google.devtools.containeranalysis.v1beta1.grafeas.grafeas.proto Maven / Gradle / Ivy
// Copyright 2018 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1beta1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/devtools/containeranalysis/v1beta1/attestation/attestation.proto";
import "google/devtools/containeranalysis/v1beta1/build/build.proto";
import "google/devtools/containeranalysis/v1beta1/common/common.proto";
import "google/devtools/containeranalysis/v1beta1/deployment/deployment.proto";
import "google/devtools/containeranalysis/v1beta1/discovery/discovery.proto";
import "google/devtools/containeranalysis/v1beta1/image/image.proto";
import "google/devtools/containeranalysis/v1beta1/package/package.proto";
import "google/devtools/containeranalysis/v1beta1/provenance/provenance.proto";
import "google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/grafeas;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1beta1";
option objc_class_prefix = "GRA";
// [Grafeas](grafeas.io) API.
//
// Retrieves analysis results of Cloud components such as Docker container
// images.
//
// Analysis results are stored as a series of occurrences. An `Occurrence`
// contains information about a specific analysis instance on a resource. An
// occurrence refers to a `Note`. A note contains details describing the
// analysis and is generally stored in a separate project, called a `Provider`.
// Multiple occurrences can refer to the same note.
//
// For example, an SSL vulnerability could affect multiple images. In this case,
// there would be one note for the vulnerability and an occurrence for each
// image with the vulnerability referring to that note.
service GrafeasV1Beta1 {
option (google.api.default_host) = "containeranalysis.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Gets the specified occurrence.
rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/occurrences/*}"
};
}
// Lists occurrences for the specified project.
rpc ListOccurrences(ListOccurrencesRequest)
returns (ListOccurrencesResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*}/occurrences"
};
}
// Deletes the specified occurrence. For example, use this method to delete an
// occurrence when the occurrence is no longer applicable for the given
// resource.
rpc DeleteOccurrence(DeleteOccurrenceRequest)
returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1beta1/{name=projects/*/occurrences/*}"
};
}
// Creates a new occurrence.
rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*}/occurrences"
body: "occurrence"
};
}
// Creates new occurrences in batch.
rpc BatchCreateOccurrences(BatchCreateOccurrencesRequest)
returns (BatchCreateOccurrencesResponse) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*}/occurrences:batchCreate"
body: "*"
};
}
// Updates the specified occurrence.
rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) {
option (google.api.http) = {
patch: "/v1beta1/{name=projects/*/occurrences/*}"
body: "occurrence"
};
}
// Gets the note attached to the specified occurrence. Consumer projects can
// use this method to get a note that belongs to a provider project.
rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/occurrences/*}/notes"
};
}
// Gets the specified note.
rpc GetNote(GetNoteRequest) returns (Note) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/notes/*}"
};
}
// Lists notes for the specified project.
rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*}/notes"
};
}
// Deletes the specified note.
rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1beta1/{name=projects/*/notes/*}"
};
}
// Creates a new note.
rpc CreateNote(CreateNoteRequest) returns (Note) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*}/notes"
body: "note"
};
}
// Creates new notes in batch.
rpc BatchCreateNotes(BatchCreateNotesRequest)
returns (BatchCreateNotesResponse) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*}/notes:batchCreate"
body: "*"
};
}
// Updates the specified note.
rpc UpdateNote(UpdateNoteRequest) returns (Note) {
option (google.api.http) = {
patch: "/v1beta1/{name=projects/*/notes/*}"
body: "note"
};
}
// Lists occurrences referencing the specified note. Provider projects can use
// this method to get all occurrences across consumer projects referencing the
// specified note.
rpc ListNoteOccurrences(ListNoteOccurrencesRequest)
returns (ListNoteOccurrencesResponse) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/notes/*}/occurrences"
};
}
// Gets a summary of the number and severity of occurrences.
rpc GetVulnerabilityOccurrencesSummary(
GetVulnerabilityOccurrencesSummaryRequest)
returns (VulnerabilityOccurrencesSummary) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*}/occurrences:vulnerabilitySummary"
};
}
}
// An instance of an analysis type that has been found on a resource.
message Occurrence {
// Output only. The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
// Required. Immutable. The resource for which the occurrence applies.
