Package io.grafeas.v1

A client to Container Analysis API

The interfaces provided are listed below, along with usage samples.

GrafeasClient

Service Description: Grafeas API.

Retrieves analysis results of Cloud components such as Docker container images.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Sample for GrafeasClient:


 try (GrafeasClient grafeasClient = GrafeasClient.create()) {
   OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
   Occurrence response = grafeasClient.getOccurrence(name);
 }
 

Classes

AliasContext

An alias to a repo revision.

Protobuf type grafeas.v1.AliasContext

AliasContext.Builder

An alias to a repo revision.

Protobuf type grafeas.v1.AliasContext

Artifact

Artifact describes a build product.

Protobuf type grafeas.v1.Artifact

Artifact.Builder

Artifact describes a build product.

Protobuf type grafeas.v1.Artifact

Attestation

AttestationNote

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one Authority for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project.

Protobuf type grafeas.v1.AttestationNote

AttestationNote.Builder

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one Authority for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project.

Protobuf type grafeas.v1.AttestationNote

AttestationNote.Hint

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.AttestationNote.Hint

AttestationNote.Hint.Builder

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.AttestationNote.Hint

AttestationOccurrence

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

Protobuf type grafeas.v1.AttestationOccurrence

AttestationOccurrence.Builder

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign.

Protobuf type grafeas.v1.AttestationOccurrence

BatchCreateNotesRequest

Request to create notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesRequest

BatchCreateNotesRequest.Builder

Request to create notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesRequest

BatchCreateNotesResponse

Response for creating notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesResponse

BatchCreateNotesResponse.Builder

Response for creating notes in batch.

Protobuf type grafeas.v1.BatchCreateNotesResponse

BatchCreateOccurrencesRequest

Request to create occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesRequest

BatchCreateOccurrencesRequest.Builder

Request to create occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesRequest

BatchCreateOccurrencesResponse

Response for creating occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesResponse

BatchCreateOccurrencesResponse.Builder

Response for creating occurrences in batch.

Protobuf type grafeas.v1.BatchCreateOccurrencesResponse

Build

BuildNote

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

Protobuf type grafeas.v1.BuildNote

BuildNote.Builder

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

Protobuf type grafeas.v1.BuildNote

BuildOccurrence

Details of a build occurrence.

Protobuf type grafeas.v1.BuildOccurrence

BuildOccurrence.Builder

Details of a build occurrence.

Protobuf type grafeas.v1.BuildOccurrence

BuildProvenance

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

Protobuf type grafeas.v1.BuildProvenance

BuildProvenance.Builder

Provenance of a build. Contains all information needed to verify the full details about the build from source to completion.

Protobuf type grafeas.v1.BuildProvenance

BuilderConfig

Protobuf type grafeas.v1.BuilderConfig

BuilderConfig.Builder

Protobuf type grafeas.v1.BuilderConfig

CVSS

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing multiple versions of CVSS. The intention is that as new versions of CVSS scores get added, we will be able to modify this message rather than adding new protos for each new version of the score.

Protobuf type grafeas.v1.CVSS

CVSS.Builder

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing multiple versions of CVSS. The intention is that as new versions of CVSS scores get added, we will be able to modify this message rather than adding new protos for each new version of the score.

Protobuf type grafeas.v1.CVSS

CVSSv3

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Protobuf type grafeas.v1.CVSSv3

CVSSv3.Builder

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Protobuf type grafeas.v1.CVSSv3

CloudRepoSourceContext

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

Protobuf type grafeas.v1.CloudRepoSourceContext

CloudRepoSourceContext.Builder

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

Protobuf type grafeas.v1.CloudRepoSourceContext

Command

Command describes a step performed as part of the build pipeline.

Protobuf type grafeas.v1.Command

Command.Builder

Command describes a step performed as part of the build pipeline.

Protobuf type grafeas.v1.Command

Common

Completeness

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.Completeness

Completeness.Builder

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.Completeness

Compliance

ComplianceNote

Protobuf type grafeas.v1.ComplianceNote

ComplianceNote.Builder

Protobuf type grafeas.v1.ComplianceNote

ComplianceNote.CisBenchmark

A compliance check that is a CIS benchmark.

