1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.projects.html">projects</a> . <a href="containeranalysis_v1alpha1.projects.occurrences.html">occurrences</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#create">create(parent, body, name=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Creates a new `Occurrence`. Use this method to create `Occurrences`</p> 80<p class="toc_element"> 81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Deletes the given `Occurrence` from the system. Use this when</p> 83<p class="toc_element"> 84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns the requested `Occurrence`.</p> 86<p class="toc_element"> 87 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 88<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p> 89<p class="toc_element"> 90 <code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p> 91<p class="firstline">Gets the `Note` attached to the given `Occurrence`.</p> 92<p class="toc_element"> 93 <code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, x__xgafv=None, filter=None)</a></code></p> 94<p class="firstline">Gets a summary of the number and severity of occurrences.</p> 95<p class="toc_element"> 96 <code><a href="#list">list(parent, kind=None, name=None, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</a></code></p> 97<p class="firstline">Lists active `Occurrences` for a given project matching the filters.</p> 98<p class="toc_element"> 99 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 100<p class="firstline">Retrieves the next page of results.</p> 101<p class="toc_element"> 102 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 103<p class="firstline">Updates an existing occurrence.</p> 104<p class="toc_element"> 105 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 106<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p> 107<p class="toc_element"> 108 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 109<p class="firstline">Returns the permissions that a caller has on the specified note or</p> 110<h3>Method Details</h3> 111<div class="method"> 112 <code class="details" id="create">create(parent, body, name=None, x__xgafv=None)</code> 113 <pre>Creates a new `Occurrence`. Use this method to create `Occurrences` 114for a resource. 115 116Args: 117 parent: string, This field contains the project Id for example: "projects/{project_id}" (required) 118 body: object, The request body. (required) 119 The object takes the form of: 120 121{ # `Occurrence` includes information about analysis occurrences for an image. 122 "resource": { # # 123 # The resource for which the `Occurrence` applies. 124 # Resource is an entity that can have metadata. E.g., a Docker image. 125 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 126 "type": "A String", # The type of hash that was performed. 127 "value": "A String", # The hash value. 128 }, 129 "uri": "A String", # The unique URI of the resource. E.g., 130 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 131 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 132 }, 133 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 134 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 135 # a system. 136 "location": [ # All of the places within the filesystem versions of this package 137 # have been found. 138 { # An occurrence of a particular package installation found within a 139 # system's filesystem. 140 # e.g. glibc was found in /var/lib/dpkg/status 141 "path": "A String", # The path from which we gathered that this package/version is installed. 142 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 143 # denoting the package manager version distributing a package. 144 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 145 # For a discussion of this in Debian/Ubuntu: 146 # http://serverfault.com/questions/604541/debian-packages-version-convention 147 # For a discussion of this in Redhat/Fedora/Centos: 148 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 149 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 150 # If kind is not NORMAL, then the other fields are ignored. 151 "revision": "A String", # The iteration of the package build from the above version. 152 "name": "A String", # The main part of the version name. 153 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 154 }, 155 }, 156 ], 157 "name": "A String", # Output only. The name of the installed package. 158 }, 159 "name": "A String", # Output only. The name of the `Occurrence` in the form 160 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 161 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 162 # specified. This field can be used as a filter in list requests. 163 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 164 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 165 # details about the build from source to completion. 166 "finishTime": "A String", # Time at which execution of the build was finished. 167 "commands": [ # Commands requested by the build. 168 { # Command describes a step performed as part of the build pipeline. 169 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 170 "A String", 171 ], 172 "name": "A String", # Name of the command, as presented on the command line, or if the command is 173 # packaged as a Docker container, as presented to `docker pull`. 174 "args": [ # Command-line arguments used when executing this Command. 175 "A String", 176 ], 177 "env": [ # Environment variables set before running this Command. 178 "A String", 179 ], 180 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 181 # this Command as a dependency. 182 "dir": "A String", # Working directory (relative to project source root) used when running 183 # this Command. 184 }, 185 ], 186 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 187 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 188 # location. 189 # Google Cloud Storage. 190 "generation": "A String", # Google Cloud Storage generation for the object. 191 "object": "A String", # Google Cloud Storage object containing source. 192 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 193 # Requirements] 194 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 195 }, 196 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 197 # Repository. 198 "projectId": "A String", # ID of the project that owns the repo. 199 "branchName": "A String", # Name of the branch to build. 200 "repoName": "A String", # Name of the repo. 201 "tagName": "A String", # Name of the tag to build. 202 "commitSha": "A String", # Explicit commit SHA to build. 203 }, 204 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 205 # source integrity was maintained in the build. 206 # 207 # The keys to this map are file paths used as build source and the values 208 # contain the hash values for those files. 209 # 210 # If the build source came in a single package such as a gzipped tarfile 211 # (.tar.gz), the FileHash will be for the single path to that file. 212 "a_key": { # Container message for hashes of byte content of files, used in Source 213 # messages to verify integrity of source input to the build. 214 "fileHash": [ # Collection of file hashes. 215 { # Container message for hash values. 216 "type": "A String", # The type of hash that was performed. 217 "value": "A String", # The hash value. 218 }, 219 ], 220 }, 221 }, 222 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 223 # these locations, in the case where the source repository had multiple 224 # remotes or submodules. This list will not include the context specified in 225 # the context field. 226 { # A SourceContext is a reference to a tree of files. A SourceContext together 227 # with a path point to a unique revision of a single file or directory. 228 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 229 # repository (e.g., GitHub). 230 "url": "A String", # Git repository URL. 231 "revisionId": "A String", # Required. 232 # Git commit hash. 233 }, 234 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 235 # Source Repo. 236 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 237 "kind": "A String", # The alias kind. 238 "name": "A String", # The alias name. 239 }, 240 "revisionId": "A String", # A revision ID. 241 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 242 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 243 # winged-cargo-31) and a repo name within that project. 244 "projectId": "A String", # The ID of the project. 245 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 246 }, 247 "uid": "A String", # A server-assigned, globally unique identifier. 248 }, 249 }, 250 "labels": { # Labels with user defined metadata. 251 "a_key": "A String", 252 }, 253 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 254 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 255 "kind": "A String", # The alias kind. 256 "name": "A String", # The alias name. 257 }, 258 "revisionId": "A String", # A revision (commit) ID. 259 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 260 # "project/subproject" is a valid project name. The "repo name" is 261 # the hostURI/project. 262 "hostUri": "A String", # The URI of a running Gerrit instance. 263 }, 264 }, 265 ], 266 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 267 # with a path point to a unique revision of a single file or directory. 268 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 269 # repository (e.g., GitHub). 270 "url": "A String", # Git repository URL. 271 "revisionId": "A String", # Required. 272 # Git commit hash. 273 }, 274 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 275 # Source Repo. 276 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 277 "kind": "A String", # The alias kind. 278 "name": "A String", # The alias name. 279 }, 280 "revisionId": "A String", # A revision ID. 281 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 282 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 283 # winged-cargo-31) and a repo name within that project. 284 "projectId": "A String", # The ID of the project. 285 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 286 }, 287 "uid": "A String", # A server-assigned, globally unique identifier. 288 }, 289 }, 290 "labels": { # Labels with user defined metadata. 291 "a_key": "A String", 292 }, 293 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 294 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 295 "kind": "A String", # The alias kind. 296 "name": "A String", # The alias name. 297 }, 298 "revisionId": "A String", # A revision (commit) ID. 299 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 300 # "project/subproject" is a valid project name. The "repo name" is 301 # the hostURI/project. 302 "hostUri": "A String", # The URI of a running Gerrit instance. 303 }, 304 }, 305 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 306 # Storage. 307 # Google Cloud Storage. 308 "generation": "A String", # Google Cloud Storage generation for the object. 309 "object": "A String", # Google Cloud Storage object containing source. 310 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 311 # Requirements] 312 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 313 }, 314 }, 315 "buildOptions": { # Special options applied to this build. This is a catch-all field where 316 # build providers can enter any desired additional details. 317 "a_key": "A String", 318 }, 319 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 320 # user's e-mail address at the time the build was initiated; this address may 321 # not represent the same end-user for all time. 322 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 323 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 324 "createTime": "A String", # Time at which the build was created. 325 "builtArtifacts": [ # Output of the build. 326 { # Artifact describes a build product. 327 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 328 # container. 329 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 330 # like gcr.io/projectID/imagename@sha256:123456 331 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 332 # the case of a container build, the name used to push the container image to 333 # Google Container Registry, as presented to `docker push`. 334 # 335 # This field is deprecated in favor of the plural `names` field; it continues 336 # to exist here to allow existing BuildProvenance serialized to json in 337 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 338 # deserialize back into proto. 339 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 340 # the case of a container build, the name used to push the container image to 341 # Google Container Registry, as presented to `docker push`. Note that a 342 # single Artifact ID can have multiple names, for example if two tags are 343 # applied to one image. 344 "A String", 345 ], 346 }, 347 ], 348 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 349 "startTime": "A String", # Time at which execution of the build was started. 350 "projectId": "A String", # ID of the project. 351 "id": "A String", # Unique identifier of the build. 352 }, 353 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 354 # `BuildSignature` in the corresponding Result. After verifying the 355 # signature, `provenance_bytes` can be unmarshalled and compared to the 356 # provenance to confirm that it is unchanged. A base64-encoded string 357 # representation of the provenance bytes is used for the signature in order 358 # to interoperate with openssl which expects this format for signature 359 # verification. 360 # 361 # The serialized form is captured both to avoid ambiguity in how the 362 # provenance is marshalled to json as well to prevent incompatibilities with 363 # future changes. 364 }, 365 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 366 "analysisStatus": "A String", # The status of discovery for the resource. 367 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 368 # This field is deprecated, do not use. 369 # network API call. 370 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 371 # different programming environments, including REST APIs and RPC APIs. It is 372 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 373 # three pieces of data: error code, error message, and error details. 374 # 375 # You can find out more about this error model and how to work with it in the 376 # [API Design Guide](https://cloud.google.com/apis/design/errors). 377 "message": "A String", # A developer-facing error message, which should be in English. Any 378 # user-facing error message should be localized and sent in the 379 # google.rpc.Status.details field, or localized by the client. 380 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 381 "details": [ # A list of messages that carry the error details. There is a common set of 382 # message types for APIs to use. 383 { 384 "a_key": "", # Properties of the object. Contains field @type with type URL. 385 }, 386 ], 387 }, 388 "done": True or False, # If the value is `false`, it means the operation is still in progress. 389 # If `true`, the operation is completed, and either `error` or `response` is 390 # available. 391 "response": { # The normal response of the operation in case of success. If the original 392 # method returns no data on success, such as `Delete`, the response is 393 # `google.protobuf.Empty`. If the original method is standard 394 # `Get`/`Create`/`Update`, the response should be the resource. For other 395 # methods, the response should have the type `XxxResponse`, where `Xxx` 396 # is the original method name. For example, if the original method name 397 # is `TakeSnapshot()`, the inferred response type is 398 # `TakeSnapshotResponse`. 399 "a_key": "", # Properties of the object. Contains field @type with type URL. 400 }, 401 "name": "A String", # The server-assigned name, which is only unique within the same service that 402 # originally returns it. If you use the default HTTP mapping, the 403 # `name` should be a resource name ending with `operations/{unique_id}`. 404 "metadata": { # Service-specific metadata associated with the operation. It typically 405 # contains progress information and common metadata such as create time. 406 # Some services might not provide such metadata. Any method that returns a 407 # long-running operation should document the metadata type, if any. 408 "a_key": "", # Properties of the object. Contains field @type with type URL. 409 }, 410 }, 411 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 412 # details to show to the user. The LocalizedMessage output only and 413 # populated by the API. 414 # different programming environments, including REST APIs and RPC APIs. It is 415 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 416 # three pieces of data: error code, error message, and error details. 417 # 418 # You can find out more about this error model and how to work with it in the 419 # [API Design Guide](https://cloud.google.com/apis/design/errors). 420 "message": "A String", # A developer-facing error message, which should be in English. Any 421 # user-facing error message should be localized and sent in the 422 # google.rpc.Status.details field, or localized by the client. 423 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 424 "details": [ # A list of messages that carry the error details. There is a common set of 425 # message types for APIs to use. 426 { 427 "a_key": "", # Properties of the object. Contains field @type with type URL. 428 }, 429 ], 430 }, 431 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 432 }, 433 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 434 # Attestation can be verified using the attached signature. If the verifier 435 # trusts the public key of the signer, then verifying the signature is 436 # sufficient to establish trust. In this circumstance, the 437 # AttestationAuthority to which this Attestation is attached is primarily 438 # useful for look-up (how to find this Attestation if you already know the 439 # Authority and artifact to be verified) and intent (which authority was this 440 # attestation intended to sign for). 441 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 442 # This message only supports `ATTACHED` signatures, where the payload that is 443 # signed is included alongside the signature itself in the same file. 444 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 445 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 446 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 447 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 448 # Implementations may choose to acknowledge "LONG", "SHORT", or other 449 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 450 # In gpg, the full fingerprint can be retrieved from the `fpr` field 451 # returned when calling --list-keys with --with-colons. For example: 452 # ``` 453 # gpg --with-colons --with-fingerprint --force-v4-certs \ 454 # --list-keys attester@example.com 455 # tru::1:1513631572:0:3:1:5 456 # pub:...<SNIP>... 457 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 458 # ``` 459 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 460 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 461 # The verifier must ensure that the provided type is one that the verifier 462 # supports, and that the attestation payload is a valid instantiation of that 463 # type (for example by validating a JSON schema). 464 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 465 # equivalent. Since this message only supports attached signatures, the 466 # payload that was signed must be attached. While the signature format 467 # supported is dependent on the verification implementation, currently only 468 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 469 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 470 # --output=signature.gpg payload.json` will create the signature content 471 # expected in this field in `signature.gpg` for the `payload.json` 472 # attestation payload. 473 }, 474 }, 475 "noteName": "A String", # An analysis note associated with this image, in the form 476 # "providers/{provider_id}/notes/{NOTE_ID}" 477 # This field can be used as a filter in list requests. 478 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 479 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 480 # deployable field with the same name. 481 "A String", 482 ], 483 "userEmail": "A String", # Identity of the user that triggered this deployment. 484 "address": "A String", # Address of the runtime element hosting this deployment. 485 "platform": "A String", # Platform hosting this deployment. 486 "deployTime": "A String", # Beginning of the lifetime of this deployment. 487 "undeployTime": "A String", # End of the lifetime of this deployment. 488 "config": "A String", # Configuration used to create this deployment. 489 }, 490 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 491 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 492 # to fix it. 493 "packageIssue": [ # The set of affected locations and their fixes (if available) within 494 # the associated resource. 495 { # This message wraps a location affected by a vulnerability and its 496 # associated fix (if one is available). 497 "severityName": "A String", 498 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 499 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 500 # format. Examples include distro or storage location for vulnerable jar. 501 # This field can be used as a filter in list requests. 502 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 503 # filter in list requests. 504 # For a discussion of this in Debian/Ubuntu: 505 # http://serverfault.com/questions/604541/debian-packages-version-convention 506 # For a discussion of this in Redhat/Fedora/Centos: 507 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 508 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 509 # If kind is not NORMAL, then the other fields are ignored. 510 "revision": "A String", # The iteration of the package build from the above version. 511 "name": "A String", # The main part of the version name. 512 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 513 }, 514 "package": "A String", # The package being described. 515 }, 516 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 517 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 518 # format. Examples include distro or storage location for vulnerable jar. 519 # This field can be used as a filter in list requests. 520 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 521 # filter in list requests. 522 # For a discussion of this in Debian/Ubuntu: 523 # http://serverfault.com/questions/604541/debian-packages-version-convention 524 # For a discussion of this in Redhat/Fedora/Centos: 525 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 526 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 527 # If kind is not NORMAL, then the other fields are ignored. 528 "revision": "A String", # The iteration of the package build from the above version. 529 "name": "A String", # The main part of the version name. 530 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 531 }, 532 "package": "A String", # The package being described. 