import * as mod from "https://googleapis.deno.dev/v1/containeranalysis:v1.ts";
ContainerAnalysis | This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in both Artifact Registry and with Advanced Vulnerability Insights (runtime scanning) in GKE. In addition, the Container Analysis API is an implementation of the Grafeas API, which enables storing, querying, and retrieval of critical metadata about all of your software artifacts. |
GoogleAuth |
AliasContext | An alias to a repo revision. |
AnalysisCompleted | Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource. |
Artifact | Artifact describes a build product. |
Assessment | Assessment provides all information that is related to a single vulnerability for this product. |
AttestationNote | Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one |
AttestationOccurrence | Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. |
BatchCreateNotesRequest | Request to create notes in batch. |
BatchCreateNotesResponse | Response for creating notes in batch. |
BatchCreateOccurrencesRequest | Request to create occurrences in batch. |
BatchCreateOccurrencesResponse | Response for creating occurrences in batch. |
Binding | Associates |
BuildDefinition | |
BuilderConfig | |
BuildMetadata | |
BuildNote | Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. |
BuildOccurrence | Details of a build occurrence. |
BuildProvenance | Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. |
BuildStep | A step in the build pipeline. Next ID: 21 |
Category | The category to which the update belongs. |
CisBenchmark | A compliance check that is a CIS benchmark. |
CloudRepoSourceContext | A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. |
CloudStorageLocation | Empty placeholder to denote that this is a Google Cloud Storage export request. |
Command | Command describes a step performed as part of the build pipeline. |
Completeness | Indicates that the builder claims certain fields in this message to be complete. |
ComplianceNote | |
ComplianceOccurrence | An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. |
ComplianceVersion | Describes the CIS benchmark version that is applicable to a given OS and os version. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig | ApprovalConfig describes configuration for manual approval of a build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult | ApprovalResult describes the decision and associated metadata of a manual approval of a build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts | Artifacts produced by a build that should be uploaded upon successful completion of all build steps. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects | Files in the workspace to upload to Cloud Storage upon successful completion of all build steps. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsMavenArtifact | A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsNpmPackage | Npm package to upload to Artifact Registry upon successful completion of all build steps. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsPythonPackage | Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Build | A build resource in the Cloud Build API. At a high level, a
|
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval | BuildApproval describes a build's approval configuration, state, and result. |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo | A fatal problem encountered during the execution of the build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions | Optional arguments to enable specific features of builds. |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption | Details about how a build should be executed on a |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep | A step in the build pipeline. |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning | A non-fatal problem encountered during the execution of the build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage | An image built by the pipeline. |
ContaineranalysisGoogleDevtoolsCloudbuildV1ConnectedRepository | Location of the source in a 2nd-gen Google Cloud Build repository resource. |
ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes | Container message for hashes of byte content of files, used in SourceProvenance messages to verify integrity of source input to the build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1GitSource | Location of the source in any accessible Git repository. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Hash | Container message for hash values. |
ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret | Pairs a set of secret environment variables mapped to encrypted values with the Cloud KMS key to use to decrypt the value. |
ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource | Location of the source in a Google Cloud Source Repository. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Results | Artifacts created by the build pipeline. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Secret | Pairs a set of secret environment variables containing encrypted values with
the Cloud KMS key to use to decrypt the value. Note: Use |
ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret | Pairs a secret environment variable with a SecretVersion in Secret Manager. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets | Secrets and secret environment variables. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Source | Location of the source in a supported storage service. |
ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance | Provenance of the source. Ways to find the original source, or verify that some source was used for this build. |
ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource | Location of the source in an archive file in Cloud Storage. |
ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest | Location of the source manifest in Cloud Storage. This feature is in Preview; see description here. |
ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan | Start and end times for a build execution phase. |
ContaineranalysisGoogleDevtoolsCloudbuildV1UploadedMavenArtifact | A Maven artifact uploaded using the MavenArtifact directive. |
ContaineranalysisGoogleDevtoolsCloudbuildV1UploadedNpmPackage | An npm package uploaded to Artifact Registry using the NpmPackage directive. |
ContaineranalysisGoogleDevtoolsCloudbuildV1UploadedPythonPackage | Artifact uploaded using the PythonPackage directive. |
ContaineranalysisGoogleDevtoolsCloudbuildV1Volume | Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution. |
CredentialsClient | Defines the root interface for all clients that generate credentials for calling Google APIs. All clients should implement this interface. |
CVSS | Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version. |
CVSSv3 | Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document |
DeploymentNote | An artifact that can be deployed in some runtime. |
DeploymentOccurrence | The period during which some deployable was active in a runtime. |
Detail | A detail for a distro and package affected by this vulnerability and its associated fix (if one is available). |
Digest | Digest information. |
DiscoveryNote | A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A |
DiscoveryOccurrence | Provides information about the analysis status of a discovered resource. |
Distribution | This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror. |
DSSEAttestationNote | |
DSSEAttestationOccurrence | Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. |
DSSEHint | This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. |
Empty | A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } |
Envelope | MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. |
EnvelopeSignature | |
ExportSBOMRequest | The request to generate and export SBOM. Target must be specified for the request. |
ExportSBOMResponse | The response from a call to ExportSBOM. |
Expr | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. |
FileHashes | Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build. |
Fingerprint | A set of properties that uniquely identify a given Docker image. |
FixableTotalByDigest | Per resource and severity counts of fixable and total vulnerabilities. |
GerritSourceContext | A SourceContext referring to a Gerrit project. |
GetIamPolicyRequest | Request message for |
GetPolicyOptions | Encapsulates settings provided to GetIamPolicy. |
GitSourceContext | A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). |
GoogleDevtoolsContaineranalysisV1alpha1OperationMetadata | Metadata for all operations used and required for all operations that created by Container Analysis Providers |
GrafeasV1FileLocation | Indicates the location at which a package was found. |
GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder | Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance. |
GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness | Indicates that the builder claims certain fields in this message to be complete. |
GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource | Describes where the config file that kicked off the build came from. This is effectively a pointer to the source where buildConfig came from. |
GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation | Identifies the event that kicked off the build. |
GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial | The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. |
GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata | Other properties of the build. |
Hash | Container message for hash values. |
Hint | This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. |
Identity | The unique identifier of the update. |
ImageNote | Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. |
ImageOccurrence | Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . |
InTotoProvenance | |
InTotoSlsaProvenanceV1 | |
InTotoStatement | Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". |
Justification | Justification provides the justification when the state of the assessment if NOT_AFFECTED. |
Jwt | |
KnowledgeBase | |
Layer | Layer holds metadata specific to a layer of a Docker image. |
License | License information. |
ListNoteOccurrencesResponse | Response for listing occurrences for a note. |
ListNotesResponse | Response for listing notes. |
ListOccurrencesResponse | Response for listing occurrences. |
Location | An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in |
Material | |
Metadata | Other properties of the build. |
NonCompliantFile | Details about files that caused a compliance check to fail. display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. |
Note | A type of analysis that can be done for a resource. |
Occurrence | An instance of an analysis type that has been found on a resource. |
PackageIssue | A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available). |
PackageNote | PackageNote represents a particular package version. |
PackageOccurrence | Details on how a particular software package was installed on a system. |
Policy | An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources. A
|
Product | Product contains information about a product and how to uniquely identify it. |
ProjectRepoId | Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. |
ProjectsLocationsNotesListOptions | Additional options for ContainerAnalysis#projectsLocationsNotesList. |
ProjectsLocationsNotesOccurrencesListOptions | Additional options for ContainerAnalysis#projectsLocationsNotesOccurrencesList. |
ProjectsLocationsOccurrencesGetVulnerabilitySummaryOptions | Additional options for ContainerAnalysis#projectsLocationsOccurrencesGetVulnerabilitySummary. |
ProjectsLocationsOccurrencesListOptions | Additional options for ContainerAnalysis#projectsLocationsOccurrencesList. |
ProjectsNotesCreateOptions | Additional options for ContainerAnalysis#projectsNotesCreate. |
ProjectsNotesListOptions | Additional options for ContainerAnalysis#projectsNotesList. |
ProjectsNotesOccurrencesListOptions | Additional options for ContainerAnalysis#projectsNotesOccurrencesList. |
ProjectsNotesPatchOptions | Additional options for ContainerAnalysis#projectsNotesPatch. |
ProjectsOccurrencesGetVulnerabilitySummaryOptions | Additional options for ContainerAnalysis#projectsOccurrencesGetVulnerabilitySummary. |
ProjectsOccurrencesListOptions | Additional options for ContainerAnalysis#projectsOccurrencesList. |
ProjectsOccurrencesPatchOptions | Additional options for ContainerAnalysis#projectsOccurrencesPatch. |
ProvenanceBuilder | |
Publisher | Publisher contains information about the publisher of this Note. |
Recipe | Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
RelatedUrl | Metadata for any related URL information. |
Remediation | Specifies details on how to handle (and presumably, fix) a vulnerability. |
RepoId | A unique identifier for a Cloud Repo. |
ResourceDescriptor | |
RunDetails | |
SbomReferenceIntotoPayload | The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md for more details. |
SbomReferenceIntotoPredicate | A predicate which describes the SBOM being referenced. |
SBOMReferenceNote | The note representing an SBOM reference. |
SBOMReferenceOccurrence | The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more details. |
SBOMStatus | The status of an SBOM generation. |
SetIamPolicyRequest | Request message for |
Signature | Verifiers (e.g. Kritis implementations) MUST verify signatures with respect
to the trust anchors defined in policy (e.g. a Kritis policy). Typically this
means that the verifier has been configured with a map from |
SlsaBuilder | |
SlsaCompleteness | Indicates that the builder claims certain fields in this message to be complete. |
SlsaMetadata | Other properties of the build. |
SlsaProvenance | |
SlsaProvenanceV1 | Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts. |
SlsaProvenanceZeroTwo | See full explanation of fields at slsa.dev/provenance/v0.2. |
SlsaRecipe | Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
Source | Source describes the location of the source used for the build. |
SourceContext | A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. |
Status | The |
Subject | |
TestIamPermissionsRequest | Request message for |
TestIamPermissionsResponse | Response message for |
TimeSpan | Start and end times for a build execution phase. Next ID: 3 |
UpgradeDistribution | The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. |
UpgradeNote | An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. |
UpgradeOccurrence | An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. |
Version | Version contains structured information about the version of a package. |
VexAssessment | VexAssessment provides all publisher provided Vex information that is related to this vulnerability. |
Volume | Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution. Next ID: 3 |
VulnerabilityAssessmentNote | A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE. |
VulnerabilityNote | A security vulnerability that can be found in resources. |
VulnerabilityOccurrence | An occurrence of a severity vulnerability on a resource. |
VulnerabilityOccurrencesSummary | A summary of how many vulnerability occurrences there are per resource and severity type. |
WindowsDetail | |
WindowsUpdate | Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. |