Protobuf type grafeas.v1.ComplianceNote.CisBenchmark

ComplianceNote.CisBenchmark.Builder

A compliance check that is a CIS benchmark.

Protobuf type grafeas.v1.ComplianceNote.CisBenchmark

ComplianceOccurrence

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

Protobuf type grafeas.v1.ComplianceOccurrence

ComplianceOccurrence.Builder

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

Protobuf type grafeas.v1.ComplianceOccurrence

ComplianceVersion

Describes the CIS benchmark version that is applicable to a given OS and os version.

Protobuf type grafeas.v1.ComplianceVersion

ComplianceVersion.Builder

Describes the CIS benchmark version that is applicable to a given OS and os version.

Protobuf type grafeas.v1.ComplianceVersion

CreateNoteRequest

Request to create a new note.

Protobuf type grafeas.v1.CreateNoteRequest

CreateNoteRequest.Builder

Request to create a new note.

Protobuf type grafeas.v1.CreateNoteRequest

CreateOccurrenceRequest

Request to create a new occurrence.

Protobuf type grafeas.v1.CreateOccurrenceRequest

CreateOccurrenceRequest.Builder

Request to create a new occurrence.

Protobuf type grafeas.v1.CreateOccurrenceRequest

CvssProto

DSSEAttestationNote

Protobuf type grafeas.v1.DSSEAttestationNote

DSSEAttestationNote.Builder

Protobuf type grafeas.v1.DSSEAttestationNote

DSSEAttestationNote.DSSEHint

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint

DSSEAttestationNote.DSSEHint.Builder

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

Protobuf type grafeas.v1.DSSEAttestationNote.DSSEHint

DSSEAttestationOccurrence

Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

Protobuf type grafeas.v1.DSSEAttestationOccurrence

DSSEAttestationOccurrence.Builder

Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

Protobuf type grafeas.v1.DSSEAttestationOccurrence

DeleteNoteRequest

Request to delete a note.

Protobuf type grafeas.v1.DeleteNoteRequest

DeleteNoteRequest.Builder

Request to delete a note.

Protobuf type grafeas.v1.DeleteNoteRequest

DeleteOccurrenceRequest

Request to delete an occurrence.

Protobuf type grafeas.v1.DeleteOccurrenceRequest

DeleteOccurrenceRequest.Builder

Request to delete an occurrence.

Protobuf type grafeas.v1.DeleteOccurrenceRequest

Deployment

DeploymentNote

An artifact that can be deployed in some runtime.

Protobuf type grafeas.v1.DeploymentNote

DeploymentNote.Builder

An artifact that can be deployed in some runtime.

Protobuf type grafeas.v1.DeploymentNote

DeploymentOccurrence

The period during which some deployable was active in a runtime.

Protobuf type grafeas.v1.DeploymentOccurrence

DeploymentOccurrence.Builder

The period during which some deployable was active in a runtime.

Protobuf type grafeas.v1.DeploymentOccurrence

Discovery

DiscoveryNote

A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A Discovery occurrence is created in a consumer's project at the start of analysis.

Protobuf type grafeas.v1.DiscoveryNote

DiscoveryNote.Builder

A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A Discovery occurrence is created in a consumer's project at the start of analysis.

Protobuf type grafeas.v1.DiscoveryNote

DiscoveryOccurrence

Provides information about the analysis status of a discovered resource.

Protobuf type grafeas.v1.DiscoveryOccurrence

DiscoveryOccurrence.Builder

Provides information about the analysis status of a discovered resource.

Protobuf type grafeas.v1.DiscoveryOccurrence

Distribution

This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.

Protobuf type grafeas.v1.Distribution

Distribution.Builder

This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.

Protobuf type grafeas.v1.Distribution

DsseAttestation

Envelope

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.

Protobuf type grafeas.v1.Envelope

Envelope.Builder

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.

Protobuf type grafeas.v1.Envelope

EnvelopeSignature

Protobuf type grafeas.v1.EnvelopeSignature

EnvelopeSignature.Builder

Protobuf type grafeas.v1.EnvelopeSignature

FileHashes

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

Protobuf type grafeas.v1.FileHashes

FileHashes.Builder

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

Protobuf type grafeas.v1.FileHashes

Fingerprint

A set of properties that uniquely identify a given Docker image.