533 }, 534 }, 535 ], 536 "type": "A String", # The type of package; whether native or non native(ruby gems, 537 # node.js packages etc) 538 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 539 # scale of 0-10 where 0 indicates low severity and 10 indicates high 540 # severity. 541 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 542 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 543 # available and note provider assigned severity when distro has not yet 544 # assigned a severity for this vulnerability. 545 }, 546 "createTime": "A String", # Output only. The time this `Occurrence` was created. 547 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 548 # in the associated note. 549 # DockerImage relationship. This image would be produced from a Dockerfile 550 # with FROM <DockerImage.Basis in attached Note>. 551 "distance": 42, # Output only. The number of layers by which this image differs from the 552 # associated image basis. 553 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 554 # occurrence. 555 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 556 # "distance" and is ordered with [distance] being the layer immediately 557 # following the base image and [1] being the final layer. 558 { # Layer holds metadata specific to a layer of a Docker image. 559 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 560 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 561 }, 562 ], 563 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 564 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 565 # representation. 566 # This field can be used as a filter in list requests. 567 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 568 "A String", 569 ], 570 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 571 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 572 # Only the name of the final blob is kept. 573 # This field can be used as a filter in list requests. 574 }, 575 }, 576 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 577 # applies. For example, https://gcr.io/project/image@sha256:foo This field 578 # can be used as a filter in list requests. 579} 580 581 name: string, The name of the project. Should be of the form "projects/{project_id}". 582@Deprecated 583 x__xgafv: string, V1 error format. 584 Allowed values 585 1 - v1 error format 586 2 - v2 error format 587 588Returns: 589 An object of the form: 590 591 { # `Occurrence` includes information about analysis occurrences for an image. 592 "resource": { # # 593 # The resource for which the `Occurrence` applies. 594 # Resource is an entity that can have metadata. E.g., a Docker image. 595 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 596 "type": "A String", # The type of hash that was performed. 597 "value": "A String", # The hash value. 598 }, 599 "uri": "A String", # The unique URI of the resource. E.g., 600 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 601 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 602 }, 603 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 604 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 605 # a system. 606 "location": [ # All of the places within the filesystem versions of this package 607 # have been found. 608 { # An occurrence of a particular package installation found within a 609 # system's filesystem. 610 # e.g. glibc was found in /var/lib/dpkg/status 611 "path": "A String", # The path from which we gathered that this package/version is installed. 612 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 613 # denoting the package manager version distributing a package. 614 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 615 # For a discussion of this in Debian/Ubuntu: 616 # http://serverfault.com/questions/604541/debian-packages-version-convention 617 # For a discussion of this in Redhat/Fedora/Centos: 618 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 619 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 620 # If kind is not NORMAL, then the other fields are ignored. 621 "revision": "A String", # The iteration of the package build from the above version. 622 "name": "A String", # The main part of the version name. 623 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 624 }, 625 }, 626 ], 627 "name": "A String", # Output only. The name of the installed package. 628 }, 629 "name": "A String", # Output only. The name of the `Occurrence` in the form 630 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 631 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 632 # specified. This field can be used as a filter in list requests. 633 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 634 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 635 # details about the build from source to completion. 636 "finishTime": "A String", # Time at which execution of the build was finished. 637 "commands": [ # Commands requested by the build. 638 { # Command describes a step performed as part of the build pipeline. 639 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 640 "A String", 641 ], 642 "name": "A String", # Name of the command, as presented on the command line, or if the command is 643 # packaged as a Docker container, as presented to `docker pull`. 644 "args": [ # Command-line arguments used when executing this Command. 645 "A String", 646 ], 647 "env": [ # Environment variables set before running this Command. 648 "A String", 649 ], 650 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 651 # this Command as a dependency. 652 "dir": "A String", # Working directory (relative to project source root) used when running 653 # this Command. 654 }, 655 ], 656 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 657 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 658 # location. 659 # Google Cloud Storage. 660 "generation": "A String", # Google Cloud Storage generation for the object. 661 "object": "A String", # Google Cloud Storage object containing source. 662 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 663 # Requirements] 664 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 665 }, 666 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 667 # Repository. 668 "projectId": "A String", # ID of the project that owns the repo. 669 "branchName": "A String", # Name of the branch to build. 670 "repoName": "A String", # Name of the repo. 671 "tagName": "A String", # Name of the tag to build. 672 "commitSha": "A String", # Explicit commit SHA to build. 673 }, 674 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 675 # source integrity was maintained in the build. 676 # 677 # The keys to this map are file paths used as build source and the values 678 # contain the hash values for those files. 679 # 680 # If the build source came in a single package such as a gzipped tarfile 681 # (.tar.gz), the FileHash will be for the single path to that file. 682 "a_key": { # Container message for hashes of byte content of files, used in Source 683 # messages to verify integrity of source input to the build. 684 "fileHash": [ # Collection of file hashes. 685 { # Container message for hash values. 686 "type": "A String", # The type of hash that was performed. 687 "value": "A String", # The hash value. 688 }, 689 ], 690 }, 691 }, 692 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 693 # these locations, in the case where the source repository had multiple 694 # remotes or submodules. This list will not include the context specified in 695 # the context field. 696 { # A SourceContext is a reference to a tree of files. A SourceContext together 697 # with a path point to a unique revision of a single file or directory. 698 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 699 # repository (e.g., GitHub). 700 "url": "A String", # Git repository URL. 701 "revisionId": "A String", # Required. 702 # Git commit hash. 703 }, 704 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 705 # Source Repo. 706 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 707 "kind": "A String", # The alias kind. 708 "name": "A String", # The alias name. 709 }, 710 "revisionId": "A String", # A revision ID. 711 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 712 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 713 # winged-cargo-31) and a repo name within that project. 714 "projectId": "A String", # The ID of the project. 715 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 716 }, 717 "uid": "A String", # A server-assigned, globally unique identifier. 718 }, 719 }, 720 "labels": { # Labels with user defined metadata. 721 "a_key": "A String", 722 }, 723 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 724 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 725 "kind": "A String", # The alias kind. 726 "name": "A String", # The alias name. 727 }, 728 "revisionId": "A String", # A revision (commit) ID. 729 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 730 # "project/subproject" is a valid project name. The "repo name" is 731 # the hostURI/project. 732 "hostUri": "A String", # The URI of a running Gerrit instance. 733 }, 734 }, 735 ], 736 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 737 # with a path point to a unique revision of a single file or directory. 738 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 739 # repository (e.g., GitHub). 740 "url": "A String", # Git repository URL. 741 "revisionId": "A String", # Required. 742 # Git commit hash. 743 }, 744 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 745 # Source Repo. 746 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 747 "kind": "A String", # The alias kind. 748 "name": "A String", # The alias name. 749 }, 750 "revisionId": "A String", # A revision ID. 751 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 752 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 753 # winged-cargo-31) and a repo name within that project. 754 "projectId": "A String", # The ID of the project. 755 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 756 }, 757 "uid": "A String", # A server-assigned, globally unique identifier. 758 }, 759 }, 760 "labels": { # Labels with user defined metadata. 761 "a_key": "A String", 762 }, 763 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 764 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 765 "kind": "A String", # The alias kind. 766 "name": "A String", # The alias name. 767 }, 768 "revisionId": "A String", # A revision (commit) ID. 769 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 770 # "project/subproject" is a valid project name. The "repo name" is 771 # the hostURI/project. 772 "hostUri": "A String", # The URI of a running Gerrit instance. 773 }, 774 }, 775 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 776 # Storage. 777 # Google Cloud Storage. 778 "generation": "A String", # Google Cloud Storage generation for the object. 779 "object": "A String", # Google Cloud Storage object containing source. 780 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 781 # Requirements] 782 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 783 }, 784 }, 785 "buildOptions": { # Special options applied to this build. This is a catch-all field where 786 # build providers can enter any desired additional details. 787 "a_key": "A String", 788 }, 789 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 790 # user's e-mail address at the time the build was initiated; this address may 791 # not represent the same end-user for all time. 792 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 793 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 794 "createTime": "A String", # Time at which the build was created. 795 "builtArtifacts": [ # Output of the build. 796 { # Artifact describes a build product. 797 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 798 # container. 799 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 800 # like gcr.io/projectID/imagename@sha256:123456 801 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 802 # the case of a container build, the name used to push the container image to 803 # Google Container Registry, as presented to `docker push`. 804 # 805 # This field is deprecated in favor of the plural `names` field; it continues 806 # to exist here to allow existing BuildProvenance serialized to json in 807 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 808 # deserialize back into proto. 809 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 810 # the case of a container build, the name used to push the container image to 811 # Google Container Registry, as presented to `docker push`. Note that a 812 # single Artifact ID can have multiple names, for example if two tags are 813 # applied to one image. 814 "A String", 815 ], 816 }, 817 ], 818 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 819 "startTime": "A String", # Time at which execution of the build was started. 820 "projectId": "A String", # ID of the project. 821 "id": "A String", # Unique identifier of the build. 822 }, 823 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 824 # `BuildSignature` in the corresponding Result. After verifying the 825 # signature, `provenance_bytes` can be unmarshalled and compared to the 826 # provenance to confirm that it is unchanged. A base64-encoded string 827 # representation of the provenance bytes is used for the signature in order 828 # to interoperate with openssl which expects this format for signature 829 # verification. 830 # 831 # The serialized form is captured both to avoid ambiguity in how the 832 # provenance is marshalled to json as well to prevent incompatibilities with 833 # future changes. 834 }, 835 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 836 "analysisStatus": "A String", # The status of discovery for the resource. 837 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 838 # This field is deprecated, do not use. 839 # network API call. 840 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 841 # different programming environments, including REST APIs and RPC APIs. It is 842 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 843 # three pieces of data: error code, error message, and error details. 844 # 845 # You can find out more about this error model and how to work with it in the 846 # [API Design Guide](https://cloud.google.com/apis/design/errors). 847 "message": "A String", # A developer-facing error message, which should be in English. Any 848 # user-facing error message should be localized and sent in the 849 # google.rpc.Status.details field, or localized by the client. 850 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 851 "details": [ # A list of messages that carry the error details. There is a common set of 852 # message types for APIs to use. 853 { 854 "a_key": "", # Properties of the object. Contains field @type with type URL. 855 }, 856 ], 857 }, 858 "done": True or False, # If the value is `false`, it means the operation is still in progress. 859 # If `true`, the operation is completed, and either `error` or `response` is 860 # available. 861 "response": { # The normal response of the operation in case of success. If the original 862 # method returns no data on success, such as `Delete`, the response is 863 # `google.protobuf.Empty`. If the original method is standard 864 # `Get`/`Create`/`Update`, the response should be the resource. For other 865 # methods, the response should have the type `XxxResponse`, where `Xxx` 866 # is the original method name. For example, if the original method name 867 # is `TakeSnapshot()`, the inferred response type is 868 # `TakeSnapshotResponse`. 869 "a_key": "", # Properties of the object. Contains field @type with type URL. 870 }, 871 "name": "A String", # The server-assigned name, which is only unique within the same service that 872 # originally returns it. If you use the default HTTP mapping, the 873 # `name` should be a resource name ending with `operations/{unique_id}`. 874 "metadata": { # Service-specific metadata associated with the operation. It typically 875 # contains progress information and common metadata such as create time. 876 # Some services might not provide such metadata. Any method that returns a 877 # long-running operation should document the metadata type, if any. 878 "a_key": "", # Properties of the object. Contains field @type with type URL. 879 }, 880 }, 881 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 882 # details to show to the user. The LocalizedMessage output only and 883 # populated by the API. 884 # different programming environments, including REST APIs and RPC APIs. It is 885 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 886 # three pieces of data: error code, error message, and error details. 887 # 888 # You can find out more about this error model and how to work with it in the 889 # [API Design Guide](https://cloud.google.com/apis/design/errors). 890 "message": "A String", # A developer-facing error message, which should be in English. Any 891 # user-facing error message should be localized and sent in the 892 # google.rpc.Status.details field, or localized by the client. 893 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 894 "details": [ # A list of messages that carry the error details. There is a common set of 895 # message types for APIs to use. 896 { 897 "a_key": "", # Properties of the object. Contains field @type with type URL. 898 }, 899 ], 900 }, 901 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 902 }, 903 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 904 # Attestation can be verified using the attached signature. If the verifier 905 # trusts the public key of the signer, then verifying the signature is 906 # sufficient to establish trust. In this circumstance, the 907 # AttestationAuthority to which this Attestation is attached is primarily 908 # useful for look-up (how to find this Attestation if you already know the 909 # Authority and artifact to be verified) and intent (which authority was this 910 # attestation intended to sign for). 911 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 912 # This message only supports `ATTACHED` signatures, where the payload that is 913 # signed is included alongside the signature itself in the same file. 914 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 915 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 916 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 917 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 918 # Implementations may choose to acknowledge "LONG", "SHORT", or other 919 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 920 # In gpg, the full fingerprint can be retrieved from the `fpr` field 921 # returned when calling --list-keys with --with-colons. For example: 922 # ``` 923 # gpg --with-colons --with-fingerprint --force-v4-certs \ 924 # --list-keys attester@example.com 925 # tru::1:1513631572:0:3:1:5 926 # pub:...<SNIP>... 927 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 928 # ``` 929 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 930 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 931 # The verifier must ensure that the provided type is one that the verifier 932 # supports, and that the attestation payload is a valid instantiation of that 933 # type (for example by validating a JSON schema). 934 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 935 # equivalent. Since this message only supports attached signatures, the 936 # payload that was signed must be attached. While the signature format 937 # supported is dependent on the verification implementation, currently only 938 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 939 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 940 # --output=signature.gpg payload.json` will create the signature content 941 # expected in this field in `signature.gpg` for the `payload.json` 942 # attestation payload. 943 }, 944 }, 945 "noteName": "A String", # An analysis note associated with this image, in the form 946 # "providers/{provider_id}/notes/{NOTE_ID}" 947 # This field can be used as a filter in list requests. 948 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 949 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 950 # deployable field with the same name. 951 "A String", 952 ], 953 "userEmail": "A String", # Identity of the user that triggered this deployment. 954 "address": "A String", # Address of the runtime element hosting this deployment. 955 "platform": "A String", # Platform hosting this deployment. 956 "deployTime": "A String", # Beginning of the lifetime of this deployment. 957 "undeployTime": "A String", # End of the lifetime of this deployment. 958 "config": "A String", # Configuration used to create this deployment. 959 }, 960 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 961 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 962 # to fix it. 963 "packageIssue": [ # The set of affected locations and their fixes (if available) within 964 # the associated resource. 965 { # This message wraps a location affected by a vulnerability and its 966 # associated fix (if one is available). 967 "severityName": "A String", 968 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 969 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 970 # format. Examples include distro or storage location for vulnerable jar. 971 # This field can be used as a filter in list requests. 972 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 973 # filter in list requests. 974 # For a discussion of this in Debian/Ubuntu: 975 # http://serverfault.com/questions/604541/debian-packages-version-convention 976 # For a discussion of this in Redhat/Fedora/Centos: 977 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 978 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 979 # If kind is not NORMAL, then the other fields are ignored. 980 "revision": "A String", # The iteration of the package build from the above version. 981 "name": "A String", # The main part of the version name. 982 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 983 }, 984 "package": "A String", # The package being described. 985 }, 986 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 987 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 988 # format. Examples include distro or storage location for vulnerable jar. 989 # This field can be used as a filter in list requests. 990 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 991 # filter in list requests. 992 # For a discussion of this in Debian/Ubuntu: 993 # http://serverfault.com/questions/604541/debian-packages-version-convention 994 # For a discussion of this in Redhat/Fedora/Centos: 995 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 996 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 997 # If kind is not NORMAL, then the other fields are ignored. 998 "revision": "A String", # The iteration of the package build from the above version. 999 "name": "A String", # The main part of the version name. 1000 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1001 }, 1002 "package": "A String", # The package being described. 