Resource resource = 2;
// Required. Immutable. The analysis note associated with this occurrence, in
// the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be
// used as a filter in list requests.
string note_name = 3;
// Output only. This explicitly denotes which of the occurrence details are
// specified. This field can be used as a filter in list requests.
grafeas.v1beta1.NoteKind kind = 4;
// A description of actions that can be taken to remedy the note.
string remediation = 5;
// Output only. The time this occurrence was created.
google.protobuf.Timestamp create_time = 6;
// Output only. The time this occurrence was last updated.
google.protobuf.Timestamp update_time = 7;
// Required. Immutable. Describes the details of the note kind found on this
// resource.
oneof details {
// Describes a security vulnerability.
grafeas.v1beta1.vulnerability.Details vulnerability = 8;
// Describes a verifiable build.
grafeas.v1beta1.build.Details build = 9;
// Describes how this resource derives from the basis in the associated
// note.
grafeas.v1beta1.image.Details derived_image = 10;
// Describes the installation of a package on the linked resource.
grafeas.v1beta1.package.Details installation = 11;
// Describes the deployment of an artifact on a runtime.
grafeas.v1beta1.deployment.Details deployment = 12;
// Describes when a resource was discovered.
grafeas.v1beta1.discovery.Details discovered = 13;
// Describes an attestation of an artifact.
grafeas.v1beta1.attestation.Details attestation = 14;
}
// next_id = 15;
}
// An entity that can have metadata. For example, a Docker image.
message Resource {
// The name of the resource. For example, the name of a Docker image -
// "Debian".
string name = 1;
// Required. The unique URI of the resource. For example,
// `https://gcr.io/project/image@sha256:foo` for a Docker image.
string uri = 2;
// The hash of the resource content. For example, the Docker digest.
grafeas.v1beta1.provenance.Hash content_hash = 3;
// next_id = 4;
}
// A type of analysis that can be done for a resource.
message Note {
// Output only. The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// A one sentence description of this note.
string short_description = 2;
// A detailed description of this note.
string long_description = 3;
// Output only. The type of analysis. This field can be used as a filter in
// list requests.
grafeas.v1beta1.NoteKind kind = 4;
// URLs associated with this note.
repeated grafeas.v1beta1.RelatedUrl related_url = 5;
// Time of expiration for this note. Empty if note does not expire.
google.protobuf.Timestamp expiration_time = 6;
// Output only. The time this note was created. This field can be used as a
// filter in list requests.
google.protobuf.Timestamp create_time = 7;
// Output only. The time this note was last updated. This field can be used as
// a filter in list requests.
google.protobuf.Timestamp update_time = 8;
// Other notes related to this note.
repeated string related_note_names = 9;
// Required. Immutable. The type of analysis this note represents.
oneof type {
// A note describing a package vulnerability.
grafeas.v1beta1.vulnerability.Vulnerability vulnerability = 10;
// A note describing build provenance for a verifiable build.
grafeas.v1beta1.build.Build build = 11;
// A note describing a base image.
grafeas.v1beta1.image.Basis base_image = 12;
// A note describing a package hosted by various package managers.
grafeas.v1beta1.package.Package package = 13;
// A note describing something that can be deployed.
grafeas.v1beta1.deployment.Deployable deployable = 14;
// A note describing the initial analysis of a resource.
grafeas.v1beta1.discovery.Discovery discovery = 15;
// A note describing an attestation role.
grafeas.v1beta1.attestation.Authority attestation_authority = 16;
}
// next_id = 17;
}
// Request to get an occurrence.
message GetOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to list occurrences.
message ListOccurrencesRequest {
// The name of the project to list occurrences for in the form of
// `projects/[PROJECT_ID]`.
string parent = 1;
// The filter expression.
string filter = 2;
// Number of occurrences to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
// next_id = 7;
}
// Response for listing occurrences.
message ListOccurrencesResponse {
// The occurrences requested.
repeated Occurrence occurrences = 1;
// The next pagination token in the list response. It should be used as
// `page_token` for the following request. An empty value means no more
// results.
string next_page_token = 2;
}
// Request to delete a occurrence.
message DeleteOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to create a new occurrence.
message CreateOccurrenceRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the occurrence is to be created.
string parent = 1;
// The occurrence to create.