Protobuf type grafeas.v1.Fingerprint

Fingerprint.Builder

A set of properties that uniquely identify a given Docker image.

Protobuf type grafeas.v1.Fingerprint

GerritSourceContext

A SourceContext referring to a Gerrit project.

Protobuf type grafeas.v1.GerritSourceContext

GerritSourceContext.Builder

A SourceContext referring to a Gerrit project.

Protobuf type grafeas.v1.GerritSourceContext

GetNoteRequest

Request to get a note.

Protobuf type grafeas.v1.GetNoteRequest

GetNoteRequest.Builder

Request to get a note.

Protobuf type grafeas.v1.GetNoteRequest

GetOccurrenceNoteRequest

Request to get the note to which the specified occurrence is attached.

Protobuf type grafeas.v1.GetOccurrenceNoteRequest

GetOccurrenceNoteRequest.Builder

Request to get the note to which the specified occurrence is attached.

Protobuf type grafeas.v1.GetOccurrenceNoteRequest

GetOccurrenceRequest

Request to get an occurrence.

Protobuf type grafeas.v1.GetOccurrenceRequest

GetOccurrenceRequest.Builder

Request to get an occurrence.

Protobuf type grafeas.v1.GetOccurrenceRequest

GitSourceContext

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

Protobuf type grafeas.v1.GitSourceContext

GitSourceContext.Builder

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

Protobuf type grafeas.v1.GitSourceContext

GrafeasClient

Service Description: Grafeas API.

Retrieves analysis results of Cloud components such as Docker container images.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (GrafeasClient grafeasClient = GrafeasClient.create()) {
   OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
   Occurrence response = grafeasClient.getOccurrence(name);
 }
 

Note: close() needs to be called on the GrafeasClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of GrafeasSettings to create(). For example:

To customize credentials:


 GrafeasSettings grafeasSettings =
     GrafeasSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
 

To customize the endpoint:


 GrafeasSettings grafeasSettings = GrafeasSettings.newBuilder().setEndpoint(myEndpoint).build();
 GrafeasClient grafeasClient = GrafeasClient.create(grafeasSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

GrafeasClient.ListNoteOccurrencesFixedSizeCollection

GrafeasClient.ListNoteOccurrencesPage

GrafeasClient.ListNoteOccurrencesPagedResponse

GrafeasClient.ListNotesFixedSizeCollection

GrafeasClient.ListNotesPage

GrafeasClient.ListNotesPagedResponse

GrafeasClient.ListOccurrencesFixedSizeCollection

GrafeasClient.ListOccurrencesPage

GrafeasClient.ListOccurrencesPagedResponse

GrafeasGrpc

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

GrafeasGrpc.GrafeasBlockingStub

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

GrafeasGrpc.GrafeasFutureStub

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

GrafeasGrpc.GrafeasImplBase

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

GrafeasGrpc.GrafeasStub

Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note. For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

GrafeasOuterClass

GrafeasSettings

Settings class to configure an instance of GrafeasClient.

The default instance has everything set to sensible defaults:

  • The default service address (containeranalysis.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getOccurrence to 30 seconds:


 GrafeasSettings.Builder grafeasSettingsBuilder = GrafeasSettings.newBuilder();
 grafeasSettingsBuilder
     .getOccurrenceSettings()
     .setRetrySettings(
         grafeasSettingsBuilder
             .getOccurrenceSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 GrafeasSettings grafeasSettings = grafeasSettingsBuilder.build();
 

GrafeasSettings.Builder

Builder for GrafeasSettings.

Hash

Container message for hash values.

Protobuf type grafeas.v1.Hash

Hash.Builder

Container message for hash values.

Protobuf type grafeas.v1.Hash

Image

ImageNote

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.

Protobuf type grafeas.v1.ImageNote

ImageNote.Builder

Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM <Basis.resource_url> Or an equivalent reference, e.g., a tag of the resource_url.

Protobuf type grafeas.v1.ImageNote

ImageOccurrence

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.

Protobuf type grafeas.v1.ImageOccurrence

ImageOccurrence.Builder

Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>.

Protobuf type grafeas.v1.ImageOccurrence

InTotoProvenance

Protobuf type grafeas.v1.InTotoProvenance

InTotoProvenance.Builder

Protobuf type grafeas.v1.InTotoProvenance

InTotoProvenanceProto

InTotoStatement

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".