1003 }, 1004 }, 1005 ], 1006 "type": "A String", # The type of package; whether native or non native(ruby gems, 1007 # node.js packages etc) 1008 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 1009 # scale of 0-10 where 0 indicates low severity and 10 indicates high 1010 # severity. 1011 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 1012 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 1013 # available and note provider assigned severity when distro has not yet 1014 # assigned a severity for this vulnerability. 1015 }, 1016 "createTime": "A String", # Output only. The time this `Occurrence` was created. 1017 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 1018 # in the associated note. 1019 # DockerImage relationship. This image would be produced from a Dockerfile 1020 # with FROM <DockerImage.Basis in attached Note>. 1021 "distance": 42, # Output only. The number of layers by which this image differs from the 1022 # associated image basis. 1023 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 1024 # occurrence. 1025 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 1026 # "distance" and is ordered with [distance] being the layer immediately 1027 # following the base image and [1] being the final layer. 1028 { # Layer holds metadata specific to a layer of a Docker image. 1029 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 1030 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 1031 }, 1032 ], 1033 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 1034 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1035 # representation. 1036 # This field can be used as a filter in list requests. 1037 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1038 "A String", 1039 ], 1040 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1041 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1042 # Only the name of the final blob is kept. 1043 # This field can be used as a filter in list requests. 1044 }, 1045 }, 1046 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 1047 # applies. For example, https://gcr.io/project/image@sha256:foo This field 1048 # can be used as a filter in list requests. 1049 }</pre> 1050</div> 1051 1052<div class="method"> 1053 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 1054 <pre>Deletes the given `Occurrence` from the system. Use this when 1055an `Occurrence` is no longer applicable for the given resource. 1056 1057Args: 1058 name: string, The name of the occurrence in the form of 1059"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) 1060 x__xgafv: string, V1 error format. 1061 Allowed values 1062 1 - v1 error format 1063 2 - v2 error format 1064 1065Returns: 1066 An object of the form: 1067 1068 { # A generic empty message that you can re-use to avoid defining duplicated 1069 # empty messages in your APIs. A typical example is to use it as the request 1070 # or the response type of an API method. For instance: 1071 # 1072 # service Foo { 1073 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 1074 # } 1075 # 1076 # The JSON representation for `Empty` is empty JSON object `{}`. 1077 }</pre> 1078</div> 1079 1080<div class="method"> 1081 <code class="details" id="get">get(name, x__xgafv=None)</code> 1082 <pre>Returns the requested `Occurrence`. 1083 1084Args: 1085 name: string, The name of the occurrence of the form 1086"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) 1087 x__xgafv: string, V1 error format. 1088 Allowed values 1089 1 - v1 error format 1090 2 - v2 error format 1091 1092Returns: 1093 An object of the form: 1094 1095 { # `Occurrence` includes information about analysis occurrences for an image. 1096 "resource": { # # 1097 # The resource for which the `Occurrence` applies. 1098 # Resource is an entity that can have metadata. E.g., a Docker image. 1099 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 1100 "type": "A String", # The type of hash that was performed. 1101 "value": "A String", # The hash value. 1102 }, 1103 "uri": "A String", # The unique URI of the resource. E.g., 1104 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 1105 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 1106 }, 1107 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 1108 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 1109 # a system. 1110 "location": [ # All of the places within the filesystem versions of this package 1111 # have been found. 1112 { # An occurrence of a particular package installation found within a 1113 # system's filesystem. 1114 # e.g. glibc was found in /var/lib/dpkg/status 1115 "path": "A String", # The path from which we gathered that this package/version is installed. 1116 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 1117 # denoting the package manager version distributing a package. 1118 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 1119 # For a discussion of this in Debian/Ubuntu: 1120 # http://serverfault.com/questions/604541/debian-packages-version-convention 1121 # For a discussion of this in Redhat/Fedora/Centos: 1122 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1123 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1124 # If kind is not NORMAL, then the other fields are ignored. 1125 "revision": "A String", # The iteration of the package build from the above version. 1126 "name": "A String", # The main part of the version name. 1127 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1128 }, 1129 }, 1130 ], 1131 "name": "A String", # Output only. The name of the installed package. 1132 }, 1133 "name": "A String", # Output only. The name of the `Occurrence` in the form 1134 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 1135 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 1136 # specified. This field can be used as a filter in list requests. 1137 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 1138 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 1139 # details about the build from source to completion. 1140 "finishTime": "A String", # Time at which execution of the build was finished. 1141 "commands": [ # Commands requested by the build. 1142 { # Command describes a step performed as part of the build pipeline. 1143 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 1144 "A String", 1145 ], 1146 "name": "A String", # Name of the command, as presented on the command line, or if the command is 1147 # packaged as a Docker container, as presented to `docker pull`. 1148 "args": [ # Command-line arguments used when executing this Command. 1149 "A String", 1150 ], 1151 "env": [ # Environment variables set before running this Command. 1152 "A String", 1153 ], 1154 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 1155 # this Command as a dependency. 1156 "dir": "A String", # Working directory (relative to project source root) used when running 1157 # this Command. 1158 }, 1159 ], 1160 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 1161 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 1162 # location. 1163 # Google Cloud Storage. 1164 "generation": "A String", # Google Cloud Storage generation for the object. 1165 "object": "A String", # Google Cloud Storage object containing source. 1166 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 1167 # Requirements] 1168 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 1169 }, 1170 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 1171 # Repository. 1172 "projectId": "A String", # ID of the project that owns the repo. 1173 "branchName": "A String", # Name of the branch to build. 1174 "repoName": "A String", # Name of the repo. 1175 "tagName": "A String", # Name of the tag to build. 1176 "commitSha": "A String", # Explicit commit SHA to build. 1177 }, 1178 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 1179 # source integrity was maintained in the build. 1180 # 1181 # The keys to this map are file paths used as build source and the values 1182 # contain the hash values for those files. 1183 # 1184 # If the build source came in a single package such as a gzipped tarfile 1185 # (.tar.gz), the FileHash will be for the single path to that file. 1186 "a_key": { # Container message for hashes of byte content of files, used in Source 1187 # messages to verify integrity of source input to the build. 1188 "fileHash": [ # Collection of file hashes. 1189 { # Container message for hash values. 1190 "type": "A String", # The type of hash that was performed. 1191 "value": "A String", # The hash value. 1192 }, 1193 ], 1194 }, 1195 }, 1196 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 1197 # these locations, in the case where the source repository had multiple 1198 # remotes or submodules. This list will not include the context specified in 1199 # the context field. 1200 { # A SourceContext is a reference to a tree of files. A SourceContext together 1201 # with a path point to a unique revision of a single file or directory. 1202 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 1203 # repository (e.g., GitHub). 1204 "url": "A String", # Git repository URL. 1205 "revisionId": "A String", # Required. 1206 # Git commit hash. 1207 }, 1208 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 1209 # Source Repo. 1210 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 1211 "kind": "A String", # The alias kind. 1212 "name": "A String", # The alias name. 1213 }, 1214 "revisionId": "A String", # A revision ID. 1215 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 1216 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 1217 # winged-cargo-31) and a repo name within that project. 1218 "projectId": "A String", # The ID of the project. 1219 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 1220 }, 1221 "uid": "A String", # A server-assigned, globally unique identifier. 1222 }, 1223 }, 1224 "labels": { # Labels with user defined metadata. 1225 "a_key": "A String", 1226 }, 1227 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 1228 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 1229 "kind": "A String", # The alias kind. 1230 "name": "A String", # The alias name. 1231 }, 1232 "revisionId": "A String", # A revision (commit) ID. 1233 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 1234 # "project/subproject" is a valid project name. The "repo name" is 1235 # the hostURI/project. 1236 "hostUri": "A String", # The URI of a running Gerrit instance. 1237 }, 1238 }, 1239 ], 1240 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 1241 # with a path point to a unique revision of a single file or directory. 1242 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 1243 # repository (e.g., GitHub). 1244 "url": "A String", # Git repository URL. 1245 "revisionId": "A String", # Required. 1246 # Git commit hash. 1247 }, 1248 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 1249 # Source Repo. 1250 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 1251 "kind": "A String", # The alias kind. 1252 "name": "A String", # The alias name. 1253 }, 1254 "revisionId": "A String", # A revision ID. 1255 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 1256 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 1257 # winged-cargo-31) and a repo name within that project. 1258 "projectId": "A String", # The ID of the project. 1259 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 1260 }, 1261 "uid": "A String", # A server-assigned, globally unique identifier. 1262 }, 1263 }, 1264 "labels": { # Labels with user defined metadata. 1265 "a_key": "A String", 1266 }, 1267 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 1268 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 1269 "kind": "A String", # The alias kind. 1270 "name": "A String", # The alias name. 1271 }, 1272 "revisionId": "A String", # A revision (commit) ID. 1273 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 1274 # "project/subproject" is a valid project name. The "repo name" is 1275 # the hostURI/project. 1276 "hostUri": "A String", # The URI of a running Gerrit instance. 1277 }, 1278 }, 1279 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 1280 # Storage. 1281 # Google Cloud Storage. 1282 "generation": "A String", # Google Cloud Storage generation for the object. 1283 "object": "A String", # Google Cloud Storage object containing source. 1284 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 1285 # Requirements] 1286 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 1287 }, 1288 }, 1289 "buildOptions": { # Special options applied to this build. This is a catch-all field where 1290 # build providers can enter any desired additional details. 1291 "a_key": "A String", 1292 }, 1293 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 1294 # user's e-mail address at the time the build was initiated; this address may 1295 # not represent the same end-user for all time. 1296 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 1297 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 1298 "createTime": "A String", # Time at which the build was created. 1299 "builtArtifacts": [ # Output of the build. 1300 { # Artifact describes a build product. 1301 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 1302 # container. 1303 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 1304 # like gcr.io/projectID/imagename@sha256:123456 1305 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 1306 # the case of a container build, the name used to push the container image to 1307 # Google Container Registry, as presented to `docker push`. 1308 # 1309 # This field is deprecated in favor of the plural `names` field; it continues 1310 # to exist here to allow existing BuildProvenance serialized to json in 1311 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 1312 # deserialize back into proto. 1313 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 1314 # the case of a container build, the name used to push the container image to 1315 # Google Container Registry, as presented to `docker push`. Note that a 1316 # single Artifact ID can have multiple names, for example if two tags are 1317 # applied to one image. 1318 "A String", 1319 ], 1320 }, 1321 ], 1322 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 1323 "startTime": "A String", # Time at which execution of the build was started. 1324 "projectId": "A String", # ID of the project. 1325 "id": "A String", # Unique identifier of the build. 1326 }, 1327 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 1328 # `BuildSignature` in the corresponding Result. After verifying the 1329 # signature, `provenance_bytes` can be unmarshalled and compared to the 1330 # provenance to confirm that it is unchanged. A base64-encoded string 1331 # representation of the provenance bytes is used for the signature in order 1332 # to interoperate with openssl which expects this format for signature 1333 # verification. 1334 # 1335 # The serialized form is captured both to avoid ambiguity in how the 1336 # provenance is marshalled to json as well to prevent incompatibilities with 1337 # future changes. 1338 }, 1339 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 1340 "analysisStatus": "A String", # The status of discovery for the resource. 1341 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 1342 # This field is deprecated, do not use. 1343 # network API call. 1344 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 1345 # different programming environments, including REST APIs and RPC APIs. It is 1346 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 1347 # three pieces of data: error code, error message, and error details. 1348 # 1349 # You can find out more about this error model and how to work with it in the 1350 # [API Design Guide](https://cloud.google.com/apis/design/errors). 1351 "message": "A String", # A developer-facing error message, which should be in English. Any 1352 # user-facing error message should be localized and sent in the 1353 # google.rpc.Status.details field, or localized by the client. 1354 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 1355 "details": [ # A list of messages that carry the error details. There is a common set of 1356 # message types for APIs to use. 1357 { 1358 "a_key": "", # Properties of the object. Contains field @type with type URL. 1359 }, 1360 ], 1361 }, 1362 "done": True or False, # If the value is `false`, it means the operation is still in progress. 1363 # If `true`, the operation is completed, and either `error` or `response` is 1364 # available. 1365 "response": { # The normal response of the operation in case of success. If the original 1366 # method returns no data on success, such as `Delete`, the response is 1367 # `google.protobuf.Empty`. If the original method is standard 1368 # `Get`/`Create`/`Update`, the response should be the resource. For other 1369 # methods, the response should have the type `XxxResponse`, where `Xxx` 1370 # is the original method name. For example, if the original method name 1371 # is `TakeSnapshot()`, the inferred response type is 1372 # `TakeSnapshotResponse`. 1373 "a_key": "", # Properties of the object. Contains field @type with type URL. 1374 }, 1375 "name": "A String", # The server-assigned name, which is only unique within the same service that 1376 # originally returns it. If you use the default HTTP mapping, the 1377 # `name` should be a resource name ending with `operations/{unique_id}`. 1378 "metadata": { # Service-specific metadata associated with the operation. It typically 1379 # contains progress information and common metadata such as create time. 1380 # Some services might not provide such metadata. Any method that returns a 1381 # long-running operation should document the metadata type, if any. 1382 "a_key": "", # Properties of the object. Contains field @type with type URL. 1383 }, 1384 }, 1385 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 1386 # details to show to the user. The LocalizedMessage output only and 1387 # populated by the API. 1388 # different programming environments, including REST APIs and RPC APIs. It is 1389 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 1390 # three pieces of data: error code, error message, and error details. 1391 # 1392 # You can find out more about this error model and how to work with it in the 1393 # [API Design Guide](https://cloud.google.com/apis/design/errors). 1394 "message": "A String", # A developer-facing error message, which should be in English. Any 1395 # user-facing error message should be localized and sent in the 1396 # google.rpc.Status.details field, or localized by the client. 1397 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 1398 "details": [ # A list of messages that carry the error details. There is a common set of 1399 # message types for APIs to use. 1400 { 1401 "a_key": "", # Properties of the object. Contains field @type with type URL. 1402 }, 1403 ], 1404 }, 1405 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 1406 }, 1407 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 1408 # Attestation can be verified using the attached signature. If the verifier 1409 # trusts the public key of the signer, then verifying the signature is 1410 # sufficient to establish trust. In this circumstance, the 1411 # AttestationAuthority to which this Attestation is attached is primarily 1412 # useful for look-up (how to find this Attestation if you already know the 1413 # Authority and artifact to be verified) and intent (which authority was this 1414 # attestation intended to sign for). 1415 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 1416 # This message only supports `ATTACHED` signatures, where the payload that is 1417 # signed is included alongside the signature itself in the same file. 1418 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 1419 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 1420 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 1421 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 1422 # Implementations may choose to acknowledge "LONG", "SHORT", or other 1423 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 1424 # In gpg, the full fingerprint can be retrieved from the `fpr` field 1425 # returned when calling --list-keys with --with-colons. For example: 1426 # ``` 1427 # gpg --with-colons --with-fingerprint --force-v4-certs \ 1428 # --list-keys attester@example.com 1429 # tru::1:1513631572:0:3:1:5 1430 # pub:...<SNIP>... 1431 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 1432 # ``` 1433 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 1434 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 1435 # The verifier must ensure that the provided type is one that the verifier 1436 # supports, and that the attestation payload is a valid instantiation of that 1437 # type (for example by validating a JSON schema). 1438 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 1439 # equivalent. Since this message only supports attached signatures, the 1440 # payload that was signed must be attached. While the signature format 1441 # supported is dependent on the verification implementation, currently only 1442 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 1443 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 1444 # --output=signature.gpg payload.json` will create the signature content 1445 # expected in this field in `signature.gpg` for the `payload.json` 1446 # attestation payload. 1447 }, 1448 }, 1449 "noteName": "A String", # An analysis note associated with this image, in the form 1450 # "providers/{provider_id}/notes/{NOTE_ID}" 1451 # This field can be used as a filter in list requests. 1452 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 1453 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 1454 # deployable field with the same name. 1455 "A String", 1456 ], 1457 "userEmail": "A String", # Identity of the user that triggered this deployment. 1458 "address": "A String", # Address of the runtime element hosting this deployment. 1459 "platform": "A String", # Platform hosting this deployment. 1460 "deployTime": "A String", # Beginning of the lifetime of this deployment. 1461 "undeployTime": "A String", # End of the lifetime of this deployment. 1462 "config": "A String", # Configuration used to create this deployment. 1463 }, 1464 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 1465 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 1466 # to fix it. 1467 "packageIssue": [ # The set of affected locations and their fixes (if available) within 1468 # the associated resource. 1469 { # This message wraps a location affected by a vulnerability and its 1470 # associated fix (if one is available). 1471 "severityName": "A String", 1472 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 1473 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1474 # format. Examples include distro or storage location for vulnerable jar. 1475 # This field can be used as a filter in list requests. 1476 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1477 # filter in list requests. 