a build product.
Protobuf type grafeas.v1.Artifact
Artifact.Builder
Artifact describes a build product.
Protobuf type grafeas.v1.Artifact
Attestation
AttestationNote
Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one Authority
for "QA" and one for
"build". This note is intended to act strictly as a grouping mechanism for
the attached occurrences (Attestations). This grouping mechanism also
provides a security boundary, since IAM ACLs gate the ability for a principle
to attach an occurrence to a given note. It also provides a single point of
lookup to find all attached attestation occurrences, even if they don't all
live in the same project.
Protobuf type grafeas.v1.AttestationNote
AttestationNote.Builder
Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one Authority
for "QA" and one for
"build". This note is intended to act strictly as a grouping mechanism for
the attached occurrences (Attestations). This grouping mechanism also
provides a security boundary, since IAM ACLs gate the ability for a principle
to attach an occurrence to a given note. It also provides a single point of
lookup to find all attached attestation occurrences, even if they don't all
live in the same project.
Protobuf type grafeas.v1.AttestationNote
AttestationNote.Hint
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
Protobuf type grafeas.v1.AttestationNote.Hint
AttestationNote.Hint.Builder
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
Protobuf type grafeas.v1.AttestationNote.Hint
AttestationOccurrence
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.
Protobuf type grafeas.v1.AttestationOccurrence
AttestationOccurrence.Builder
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.
Protobuf type grafeas.v1.AttestationOccurrence
BatchCreateNotesRequest
Request to create notes in batch.
Protobuf type grafeas.v1.BatchCreateNotesRequest
BatchCreateNotesRequest.Builder
Request to create notes in batch.
Protobuf type grafeas.v1.BatchCreateNotesRequest
BatchCreateNotesResponse
Response for creating notes in batch.
Protobuf type grafeas.v1.BatchCreateNotesResponse
BatchCreateNotesResponse.Builder
Response for creating notes in batch.
Protobuf type grafeas.v1.BatchCreateNotesResponse
BatchCreateOccurrencesRequest
Request to create occurrences in batch.
Protobuf type grafeas.v1.BatchCreateOccurrencesRequest
BatchCreateOccurrencesRequest.Builder
Request to create occurrences in batch.
Protobuf type grafeas.v1.BatchCreateOccurrencesRequest
BatchCreateOccurrencesResponse
Response for creating occurrences in batch.
Protobuf type grafeas.v1.BatchCreateOccurrencesResponse
BatchCreateOccurrencesResponse.Builder
Response for creating occurrences in batch.
Protobuf type grafeas.v1.BatchCreateOccurrencesResponse
Build
BuildNote
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
Protobuf type grafeas.v1.BuildNote
BuildNote.Builder
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
Protobuf type grafeas.v1.BuildNote
BuildOccurrence
Details of a build occurrence.
Protobuf type grafeas.v1.BuildOccurrence
BuildOccurrence.Builder
Details of a build occurrence.
Protobuf type grafeas.v1.BuildOccurrence
BuildProvenance
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.
Protobuf type grafeas.v1.BuildProvenance
BuildProvenance.Builder
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.
Protobuf type grafeas.v1.BuildProvenance
BuilderConfig
Protobuf type grafeas.v1.BuilderConfig
BuilderConfig.Builder
Protobuf type grafeas.v1.BuilderConfig
CVSS
Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing multiple versions of CVSS. The intention is that as new versions of CVSS scores get added, we will be able to modify this message rather than adding new protos for each new version of the score.
Protobuf type grafeas.v1.CVSS
CVSS.Builder
Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing multiple versions of CVSS. The intention is that as new versions of CVSS scores get added, we will be able to modify this message rather than adding new protos for each new version of the score.
Protobuf type grafeas.v1.CVSS
CVSSv3
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document
Protobuf type grafeas.v1.CVSSv3
CVSSv3.Builder
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document
Protobuf type grafeas.v1.CVSSv3
CloudRepoSourceContext
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
Protobuf type grafeas.v1.CloudRepoSourceContext
CloudRepoSourceContext.Builder
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
Protobuf type grafeas.v1.CloudRepoSourceContext
Command
Command describes a step performed as part of the build pipeline.