Protobuf type grafeas.v1.InTotoStatement

InTotoStatement.Builder

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".

Protobuf type grafeas.v1.InTotoStatement

InTotoStatementProto

Jwt

Protobuf type grafeas.v1.Jwt

Jwt.Builder

Protobuf type grafeas.v1.Jwt

Layer

Layer holds metadata specific to a layer of a Docker image.

Protobuf type grafeas.v1.Layer

Layer.Builder

Layer holds metadata specific to a layer of a Docker image.

Protobuf type grafeas.v1.Layer

ListNoteOccurrencesRequest

Request to list occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesRequest

ListNoteOccurrencesRequest.Builder

Request to list occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesRequest

ListNoteOccurrencesResponse

Response for listing occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesResponse

ListNoteOccurrencesResponse.Builder

Response for listing occurrences for a note.

Protobuf type grafeas.v1.ListNoteOccurrencesResponse

ListNotesRequest

Request to list notes.

Protobuf type grafeas.v1.ListNotesRequest

ListNotesRequest.Builder

Request to list notes.

Protobuf type grafeas.v1.ListNotesRequest

ListNotesResponse

Response for listing notes.

Protobuf type grafeas.v1.ListNotesResponse

ListNotesResponse.Builder

Response for listing notes.

Protobuf type grafeas.v1.ListNotesResponse

ListOccurrencesRequest

Request to list occurrences.

Protobuf type grafeas.v1.ListOccurrencesRequest

ListOccurrencesRequest.Builder

Request to list occurrences.

Protobuf type grafeas.v1.ListOccurrencesRequest

ListOccurrencesResponse

Response for listing occurrences.

Protobuf type grafeas.v1.ListOccurrencesResponse

ListOccurrencesResponse.Builder

Response for listing occurrences.

Protobuf type grafeas.v1.ListOccurrencesResponse

Location

An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in /var/lib/dpkg/status.

Protobuf type grafeas.v1.Location

Location.Builder

An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in /var/lib/dpkg/status.

Protobuf type grafeas.v1.Location

Metadata

Other properties of the build.

Protobuf type grafeas.v1.Metadata

Metadata.Builder

Other properties of the build.

Protobuf type grafeas.v1.Metadata

NonCompliantFile

Details about files that caused a compliance check to fail.

Protobuf type grafeas.v1.NonCompliantFile

NonCompliantFile.Builder

Details about files that caused a compliance check to fail.

Protobuf type grafeas.v1.NonCompliantFile

Note

A type of analysis that can be done for a resource.

Protobuf type grafeas.v1.Note

Note.Builder

A type of analysis that can be done for a resource.

Protobuf type grafeas.v1.Note

NoteName

NoteName.Builder

Builder for projects/{project}/notes/{note}.

Occurrence

An instance of an analysis type that has been found on a resource.

Protobuf type grafeas.v1.Occurrence

Occurrence.Builder

An instance of an analysis type that has been found on a resource.

Protobuf type grafeas.v1.Occurrence

OccurrenceName

OccurrenceName.Builder

Builder for projects/{project}/occurrences/{occurrence}.

Package

PackageNote

This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.

Protobuf type grafeas.v1.PackageNote

PackageNote.Builder

This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions.

Protobuf type grafeas.v1.PackageNote

PackageOccurrence

Details on how a particular software package was installed on a system.

Protobuf type grafeas.v1.PackageOccurrence

PackageOccurrence.Builder

Details on how a particular software package was installed on a system.

Protobuf type grafeas.v1.PackageOccurrence

ProjectName

ProjectName.Builder

Builder for projects/{project}.

ProjectRepoId

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

Protobuf type grafeas.v1.ProjectRepoId

ProjectRepoId.Builder

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

Protobuf type grafeas.v1.ProjectRepoId

Provenance

Recipe

Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.

Protobuf type grafeas.v1.Recipe

Recipe.Builder

Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.

Protobuf type grafeas.v1.Recipe

RelatedUrl

Metadata for any related URL information.

Protobuf type grafeas.v1.RelatedUrl

RelatedUrl.Builder

Metadata for any related URL information.