1478 # For a discussion of this in Debian/Ubuntu: 1479 # http://serverfault.com/questions/604541/debian-packages-version-convention 1480 # For a discussion of this in Redhat/Fedora/Centos: 1481 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1482 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1483 # If kind is not NORMAL, then the other fields are ignored. 1484 "revision": "A String", # The iteration of the package build from the above version. 1485 "name": "A String", # The main part of the version name. 1486 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1487 }, 1488 "package": "A String", # The package being described. 1489 }, 1490 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 1491 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1492 # format. Examples include distro or storage location for vulnerable jar. 1493 # This field can be used as a filter in list requests. 1494 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1495 # filter in list requests. 1496 # For a discussion of this in Debian/Ubuntu: 1497 # http://serverfault.com/questions/604541/debian-packages-version-convention 1498 # For a discussion of this in Redhat/Fedora/Centos: 1499 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1500 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1501 # If kind is not NORMAL, then the other fields are ignored. 1502 "revision": "A String", # The iteration of the package build from the above version. 1503 "name": "A String", # The main part of the version name. 1504 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1505 }, 1506 "package": "A String", # The package being described. 1507 }, 1508 }, 1509 ], 1510 "type": "A String", # The type of package; whether native or non native(ruby gems, 1511 # node.js packages etc) 1512 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 1513 # scale of 0-10 where 0 indicates low severity and 10 indicates high 1514 # severity. 1515 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 1516 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 1517 # available and note provider assigned severity when distro has not yet 1518 # assigned a severity for this vulnerability. 1519 }, 1520 "createTime": "A String", # Output only. The time this `Occurrence` was created. 1521 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 1522 # in the associated note. 1523 # DockerImage relationship. This image would be produced from a Dockerfile 1524 # with FROM <DockerImage.Basis in attached Note>. 1525 "distance": 42, # Output only. The number of layers by which this image differs from the 1526 # associated image basis. 1527 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 1528 # occurrence. 1529 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 1530 # "distance" and is ordered with [distance] being the layer immediately 1531 # following the base image and [1] being the final layer. 1532 { # Layer holds metadata specific to a layer of a Docker image. 1533 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 1534 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 1535 }, 1536 ], 1537 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 1538 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1539 # representation. 1540 # This field can be used as a filter in list requests. 1541 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1542 "A String", 1543 ], 1544 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1545 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1546 # Only the name of the final blob is kept. 1547 # This field can be used as a filter in list requests. 1548 }, 1549 }, 1550 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 1551 # applies. For example, https://gcr.io/project/image@sha256:foo This field 1552 # can be used as a filter in list requests. 1553 }</pre> 1554</div> 1555 1556<div class="method"> 1557 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 1558 <pre>Gets the access control policy for a note or an `Occurrence` resource. 1559Requires `containeranalysis.notes.setIamPolicy` or 1560`containeranalysis.occurrences.setIamPolicy` permission if the resource is 1561a note or occurrence, respectively. 1562Attempting to call this method on a resource without the required 1563permission will result in a `PERMISSION_DENIED` error. Attempting to call 1564this method on a non-existent resource will result in a `NOT_FOUND` error 1565if the user has list permission on the project, or a `PERMISSION_DENIED` 1566error otherwise. The resource takes the following formats: 1567`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and 1568projects/{PROJECT_ID}/notes/{NOTE_ID} for notes 1569 1570Args: 1571 resource: string, REQUIRED: The resource for which the policy is being requested. 1572See the operation documentation for the appropriate value for this field. (required) 1573 body: object, The request body. 1574 The object takes the form of: 1575 1576{ # Request message for `GetIamPolicy` method. 1577 } 1578 1579 x__xgafv: string, V1 error format. 1580 Allowed values 1581 1 - v1 error format 1582 2 - v2 error format 1583 1584Returns: 1585 An object of the form: 1586 1587 { # Defines an Identity and Access Management (IAM) policy. It is used to 1588 # specify access control policies for Cloud Platform resources. 1589 # 1590 # 1591 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1592 # `members` to a `role`, where the members can be user accounts, Google groups, 1593 # Google domains, and service accounts. A `role` is a named list of permissions 1594 # defined by IAM. 1595 # 1596 # **JSON Example** 1597 # 1598 # { 1599 # "bindings": [ 1600 # { 1601 # "role": "roles/owner", 1602 # "members": [ 1603 # "user:mike@example.com", 1604 # "group:admins@example.com", 1605 # "domain:google.com", 1606 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1607 # ] 1608 # }, 1609 # { 1610 # "role": "roles/viewer", 1611 # "members": ["user:sean@example.com"] 1612 # } 1613 # ] 1614 # } 1615 # 1616 # **YAML Example** 1617 # 1618 # bindings: 1619 # - members: 1620 # - user:mike@example.com 1621 # - group:admins@example.com 1622 # - domain:google.com 1623 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1624 # role: roles/owner 1625 # - members: 1626 # - user:sean@example.com 1627 # role: roles/viewer 1628 # 1629 # 1630 # For a description of IAM and its features, see the 1631 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1632 "bindings": [ # Associates a list of `members` to a `role`. 1633 # `bindings` with no members will result in an error. 1634 { # Associates `members` with a `role`. 1635 "role": "A String", # Role that is assigned to `members`. 1636 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1637 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1638 # `members` can have the following values: 1639 # 1640 # * `allUsers`: A special identifier that represents anyone who is 1641 # on the internet; with or without a Google account. 1642 # 1643 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1644 # who is authenticated with a Google account or a service account. 1645 # 1646 # * `user:{emailid}`: An email address that represents a specific Google 1647 # account. For example, `alice@gmail.com` . 1648 # 1649 # 1650 # * `serviceAccount:{emailid}`: An email address that represents a service 1651 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1652 # 1653 # * `group:{emailid}`: An email address that represents a Google group. 1654 # For example, `admins@example.com`. 1655 # 1656 # 1657 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1658 # users of that domain. For example, `google.com` or `example.com`. 1659 # 1660 "A String", 1661 ], 1662 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1663 # NOTE: An unsatisfied condition will not allow user access via current 1664 # binding. Different bindings, including their conditions, are examined 1665 # independently. 1666 # 1667 # title: "User account presence" 1668 # description: "Determines whether the request has a user account" 1669 # expression: "size(request.user) > 0" 1670 "description": "A String", # An optional description of the expression. This is a longer text which 1671 # describes the expression, e.g. when hovered over it in a UI. 1672 "expression": "A String", # Textual representation of an expression in 1673 # Common Expression Language syntax. 1674 # 1675 # The application context of the containing message determines which 1676 # well-known feature set of CEL is supported. 1677 "location": "A String", # An optional string indicating the location of the expression for error 1678 # reporting, e.g. a file name and a position in the file. 1679 "title": "A String", # An optional title for the expression, i.e. a short string describing 1680 # its purpose. This can be used e.g. in UIs which allow to enter the 1681 # expression. 1682 }, 1683 }, 1684 ], 1685 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1686 { # Specifies the audit configuration for a service. 1687 # The configuration determines which permission types are logged, and what 1688 # identities, if any, are exempted from logging. 1689 # An AuditConfig must have one or more AuditLogConfigs. 1690 # 1691 # If there are AuditConfigs for both `allServices` and a specific service, 1692 # the union of the two AuditConfigs is used for that service: the log_types 1693 # specified in each AuditConfig are enabled, and the exempted_members in each 1694 # AuditLogConfig are exempted. 1695 # 1696 # Example Policy with multiple AuditConfigs: 1697 # 1698 # { 1699 # "audit_configs": [ 1700 # { 1701 # "service": "allServices" 1702 # "audit_log_configs": [ 1703 # { 1704 # "log_type": "DATA_READ", 1705 # "exempted_members": [ 1706 # "user:foo@gmail.com" 1707 # ] 1708 # }, 1709 # { 1710 # "log_type": "DATA_WRITE", 1711 # }, 1712 # { 1713 # "log_type": "ADMIN_READ", 1714 # } 1715 # ] 1716 # }, 1717 # { 1718 # "service": "fooservice.googleapis.com" 1719 # "audit_log_configs": [ 1720 # { 1721 # "log_type": "DATA_READ", 1722 # }, 1723 # { 1724 # "log_type": "DATA_WRITE", 1725 # "exempted_members": [ 1726 # "user:bar@gmail.com" 1727 # ] 1728 # } 1729 # ] 1730 # } 1731 # ] 1732 # } 1733 # 1734 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1735 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1736 # bar@gmail.com from DATA_WRITE logging. 1737 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1738 { # Provides the configuration for logging a type of permissions. 1739 # Example: 1740 # 1741 # { 1742 # "audit_log_configs": [ 1743 # { 1744 # "log_type": "DATA_READ", 1745 # "exempted_members": [ 1746 # "user:foo@gmail.com" 1747 # ] 1748 # }, 1749 # { 1750 # "log_type": "DATA_WRITE", 1751 # } 1752 # ] 1753 # } 1754 # 1755 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1756 # foo@gmail.com from DATA_READ logging. 1757 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1758 # permission. 1759 # Follows the same format of Binding.members. 1760 "A String", 1761 ], 1762 "logType": "A String", # The log type that this config enables. 1763 }, 1764 ], 1765 "service": "A String", # Specifies a service that will be enabled for audit logging. 1766 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1767 # `allServices` is a special value that covers all services. 1768 }, 1769 ], 1770 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1771 # prevent simultaneous updates of a policy from overwriting each other. 1772 # It is strongly suggested that systems make use of the `etag` in the 1773 # read-modify-write cycle to perform policy updates in order to avoid race 1774 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1775 # systems are expected to put that etag in the request to `setIamPolicy` to 1776 # ensure that their change will be applied to the same version of the policy. 1777 # 1778 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1779 # policy is overwritten blindly. 1780 "version": 42, # Deprecated. 1781 }</pre> 1782</div> 1783 1784<div class="method"> 1785 <code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code> 1786 <pre>Gets the `Note` attached to the given `Occurrence`. 1787 1788Args: 1789 name: string, The name of the occurrence in the form 1790"projects/{project_id}/occurrences/{OCCURRENCE_ID}" (required) 1791 x__xgafv: string, V1 error format. 1792 Allowed values 1793 1 - v1 error format 1794 2 - v2 error format 1795 1796Returns: 1797 An object of the form: 1798 1799 { # Provides a detailed description of a `Note`. 1800 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 1801 # the provenance message in linked BuildDetails. 1802 "builderVersion": "A String", # Version of the builder which produced this Note. 1803 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 1804 # `BuilderDetails`. 1805 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1806 # findings are valid and unchanged. If `key_type` is empty, this defaults 1807 # to PEM encoded public keys. 1808 # 1809 # This field may be empty if `key_id` references an external key. 1810 # 1811 # For Cloud Build based signatures, this is a PEM encoded public 1812 # key. To verify the Cloud Build signature, place the contents of 1813 # this field into a file (public.pem). The signature field is base64-decoded 1814 # into its binary representation in signature.bin, and the provenance bytes 1815 # from `BuildDetails` are base64-decoded into a binary representation in 1816 # signed.bin. OpenSSL can then verify the signature: 1817 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1818 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1819 # `key_id` 1820 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 1821 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 1822 # CN for a cert), or a reference to an external key (such as a reference to a 1823 # key in Cloud Key Management Service). 1824 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 1825 }, 1826 }, 1827 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 1828 # field can be used as a filter in list requests. 1829 "name": "A String", # The name of the note in the form 1830 # "providers/{provider_id}/notes/{NOTE_ID}" 1831 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 1832 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 1833 "severity": "A String", # Note provider assigned impact of the vulnerability 1834 "details": [ # All information about the package to specifically identify this 1835 # vulnerability. One entry per (version range and cpe_uri) the 1836 # package vulnerability has manifested in. 1837 { # Identifies all occurrences of this vulnerability in the package for a 1838 # specific distro/location 1839 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1840 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1841 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 1842 # which the vulnerability manifests. Examples include distro or storage 1843 # location for vulnerable jar. 1844 # This field can be used as a filter in list requests. 1845 "description": "A String", # A vendor-specific description of this note. 1846 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 1847 # For a discussion of this in Debian/Ubuntu: 1848 # http://serverfault.com/questions/604541/debian-packages-version-convention 1849 # For a discussion of this in Redhat/Fedora/Centos: 1850 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1851 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1852 # If kind is not NORMAL, then the other fields are ignored. 1853 "revision": "A String", # The iteration of the package build from the above version. 1854 "name": "A String", # The main part of the version name. 1855 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1856 }, 1857 "package": "A String", # The name of the package where the vulnerability was found. 1858 # This field can be used as a filter in list requests. 1859 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 1860 # node.js packages etc) 1861 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 1862 # obsolete details. 1863 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 1864 # 1865 # The max version of the package in which the vulnerability exists. 1866 # For a discussion of this in Debian/Ubuntu: 1867 # http://serverfault.com/questions/604541/debian-packages-version-convention 1868 # For a discussion of this in Redhat/Fedora/Centos: 1869 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1870 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1871 # If kind is not NORMAL, then the other fields are ignored. 1872 "revision": "A String", # The iteration of the package build from the above version. 1873 "name": "A String", # The main part of the version name. 1874 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1875 }, 1876 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 1877 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1878 # format. Examples include distro or storage location for vulnerable jar. 1879 # This field can be used as a filter in list requests. 1880 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1881 # filter in list requests. 1882 # For a discussion of this in Debian/Ubuntu: 1883 # http://serverfault.com/questions/604541/debian-packages-version-convention 1884 # For a discussion of this in Redhat/Fedora/Centos: 1885 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1886 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1887 # If kind is not NORMAL, then the other fields are ignored. 1888 "revision": "A String", # The iteration of the package build from the above version. 1889 "name": "A String", # The main part of the version name. 1890 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1891 }, 1892 "package": "A String", # The package being described. 1893 }, 1894 }, 1895 ], 1896 }, 1897 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 1898 # various channels. 1899 # e.g. glibc (aka libc6) is distributed by many, at various versions. 1900 "distribution": [ # The various channels by which a package is distributed. 1901 { # This represents a particular channel of distribution for a given package. 1902 # e.g. Debian's jessie-backports dpkg mirror 1903 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 1904 # denoting the package manager version distributing a package. 1905 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1906 "description": "A String", # The distribution channel-specific description of this package. 1907 "url": "A String", # The distribution channel-specific homepage for this package. 1908 "architecture": "A String", # The CPU architecture for which packages in this distribution 1909 # channel were built 1910 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 1911 # this distribution channel. 1912 # For a discussion of this in Debian/Ubuntu: 1913 # http://serverfault.com/questions/604541/debian-packages-version-convention 1914 # For a discussion of this in Redhat/Fedora/Centos: 1915 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1916 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1917 # If kind is not NORMAL, then the other fields are ignored. 1918 "revision": "A String", # The iteration of the package build from the above version. 1919 "name": "A String", # The main part of the version name. 1920 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1921 }, 1922 }, 1923 ], 1924 "name": "A String", # The name of the package. 1925 }, 1926 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1927 # a filter in list requests. 1928 "relatedUrl": [ # URLs associated with this note 1929 { # Metadata for any related URL information 1930 "url": "A String", # Specific URL to associate with the note 1931 "label": "A String", # Label to describe usage of the URL 1932 }, 1933 ], 1934 "longDescription": "A String", # A detailed description of this `Note`. 1935 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1936 # example, an organization might have one `AttestationAuthority` for "QA" and 1937 # one for "build". This Note is intended to act strictly as a grouping 1938 # mechanism for the attached Occurrences (Attestations). This grouping 1939 # mechanism also provides a security boundary, since IAM ACLs gate the ability 1940 # for a principle to attach an Occurrence to a given Note. It also provides a 1941 # single point of lookup to find all attached Attestation Occurrences, even if 1942 # they don't all live in the same project. 1943 "hint": { # This submessage provides human-readable hints about the purpose of the 1944 # AttestationAuthority. Because the name of a Note acts as its resource 1945 # reference, it is important to disambiguate the canonical name of the Note 1946 # (which might be a UUID for security purposes) from "readable" names more 1947 # suitable for debug output. Note that these hints should NOT be used to 1948 # look up AttestationAuthorities in security sensitive contexts, such as when 1949 # looking up Attestations to verify. 1950 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 1951 }, 1952 }, 1953 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1954 # relationship. Linked occurrences are derived from this or an 1955 # equivalent image via: 1956 # FROM <Basis.resource_url> 1957 # Or an equivalent reference, e.g. a tag of the resource_url. 1958 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 1959 # associated occurrence images. 1960 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 1961 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1962 # representation. 1963 # This field can be used as a filter in list requests. 1964 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1965 "A String", 1966 ], 1967 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1968 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1969 # Only the name of the final blob is kept. 1970 # This field can be used as a filter in list requests. 1971 }, 1972 }, 1973 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 1974 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1975 "resourceUri": [ # Resource URI for the artifact being deployed. 1976 "A String", 1977 ], 1978 }, 1979 "shortDescription": "A String", # A one sentence description of this `Note`. 1980 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1981 # filter in list requests. 1982 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 1983 # exists in a provider's project. A `Discovery` occurrence is created in a 1984 # consumer's project at the start of analysis. The occurrence's operation will 1985 # indicate the status of the analysis. Absence of an occurrence linked to this 1986 # note for a resource indicates that analysis hasn't started. 1987 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 1988 }, 1989 }</pre> 1990</div> 1991 1992<div class="method"> 1993 <code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, x__xgafv=None, filter=None)</code> 1994 <pre>Gets a summary of the number and severity of occurrences. 1995 1996Args: 1997 parent: string, This contains the project Id for example: projects/{project_id} (required) 1998 x__xgafv: string, V1 error format. 1999 Allowed values 2000 1 - v1 error format 2001 2 - v2 error format 2002 filter: string, The filter expression. 