Protobuf type grafeas.v1.Command
Command.Builder
Command describes a step performed as part of the build pipeline.
Protobuf type grafeas.v1.Command
Common
Completeness
Indicates that the builder claims certain fields in this message to be complete.
Protobuf type grafeas.v1.Completeness
Completeness.Builder
Indicates that the builder claims certain fields in this message to be complete.
Protobuf type grafeas.v1.Completeness
Compliance
ComplianceNote
Protobuf type grafeas.v1.ComplianceNote
ComplianceNote.Builder
Protobuf type grafeas.v1.ComplianceNote
ComplianceNote.CisBenchmark
A compliance check that is a CIS benchmark.
Protobuf type grafeas.v1.ComplianceNote.CisBenchmark
ComplianceNote.CisBenchmark.Builder
A compliance check that is a CIS benchmark.
Protobuf type grafeas.v1.ComplianceNote.CisBenchmark
ComplianceOccurrence
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
Protobuf type grafeas.v1.ComplianceOccurrence
ComplianceOccurrence.Builder
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
Protobuf type grafeas.v1.ComplianceOccurrence
ComplianceVersion
Describes the CIS benchmark version that is applicable to a given OS and os version.
Protobuf type grafeas.v1.ComplianceVersion
ComplianceVersion.Builder
Describes the CIS benchmark version that is applicable to a given OS and os version.
Protobuf type grafeas.v1.ComplianceVersion
CreateNoteRequest
Request to create a new note.
Protobuf type grafeas.v1.CreateNoteRequest
CreateNoteRequest.Builder
Request to create a new note.
Protobuf type grafeas.v1.CreateNoteRequest
CreateOccurrenceRequest
Request to create a new occurrence.
Protobuf type grafeas.v1.CreateOccurrenceRequest
CreateOccurrenceRequest.Builder
Request to create a new occurrence.
Protobuf type grafeas.v1.CreateOccurrenceRequest
CvssProto
DSSEAttestationNote
Protobuf type grafeas.v1.DSSEAttestationNote
DSSEAttestationNote.Builder
Protobuf type grafeas.v1.DSSEAttestationNote
DSSEAttestationNote.DSSEHint
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint
DSSEAttestationNote.DSSEHint.Builder
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.
Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint
DSSEAttestationOccurrence
Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
Protobuf type grafeas.v1.DSSEAttestationOccurrence
DSSEAttestationOccurrence.Builder
Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
Protobuf type grafeas.v1.DSSEAttestationOccurrence
DeleteNoteRequest
Request to delete a note.
Protobuf type grafeas.v1.DeleteNoteRequest
DeleteNoteRequest.Builder
Request to delete a note.
Protobuf type grafeas.v1.DeleteNoteRequest
DeleteOccurrenceRequest
Request to delete an occurrence.
Protobuf type grafeas.v1.DeleteOccurrenceRequest
DeleteOccurrenceRequest.Builder
Request to delete an occurrence.
Protobuf type grafeas.v1.DeleteOccurrenceRequest
Deployment
DeploymentNote
An artifact that can be deployed in some runtime.
Protobuf type grafeas.v1.DeploymentNote
DeploymentNote.Builder
An artifact that can be deployed in some runtime.
Protobuf type grafeas.v1.DeploymentNote
DeploymentOccurrence
The period during which some deployable was active in a runtime.
Protobuf type grafeas.v1.DeploymentOccurrence
DeploymentOccurrence.Builder
The period during which some deployable was active in a runtime.
Protobuf type grafeas.v1.DeploymentOccurrence
Discovery
DiscoveryNote
A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A Discovery
occurrence is created in a
consumer's project at the start of analysis.
Protobuf type grafeas.v1.DiscoveryNote
DiscoveryNote.Builder
A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A Discovery
occurrence is created in a
consumer's project at the start of analysis.