Protobuf type grafeas.v1.RelatedUrl

RepoId

A unique identifier for a Cloud Repo.

Protobuf type grafeas.v1.RepoId

RepoId.Builder

A unique identifier for a Cloud Repo.

Protobuf type grafeas.v1.RepoId

SeverityOuterClass

Signature

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:

  • The public_key_id is not recognized by the verifier.
  • The public key that public_key_id refers to does not verify the signature with respect to the payload. The signature contents SHOULD NOT be "attached" (where the payload is included with the serialized signature bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

Protobuf type grafeas.v1.Signature

Signature.Builder

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:

  • The public_key_id is not recognized by the verifier.
  • The public key that public_key_id refers to does not verify the signature with respect to the payload. The signature contents SHOULD NOT be "attached" (where the payload is included with the serialized signature bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

Protobuf type grafeas.v1.Signature

SlsaProvenance

Protobuf type grafeas.v1.SlsaProvenance

SlsaProvenance.Builder

Protobuf type grafeas.v1.SlsaProvenance

SlsaProvenance.Material

Protobuf type grafeas.v1.SlsaProvenance.Material

SlsaProvenance.Material.Builder

Protobuf type grafeas.v1.SlsaProvenance.Material

SlsaProvenance.SlsaBuilder

Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder

SlsaProvenance.SlsaBuilder.Builder

Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder

SlsaProvenance.SlsaCompleteness

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.SlsaProvenance.SlsaCompleteness

SlsaProvenance.SlsaCompleteness.Builder

Indicates that the builder claims certain fields in this message to be complete.

Protobuf type grafeas.v1.SlsaProvenance.SlsaCompleteness

SlsaProvenance.SlsaMetadata

Other properties of the build.

Protobuf type grafeas.v1.SlsaProvenance.SlsaMetadata

SlsaProvenance.SlsaMetadata.Builder

Other properties of the build.

Protobuf type grafeas.v1.SlsaProvenance.SlsaMetadata

SlsaProvenance.SlsaRecipe

Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.

Protobuf type grafeas.v1.SlsaProvenance.SlsaRecipe

SlsaProvenance.SlsaRecipe.Builder

Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.

Protobuf type grafeas.v1.SlsaProvenance.SlsaRecipe

SlsaProvenanceOuterClass

Source

Source describes the location of the source used for the build.

Protobuf type grafeas.v1.Source

Source.Builder

Source describes the location of the source used for the build.

Protobuf type grafeas.v1.Source

SourceContext

A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.

Protobuf type grafeas.v1.SourceContext

SourceContext.Builder

A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.

Protobuf type grafeas.v1.SourceContext

Subject

Protobuf type grafeas.v1.Subject

Subject.Builder

Protobuf type grafeas.v1.Subject

UpdateNoteRequest

Request to update a note.

Protobuf type grafeas.v1.UpdateNoteRequest

UpdateNoteRequest.Builder

Request to update a note.

Protobuf type grafeas.v1.UpdateNoteRequest

UpdateOccurrenceRequest

Request to update an occurrence.

Protobuf type grafeas.v1.UpdateOccurrenceRequest

UpdateOccurrenceRequest.Builder

Request to update an occurrence.

Protobuf type grafeas.v1.UpdateOccurrenceRequest

Upgrade

UpgradeDistribution

The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.

Protobuf type grafeas.v1.UpgradeDistribution

UpgradeDistribution.Builder

The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.

Protobuf type grafeas.v1.UpgradeDistribution

UpgradeNote

An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.

Protobuf type grafeas.v1.UpgradeNote

UpgradeNote.Builder

An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.

Protobuf type grafeas.v1.UpgradeNote

UpgradeOccurrence

An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.

Protobuf type grafeas.v1.UpgradeOccurrence

UpgradeOccurrence.Builder

An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.

Protobuf type grafeas.v1.UpgradeOccurrence

Version

Version contains structured information about the version of a package.

Protobuf type grafeas.v1.Version

Version.Builder

Version contains structured information about the version of a package.

Protobuf type grafeas.v1.Version

Vulnerability

VulnerabilityNote

A security vulnerability that can be found in resources.

Protobuf type grafeas.v1.VulnerabilityNote

VulnerabilityNote.Builder

A security vulnerability that can be found in resources.