2003 2004Returns: 2005 An object of the form: 2006 2007 { # A summary of how many vulnz occurrences there are per severity type. 2008 # counts by groups, or if we should have different summary messages 2009 # like this. 2010 "counts": [ # A map of how many occurrences were found for each severity. 2011 { # The number of occurrences created for a specific severity. 2012 "count": "A String", # The number of occurrences with the severity. 2013 "severity": "A String", # The severity of the occurrences. 2014 }, 2015 ], 2016 }</pre> 2017</div> 2018 2019<div class="method"> 2020 <code class="details" id="list">list(parent, kind=None, name=None, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</code> 2021 <pre>Lists active `Occurrences` for a given project matching the filters. 2022 2023Args: 2024 parent: string, This contains the project Id for example: projects/{project_id}. (required) 2025 kind: string, The kind of occurrences to filter on. 2026 name: string, The name field contains the project Id. For example: 2027"projects/{project_id} 2028@Deprecated 2029 pageToken: string, Token to provide to skip to a particular spot in the list. 2030 x__xgafv: string, V1 error format. 2031 Allowed values 2032 1 - v1 error format 2033 2 - v2 error format 2034 pageSize: integer, Number of occurrences to return in the list. 2035 filter: string, The filter expression. 2036 2037Returns: 2038 An object of the form: 2039 2040 { # Response including listed active occurrences. 2041 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as 2042 # `page_token` for the following request. An empty value means no more 2043 # results. 2044 "occurrences": [ # The occurrences requested. 2045 { # `Occurrence` includes information about analysis occurrences for an image. 2046 "resource": { # # 2047 # The resource for which the `Occurrence` applies. 2048 # Resource is an entity that can have metadata. E.g., a Docker image. 2049 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 2050 "type": "A String", # The type of hash that was performed. 2051 "value": "A String", # The hash value. 2052 }, 2053 "uri": "A String", # The unique URI of the resource. E.g., 2054 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 2055 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 2056 }, 2057 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 2058 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 2059 # a system. 2060 "location": [ # All of the places within the filesystem versions of this package 2061 # have been found. 2062 { # An occurrence of a particular package installation found within a 2063 # system's filesystem. 2064 # e.g. glibc was found in /var/lib/dpkg/status 2065 "path": "A String", # The path from which we gathered that this package/version is installed. 2066 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 2067 # denoting the package manager version distributing a package. 2068 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 2069 # For a discussion of this in Debian/Ubuntu: 2070 # http://serverfault.com/questions/604541/debian-packages-version-convention 2071 # For a discussion of this in Redhat/Fedora/Centos: 2072 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2073 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2074 # If kind is not NORMAL, then the other fields are ignored. 2075 "revision": "A String", # The iteration of the package build from the above version. 2076 "name": "A String", # The main part of the version name. 2077 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2078 }, 2079 }, 2080 ], 2081 "name": "A String", # Output only. The name of the installed package. 2082 }, 2083 "name": "A String", # Output only. The name of the `Occurrence` in the form 2084 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 2085 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 2086 # specified. This field can be used as a filter in list requests. 2087 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 2088 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 2089 # details about the build from source to completion. 2090 "finishTime": "A String", # Time at which execution of the build was finished. 2091 "commands": [ # Commands requested by the build. 2092 { # Command describes a step performed as part of the build pipeline. 2093 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 2094 "A String", 2095 ], 2096 "name": "A String", # Name of the command, as presented on the command line, or if the command is 2097 # packaged as a Docker container, as presented to `docker pull`. 2098 "args": [ # Command-line arguments used when executing this Command. 2099 "A String", 2100 ], 2101 "env": [ # Environment variables set before running this Command. 2102 "A String", 2103 ], 2104 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 2105 # this Command as a dependency. 2106 "dir": "A String", # Working directory (relative to project source root) used when running 2107 # this Command. 2108 }, 2109 ], 2110 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 2111 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 2112 # location. 2113 # Google Cloud Storage. 2114 "generation": "A String", # Google Cloud Storage generation for the object. 2115 "object": "A String", # Google Cloud Storage object containing source. 2116 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 2117 # Requirements] 2118 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 2119 }, 2120 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 2121 # Repository. 2122 "projectId": "A String", # ID of the project that owns the repo. 2123 "branchName": "A String", # Name of the branch to build. 2124 "repoName": "A String", # Name of the repo. 2125 "tagName": "A String", # Name of the tag to build. 2126 "commitSha": "A String", # Explicit commit SHA to build. 2127 }, 2128 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 2129 # source integrity was maintained in the build. 2130 # 2131 # The keys to this map are file paths used as build source and the values 2132 # contain the hash values for those files. 2133 # 2134 # If the build source came in a single package such as a gzipped tarfile 2135 # (.tar.gz), the FileHash will be for the single path to that file. 2136 "a_key": { # Container message for hashes of byte content of files, used in Source 2137 # messages to verify integrity of source input to the build. 2138 "fileHash": [ # Collection of file hashes. 2139 { # Container message for hash values. 2140 "type": "A String", # The type of hash that was performed. 2141 "value": "A String", # The hash value. 2142 }, 2143 ], 2144 }, 2145 }, 2146 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 2147 # these locations, in the case where the source repository had multiple 2148 # remotes or submodules. This list will not include the context specified in 2149 # the context field. 2150 { # A SourceContext is a reference to a tree of files. A SourceContext together 2151 # with a path point to a unique revision of a single file or directory. 2152 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 2153 # repository (e.g., GitHub). 2154 "url": "A String", # Git repository URL. 2155 "revisionId": "A String", # Required. 2156 # Git commit hash. 2157 }, 2158 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 2159 # Source Repo. 2160 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2161 "kind": "A String", # The alias kind. 2162 "name": "A String", # The alias name. 2163 }, 2164 "revisionId": "A String", # A revision ID. 2165 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 2166 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 2167 # winged-cargo-31) and a repo name within that project. 2168 "projectId": "A String", # The ID of the project. 2169 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 2170 }, 2171 "uid": "A String", # A server-assigned, globally unique identifier. 2172 }, 2173 }, 2174 "labels": { # Labels with user defined metadata. 2175 "a_key": "A String", 2176 }, 2177 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 2178 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2179 "kind": "A String", # The alias kind. 2180 "name": "A String", # The alias name. 2181 }, 2182 "revisionId": "A String", # A revision (commit) ID. 2183 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 2184 # "project/subproject" is a valid project name. The "repo name" is 2185 # the hostURI/project. 2186 "hostUri": "A String", # The URI of a running Gerrit instance. 2187 }, 2188 }, 2189 ], 2190 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 2191 # with a path point to a unique revision of a single file or directory. 2192 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 2193 # repository (e.g., GitHub). 2194 "url": "A String", # Git repository URL. 2195 "revisionId": "A String", # Required. 2196 # Git commit hash. 2197 }, 2198 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 2199 # Source Repo. 2200 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2201 "kind": "A String", # The alias kind. 2202 "name": "A String", # The alias name. 2203 }, 2204 "revisionId": "A String", # A revision ID. 2205 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 2206 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 2207 # winged-cargo-31) and a repo name within that project. 2208 "projectId": "A String", # The ID of the project. 2209 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 2210 }, 2211 "uid": "A String", # A server-assigned, globally unique identifier. 2212 }, 2213 }, 2214 "labels": { # Labels with user defined metadata. 2215 "a_key": "A String", 2216 }, 2217 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 2218 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2219 "kind": "A String", # The alias kind. 2220 "name": "A String", # The alias name. 2221 }, 2222 "revisionId": "A String", # A revision (commit) ID. 2223 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 2224 # "project/subproject" is a valid project name. The "repo name" is 2225 # the hostURI/project. 2226 "hostUri": "A String", # The URI of a running Gerrit instance. 2227 }, 2228 }, 2229 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 2230 # Storage. 2231 # Google Cloud Storage. 2232 "generation": "A String", # Google Cloud Storage generation for the object. 2233 "object": "A String", # Google Cloud Storage object containing source. 2234 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 2235 # Requirements] 2236 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 2237 }, 2238 }, 2239 "buildOptions": { # Special options applied to this build. This is a catch-all field where 2240 # build providers can enter any desired additional details. 2241 "a_key": "A String", 2242 }, 2243 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 2244 # user's e-mail address at the time the build was initiated; this address may 2245 # not represent the same end-user for all time. 2246 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 2247 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 2248 "createTime": "A String", # Time at which the build was created. 2249 "builtArtifacts": [ # Output of the build. 2250 { # Artifact describes a build product. 2251 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 2252 # container. 2253 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 2254 # like gcr.io/projectID/imagename@sha256:123456 2255 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 2256 # the case of a container build, the name used to push the container image to 2257 # Google Container Registry, as presented to `docker push`. 2258 # 2259 # This field is deprecated in favor of the plural `names` field; it continues 2260 # to exist here to allow existing BuildProvenance serialized to json in 2261 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 2262 # deserialize back into proto. 2263 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 2264 # the case of a container build, the name used to push the container image to 2265 # Google Container Registry, as presented to `docker push`. Note that a 2266 # single Artifact ID can have multiple names, for example if two tags are 2267 # applied to one image. 2268 "A String", 2269 ], 2270 }, 2271 ], 2272 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 2273 "startTime": "A String", # Time at which execution of the build was started. 2274 "projectId": "A String", # ID of the project. 2275 "id": "A String", # Unique identifier of the build. 2276 }, 2277 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 2278 # `BuildSignature` in the corresponding Result. After verifying the 2279 # signature, `provenance_bytes` can be unmarshalled and compared to the 2280 # provenance to confirm that it is unchanged. A base64-encoded string 2281 # representation of the provenance bytes is used for the signature in order 2282 # to interoperate with openssl which expects this format for signature 2283 # verification. 2284 # 2285 # The serialized form is captured both to avoid ambiguity in how the 2286 # provenance is marshalled to json as well to prevent incompatibilities with 2287 # future changes. 2288 }, 2289 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 2290 "analysisStatus": "A String", # The status of discovery for the resource. 2291 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 2292 # This field is deprecated, do not use. 2293 # network API call. 2294 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 2295 # different programming environments, including REST APIs and RPC APIs. It is 2296 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 2297 # three pieces of data: error code, error message, and error details. 2298 # 2299 # You can find out more about this error model and how to work with it in the 2300 # [API Design Guide](https://cloud.google.com/apis/design/errors). 2301 "message": "A String", # A developer-facing error message, which should be in English. Any 2302 # user-facing error message should be localized and sent in the 2303 # google.rpc.Status.details field, or localized by the client. 2304 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 2305 "details": [ # A list of messages that carry the error details. There is a common set of 2306 # message types for APIs to use. 2307 { 2308 "a_key": "", # Properties of the object. Contains field @type with type URL. 2309 }, 2310 ], 2311 }, 2312 "done": True or False, # If the value is `false`, it means the operation is still in progress. 2313 # If `true`, the operation is completed, and either `error` or `response` is 2314 # available. 2315 "response": { # The normal response of the operation in case of success. If the original 2316 # method returns no data on success, such as `Delete`, the response is 2317 # `google.protobuf.Empty`. If the original method is standard 2318 # `Get`/`Create`/`Update`, the response should be the resource. For other 2319 # methods, the response should have the type `XxxResponse`, where `Xxx` 2320 # is the original method name. For example, if the original method name 2321 # is `TakeSnapshot()`, the inferred response type is 2322 # `TakeSnapshotResponse`. 2323 "a_key": "", # Properties of the object. Contains field @type with type URL. 2324 }, 2325 "name": "A String", # The server-assigned name, which is only unique within the same service that 2326 # originally returns it. If you use the default HTTP mapping, the 2327 # `name` should be a resource name ending with `operations/{unique_id}`. 2328 "metadata": { # Service-specific metadata associated with the operation. It typically 2329 # contains progress information and common metadata such as create time. 2330 # Some services might not provide such metadata. Any method that returns a 2331 # long-running operation should document the metadata type, if any. 2332 "a_key": "", # Properties of the object. Contains field @type with type URL. 2333 }, 2334 }, 2335 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 2336 # details to show to the user. The LocalizedMessage output only and 2337 # populated by the API. 2338 # different programming environments, including REST APIs and RPC APIs. It is 2339 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 2340 # three pieces of data: error code, error message, and error details. 2341 # 2342 # You can find out more about this error model and how to work with it in the 2343 # [API Design Guide](https://cloud.google.com/apis/design/errors). 2344 "message": "A String", # A developer-facing error message, which should be in English. Any 2345 # user-facing error message should be localized and sent in the 2346 # google.rpc.Status.details field, or localized by the client. 2347 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 2348 "details": [ # A list of messages that carry the error details. There is a common set of 2349 # message types for APIs to use. 2350 { 2351 "a_key": "", # Properties of the object. Contains field @type with type URL. 2352 }, 2353 ], 2354 }, 2355 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 2356 }, 2357 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 2358 # Attestation can be verified using the attached signature. If the verifier 2359 # trusts the public key of the signer, then verifying the signature is 2360 # sufficient to establish trust. In this circumstance, the 2361 # AttestationAuthority to which this Attestation is attached is primarily 2362 # useful for look-up (how to find this Attestation if you already know the 2363 # Authority and artifact to be verified) and intent (which authority was this 2364 # attestation intended to sign for). 2365 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 2366 # This message only supports `ATTACHED` signatures, where the payload that is 2367 # signed is included alongside the signature itself in the same file. 2368 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 2369 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 2370 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 2371 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 2372 # Implementations may choose to acknowledge "LONG", "SHORT", or other 2373 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 2374 # In gpg, the full fingerprint can be retrieved from the `fpr` field 2375 # returned when calling --list-keys with --with-colons. For example: 2376 # ``` 2377 # gpg --with-colons --with-fingerprint --force-v4-certs \ 2378 # --list-keys attester@example.com 2379 # tru::1:1513631572:0:3:1:5 2380 # pub:...<SNIP>... 2381 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 2382 # ``` 2383 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 2384 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 2385 # The verifier must ensure that the provided type is one that the verifier 2386 # supports, and that the attestation payload is a valid instantiation of that 2387 # type (for example by validating a JSON schema). 2388 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 2389 # equivalent. Since this message only supports attached signatures, the 2390 # payload that was signed must be attached. While the signature format 2391 # supported is dependent on the verification implementation, currently only 2392 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 2393 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 2394 # --output=signature.gpg payload.json` will create the signature content 2395 # expected in this field in `signature.gpg` for the `payload.json` 2396 # attestation payload. 2397 }, 2398 }, 2399 "noteName": "A String", # An analysis note associated with this image, in the form 2400 # "providers/{provider_id}/notes/{NOTE_ID}" 2401 # This field can be used as a filter in list requests. 2402 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 2403 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 2404 # deployable field with the same name. 2405 "A String", 2406 ], 2407 "userEmail": "A String", # Identity of the user that triggered this deployment. 2408 "address": "A String", # Address of the runtime element hosting this deployment. 2409 "platform": "A String", # Platform hosting this deployment. 2410 "deployTime": "A String", # Beginning of the lifetime of this deployment. 2411 "undeployTime": "A String", # End of the lifetime of this deployment. 2412 "config": "A String", # Configuration used to create this deployment. 2413 }, 2414 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 2415 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 2416 # to fix it. 2417 "packageIssue": [ # The set of affected locations and their fixes (if available) within 2418 # the associated resource. 2419 { # This message wraps a location affected by a vulnerability and its 2420 # associated fix (if one is available). 2421 "severityName": "A String", 2422 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 2423 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 2424 # format. Examples include distro or storage location for vulnerable jar. 2425 # This field can be used as a filter in list requests. 2426 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 2427 # filter in list requests. 2428 # For a discussion of this in Debian/Ubuntu: 2429 # http://serverfault.com/questions/604541/debian-packages-version-convention 2430 # For a discussion of this in Redhat/Fedora/Centos: 2431 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2432 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2433 # If kind is not NORMAL, then the other fields are ignored. 2434 "revision": "A String", # The iteration of the package build from the above version. 2435 "name": "A String", # The main part of the version name. 2436 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2437 }, 2438 "package": "A String", # The package being described. 2439 }, 2440 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 2441 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 2442 # format. Examples include distro or storage location for vulnerable jar. 2443 # This field can be used as a filter in list requests. 2444 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 2445 # filter in list requests. 2446 # For a discussion of this in Debian/Ubuntu: 2447 # http://serverfault.com/questions/604541/debian-packages-version-convention 2448 # For a discussion of this in Redhat/Fedora/Centos: 2449 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2450 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2451 # If kind is not NORMAL, then the other fields are ignored. 2452 "revision": "A String", # The iteration of the package build from the above version. 2453 "name": "A String", # The main part of the version name. 2454 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2455 }, 2456 "package": "A String", # The package being described. 2457 }, 2458 }, 2459 ], 2460 "type": "A String", # The type of package; whether native or non native(ruby gems, 2461 # node.js packages etc) 2462 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 2463 # scale of 0-10 where 0 indicates low severity and 10 indicates high 2464 # severity. 