Occurrence occurrence = 2;
}
// Request to update an occurrence.
message UpdateOccurrenceRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
// The updated occurrence.
Occurrence occurrence = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to get a note.
message GetNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
}
// Request to get the note to which the specified occurrence is attached.
message GetOccurrenceNoteRequest {
// The name of the occurrence in the form of
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
string name = 1;
}
// Request to list notes.
message ListNotesRequest {
// The name of the project to list notes for in the form of
// `projects/[PROJECT_ID]`.
string parent = 1;
// The filter expression.
string filter = 2;
// Number of notes to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response for listing notes.
message ListNotesResponse {
// The notes requested.
repeated Note notes = 1;
// The next pagination token in the list response. It should be used as
// `page_token` for the following request. An empty value means no more
// results.
string next_page_token = 2;
}
// Request to delete a note.
message DeleteNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
}
// Request to create a new note.
message CreateNoteRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the note is to be created.
string parent = 1;
// The ID to use for this note.
string note_id = 2;
// The note to create.
Note note = 3;
}
// Request to update a note.
message UpdateNoteRequest {
// The name of the note in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// The updated note.
Note note = 2;
// The fields to update.
google.protobuf.FieldMask update_mask = 3;
}
// Request to list occurrences for a note.
message ListNoteOccurrencesRequest {
// The name of the note to list occurrences for in the form of
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
string name = 1;
// The filter expression.
string filter = 2;
// Number of occurrences to return in the list.
int32 page_size = 3;
// Token to provide to skip to a particular spot in the list.
string page_token = 4;
}
// Response for listing occurrences for a note.
message ListNoteOccurrencesResponse {
// The occurrences attached to the specified note.
repeated Occurrence occurrences = 1;
// Token to provide to skip to a particular spot in the list.
string next_page_token = 2;
}
// Request to create notes in batch.
message BatchCreateNotesRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the notes are to be created.
string parent = 1;
// The notes to create.
map notes = 2;
}
// Response for creating notes in batch.
message BatchCreateNotesResponse {
// The notes that were created.
repeated Note notes = 1;
}
// Request to create occurrences in batch.
message BatchCreateOccurrencesRequest {
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
// the occurrences are to be created.
string parent = 1;
// The occurrences to create.
repeated Occurrence occurrences = 2;
}
// Response for creating occurrences in batch.
message BatchCreateOccurrencesResponse {
// The occurrences that were created.
repeated Occurrence occurrences = 1;
}
// Request to get a vulnerability summary for some set of occurrences.
message GetVulnerabilityOccurrencesSummaryRequest {
// The name of the project to get a vulnerability summary for in the form of
// `projects/[PROJECT_ID]`.
string parent = 1;
// The filter expression.
string filter = 2;
}
// A summary of how many vulnerability occurrences there are per resource and
// severity type.
message VulnerabilityOccurrencesSummary {
// A listing by resource of the number of fixable and total vulnerabilities.
repeated FixableTotalByDigest counts = 1;
// Per resource and severity counts of fixable and total vulnerabilities.
message FixableTotalByDigest {
// The affected resource.
Resource resource = 1;
// The severity for this count. SEVERITY_UNSPECIFIED indicates total across
// all severities.
grafeas.v1beta1.vulnerability.Severity severity = 2;
// The number of fixable vulnerabilities associated with this resource.
int64 fixable_count = 3;
// The total number of vulnerabilities associated with this resource.
int64 total_count = 4;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy