Package io.grafeas.v1 (2.10.0)

An alias to a repo revision.

Protobuf type grafeas.v1.AliasContext

An alias to a repo revision.

Protobuf type grafeas.v1.AliasContext

Artifact describes a build product.

Protobuf type grafeas.v1.Artifact

Artifact describes a build product.

Protobuf type grafeas.v1.Artifact

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one Authority for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project.

Protobuf type grafeas.v1.AttestationNote

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one Authority for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project.

Protobuf type grafeas.v1.AttestationNote

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.AttestationNote.Hint

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.AttestationNote.Hint

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

Protobuf type grafeas.v1.AttestationOccurrence

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

Protobuf type grafeas.v1.AttestationOccurrence

Request to create notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesRequest

Request to create notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesRequest

Response for creating notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesResponse

Response for creating notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesResponse

Request to create occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesRequest

Request to create occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesRequest

Response for creating occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesResponse

Response for creating occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesResponse

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

Protobuf type grafeas.v1.BuildNote

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

Protobuf type grafeas.v1.BuildNote

Details of a build occurrence.

Protobuf type grafeas.v1.BuildOccurrence

Details of a build occurrence.

Protobuf type grafeas.v1.BuildOccurrence

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

Protobuf type grafeas.v1.BuildProvenance

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

Protobuf type grafeas.v1.BuildProvenance

Protobuf type grafeas.v1.BuilderConfig

Protobuf type grafeas.v1.BuilderConfig

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version.

Protobuf type grafeas.v1.CVSS

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version.

Protobuf type grafeas.v1.CVSS

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Protobuf type grafeas.v1.CVSSv3

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Protobuf type grafeas.v1.CVSSv3

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

Protobuf type grafeas.v1.CloudRepoSourceContext

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

Protobuf type grafeas.v1.CloudRepoSourceContext

Command describes a step performed as part of the build pipeline.

Protobuf type grafeas.v1.Command

Command describes a step performed as part of the build pipeline.

Protobuf type grafeas.v1.Command

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.Completeness

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.Completeness

Protobuf type grafeas.v1.ComplianceNote

Protobuf type grafeas.v1.ComplianceNote

A compliance check that is a CIS benchmark.

Protobuf type grafeas.v1.ComplianceNote.CisBenchmark

A compliance check that is a CIS benchmark.

Protobuf type grafeas.v1.ComplianceNote.CisBenchmark

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

Protobuf type grafeas.v1.ComplianceOccurrence

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

Protobuf type grafeas.v1.ComplianceOccurrence

Describes the CIS benchmark version that is applicable to a given OS and os version.

Protobuf type grafeas.v1.ComplianceVersion

Describes the CIS benchmark version that is applicable to a given OS and os version.

Protobuf type grafeas.v1.ComplianceVersion

Request to create a new note.

Protobuf type grafeas.v1.CreateNoteRequest

Request to create a new note.

Protobuf type grafeas.v1.CreateNoteRequest

Request to create a new occurrence.

Protobuf type grafeas.v1.CreateOccurrenceRequest

Request to create a new occurrence.

Protobuf type grafeas.v1.CreateOccurrenceRequest

Protobuf type grafeas.v1.DSSEAttestationNote

Protobuf type grafeas.v1.DSSEAttestationNote

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint

Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

Protobuf type grafeas.v1.DSSEAttestationOccurrence

Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

Protobuf type grafeas.v1.DSSEAttestationOccurrence

Request to delete a note.

Protobuf type grafeas.v1.DeleteNoteRequest

Request to delete a note.

Protobuf type grafeas.v1.DeleteNoteRequest

Request to delete an occurrence.

Protobuf type grafeas.v1.DeleteOccurrenceRequest

Request to delete an occurrence.

Protobuf type grafeas.v1.DeleteOccurrenceRequest

An artifact that can be deployed in some runtime.

Protobuf type grafeas.v1.DeploymentNote

An artifact that can be deployed in some runtime.

Protobuf type grafeas.v1.DeploymentNote

The period during which some deployable was active in a runtime.

Protobuf type grafeas.v1.DeploymentOccurrence

The period during which some deployable was active in a runtime.

Protobuf type grafeas.v1.DeploymentOccurrence

Digest information.

Protobuf type grafeas.v1.Digest

Digest information.

Protobuf type grafeas.v1.Digest

A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A Discovery occurrence is created in a consumer's project at the start of analysis.

Protobuf type grafeas.v1.DiscoveryNote

A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A Discovery occurrence is created in a consumer's project at the start of analysis.

Protobuf type grafeas.v1.DiscoveryNote

Provides information about the analysis status of a discovered resource.

Protobuf type grafeas.v1.DiscoveryOccurrence

Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource.