Protobuf type grafeas.v1.VulnerabilityNote

VulnerabilityNote.Detail

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

Protobuf type grafeas.v1.VulnerabilityNote.Detail

VulnerabilityNote.Detail.Builder

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

Protobuf type grafeas.v1.VulnerabilityNote.Detail

VulnerabilityNote.WindowsDetail

Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail

VulnerabilityNote.WindowsDetail.Builder

Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail

VulnerabilityNote.WindowsDetail.KnowledgeBase

Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase

VulnerabilityNote.WindowsDetail.KnowledgeBase.Builder

Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase

VulnerabilityOccurrence

An occurrence of a severity vulnerability on a resource.

Protobuf type grafeas.v1.VulnerabilityOccurrence

VulnerabilityOccurrence.Builder

An occurrence of a severity vulnerability on a resource.

Protobuf type grafeas.v1.VulnerabilityOccurrence

VulnerabilityOccurrence.PackageIssue

A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).

Protobuf type grafeas.v1.VulnerabilityOccurrence.PackageIssue

VulnerabilityOccurrence.PackageIssue.Builder

A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).

Protobuf type grafeas.v1.VulnerabilityOccurrence.PackageIssue

WindowsUpdate

Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.

Protobuf type grafeas.v1.WindowsUpdate

WindowsUpdate.Builder

Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate.

Protobuf type grafeas.v1.WindowsUpdate

WindowsUpdate.Category

The category to which the update belongs.

Protobuf type grafeas.v1.WindowsUpdate.Category

WindowsUpdate.Category.Builder

The category to which the update belongs.

Protobuf type grafeas.v1.WindowsUpdate.Category

WindowsUpdate.Identity

The unique identifier of the update.

Protobuf type grafeas.v1.WindowsUpdate.Identity

WindowsUpdate.Identity.Builder

The unique identifier of the update.