Protobuf type grafeas.v1.DiscoveryNote
DiscoveryOccurrence
Provides information about the analysis status of a discovered resource.
Protobuf type grafeas.v1.DiscoveryOccurrence
DiscoveryOccurrence.Builder
Provides information about the analysis status of a discovered resource.
Protobuf type grafeas.v1.DiscoveryOccurrence
Distribution
This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
Protobuf type grafeas.v1.Distribution
Distribution.Builder
This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
Protobuf type grafeas.v1.Distribution
DsseAttestation
Envelope
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.
Protobuf type grafeas.v1.Envelope
Envelope.Builder
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.
Protobuf type grafeas.v1.Envelope
EnvelopeSignature
Protobuf type grafeas.v1.EnvelopeSignature
EnvelopeSignature.Builder
Protobuf type grafeas.v1.EnvelopeSignature
FileHashes
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
Protobuf type grafeas.v1.FileHashes
FileHashes.Builder
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
Protobuf type grafeas.v1.FileHashes
Fingerprint
A set of properties that uniquely identify a given Docker image.
Protobuf type grafeas.v1.Fingerprint
Fingerprint.Builder
A set of properties that uniquely identify a given Docker image.
Protobuf type grafeas.v1.Fingerprint
GerritSourceContext
A SourceContext referring to a Gerrit project.
Protobuf type grafeas.v1.GerritSourceContext
GerritSourceContext.Builder
A SourceContext referring to a Gerrit project.
Protobuf type grafeas.v1.GerritSourceContext
GetNoteRequest
Request to get a note.
Protobuf type grafeas.v1.GetNoteRequest
GetNoteRequest.Builder
Request to get a note.
Protobuf type grafeas.v1.GetNoteRequest
GetOccurrenceNoteRequest
Request to get the note to which the specified occurrence is attached.
Protobuf type grafeas.v1.GetOccurrenceNoteRequest
GetOccurrenceNoteRequest.Builder
Request to get the note to which the specified occurrence is attached.
Protobuf type grafeas.v1.GetOccurrenceNoteRequest
GetOccurrenceRequest
Request to get an occurrence.
Protobuf type grafeas.v1.GetOccurrenceRequest
GetOccurrenceRequest.Builder
Request to get an occurrence.
Protobuf type grafeas.v1.GetOccurrenceRequest
GitSourceContext
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
Protobuf type grafeas.v1.GitSourceContext
GitSourceContext.Builder
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
Protobuf type grafeas.v1.GitSourceContext
GrafeasClient
Service Description: Grafeas API.
Retrieves analysis results of Cloud components such as Docker container images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information
about a specific analysis instance on a resource. An occurrence refers to a Note
. A note
contains details describing the analysis and is generally stored in a separate project, called a
Provider
. Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated for illustrative purposes only.
// It may require modifications to work in your environment.
try (GrafeasClient grafeasClient = GrafeasClient.create()) {
OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
Occurrence response = grafeasClient.getOccurrence(name);
}
Note: close() needs to be called on the GrafeasClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of GrafeasSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated for illustrative purposes only.
// It may require modifications to work in your environment.
GrafeasSettings grafeasSettings =
GrafeasSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
To customize the endpoint:
// This snippet has been automatically generated for illustrative purposes only.
// It may require modifications to work in your environment.
GrafeasSettings grafeasSettings = GrafeasSettings.newBuilder().setEndpoint(myEndpoint).build();
GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
GrafeasClient.ListNoteOccurrencesFixedSizeCollection
GrafeasClient.ListNoteOccurrencesPage
GrafeasClient.ListNoteOccurrencesPagedResponse
GrafeasClient.ListNotesFixedSizeCollection
GrafeasClient.ListNotesPage
GrafeasClient.ListNotesPagedResponse
GrafeasClient.ListOccurrencesFixedSizeCollection
GrafeasClient.ListOccurrencesPage
GrafeasClient.ListOccurrencesPagedResponse
GrafeasGrpc
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container
images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case,
there would be one note for the vulnerability and an occurrence for each
image with the vulnerability referring to that note.
GrafeasGrpc.GrafeasBlockingStub
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container
images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case,
there would be one note for the vulnerability and an occurrence for each
image with the vulnerability referring to that note.
GrafeasGrpc.GrafeasFutureStub
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container
images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case,
there would be one note for the vulnerability and an occurrence for each
image with the vulnerability referring to that note.
GrafeasGrpc.GrafeasImplBase
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container
images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case,
there would be one note for the vulnerability and an occurrence for each
image with the vulnerability referring to that note.
GrafeasGrpc.GrafeasStub
Grafeas API.
Retrieves analysis results of Cloud components such as Docker container
images.
Analysis results are stored as a series of occurrences. An Occurrence
contains information about a specific analysis instance on a resource. An
occurrence refers to a Note
. A note contains details describing the
analysis and is generally stored in a separate project, called a Provider
.
Multiple occurrences can refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case,
there would be one note for the vulnerability and an occurrence for each
image with the vulnerability referring to that note.
GrafeasOuterClass
GrafeasSettings
Settings class to configure an instance of GrafeasClient.
The default instance has everything set to sensible defaults:
- The default service address (containeranalysis.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getOccurrence to 30 seconds:
// This snippet has been automatically generated for illustrative purposes only.
// It may require modifications to work in your environment.
GrafeasSettings.Builder grafeasSettingsBuilder = GrafeasSettings.newBuilder();
grafeasSettingsBuilder
.getOccurrenceSettings()
.setRetrySettings(
grafeasSettingsBuilder
.getOccurrenceSettings()
.getRetrySettings()
.toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
GrafeasSettings grafeasSettings = grafeasSettingsBuilder.build();
GrafeasSettings.Builder
Builder for GrafeasSettings.
Hash
Container message for hash values.
Protobuf type grafeas.v1.Hash
Hash.Builder
Container message for hash values.
Protobuf type grafeas.v1.Hash
Image
ImageNote
Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.
Protobuf type grafeas.v1.ImageNote
ImageNote.Builder
Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.
Protobuf type grafeas.v1.ImageNote
ImageOccurrence
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.
Protobuf type grafeas.v1.ImageOccurrence
ImageOccurrence.Builder
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.
Protobuf type grafeas.v1.ImageOccurrence
InTotoProvenance
Protobuf type grafeas.v1.InTotoProvenance
InTotoProvenance.Builder
Protobuf type grafeas.v1.InTotoProvenance
InTotoProvenanceProto
InTotoStatement
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
Protobuf type grafeas.v1.InTotoStatement
InTotoStatement.Builder
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
Protobuf type grafeas.v1.InTotoStatement
InTotoStatementProto
Jwt
Protobuf type grafeas.v1.Jwt
Jwt.Builder
Protobuf type grafeas.v1.Jwt
Layer
Layer holds metadata specific to a layer of a Docker image.
Protobuf type grafeas.v1.Layer
Layer.Builder
Layer holds metadata specific to a layer of a Docker image.
Protobuf type grafeas.v1.Layer
ListNoteOccurrencesRequest
Request to list occurrences for a note.
Protobuf type grafeas.v1.ListNoteOccurrencesRequest
ListNoteOccurrencesRequest.Builder
Request to list occurrences for a note.
Protobuf type grafeas.v1.ListNoteOccurrencesRequest
ListNoteOccurrencesResponse
Response for listing occurrences for a note.
Protobuf type grafeas.v1.ListNoteOccurrencesResponse
ListNoteOccurrencesResponse.Builder
Response for listing occurrences for a note.
Protobuf type grafeas.v1.ListNoteOccurrencesResponse
ListNotesRequest
Request to list notes.
Protobuf type grafeas.v1.ListNotesRequest
ListNotesRequest.Builder
Request to list notes.
Protobuf type grafeas.v1.ListNotesRequest
ListNotesResponse
Response for listing notes.
Protobuf type grafeas.v1.ListNotesResponse
ListNotesResponse.Builder
Response for listing notes.
Protobuf type grafeas.v1.ListNotesResponse
ListOccurrencesRequest
Request to list occurrences.
Protobuf type grafeas.v1.ListOccurrencesRequest
ListOccurrencesRequest.Builder
Request to list occurrences.
Protobuf type grafeas.v1.ListOccurrencesRequest
ListOccurrencesResponse
Response for listing occurrences.
Protobuf type grafeas.v1.ListOccurrencesResponse
ListOccurrencesResponse.Builder
Response for listing occurrences.
Protobuf type grafeas.v1.ListOccurrencesResponse
Location
An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in /var/lib/dpkg/status
.
Protobuf type grafeas.v1.Location
Location.Builder
An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in /var/lib/dpkg/status
.
Protobuf type grafeas.v1.Location
Metadata
Other properties of the build.
Protobuf type grafeas.v1.Metadata
Metadata.Builder
Other properties of the build.
Protobuf type grafeas.v1.Metadata
NonCompliantFile
Details about files that caused a compliance check to fail.
Protobuf type grafeas.v1.NonCompliantFile
NonCompliantFile.Builder
Details about files that caused a compliance check to fail.
Protobuf type grafeas.v1.NonCompliantFile
Note
A type of analysis that can be done for a resource.
Protobuf type grafeas.v1.Note
Note.Builder
A type of analysis that can be done for a resource.
Protobuf type grafeas.v1.Note
NoteName
NoteName.Builder
Builder for projects/{project}/notes/{note}.
Occurrence
An instance of an analysis type that has been found on a resource.
Protobuf type grafeas.v1.Occurrence
Occurrence.Builder
An instance of an analysis type that has been found on a resource.
Protobuf type grafeas.v1.Occurrence
OccurrenceName
OccurrenceName.Builder
Builder for projects/{project}/occurrences/{occurrence}.
Package
PackageNote
This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.
Protobuf type grafeas.v1.PackageNote
PackageNote.Builder
This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.
Protobuf type grafeas.v1.PackageNote
PackageOccurrence
Details on how a particular software package was installed on a system.
Protobuf type grafeas.v1.PackageOccurrence
PackageOccurrence.Builder
Details on how a particular software package was installed on a system.
Protobuf type grafeas.v1.PackageOccurrence
ProjectName
ProjectName.Builder
Builder for projects/{project}.
ProjectRepoId
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
Protobuf type grafeas.v1.ProjectRepoId
ProjectRepoId.Builder
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
Protobuf type grafeas.v1.ProjectRepoId
Provenance
Recipe
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
Protobuf type grafeas.v1.Recipe
Recipe.Builder
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
Protobuf type grafeas.v1.Recipe
RelatedUrl
Metadata for any related URL information.
Protobuf type grafeas.v1.RelatedUrl
RelatedUrl.Builder
Metadata for any related URL information.
Protobuf type grafeas.v1.RelatedUrl
RepoId
A unique identifier for a Cloud Repo.
Protobuf type grafeas.v1.RepoId
RepoId.Builder
A unique identifier for a Cloud Repo.
Protobuf type grafeas.v1.RepoId
SeverityOuterClass
Signature
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_id
is not recognized by the verifier. - The public key that
public_key_id
refers to does not verify the signature with respect to the payload. Thesignature
contents SHOULD NOT be "attached" (where the payload is included with the serializedsignature
bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. apayload
field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
Protobuf type grafeas.v1.Signature
Signature.Builder
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_id
is not recognized by the verifier. - The public key that
public_key_id
refers to does not verify the signature with respect to the payload. Thesignature
contents SHOULD NOT be "attached" (where the payload is included with the serializedsignature
bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. apayload
field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
Protobuf type grafeas.v1.Signature
SlsaProvenance
Protobuf type grafeas.v1.SlsaProvenance
SlsaProvenance.Builder
Protobuf type grafeas.v1.SlsaProvenance
SlsaProvenance.Material
Protobuf type grafeas.v1.SlsaProvenance.Material
SlsaProvenance.Material.Builder
Protobuf type grafeas.v1.SlsaProvenance.Material
SlsaProvenance.SlsaBuilder
Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder
SlsaProvenance.SlsaBuilder.Builder
Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder
SlsaProvenance.SlsaCompleteness
Indicates that the builder claims certain fields in this message to be complete.