2465 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 2466 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 2467 # available and note provider assigned severity when distro has not yet 2468 # assigned a severity for this vulnerability. 2469 }, 2470 "createTime": "A String", # Output only. The time this `Occurrence` was created. 2471 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 2472 # in the associated note. 2473 # DockerImage relationship. This image would be produced from a Dockerfile 2474 # with FROM <DockerImage.Basis in attached Note>. 2475 "distance": 42, # Output only. The number of layers by which this image differs from the 2476 # associated image basis. 2477 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 2478 # occurrence. 2479 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 2480 # "distance" and is ordered with [distance] being the layer immediately 2481 # following the base image and [1] being the final layer. 2482 { # Layer holds metadata specific to a layer of a Docker image. 2483 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 2484 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 2485 }, 2486 ], 2487 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 2488 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 2489 # representation. 2490 # This field can be used as a filter in list requests. 2491 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 2492 "A String", 2493 ], 2494 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 2495 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 2496 # Only the name of the final blob is kept. 2497 # This field can be used as a filter in list requests. 2498 }, 2499 }, 2500 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 2501 # applies. For example, https://gcr.io/project/image@sha256:foo This field 2502 # can be used as a filter in list requests. 2503 }, 2504 ], 2505 }</pre> 2506</div> 2507 2508<div class="method"> 2509 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 2510 <pre>Retrieves the next page of results. 2511 2512Args: 2513 previous_request: The request for the previous page. (required) 2514 previous_response: The response from the request for the previous page. (required) 2515 2516Returns: 2517 A request object that you can call 'execute()' on to request the next 2518 page. Returns None if there are no more items in the collection. 2519 </pre> 2520</div> 2521 2522<div class="method"> 2523 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 2524 <pre>Updates an existing occurrence. 2525 2526Args: 2527 name: string, The name of the occurrence. 2528Should be of the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}". (required) 2529 body: object, The request body. (required) 2530 The object takes the form of: 2531 2532{ # `Occurrence` includes information about analysis occurrences for an image. 2533 "resource": { # # 2534 # The resource for which the `Occurrence` applies. 2535 # Resource is an entity that can have metadata. E.g., a Docker image. 2536 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 2537 "type": "A String", # The type of hash that was performed. 2538 "value": "A String", # The hash value. 2539 }, 2540 "uri": "A String", # The unique URI of the resource. E.g., 2541 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 2542 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 2543 }, 2544 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 2545 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 2546 # a system. 2547 "location": [ # All of the places within the filesystem versions of this package 2548 # have been found. 2549 { # An occurrence of a particular package installation found within a 2550 # system's filesystem. 2551 # e.g. glibc was found in /var/lib/dpkg/status 2552 "path": "A String", # The path from which we gathered that this package/version is installed. 2553 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 2554 # denoting the package manager version distributing a package. 2555 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 2556 # For a discussion of this in Debian/Ubuntu: 2557 # http://serverfault.com/questions/604541/debian-packages-version-convention 2558 # For a discussion of this in Redhat/Fedora/Centos: 2559 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2560 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2561 # If kind is not NORMAL, then the other fields are ignored. 2562 "revision": "A String", # The iteration of the package build from the above version. 2563 "name": "A String", # The main part of the version name. 2564 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2565 }, 2566 }, 2567 ], 2568 "name": "A String", # Output only. The name of the installed package. 2569 }, 2570 "name": "A String", # Output only. The name of the `Occurrence` in the form 2571 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 2572 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 2573 # specified. This field can be used as a filter in list requests. 2574 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 2575 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 2576 # details about the build from source to completion. 2577 "finishTime": "A String", # Time at which execution of the build was finished. 2578 "commands": [ # Commands requested by the build. 2579 { # Command describes a step performed as part of the build pipeline. 2580 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 2581 "A String", 2582 ], 2583 "name": "A String", # Name of the command, as presented on the command line, or if the command is 2584 # packaged as a Docker container, as presented to `docker pull`. 2585 "args": [ # Command-line arguments used when executing this Command. 2586 "A String", 2587 ], 2588 "env": [ # Environment variables set before running this Command. 2589 "A String", 2590 ], 2591 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 2592 # this Command as a dependency. 2593 "dir": "A String", # Working directory (relative to project source root) used when running 2594 # this Command. 2595 }, 2596 ], 2597 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 2598 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 2599 # location. 2600 # Google Cloud Storage. 2601 "generation": "A String", # Google Cloud Storage generation for the object. 2602 "object": "A String", # Google Cloud Storage object containing source. 2603 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 2604 # Requirements] 2605 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 2606 }, 2607 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 2608 # Repository. 2609 "projectId": "A String", # ID of the project that owns the repo. 2610 "branchName": "A String", # Name of the branch to build. 2611 "repoName": "A String", # Name of the repo. 2612 "tagName": "A String", # Name of the tag to build. 2613 "commitSha": "A String", # Explicit commit SHA to build. 2614 }, 2615 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 2616 # source integrity was maintained in the build. 2617 # 2618 # The keys to this map are file paths used as build source and the values 2619 # contain the hash values for those files. 2620 # 2621 # If the build source came in a single package such as a gzipped tarfile 2622 # (.tar.gz), the FileHash will be for the single path to that file. 2623 "a_key": { # Container message for hashes of byte content of files, used in Source 2624 # messages to verify integrity of source input to the build. 2625 "fileHash": [ # Collection of file hashes. 2626 { # Container message for hash values. 2627 "type": "A String", # The type of hash that was performed. 2628 "value": "A String", # The hash value. 2629 }, 2630 ], 2631 }, 2632 }, 2633 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 2634 # these locations, in the case where the source repository had multiple 2635 # remotes or submodules. This list will not include the context specified in 2636 # the context field. 2637 { # A SourceContext is a reference to a tree of files. A SourceContext together 2638 # with a path point to a unique revision of a single file or directory. 2639 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 2640 # repository (e.g., GitHub). 2641 "url": "A String", # Git repository URL. 2642 "revisionId": "A String", # Required. 2643 # Git commit hash. 2644 }, 2645 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 2646 # Source Repo. 2647 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2648 "kind": "A String", # The alias kind. 2649 "name": "A String", # The alias name. 2650 }, 2651 "revisionId": "A String", # A revision ID. 2652 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 2653 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 2654 # winged-cargo-31) and a repo name within that project. 2655 "projectId": "A String", # The ID of the project. 2656 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 2657 }, 2658 "uid": "A String", # A server-assigned, globally unique identifier. 2659 }, 2660 }, 2661 "labels": { # Labels with user defined metadata. 2662 "a_key": "A String", 2663 }, 2664 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 2665 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2666 "kind": "A String", # The alias kind. 2667 "name": "A String", # The alias name. 2668 }, 2669 "revisionId": "A String", # A revision (commit) ID. 2670 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 2671 # "project/subproject" is a valid project name. The "repo name" is 2672 # the hostURI/project. 2673 "hostUri": "A String", # The URI of a running Gerrit instance. 2674 }, 2675 }, 2676 ], 2677 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 2678 # with a path point to a unique revision of a single file or directory. 2679 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 2680 # repository (e.g., GitHub). 2681 "url": "A String", # Git repository URL. 2682 "revisionId": "A String", # Required. 2683 # Git commit hash. 2684 }, 2685 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 2686 # Source Repo. 2687 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2688 "kind": "A String", # The alias kind. 2689 "name": "A String", # The alias name. 2690 }, 2691 "revisionId": "A String", # A revision ID. 2692 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 2693 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 2694 # winged-cargo-31) and a repo name within that project. 2695 "projectId": "A String", # The ID of the project. 2696 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 2697 }, 2698 "uid": "A String", # A server-assigned, globally unique identifier. 2699 }, 2700 }, 2701 "labels": { # Labels with user defined metadata. 2702 "a_key": "A String", 2703 }, 2704 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 2705 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 2706 "kind": "A String", # The alias kind. 2707 "name": "A String", # The alias name. 2708 }, 2709 "revisionId": "A String", # A revision (commit) ID. 2710 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 2711 # "project/subproject" is a valid project name. The "repo name" is 2712 # the hostURI/project. 2713 "hostUri": "A String", # The URI of a running Gerrit instance. 2714 }, 2715 }, 2716 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 2717 # Storage. 2718 # Google Cloud Storage. 2719 "generation": "A String", # Google Cloud Storage generation for the object. 2720 "object": "A String", # Google Cloud Storage object containing source. 2721 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 2722 # Requirements] 2723 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 2724 }, 2725 }, 2726 "buildOptions": { # Special options applied to this build. This is a catch-all field where 2727 # build providers can enter any desired additional details. 2728 "a_key": "A String", 2729 }, 2730 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 2731 # user's e-mail address at the time the build was initiated; this address may 2732 # not represent the same end-user for all time. 2733 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 2734 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 2735 "createTime": "A String", # Time at which the build was created. 2736 "builtArtifacts": [ # Output of the build. 2737 { # Artifact describes a build product. 2738 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 2739 # container. 2740 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 2741 # like gcr.io/projectID/imagename@sha256:123456 2742 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 2743 # the case of a container build, the name used to push the container image to 2744 # Google Container Registry, as presented to `docker push`. 2745 # 2746 # This field is deprecated in favor of the plural `names` field; it continues 2747 # to exist here to allow existing BuildProvenance serialized to json in 2748 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 2749 # deserialize back into proto. 2750 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 2751 # the case of a container build, the name used to push the container image to 2752 # Google Container Registry, as presented to `docker push`. Note that a 2753 # single Artifact ID can have multiple names, for example if two tags are 2754 # applied to one image. 2755 "A String", 2756 ], 2757 }, 2758 ], 2759 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 2760 "startTime": "A String", # Time at which execution of the build was started. 2761 "projectId": "A String", # ID of the project. 2762 "id": "A String", # Unique identifier of the build. 2763 }, 2764 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 2765 # `BuildSignature` in the corresponding Result. After verifying the 2766 # signature, `provenance_bytes` can be unmarshalled and compared to the 2767 # provenance to confirm that it is unchanged. A base64-encoded string 2768 # representation of the provenance bytes is used for the signature in order 2769 # to interoperate with openssl which expects this format for signature 2770 # verification. 2771 # 2772 # The serialized form is captured both to avoid ambiguity in how the 2773 # provenance is marshalled to json as well to prevent incompatibilities with 2774 # future changes. 2775 }, 2776 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 2777 "analysisStatus": "A String", # The status of discovery for the resource. 2778 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 2779 # This field is deprecated, do not use. 2780 # network API call. 2781 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 2782 # different programming environments, including REST APIs and RPC APIs. It is 2783 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 2784 # three pieces of data: error code, error message, and error details. 2785 # 2786 # You can find out more about this error model and how to work with it in the 2787 # [API Design Guide](https://cloud.google.com/apis/design/errors). 2788 "message": "A String", # A developer-facing error message, which should be in English. Any 2789 # user-facing error message should be localized and sent in the 2790 # google.rpc.Status.details field, or localized by the client. 2791 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 2792 "details": [ # A list of messages that carry the error details. There is a common set of 2793 # message types for APIs to use. 2794 { 2795 "a_key": "", # Properties of the object. Contains field @type with type URL. 2796 }, 2797 ], 2798 }, 2799 "done": True or False, # If the value is `false`, it means the operation is still in progress. 2800 # If `true`, the operation is completed, and either `error` or `response` is 2801 # available. 2802 "response": { # The normal response of the operation in case of success. If the original 2803 # method returns no data on success, such as `Delete`, the response is 2804 # `google.protobuf.Empty`. If the original method is standard 2805 # `Get`/`Create`/`Update`, the response should be the resource. For other 2806 # methods, the response should have the type `XxxResponse`, where `Xxx` 2807 # is the original method name. For example, if the original method name 2808 # is `TakeSnapshot()`, the inferred response type is 2809 # `TakeSnapshotResponse`. 2810 "a_key": "", # Properties of the object. Contains field @type with type URL. 2811 }, 2812 "name": "A String", # The server-assigned name, which is only unique within the same service that 2813 # originally returns it. If you use the default HTTP mapping, the 2814 # `name` should be a resource name ending with `operations/{unique_id}`. 2815 "metadata": { # Service-specific metadata associated with the operation. It typically 2816 # contains progress information and common metadata such as create time. 2817 # Some services might not provide such metadata. Any method that returns a 2818 # long-running operation should document the metadata type, if any. 2819 "a_key": "", # Properties of the object. Contains field @type with type URL. 2820 }, 2821 }, 2822 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 2823 # details to show to the user. The LocalizedMessage output only and 2824 # populated by the API. 2825 # different programming environments, including REST APIs and RPC APIs. It is 2826 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 2827 # three pieces of data: error code, error message, and error details. 2828 # 2829 # You can find out more about this error model and how to work with it in the 2830 # [API Design Guide](https://cloud.google.com/apis/design/errors). 2831 "message": "A String", # A developer-facing error message, which should be in English. Any 2832 # user-facing error message should be localized and sent in the 2833 # google.rpc.Status.details field, or localized by the client. 2834 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 2835 "details": [ # A list of messages that carry the error details. There is a common set of 2836 # message types for APIs to use. 2837 { 2838 "a_key": "", # Properties of the object. Contains field @type with type URL. 2839 }, 2840 ], 2841 }, 2842 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 2843 }, 2844 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 2845 # Attestation can be verified using the attached signature. If the verifier 2846 # trusts the public key of the signer, then verifying the signature is 2847 # sufficient to establish trust. In this circumstance, the 2848 # AttestationAuthority to which this Attestation is attached is primarily 2849 # useful for look-up (how to find this Attestation if you already know the 2850 # Authority and artifact to be verified) and intent (which authority was this 2851 # attestation intended to sign for). 2852 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 2853 # This message only supports `ATTACHED` signatures, where the payload that is 2854 # signed is included alongside the signature itself in the same file. 2855 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 2856 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 2857 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 2858 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 2859 # Implementations may choose to acknowledge "LONG", "SHORT", or other 2860 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 2861 # In gpg, the full fingerprint can be retrieved from the `fpr` field 2862 # returned when calling --list-keys with --with-colons. For example: 2863 # ``` 2864 # gpg --with-colons --with-fingerprint --force-v4-certs \ 2865 # --list-keys attester@example.com 2866 # tru::1:1513631572:0:3:1:5 2867 # pub:...<SNIP>... 2868 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 2869 # ``` 2870 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 2871 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 2872 # The verifier must ensure that the provided type is one that the verifier 2873 # supports, and that the attestation payload is a valid instantiation of that 2874 # type (for example by validating a JSON schema). 2875 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 2876 # equivalent. Since this message only supports attached signatures, the 2877 # payload that was signed must be attached. While the signature format 2878 # supported is dependent on the verification implementation, currently only 2879 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 2880 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 2881 # --output=signature.gpg payload.json` will create the signature content 2882 # expected in this field in `signature.gpg` for the `payload.json` 2883 # attestation payload. 2884 }, 2885 }, 2886 "noteName": "A String", # An analysis note associated with this image, in the form 2887 # "providers/{provider_id}/notes/{NOTE_ID}" 2888 # This field can be used as a filter in list requests. 2889 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 2890 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 2891 # deployable field with the same name. 2892 "A String", 2893 ], 2894 "userEmail": "A String", # Identity of the user that triggered this deployment. 2895 "address": "A String", # Address of the runtime element hosting this deployment. 2896 "platform": "A String", # Platform hosting this deployment. 2897 "deployTime": "A String", # Beginning of the lifetime of this deployment. 2898 "undeployTime": "A String", # End of the lifetime of this deployment. 2899 "config": "A String", # Configuration used to create this deployment. 2900 }, 2901 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 2902 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 2903 # to fix it. 2904 "packageIssue": [ # The set of affected locations and their fixes (if available) within 2905 # the associated resource. 2906 { # This message wraps a location affected by a vulnerability and its 2907 # associated fix (if one is available). 2908 "severityName": "A String", 2909 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 2910 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 2911 # format. Examples include distro or storage location for vulnerable jar. 2912 # This field can be used as a filter in list requests. 2913 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 2914 # filter in list requests. 2915 # For a discussion of this in Debian/Ubuntu: 2916 # http://serverfault.com/questions/604541/debian-packages-version-convention 2917 # For a discussion of this in Redhat/Fedora/Centos: 2918 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2919 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2920 # If kind is not NORMAL, then the other fields are ignored. 2921 "revision": "A String", # The iteration of the package build from the above version. 2922 "name": "A String", # The main part of the version name. 2923 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2924 }, 2925 "package": "A String", # The package being described. 2926 }, 2927 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 2928 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 2929 # format. Examples include distro or storage location for vulnerable jar. 2930 # This field can be used as a filter in list requests. 