Protobuf type grafeas.v1.DiscoveryOccurrence.AnalysisCompleted

Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource.

Protobuf type grafeas.v1.DiscoveryOccurrence.AnalysisCompleted

Provides information about the analysis status of a discovered resource.

Protobuf type grafeas.v1.DiscoveryOccurrence

This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.

Protobuf type grafeas.v1.Distribution

This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.

Protobuf type grafeas.v1.Distribution

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.

Protobuf type grafeas.v1.Envelope

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.

Protobuf type grafeas.v1.Envelope

Protobuf type grafeas.v1.EnvelopeSignature

Protobuf type grafeas.v1.EnvelopeSignature

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

Protobuf type grafeas.v1.FileHashes

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

Protobuf type grafeas.v1.FileHashes

Indicates the location at which a package was found.

Protobuf type grafeas.v1.FileLocation

Indicates the location at which a package was found.

Protobuf type grafeas.v1.FileLocation

A set of properties that uniquely identify a given Docker image.

Protobuf type grafeas.v1.Fingerprint

A set of properties that uniquely identify a given Docker image.

Protobuf type grafeas.v1.Fingerprint

A SourceContext referring to a Gerrit project.

Protobuf type grafeas.v1.GerritSourceContext

A SourceContext referring to a Gerrit project.

Protobuf type grafeas.v1.GerritSourceContext

Request to get a note.

Protobuf type grafeas.v1.GetNoteRequest

Request to get a note.

Protobuf type grafeas.v1.GetNoteRequest

Request to get the note to which the specified occurrence is attached.

Protobuf type grafeas.v1.GetOccurrenceNoteRequest

Request to get the note to which the specified occurrence is attached.

Protobuf type grafeas.v1.GetOccurrenceNoteRequest

Request to get an occurrence.

Protobuf type grafeas.v1.GetOccurrenceRequest

Request to get an occurrence.

Protobuf type grafeas.v1.GetOccurrenceRequest

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

Protobuf type grafeas.v1.GitSourceContext

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

Protobuf type grafeas.v1.GitSourceContext

Service Description: Grafeas API.

Retrieves analysis results of Cloud components such as Docker container images.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (GrafeasClient grafeasClient = GrafeasClient.create()) {
   OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
   Occurrence response = grafeasClient.getOccurrence(name);
 }
 

Note: close() needs to be called on the GrafeasClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of GrafeasSettings to create(). For example:

To customize credentials:

 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 GrafeasSettings grafeasSettings =
     GrafeasSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
 

To customize the endpoint:

 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 GrafeasSettings grafeasSettings = GrafeasSettings.newBuilder().setEndpoint(myEndpoint).build();
 GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Settings class to configure an instance of GrafeasClient.

The default instance has everything set to sensible defaults:

• The default service address (containeranalysis.googleapis.com) and default port (443) are used.
• Credentials are acquired automatically through Application Default Credentials.
• Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getOccurrence to 30 seconds:

 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 GrafeasSettings.Builder grafeasSettingsBuilder = GrafeasSettings.newBuilder();
 grafeasSettingsBuilder
     .getOccurrenceSettings()
     .setRetrySettings(
         grafeasSettingsBuilder
             .getOccurrenceSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 GrafeasSettings grafeasSettings = grafeasSettingsBuilder.build();
 

Builder for GrafeasSettings.

Container message for hash values.

Protobuf type grafeas.v1.Hash

Container message for hash values.

Protobuf type grafeas.v1.Hash

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.

Protobuf type grafeas.v1.ImageNote

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.

Protobuf type grafeas.v1.ImageNote

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.

Protobuf type grafeas.v1.ImageOccurrence

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.

Protobuf type grafeas.v1.ImageOccurrence

Protobuf type grafeas.v1.InTotoProvenance

Protobuf type grafeas.v1.InTotoProvenance

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".

Protobuf type grafeas.v1.InTotoStatement

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".

Protobuf type grafeas.v1.InTotoStatement

Protobuf type grafeas.v1.Jwt

Protobuf type grafeas.v1.Jwt

Layer holds metadata specific to a layer of a Docker image.

Protobuf type grafeas.v1.Layer

Layer holds metadata specific to a layer of a Docker image.

Protobuf type grafeas.v1.Layer

License information.

Protobuf type grafeas.v1.License

License information.

Protobuf type grafeas.v1.License

Request to list occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesRequest

Request to list occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesRequest

Response for listing occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesResponse

Response for listing occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesResponse

Request to list notes.

Protobuf type grafeas.v1.ListNotesRequest

Request to list notes.

Protobuf type grafeas.v1.ListNotesRequest

Response for listing notes.

Protobuf type grafeas.v1.ListNotesResponse