Protobuf type grafeas.v1.SlsaProvenance.SlsaCompleteness
SlsaProvenance.SlsaCompleteness.Builder
Indicates that the builder claims certain fields in this message to be complete.
Protobuf type grafeas.v1.SlsaProvenance.SlsaCompleteness
SlsaProvenance.SlsaMetadata
Other properties of the build.
Protobuf type grafeas.v1.SlsaProvenance.SlsaMetadata
SlsaProvenance.SlsaMetadata.Builder
Other properties of the build.
Protobuf type grafeas.v1.SlsaProvenance.SlsaMetadata
SlsaProvenance.SlsaRecipe
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
Protobuf type grafeas.v1.SlsaProvenance.SlsaRecipe
SlsaProvenance.SlsaRecipe.Builder
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.
Protobuf type grafeas.v1.SlsaProvenance.SlsaRecipe
SlsaProvenanceOuterClass
Source
Source describes the location of the source used for the build.
Protobuf type grafeas.v1.Source
Source.Builder
Source describes the location of the source used for the build.
Protobuf type grafeas.v1.Source
SourceContext
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
Protobuf type grafeas.v1.SourceContext
SourceContext.Builder
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
Protobuf type grafeas.v1.SourceContext
Subject
Protobuf type grafeas.v1.Subject
Subject.Builder
Protobuf type grafeas.v1.Subject
UpdateNoteRequest
Request to update a note.
Protobuf type grafeas.v1.UpdateNoteRequest
UpdateNoteRequest.Builder
Request to update a note.
Protobuf type grafeas.v1.UpdateNoteRequest
UpdateOccurrenceRequest
Request to update an occurrence.
Protobuf type grafeas.v1.UpdateOccurrenceRequest
UpdateOccurrenceRequest.Builder
Request to update an occurrence.
Protobuf type grafeas.v1.UpdateOccurrenceRequest
Upgrade
UpgradeDistribution
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
Protobuf type grafeas.v1.UpgradeDistribution
UpgradeDistribution.Builder
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
Protobuf type grafeas.v1.UpgradeDistribution
UpgradeNote
An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.
Protobuf type grafeas.v1.UpgradeNote
UpgradeNote.Builder
An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.
Protobuf type grafeas.v1.UpgradeNote
UpgradeOccurrence
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.
Protobuf type grafeas.v1.UpgradeOccurrence
UpgradeOccurrence.Builder
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.
Protobuf type grafeas.v1.UpgradeOccurrence
Version
Version contains structured information about the version of a package.
Protobuf type grafeas.v1.Version
Version.Builder
Version contains structured information about the version of a package.
Protobuf type grafeas.v1.Version
Vulnerability
VulnerabilityNote
A security vulnerability that can be found in resources.
Protobuf type grafeas.v1.VulnerabilityNote
VulnerabilityNote.Builder
A security vulnerability that can be found in resources.
Protobuf type grafeas.v1.VulnerabilityNote
VulnerabilityNote.Detail
A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
Protobuf type grafeas.v1.VulnerabilityNote.Detail
VulnerabilityNote.Detail.Builder
A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
Protobuf type grafeas.v1.VulnerabilityNote.Detail
VulnerabilityNote.WindowsDetail
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail
VulnerabilityNote.WindowsDetail.Builder
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail
VulnerabilityNote.WindowsDetail.KnowledgeBase
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase
VulnerabilityNote.WindowsDetail.KnowledgeBase.Builder
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase
VulnerabilityOccurrence
An occurrence of a severity vulnerability on a resource.