2931 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 2932 # filter in list requests. 2933 # For a discussion of this in Debian/Ubuntu: 2934 # http://serverfault.com/questions/604541/debian-packages-version-convention 2935 # For a discussion of this in Redhat/Fedora/Centos: 2936 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 2937 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 2938 # If kind is not NORMAL, then the other fields are ignored. 2939 "revision": "A String", # The iteration of the package build from the above version. 2940 "name": "A String", # The main part of the version name. 2941 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2942 }, 2943 "package": "A String", # The package being described. 2944 }, 2945 }, 2946 ], 2947 "type": "A String", # The type of package; whether native or non native(ruby gems, 2948 # node.js packages etc) 2949 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 2950 # scale of 0-10 where 0 indicates low severity and 10 indicates high 2951 # severity. 2952 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 2953 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 2954 # available and note provider assigned severity when distro has not yet 2955 # assigned a severity for this vulnerability. 2956 }, 2957 "createTime": "A String", # Output only. The time this `Occurrence` was created. 2958 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 2959 # in the associated note. 2960 # DockerImage relationship. This image would be produced from a Dockerfile 2961 # with FROM <DockerImage.Basis in attached Note>. 2962 "distance": 42, # Output only. The number of layers by which this image differs from the 2963 # associated image basis. 2964 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 2965 # occurrence. 2966 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 2967 # "distance" and is ordered with [distance] being the layer immediately 2968 # following the base image and [1] being the final layer. 2969 { # Layer holds metadata specific to a layer of a Docker image. 2970 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 2971 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 2972 }, 2973 ], 2974 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 2975 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 2976 # representation. 2977 # This field can be used as a filter in list requests. 2978 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 2979 "A String", 2980 ], 2981 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 2982 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 2983 # Only the name of the final blob is kept. 2984 # This field can be used as a filter in list requests. 2985 }, 2986 }, 2987 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 2988 # applies. For example, https://gcr.io/project/image@sha256:foo This field 2989 # can be used as a filter in list requests. 2990} 2991 2992 updateMask: string, The fields to update. 2993 x__xgafv: string, V1 error format. 2994 Allowed values 2995 1 - v1 error format 2996 2 - v2 error format 2997 2998Returns: 2999 An object of the form: 3000 3001 { # `Occurrence` includes information about analysis occurrences for an image. 3002 "resource": { # # 3003 # The resource for which the `Occurrence` applies. 3004 # Resource is an entity that can have metadata. E.g., a Docker image. 3005 "contentHash": { # Container message for hash values. # The hash of the resource content. E.g., the Docker digest. 3006 "type": "A String", # The type of hash that was performed. 3007 "value": "A String", # The hash value. 3008 }, 3009 "uri": "A String", # The unique URI of the resource. E.g., 3010 # "https://gcr.io/project/image@sha256:foo" for a Docker image. 3011 "name": "A String", # The name of the resource. E.g., the name of a Docker image - "Debian". 3012 }, 3013 "updateTime": "A String", # Output only. The time this `Occurrence` was last updated. 3014 "installation": { # This represents how a particular software package may be installed on # Describes the installation of a package on the linked resource. 3015 # a system. 3016 "location": [ # All of the places within the filesystem versions of this package 3017 # have been found. 3018 { # An occurrence of a particular package installation found within a 3019 # system's filesystem. 3020 # e.g. glibc was found in /var/lib/dpkg/status 3021 "path": "A String", # The path from which we gathered that this package/version is installed. 3022 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 3023 # denoting the package manager version distributing a package. 3024 "version": { # Version contains structured information about the version of the package. # The version installed at this location. 3025 # For a discussion of this in Debian/Ubuntu: 3026 # http://serverfault.com/questions/604541/debian-packages-version-convention 3027 # For a discussion of this in Redhat/Fedora/Centos: 3028 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 3029 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 3030 # If kind is not NORMAL, then the other fields are ignored. 3031 "revision": "A String", # The iteration of the package build from the above version. 3032 "name": "A String", # The main part of the version name. 3033 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 3034 }, 3035 }, 3036 ], 3037 "name": "A String", # Output only. The name of the installed package. 3038 }, 3039 "name": "A String", # Output only. The name of the `Occurrence` in the form 3040 # "projects/{project_id}/occurrences/{OCCURRENCE_ID}" 3041 "kind": "A String", # Output only. This explicitly denotes which of the `Occurrence` details are 3042 # specified. This field can be used as a filter in list requests. 3043 "buildDetails": { # Message encapsulating build provenance details. # Build details for a verifiable build. 3044 "provenance": { # Provenance of a build. Contains all information needed to verify the full # The actual provenance 3045 # details about the build from source to completion. 3046 "finishTime": "A String", # Time at which execution of the build was finished. 3047 "commands": [ # Commands requested by the build. 3048 { # Command describes a step performed as part of the build pipeline. 3049 "waitFor": [ # The ID(s) of the Command(s) that this Command depends on. 3050 "A String", 3051 ], 3052 "name": "A String", # Name of the command, as presented on the command line, or if the command is 3053 # packaged as a Docker container, as presented to `docker pull`. 3054 "args": [ # Command-line arguments used when executing this Command. 3055 "A String", 3056 ], 3057 "env": [ # Environment variables set before running this Command. 3058 "A String", 3059 ], 3060 "id": "A String", # Optional unique identifier for this Command, used in wait_for to reference 3061 # this Command as a dependency. 3062 "dir": "A String", # Working directory (relative to project source root) used when running 3063 # this Command. 3064 }, 3065 ], 3066 "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build. 3067 "artifactStorageSource": { # StorageSource describes the location of the source in an archive file in # If provided, the input binary artifacts for the build came from this 3068 # location. 3069 # Google Cloud Storage. 3070 "generation": "A String", # Google Cloud Storage generation for the object. 3071 "object": "A String", # Google Cloud Storage object containing source. 3072 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 3073 # Requirements] 3074 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 3075 }, 3076 "repoSource": { # RepoSource describes the location of the source in a Google Cloud Source # If provided, get source from this location in a Cloud Repo. 3077 # Repository. 3078 "projectId": "A String", # ID of the project that owns the repo. 3079 "branchName": "A String", # Name of the branch to build. 3080 "repoName": "A String", # Name of the repo. 3081 "tagName": "A String", # Name of the tag to build. 3082 "commitSha": "A String", # Explicit commit SHA to build. 3083 }, 3084 "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original 3085 # source integrity was maintained in the build. 3086 # 3087 # The keys to this map are file paths used as build source and the values 3088 # contain the hash values for those files. 3089 # 3090 # If the build source came in a single package such as a gzipped tarfile 3091 # (.tar.gz), the FileHash will be for the single path to that file. 3092 "a_key": { # Container message for hashes of byte content of files, used in Source 3093 # messages to verify integrity of source input to the build. 3094 "fileHash": [ # Collection of file hashes. 3095 { # Container message for hash values. 3096 "type": "A String", # The type of hash that was performed. 3097 "value": "A String", # The hash value. 3098 }, 3099 ], 3100 }, 3101 }, 3102 "additionalContexts": [ # If provided, some of the source code used for the build may be found in 3103 # these locations, in the case where the source repository had multiple 3104 # remotes or submodules. This list will not include the context specified in 3105 # the context field. 3106 { # A SourceContext is a reference to a tree of files. A SourceContext together 3107 # with a path point to a unique revision of a single file or directory. 3108 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 3109 # repository (e.g., GitHub). 3110 "url": "A String", # Git repository URL. 3111 "revisionId": "A String", # Required. 3112 # Git commit hash. 3113 }, 3114 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 3115 # Source Repo. 3116 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 3117 "kind": "A String", # The alias kind. 3118 "name": "A String", # The alias name. 3119 }, 3120 "revisionId": "A String", # A revision ID. 3121 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 3122 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 3123 # winged-cargo-31) and a repo name within that project. 3124 "projectId": "A String", # The ID of the project. 3125 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 3126 }, 3127 "uid": "A String", # A server-assigned, globally unique identifier. 3128 }, 3129 }, 3130 "labels": { # Labels with user defined metadata. 3131 "a_key": "A String", 3132 }, 3133 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 3134 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 3135 "kind": "A String", # The alias kind. 3136 "name": "A String", # The alias name. 3137 }, 3138 "revisionId": "A String", # A revision (commit) ID. 3139 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 3140 # "project/subproject" is a valid project name. The "repo name" is 3141 # the hostURI/project. 3142 "hostUri": "A String", # The URI of a running Gerrit instance. 3143 }, 3144 }, 3145 ], 3146 "context": { # A SourceContext is a reference to a tree of files. A SourceContext together # If provided, the source code used for the build came from this location. 3147 # with a path point to a unique revision of a single file or directory. 3148 "git": { # A GitSourceContext denotes a particular revision in a third party Git # A SourceContext referring to any third party Git repo (e.g., GitHub). 3149 # repository (e.g., GitHub). 3150 "url": "A String", # Git repository URL. 3151 "revisionId": "A String", # Required. 3152 # Git commit hash. 3153 }, 3154 "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud # A SourceContext referring to a revision in a Google Cloud Source Repo. 3155 # Source Repo. 3156 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 3157 "kind": "A String", # The alias kind. 3158 "name": "A String", # The alias name. 3159 }, 3160 "revisionId": "A String", # A revision ID. 3161 "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo. 3162 "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., # A combination of a project ID and a repo name. 3163 # winged-cargo-31) and a repo name within that project. 3164 "projectId": "A String", # The ID of the project. 3165 "repoName": "A String", # The name of the repo. Leave empty for the default repo. 3166 }, 3167 "uid": "A String", # A server-assigned, globally unique identifier. 3168 }, 3169 }, 3170 "labels": { # Labels with user defined metadata. 3171 "a_key": "A String", 3172 }, 3173 "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project. 3174 "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag. 3175 "kind": "A String", # The alias kind. 3176 "name": "A String", # The alias name. 3177 }, 3178 "revisionId": "A String", # A revision (commit) ID. 3179 "gerritProject": "A String", # The full project name within the host. Projects may be nested, so 3180 # "project/subproject" is a valid project name. The "repo name" is 3181 # the hostURI/project. 3182 "hostUri": "A String", # The URI of a running Gerrit instance. 3183 }, 3184 }, 3185 "storageSource": { # StorageSource describes the location of the source in an archive file in # If provided, get the source from this location in in Google Cloud 3186 # Storage. 3187 # Google Cloud Storage. 3188 "generation": "A String", # Google Cloud Storage generation for the object. 3189 "object": "A String", # Google Cloud Storage object containing source. 3190 "bucket": "A String", # Google Cloud Storage bucket containing source (see [Bucket Name 3191 # Requirements] 3192 # (https://cloud.google.com/storage/docs/bucket-naming#requirements)). 3193 }, 3194 }, 3195 "buildOptions": { # Special options applied to this build. This is a catch-all field where 3196 # build providers can enter any desired additional details. 3197 "a_key": "A String", 3198 }, 3199 "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the 3200 # user's e-mail address at the time the build was initiated; this address may 3201 # not represent the same end-user for all time. 3202 "logsBucket": "A String", # Google Cloud Storage bucket where logs were written. 3203 "builderVersion": "A String", # Version string of the builder at the time this build was executed. 3204 "createTime": "A String", # Time at which the build was created. 3205 "builtArtifacts": [ # Output of the build. 3206 { # Artifact describes a build product. 3207 "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 3208 # container. 3209 "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest 3210 # like gcr.io/projectID/imagename@sha256:123456 3211 "name": "A String", # Name of the artifact. This may be the path to a binary or jar file, or in 3212 # the case of a container build, the name used to push the container image to 3213 # Google Container Registry, as presented to `docker push`. 3214 # 3215 # This field is deprecated in favor of the plural `names` field; it continues 3216 # to exist here to allow existing BuildProvenance serialized to json in 3217 # google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to 3218 # deserialize back into proto. 3219 "names": [ # Related artifact names. This may be the path to a binary or jar file, or in 3220 # the case of a container build, the name used to push the container image to 3221 # Google Container Registry, as presented to `docker push`. Note that a 3222 # single Artifact ID can have multiple names, for example if two tags are 3223 # applied to one image. 3224 "A String", 3225 ], 3226 }, 3227 ], 3228 "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not. 3229 "startTime": "A String", # Time at which execution of the build was started. 3230 "projectId": "A String", # ID of the project. 3231 "id": "A String", # Unique identifier of the build. 3232 }, 3233 "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the 3234 # `BuildSignature` in the corresponding Result. After verifying the 3235 # signature, `provenance_bytes` can be unmarshalled and compared to the 3236 # provenance to confirm that it is unchanged. A base64-encoded string 3237 # representation of the provenance bytes is used for the signature in order 3238 # to interoperate with openssl which expects this format for signature 3239 # verification. 3240 # 3241 # The serialized form is captured both to avoid ambiguity in how the 3242 # provenance is marshalled to json as well to prevent incompatibilities with 3243 # future changes. 3244 }, 3245 "discovered": { # Provides information about the scan status of a discovered resource. # Describes the initial scan status for this resource. 3246 "analysisStatus": "A String", # The status of discovery for the resource. 3247 "operation": { # This resource represents a long-running operation that is the result of a # Output only. An operation that indicates the status of the current scan. 3248 # This field is deprecated, do not use. 3249 # network API call. 3250 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 3251 # different programming environments, including REST APIs and RPC APIs. It is 3252 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 3253 # three pieces of data: error code, error message, and error details. 3254 # 3255 # You can find out more about this error model and how to work with it in the 3256 # [API Design Guide](https://cloud.google.com/apis/design/errors). 3257 "message": "A String", # A developer-facing error message, which should be in English. Any 3258 # user-facing error message should be localized and sent in the 3259 # google.rpc.Status.details field, or localized by the client. 3260 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 3261 "details": [ # A list of messages that carry the error details. There is a common set of 3262 # message types for APIs to use. 3263 { 3264 "a_key": "", # Properties of the object. Contains field @type with type URL. 3265 }, 3266 ], 3267 }, 3268 "done": True or False, # If the value is `false`, it means the operation is still in progress. 3269 # If `true`, the operation is completed, and either `error` or `response` is 3270 # available. 3271 "response": { # The normal response of the operation in case of success. If the original 3272 # method returns no data on success, such as `Delete`, the response is 3273 # `google.protobuf.Empty`. If the original method is standard 3274 # `Get`/`Create`/`Update`, the response should be the resource. For other 3275 # methods, the response should have the type `XxxResponse`, where `Xxx` 3276 # is the original method name. For example, if the original method name 3277 # is `TakeSnapshot()`, the inferred response type is 3278 # `TakeSnapshotResponse`. 3279 "a_key": "", # Properties of the object. Contains field @type with type URL. 3280 }, 3281 "name": "A String", # The server-assigned name, which is only unique within the same service that 3282 # originally returns it. If you use the default HTTP mapping, the 3283 # `name` should be a resource name ending with `operations/{unique_id}`. 3284 "metadata": { # Service-specific metadata associated with the operation. It typically 3285 # contains progress information and common metadata such as create time. 3286 # Some services might not provide such metadata. Any method that returns a 3287 # long-running operation should document the metadata type, if any. 3288 "a_key": "", # Properties of the object. Contains field @type with type URL. 3289 }, 3290 }, 3291 "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for # When an error is encountered this will contain a LocalizedMessage under 3292 # details to show to the user. The LocalizedMessage output only and 3293 # populated by the API. 3294 # different programming environments, including REST APIs and RPC APIs. It is 3295 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 3296 # three pieces of data: error code, error message, and error details. 3297 # 3298 # You can find out more about this error model and how to work with it in the 3299 # [API Design Guide](https://cloud.google.com/apis/design/errors). 3300 "message": "A String", # A developer-facing error message, which should be in English. Any 3301 # user-facing error message should be localized and sent in the 3302 # google.rpc.Status.details field, or localized by the client. 3303 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 3304 "details": [ # A list of messages that carry the error details. There is a common set of 3305 # message types for APIs to use. 3306 { 3307 "a_key": "", # Properties of the object. Contains field @type with type URL. 3308 }, 3309 ], 3310 }, 3311 "continuousAnalysis": "A String", # Whether the resource is continuously analyzed. 3312 }, 3313 "attestation": { # Occurrence that represents a single "attestation". The authenticity of an # Describes an attestation of an artifact. 3314 # Attestation can be verified using the attached signature. If the verifier 3315 # trusts the public key of the signer, then verifying the signature is 3316 # sufficient to establish trust. In this circumstance, the 3317 # AttestationAuthority to which this Attestation is attached is primarily 3318 # useful for look-up (how to find this Attestation if you already know the 3319 # Authority and artifact to be verified) and intent (which authority was this 3320 # attestation intended to sign for). 3321 "pgpSignedAttestation": { # An attestation wrapper with a PGP-compatible signature. 3322 # This message only supports `ATTACHED` signatures, where the payload that is 3323 # signed is included alongside the signature itself in the same file. 3324 "pgpKeyId": "A String", # The cryptographic fingerprint of the key used to generate the signature, 3325 # as output by, e.g. `gpg --list-keys`. This should be the version 4, full 3326 # 160-bit fingerprint, expressed as a 40 character hexadecimal string. See 3327 # https://tools.ietf.org/html/rfc4880#section-12.2 for details. 3328 # Implementations may choose to acknowledge "LONG", "SHORT", or other 3329 # abbreviated key IDs, but only the full fingerprint is guaranteed to work. 3330 # In gpg, the full fingerprint can be retrieved from the `fpr` field 3331 # returned when calling --list-keys with --with-colons. For example: 3332 # ``` 3333 # gpg --with-colons --with-fingerprint --force-v4-certs \ 3334 # --list-keys attester@example.com 3335 # tru::1:1513631572:0:3:1:5 3336 # pub:...<SNIP>... 3337 # fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: 3338 # ``` 3339 # Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. 3340 "contentType": "A String", # Type (for example schema) of the attestation payload that was signed. 3341 # The verifier must ensure that the provided type is one that the verifier 3342 # supports, and that the attestation payload is a valid instantiation of that 3343 # type (for example by validating a JSON schema). 3344 "signature": "A String", # The raw content of the signature, as output by GNU Privacy Guard (GPG) or 3345 # equivalent. Since this message only supports attached signatures, the 3346 # payload that was signed must be attached. While the signature format 3347 # supported is dependent on the verification implementation, currently only 3348 # ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than 3349 # `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor 3350 # --output=signature.gpg payload.json` will create the signature content 3351 # expected in this field in `signature.gpg` for the `payload.json` 3352 # attestation payload. 