Protobuf type grafeas.v1.WindowsUpdate.Identity

Interfaces

AliasContextOrBuilder

ArtifactOrBuilder

AttestationNote.HintOrBuilder

AttestationNoteOrBuilder

AttestationOccurrenceOrBuilder

BatchCreateNotesRequestOrBuilder

BatchCreateNotesResponseOrBuilder

BatchCreateOccurrencesRequestOrBuilder

BatchCreateOccurrencesResponseOrBuilder

BuildNoteOrBuilder

BuildOccurrenceOrBuilder

BuildProvenanceOrBuilder

BuilderConfigOrBuilder

CVSSOrBuilder

CVSSv3OrBuilder

CloudRepoSourceContextOrBuilder

CommandOrBuilder

CompletenessOrBuilder

ComplianceNote.CisBenchmarkOrBuilder

ComplianceNoteOrBuilder

ComplianceOccurrenceOrBuilder

ComplianceVersionOrBuilder

CreateNoteRequestOrBuilder

CreateOccurrenceRequestOrBuilder

DSSEAttestationNote.DSSEHintOrBuilder

DSSEAttestationNoteOrBuilder

DSSEAttestationOccurrenceOrBuilder

DeleteNoteRequestOrBuilder

DeleteOccurrenceRequestOrBuilder

DeploymentNoteOrBuilder

DeploymentOccurrenceOrBuilder

DiscoveryNoteOrBuilder

DiscoveryOccurrenceOrBuilder

DistributionOrBuilder

EnvelopeOrBuilder

EnvelopeSignatureOrBuilder

FileHashesOrBuilder

FingerprintOrBuilder

GerritSourceContextOrBuilder

GetNoteRequestOrBuilder

GetOccurrenceNoteRequestOrBuilder

GetOccurrenceRequestOrBuilder

GitSourceContextOrBuilder

HashOrBuilder

ImageNoteOrBuilder

ImageOccurrenceOrBuilder

InTotoProvenanceOrBuilder

InTotoStatementOrBuilder

JwtOrBuilder

LayerOrBuilder

ListNoteOccurrencesRequestOrBuilder

ListNoteOccurrencesResponseOrBuilder

ListNotesRequestOrBuilder

ListNotesResponseOrBuilder

ListOccurrencesRequestOrBuilder

ListOccurrencesResponseOrBuilder

LocationOrBuilder

MetadataOrBuilder

NonCompliantFileOrBuilder

NoteOrBuilder

OccurrenceOrBuilder

PackageNoteOrBuilder

PackageOccurrenceOrBuilder

ProjectRepoIdOrBuilder

RecipeOrBuilder

RelatedUrlOrBuilder

RepoIdOrBuilder

SignatureOrBuilder

SlsaProvenance.MaterialOrBuilder

SlsaProvenance.SlsaBuilderOrBuilder

SlsaProvenance.SlsaCompletenessOrBuilder

SlsaProvenance.SlsaMetadataOrBuilder

SlsaProvenance.SlsaRecipeOrBuilder

SlsaProvenanceOrBuilder

SourceContextOrBuilder

SourceOrBuilder

SubjectOrBuilder

UpdateNoteRequestOrBuilder

UpdateOccurrenceRequestOrBuilder

UpgradeDistributionOrBuilder

UpgradeNoteOrBuilder

UpgradeOccurrenceOrBuilder

VersionOrBuilder

VulnerabilityNote.DetailOrBuilder

VulnerabilityNote.WindowsDetail.KnowledgeBaseOrBuilder

VulnerabilityNote.WindowsDetailOrBuilder

VulnerabilityNoteOrBuilder

VulnerabilityOccurrence.PackageIssueOrBuilder

VulnerabilityOccurrenceOrBuilder

WindowsUpdate.CategoryOrBuilder

WindowsUpdate.IdentityOrBuilder

WindowsUpdateOrBuilder

Enums

AliasContext.Kind

The type of an alias.

Protobuf enum grafeas.v1.AliasContext.Kind

Architecture

Instruction set architectures supported by various package managers.

Protobuf enum grafeas.v1.Architecture

CVSS.AttackComplexity

Protobuf enum grafeas.v1.CVSS.AttackComplexity

CVSS.AttackVector

Protobuf enum grafeas.v1.CVSS.AttackVector

CVSS.Authentication

Protobuf enum grafeas.v1.CVSS.Authentication

CVSS.Impact

Protobuf enum grafeas.v1.CVSS.Impact

CVSS.PrivilegesRequired

Protobuf enum grafeas.v1.CVSS.PrivilegesRequired

CVSS.Scope

Protobuf enum grafeas.v1.CVSS.Scope

CVSS.UserInteraction

Protobuf enum grafeas.v1.CVSS.UserInteraction

CVSSv3.AttackComplexity

Protobuf enum grafeas.v1.CVSSv3.AttackComplexity

CVSSv3.AttackVector

Protobuf enum grafeas.v1.CVSSv3.AttackVector

CVSSv3.Impact

Protobuf enum grafeas.v1.CVSSv3.Impact

CVSSv3.PrivilegesRequired

Protobuf enum grafeas.v1.CVSSv3.PrivilegesRequired

CVSSv3.Scope

Protobuf enum grafeas.v1.CVSSv3.Scope

CVSSv3.UserInteraction

Protobuf enum grafeas.v1.CVSSv3.UserInteraction

CloudRepoSourceContext.RevisionCase

ComplianceNote.ComplianceTypeCase

DSSEAttestationOccurrence.DecodedPayloadCase

DeploymentOccurrence.Platform

Types of platforms.

Protobuf enum grafeas.v1.DeploymentOccurrence.Platform

DiscoveryOccurrence.AnalysisStatus

Analysis status for a resource. Currently for initial analysis only (not updated in continuous analysis).

Protobuf enum grafeas.v1.DiscoveryOccurrence.AnalysisStatus

DiscoveryOccurrence.ContinuousAnalysis

Whether the resource is continuously analyzed.

Protobuf enum grafeas.v1.DiscoveryOccurrence.ContinuousAnalysis

GerritSourceContext.RevisionCase

InTotoStatement.PredicateCase

Note.TypeCase

NoteKind

Kind represents the kinds of notes supported.

Protobuf enum grafeas.v1.NoteKind

Occurrence.DetailsCase

RepoId.IdCase

Severity

Note provider assigned severity/impact ranking.

Protobuf enum grafeas.v1.Severity

SourceContext.ContextCase

Version.VersionKind

Whether this is an ordinary package version or a sentinel MIN/MAX version.

Protobuf enum grafeas.v1.Version.VersionKind