Protobuf type grafeas.v1.VulnerabilityOccurrence
VulnerabilityOccurrence.Builder
An occurrence of a severity vulnerability on a resource.
Protobuf type grafeas.v1.VulnerabilityOccurrence
VulnerabilityOccurrence.PackageIssue
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
Protobuf type grafeas.v1.VulnerabilityOccurrence.PackageIssue
VulnerabilityOccurrence.PackageIssue.Builder
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
Protobuf type grafeas.v1.VulnerabilityOccurrence.PackageIssue
WindowsUpdate
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
Protobuf type grafeas.v1.WindowsUpdate
WindowsUpdate.Builder
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.
Protobuf type grafeas.v1.WindowsUpdate
WindowsUpdate.Category
The category to which the update belongs.
Protobuf type grafeas.v1.WindowsUpdate.Category
WindowsUpdate.Category.Builder
The category to which the update belongs.
Protobuf type grafeas.v1.WindowsUpdate.Category
WindowsUpdate.Identity
The unique identifier of the update.
Protobuf type grafeas.v1.WindowsUpdate.Identity
WindowsUpdate.Identity.Builder
The unique identifier of the update.
Protobuf type grafeas.v1.WindowsUpdate.Identity
Interfaces
AliasContextOrBuilder
ArtifactOrBuilder
AttestationNote.HintOrBuilder
AttestationNoteOrBuilder
AttestationOccurrenceOrBuilder
BatchCreateNotesRequestOrBuilder
BatchCreateNotesResponseOrBuilder
BatchCreateOccurrencesRequestOrBuilder
BatchCreateOccurrencesResponseOrBuilder
BuildNoteOrBuilder
BuildOccurrenceOrBuilder
BuildProvenanceOrBuilder
BuilderConfigOrBuilder
CVSSOrBuilder
CVSSv3OrBuilder
CloudRepoSourceContextOrBuilder
CommandOrBuilder
CompletenessOrBuilder
ComplianceNote.CisBenchmarkOrBuilder
ComplianceNoteOrBuilder
ComplianceOccurrenceOrBuilder
ComplianceVersionOrBuilder
CreateNoteRequestOrBuilder
CreateOccurrenceRequestOrBuilder
DSSEAttestationNote.DSSEHintOrBuilder
DSSEAttestationNoteOrBuilder
DSSEAttestationOccurrenceOrBuilder
DeleteNoteRequestOrBuilder
DeleteOccurrenceRequestOrBuilder
DeploymentNoteOrBuilder
DeploymentOccurrenceOrBuilder
DiscoveryNoteOrBuilder
DiscoveryOccurrenceOrBuilder
DistributionOrBuilder
EnvelopeOrBuilder
EnvelopeSignatureOrBuilder
FileHashesOrBuilder
FingerprintOrBuilder
GerritSourceContextOrBuilder
GetNoteRequestOrBuilder
GetOccurrenceNoteRequestOrBuilder
GetOccurrenceRequestOrBuilder
GitSourceContextOrBuilder
HashOrBuilder
ImageNoteOrBuilder
ImageOccurrenceOrBuilder
InTotoProvenanceOrBuilder
InTotoStatementOrBuilder
JwtOrBuilder
LayerOrBuilder
ListNoteOccurrencesRequestOrBuilder
ListNoteOccurrencesResponseOrBuilder
ListNotesRequestOrBuilder
ListNotesResponseOrBuilder
ListOccurrencesRequestOrBuilder
ListOccurrencesResponseOrBuilder
LocationOrBuilder
MetadataOrBuilder
NonCompliantFileOrBuilder
NoteOrBuilder
OccurrenceOrBuilder
PackageNoteOrBuilder
PackageOccurrenceOrBuilder
ProjectRepoIdOrBuilder
RecipeOrBuilder