3353 }, 3354 }, 3355 "noteName": "A String", # An analysis note associated with this image, in the form 3356 # "providers/{provider_id}/notes/{NOTE_ID}" 3357 # This field can be used as a filter in list requests. 3358 "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime. 3359 "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the 3360 # deployable field with the same name. 3361 "A String", 3362 ], 3363 "userEmail": "A String", # Identity of the user that triggered this deployment. 3364 "address": "A String", # Address of the runtime element hosting this deployment. 3365 "platform": "A String", # Platform hosting this deployment. 3366 "deployTime": "A String", # Beginning of the lifetime of this deployment. 3367 "undeployTime": "A String", # End of the lifetime of this deployment. 3368 "config": "A String", # Configuration used to create this deployment. 3369 }, 3370 "remediation": "A String", # A description of actions that can be taken to remedy the `Note` 3371 "vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how # Details of a security vulnerability note. 3372 # to fix it. 3373 "packageIssue": [ # The set of affected locations and their fixes (if available) within 3374 # the associated resource. 3375 { # This message wraps a location affected by a vulnerability and its 3376 # associated fix (if one is available). 3377 "severityName": "A String", 3378 "affectedLocation": { # The location of the vulnerability # The location of the vulnerability. 3379 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 3380 # format. Examples include distro or storage location for vulnerable jar. 3381 # This field can be used as a filter in list requests. 3382 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 3383 # filter in list requests. 3384 # For a discussion of this in Debian/Ubuntu: 3385 # http://serverfault.com/questions/604541/debian-packages-version-convention 3386 # For a discussion of this in Redhat/Fedora/Centos: 3387 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 3388 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 3389 # If kind is not NORMAL, then the other fields are ignored. 3390 "revision": "A String", # The iteration of the package build from the above version. 3391 "name": "A String", # The main part of the version name. 3392 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 3393 }, 3394 "package": "A String", # The package being described. 3395 }, 3396 "fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability. 3397 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 3398 # format. Examples include distro or storage location for vulnerable jar. 3399 # This field can be used as a filter in list requests. 3400 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 3401 # filter in list requests. 3402 # For a discussion of this in Debian/Ubuntu: 3403 # http://serverfault.com/questions/604541/debian-packages-version-convention 3404 # For a discussion of this in Redhat/Fedora/Centos: 3405 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 3406 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 3407 # If kind is not NORMAL, then the other fields are ignored. 3408 "revision": "A String", # The iteration of the package build from the above version. 3409 "name": "A String", # The main part of the version name. 3410 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 3411 }, 3412 "package": "A String", # The package being described. 3413 }, 3414 }, 3415 ], 3416 "type": "A String", # The type of package; whether native or non native(ruby gems, 3417 # node.js packages etc) 3418 "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a 3419 # scale of 0-10 where 0 indicates low severity and 10 indicates high 3420 # severity. 3421 "severity": "A String", # Output only. The note provider assigned Severity of the vulnerability. 3422 "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is 3423 # available and note provider assigned severity when distro has not yet 3424 # assigned a severity for this vulnerability. 3425 }, 3426 "createTime": "A String", # Output only. The time this `Occurrence` was created. 3427 "derivedImage": { # Derived describes the derived image portion (Occurrence) of the # Describes how this resource derives from the basis 3428 # in the associated note. 3429 # DockerImage relationship. This image would be produced from a Dockerfile 3430 # with FROM <DockerImage.Basis in attached Note>. 3431 "distance": 42, # Output only. The number of layers by which this image differs from the 3432 # associated image basis. 3433 "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image 3434 # occurrence. 3435 "layerInfo": [ # This contains layer-specific metadata, if populated it has length 3436 # "distance" and is ordered with [distance] being the layer immediately 3437 # following the base image and [1] being the final layer. 3438 { # Layer holds metadata specific to a layer of a Docker image. 3439 "arguments": "A String", # The recovered arguments to the Dockerfile directive. 3440 "directive": "A String", # The recovered Dockerfile directive used to construct this layer. 3441 }, 3442 ], 3443 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the derived image. 3444 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 3445 # representation. 3446 # This field can be used as a filter in list requests. 3447 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 3448 "A String", 3449 ], 3450 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 3451 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 3452 # Only the name of the final blob is kept. 3453 # This field can be used as a filter in list requests. 3454 }, 3455 }, 3456 "resourceUrl": "A String", # The unique URL of the image or the container for which the `Occurrence` 3457 # applies. For example, https://gcr.io/project/image@sha256:foo This field 3458 # can be used as a filter in list requests. 3459 }</pre> 3460</div> 3461 3462<div class="method"> 3463 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 3464 <pre>Sets the access control policy on the specified `Note` or `Occurrence`. 3465Requires `containeranalysis.notes.setIamPolicy` or 3466`containeranalysis.occurrences.setIamPolicy` permission if the resource is 3467a `Note` or an `Occurrence`, respectively. 3468Attempting to call this method without these permissions will result in a ` 3469`PERMISSION_DENIED` error. 3470Attempting to call this method on a non-existent resource will result in a 3471`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission 3472on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or 3473a `PERMISSION_DENIED` error otherwise. The resource takes the following 3474formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences 3475and projects/{projectid}/notes/{noteid} for notes 3476 3477Args: 3478 resource: string, REQUIRED: The resource for which the policy is being specified. 3479See the operation documentation for the appropriate value for this field. (required) 3480 body: object, The request body. (required) 3481 The object takes the form of: 3482 3483{ # Request message for `SetIamPolicy` method. 3484 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 3485 # the policy is limited to a few 10s of KB. An empty policy is a 3486 # valid policy but certain Cloud Platform services (such as Projects) 3487 # might reject them. 3488 # specify access control policies for Cloud Platform resources. 3489 # 3490 # 3491 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 3492 # `members` to a `role`, where the members can be user accounts, Google groups, 3493 # Google domains, and service accounts. A `role` is a named list of permissions 3494 # defined by IAM. 3495 # 3496 # **JSON Example** 3497 # 3498 # { 3499 # "bindings": [ 3500 # { 3501 # "role": "roles/owner", 3502 # "members": [ 3503 # "user:mike@example.com", 3504 # "group:admins@example.com", 3505 # "domain:google.com", 3506 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 3507 # ] 3508 # }, 3509 # { 3510 # "role": "roles/viewer", 3511 # "members": ["user:sean@example.com"] 3512 # } 3513 # ] 3514 # } 3515 # 3516 # **YAML Example** 3517 # 3518 # bindings: 3519 # - members: 3520 # - user:mike@example.com 3521 # - group:admins@example.com 3522 # - domain:google.com 3523 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 3524 # role: roles/owner 3525 # - members: 3526 # - user:sean@example.com 3527 # role: roles/viewer 3528 # 3529 # 3530 # For a description of IAM and its features, see the 3531 # [IAM developer's guide](https://cloud.google.com/iam/docs). 3532 "bindings": [ # Associates a list of `members` to a `role`. 3533 # `bindings` with no members will result in an error. 3534 { # Associates `members` with a `role`. 3535 "role": "A String", # Role that is assigned to `members`. 3536 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 3537 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 3538 # `members` can have the following values: 3539 # 3540 # * `allUsers`: A special identifier that represents anyone who is 3541 # on the internet; with or without a Google account. 3542 # 3543 # * `allAuthenticatedUsers`: A special identifier that represents anyone 3544 # who is authenticated with a Google account or a service account. 3545 # 3546 # * `user:{emailid}`: An email address that represents a specific Google 3547 # account. For example, `alice@gmail.com` . 3548 # 3549 # 3550 # * `serviceAccount:{emailid}`: An email address that represents a service 3551 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 3552 # 3553 # * `group:{emailid}`: An email address that represents a Google group. 3554 # For example, `admins@example.com`. 3555 # 3556 # 3557 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 3558 # users of that domain. For example, `google.com` or `example.com`. 3559 # 3560 "A String", 3561 ], 3562 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 3563 # NOTE: An unsatisfied condition will not allow user access via current 3564 # binding. Different bindings, including their conditions, are examined 3565 # independently. 3566 # 3567 # title: "User account presence" 3568 # description: "Determines whether the request has a user account" 3569 # expression: "size(request.user) > 0" 3570 "description": "A String", # An optional description of the expression. This is a longer text which 3571 # describes the expression, e.g. when hovered over it in a UI. 3572 "expression": "A String", # Textual representation of an expression in 3573 # Common Expression Language syntax. 3574 # 3575 # The application context of the containing message determines which 3576 # well-known feature set of CEL is supported. 3577 "location": "A String", # An optional string indicating the location of the expression for error 3578 # reporting, e.g. a file name and a position in the file. 3579 "title": "A String", # An optional title for the expression, i.e. a short string describing 3580 # its purpose. This can be used e.g. in UIs which allow to enter the 3581 # expression. 3582 }, 3583 }, 3584 ], 3585 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 3586 { # Specifies the audit configuration for a service. 3587 # The configuration determines which permission types are logged, and what 3588 # identities, if any, are exempted from logging. 3589 # An AuditConfig must have one or more AuditLogConfigs. 3590 # 3591 # If there are AuditConfigs for both `allServices` and a specific service, 3592 # the union of the two AuditConfigs is used for that service: the log_types 3593 # specified in each AuditConfig are enabled, and the exempted_members in each 3594 # AuditLogConfig are exempted. 3595 # 3596 # Example Policy with multiple AuditConfigs: 3597 # 3598 # { 3599 # "audit_configs": [ 3600 # { 3601 # "service": "allServices" 3602 # "audit_log_configs": [ 3603 # { 3604 # "log_type": "DATA_READ", 3605 # "exempted_members": [ 3606 # "user:foo@gmail.com" 3607 # ] 3608 # }, 3609 # { 3610 # "log_type": "DATA_WRITE", 3611 # }, 3612 # { 3613 # "log_type": "ADMIN_READ", 3614 # } 3615 # ] 3616 # }, 3617 # { 3618 # "service": "fooservice.googleapis.com" 3619 # "audit_log_configs": [ 3620 # { 3621 # "log_type": "DATA_READ", 3622 # }, 3623 # { 3624 # "log_type": "DATA_WRITE", 3625 # "exempted_members": [ 3626 # "user:bar@gmail.com" 3627 # ] 3628 # } 3629 # ] 3630 # } 3631 # ] 3632 # } 3633 # 3634 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 3635 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 3636 # bar@gmail.com from DATA_WRITE logging. 3637 "auditLogConfigs": [ # The configuration for logging of each type of permission. 3638 { # Provides the configuration for logging a type of permissions. 3639 # Example: 3640 # 3641 # { 3642 # "audit_log_configs": [ 3643 # { 3644 # "log_type": "DATA_READ", 3645 # "exempted_members": [ 3646 # "user:foo@gmail.com" 3647 # ] 3648 # }, 3649 # { 3650 # "log_type": "DATA_WRITE", 3651 # } 3652 # ] 3653 # } 3654 # 3655 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 3656 # foo@gmail.com from DATA_READ logging. 3657 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 3658 # permission. 3659 # Follows the same format of Binding.members. 3660 "A String", 3661 ], 3662 "logType": "A String", # The log type that this config enables. 3663 }, 3664 ], 3665 "service": "A String", # Specifies a service that will be enabled for audit logging. 3666 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 3667 # `allServices` is a special value that covers all services. 3668 }, 3669 ], 3670 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 3671 # prevent simultaneous updates of a policy from overwriting each other. 3672 # It is strongly suggested that systems make use of the `etag` in the 3673 # read-modify-write cycle to perform policy updates in order to avoid race 3674 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 3675 # systems are expected to put that etag in the request to `setIamPolicy` to 3676 # ensure that their change will be applied to the same version of the policy. 3677 # 3678 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 3679 # policy is overwritten blindly. 3680 "version": 42, # Deprecated. 3681 }, 3682 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 3683 # the fields in the mask will be modified. If no mask is provided, the 3684 # following default mask is used: 3685 # paths: "bindings, etag" 3686 # This field is only used by Cloud IAM. 3687 } 3688 3689 x__xgafv: string, V1 error format. 3690 Allowed values 3691 1 - v1 error format 3692 2 - v2 error format 3693 3694Returns: 3695 An object of the form: 3696 3697 { # Defines an Identity and Access Management (IAM) policy. It is used to 3698 # specify access control policies for Cloud Platform resources. 3699 # 3700 # 3701 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 3702 # `members` to a `role`, where the members can be user accounts, Google groups, 3703 # Google domains, and service accounts. A `role` is a named list of permissions 3704 # defined by IAM. 3705 # 3706 # **JSON Example** 3707 # 3708 # { 3709 # "bindings": [ 3710 # { 3711 # "role": "roles/owner", 3712 # "members": [ 3713 # "user:mike@example.com", 3714 # "group:admins@example.com", 3715 # "domain:google.com", 3716 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 3717 # ] 3718 # }, 3719 # { 3720 # "role": "roles/viewer", 3721 # "members": ["user:sean@example.com"] 3722 # } 3723 # ] 3724 # } 3725 # 3726 # **YAML Example** 3727 # 3728 # bindings: 3729 # - members: 3730 # - user:mike@example.com 3731 # - group:admins@example.com 3732 # - domain:google.com 3733 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 3734 # role: roles/owner 3735 # - members: 3736 # - user:sean@example.com 3737 # role: roles/viewer 3738 # 3739 # 3740 # For a description of IAM and its features, see the 3741 # [IAM developer's guide](https://cloud.google.com/iam/docs). 3742 "bindings": [ # Associates a list of `members` to a `role`. 3743 # `bindings` with no members will result in an error. 3744 { # Associates `members` with a `role`. 3745 "role": "A String", # Role that is assigned to `members`. 3746 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 3747 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 3748 # `members` can have the following values: 3749 # 3750 # * `allUsers`: A special identifier that represents anyone who is 3751 # on the internet; with or without a Google account. 3752 # 3753 # * `allAuthenticatedUsers`: A special identifier that represents anyone 3754 # who is authenticated with a Google account or a service account. 3755 # 3756 # * `user:{emailid}`: An email address that represents a specific Google 3757 # account. For example, `alice@gmail.com` . 3758 # 3759 # 3760 # * `serviceAccount:{emailid}`: An email address that represents a service 3761 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 3762 # 3763 # * `group:{emailid}`: An email address that represents a Google group. 3764 # For example, `admins@example.com`. 3765 # 3766 # 3767 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 3768 # users of that domain. For example, `google.com` or `example.com`. 3769 # 3770 "A String", 3771 ], 3772 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 3773 # NOTE: An unsatisfied condition will not allow user access via current 3774 # binding. Different bindings, including their conditions, are examined 3775 # independently. 3776 # 3777 # title: "User account presence" 3778 # description: "Determines whether the request has a user account" 3779 # expression: "size(request.user) > 0" 3780 "description": "A String", # An optional description of the expression. This is a longer text which 3781 # describes the expression, e.g. when hovered over it in a UI. 3782 "expression": "A String", # Textual representation of an expression in 3783 # Common Expression Language syntax. 3784 # 3785 # The application context of the containing message determines which 3786 # well-known feature set of CEL is supported. 3787 "location": "A String", # An optional string indicating the location of the expression for error 3788 # reporting, e.g. a file name and a position in the file. 3789 "title": "A String", # An optional title for the expression, i.e. a short string describing 3790 # its purpose. This can be used e.g. in UIs which allow to enter the 3791 # expression. 3792 }, 3793 }, 3794 ], 3795 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 3796 { # Specifies the audit configuration for a service. 3797 # The configuration determines which permission types are logged, and what 3798 # identities, if any, are exempted from logging. 3799 # An AuditConfig must have one or more AuditLogConfigs. 3800 # 3801 # If there are AuditConfigs for both `allServices` and a specific service, 3802 # the union of the two AuditConfigs is used for that service: the log_types 3803 # specified in each AuditConfig are enabled, and the exempted_members in each 3804 # AuditLogConfig are exempted. 3805 # 3806 # Example Policy with multiple AuditConfigs: 3807 # 3808 # { 3809 # "audit_configs": [ 3810 # { 3811 # "service": "allServices" 3812 # "audit_log_configs": [ 3813 # { 3814 # "log_type": "DATA_READ", 3815 # "exempted_members": [ 3816 # "user:foo@gmail.com" 3817 # ] 3818 # }, 3819 # { 3820 # "log_type": "DATA_WRITE", 3821 # }, 3822 # { 3823 # "log_type": "ADMIN_READ", 3824 # } 3825 # ] 3826 # }, 3827 # { 3828 # "service": "fooservice.googleapis.com" 3829 # "audit_log_configs": [ 3830 # { 3831 # "log_type": "DATA_READ", 3832 # }, 3833 # { 3834 # "log_type": "DATA_WRITE", 3835 # "exempted_members": [ 3836 # "user:bar@gmail.com" 3837 # ] 3838 # } 3839 # ] 3840 # } 3841 # ] 3842 # } 3843 # 3844 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 3845 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 3846 # bar@gmail.com from DATA_WRITE logging. 3847 "auditLogConfigs": [ # The configuration for logging of each type of permission. 3848 { # Provides the configuration for logging a type of permissions. 3849 # Example: 3850 # 3851 # { 3852 # "audit_log_configs": [ 3853 # { 3854 # "log_type": "DATA_READ", 3855 # "exempted_members": [ 3856 # "user:foo@gmail.com" 3857 # ] 3858 # }, 3859 # { 3860 # "log_type": "DATA_WRITE", 3861 # } 3862 # ] 3863 # } 3864 # 3865 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 3866 # foo@gmail.com from DATA_READ logging. 3867 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 3868 # permission. 3869 # Follows the same format of Binding.members. 3870 "A String", 3871 ], 3872 "logType": "A String", # The log type that this config enables. 3873 }, 3874 ], 3875 "service": "A String", # Specifies a service that will be enabled for audit logging. 3876 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 3877 # `allServices` is a special value that covers all services. 3878 }, 3879 ], 3880 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 3881 # prevent simultaneous updates of a policy from overwriting each other. 3882 # It is strongly suggested that systems make use of the `etag` in the 3883 # read-modify-write cycle to perform policy updates in order to avoid race 3884 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 3885 # systems are expected to put that etag in the request to `setIamPolicy` to 3886 # ensure that their change will be applied to the same version of the policy. 3887 # 3888 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 3889 # policy is overwritten blindly. 3890 "version": 42, # Deprecated. 3891 }</pre> 3892</div> 3893 3894<div class="method"> 3895 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 3896 <pre>Returns the permissions that a caller has on the specified note or 3897occurrence resource. Requires list permission on the project (for example, 3898"storage.objects.list" on the containing bucket for testing permission of 3899an object). Attempting to call this method on a non-existent resource will 3900result in a `NOT_FOUND` error if the user has list permission on the 3901project, or a `PERMISSION_DENIED` error otherwise. The resource takes the 3902following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for 3903`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes` 3904 3905Args: 3906 resource: string, REQUIRED: The resource for which the policy detail is being requested. 3907See the operation documentation for the appropriate value for this field. (required) 3908 body: object, The request body. (required) 3909 The object takes the form of: 3910 3911{ # Request message for `TestIamPermissions` method. 3912 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 3913 # wildcards (such as '*' or 'storage.*') are not allowed. For more 3914 # information see 3915 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 3916 "A String", 3917 ], 3918 } 3919 3920 x__xgafv: string, V1 error format. 3921 Allowed values 3922 1 - v1 error format 3923 2 - v2 error format 3924 3925Returns: 3926 An object of the form: 3927 3928 { # Response message for `TestIamPermissions` method. 3929 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 3930 # allowed. 3931 "A String", 3932 ], 3933 }</pre> 3934</div> 3935 3936</body></html>