RelatedUrlOrBuilder
RepoIdOrBuilder
SignatureOrBuilder
SlsaProvenance.MaterialOrBuilder
SlsaProvenance.SlsaBuilderOrBuilder
SlsaProvenance.SlsaCompletenessOrBuilder
SlsaProvenance.SlsaMetadataOrBuilder
SlsaProvenance.SlsaRecipeOrBuilder
SlsaProvenanceOrBuilder
SourceContextOrBuilder
SourceOrBuilder
SubjectOrBuilder
UpdateNoteRequestOrBuilder
UpdateOccurrenceRequestOrBuilder
UpgradeDistributionOrBuilder
UpgradeNoteOrBuilder
UpgradeOccurrenceOrBuilder
VersionOrBuilder
VulnerabilityNote.DetailOrBuilder
VulnerabilityNote.WindowsDetail.KnowledgeBaseOrBuilder
VulnerabilityNote.WindowsDetailOrBuilder
VulnerabilityNoteOrBuilder
VulnerabilityOccurrence.PackageIssueOrBuilder
VulnerabilityOccurrenceOrBuilder
WindowsUpdate.CategoryOrBuilder
WindowsUpdate.IdentityOrBuilder
WindowsUpdateOrBuilder
Enums
AliasContext.Kind
The type of an alias.
Protobuf enum grafeas.v1.AliasContext.Kind
Architecture
Instruction set architectures supported by various package managers.
Protobuf enum grafeas.v1.Architecture
CVSS.AttackComplexity
Protobuf enum grafeas.v1.CVSS.AttackComplexity
CVSS.AttackVector
Protobuf enum grafeas.v1.CVSS.AttackVector
CVSS.Authentication
Protobuf enum grafeas.v1.CVSS.Authentication
CVSS.Impact
Protobuf enum grafeas.v1.CVSS.Impact
CVSS.PrivilegesRequired
Protobuf enum grafeas.v1.CVSS.PrivilegesRequired
CVSS.Scope
Protobuf enum grafeas.v1.CVSS.Scope
CVSS.UserInteraction
Protobuf enum grafeas.v1.CVSS.UserInteraction
CVSSv3.AttackComplexity
Protobuf enum grafeas.v1.CVSSv3.AttackComplexity
CVSSv3.AttackVector
Protobuf enum grafeas.v1.CVSSv3.AttackVector
CVSSv3.Impact
Protobuf enum grafeas.v1.CVSSv3.Impact
CVSSv3.PrivilegesRequired
Protobuf enum grafeas.v1.CVSSv3.PrivilegesRequired
CVSSv3.Scope
Protobuf enum grafeas.v1.CVSSv3.Scope
CVSSv3.UserInteraction
Protobuf enum grafeas.v1.CVSSv3.UserInteraction
CloudRepoSourceContext.RevisionCase
ComplianceNote.ComplianceTypeCase
DSSEAttestationOccurrence.DecodedPayloadCase
DeploymentOccurrence.Platform
Types of platforms.
Protobuf enum grafeas.v1.DeploymentOccurrence.Platform
DiscoveryOccurrence.AnalysisStatus
Analysis status for a resource. Currently for initial analysis only (not updated in continuous analysis).
Protobuf enum grafeas.v1.DiscoveryOccurrence.AnalysisStatus
DiscoveryOccurrence.ContinuousAnalysis
Whether the resource is continuously analyzed.
Protobuf enum grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis
GerritSourceContext.RevisionCase
InTotoStatement.PredicateCase
Note.TypeCase
NoteKind
Kind represents the kinds of notes supported.
Protobuf enum grafeas.v1.NoteKind
Occurrence.DetailsCase
RepoId.IdCase
Severity
Note provider assigned severity/impact ranking.
Protobuf enum grafeas.v1.Severity
SourceContext.ContextCase
Version.VersionKind
Whether this is an ordinary package version or a sentinel MIN/MAX version.
Protobuf enum grafeas.v1.Version.VersionKind