containeranalysis/v1 library
Container Analysis API - v1
An implementation of the Grafeas API, which stores, and enables querying and retrieval of critical metadata about all of your software artifacts.
For more information, see cloud.google.com/container-analysis/api/reference/rest/
Create an instance of ContainerAnalysisApi to access these resources:
Classes
- Assessment
- Assessment provides all information that is related to a single vulnerability for this product.
- AttestationNote
- Note kind that represents a logical attestation "role" or "authority".
- AttestationOccurrence
- Occurrence that represents a single "attestation".
- BatchCreateNotesRequest
- Request to create notes in batch.
- BatchCreateNotesResponse
- Response for creating notes in batch.
- BatchCreateOccurrencesRequest
- Request to create occurrences in batch.
- BatchCreateOccurrencesResponse
- Response for creating occurrences in batch.
- Binding
-
Associates
members
, or principals, with arole
. - BuildDefinition
- BuildNote
- Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
- BuildOccurrence
- Details of a build occurrence.
- BuildProvenance
- Provenance of a build.
- CisBenchmark
- A compliance check that is a CIS benchmark.
- CloudRepoSourceContext
- A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
- ComplianceNote
- ComplianceOccurrence
- An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
- ComplianceVersion
- Describes the CIS benchmark version that is applicable to a given OS and os version.
- ContainerAnalysisApi
- An implementation of the Grafeas API, which stores, and enables querying and retrieval of critical metadata about all of your software artifacts.
- CVSSv3
- Common Vulnerability Scoring System version 3.
- DeploymentNote
- An artifact that can be deployed in some runtime.
- Detail
- A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
- Digest
- Digest information.
- DiscoveryNote
- A note that indicates a type of analysis a provider would perform.
- DiscoveryOccurrence
- Provides information about the analysis status of a discovered resource.
- Distribution
- This represents a particular channel of distribution for a given package.
- DSSEAttestationNote
- DSSEAttestationOccurrence
- Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
- DSSEHint
- This submessage provides human-readable hints about the purpose of the authority.
- Envelope
- MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto.
- FileHashes
- Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
- FixableTotalByDigest
- Per resource and severity counts of fixable and total vulnerabilities.
- GerritSourceContext
- A SourceContext referring to a Gerrit project.
- GetIamPolicyRequest
-
Request message for
GetIamPolicy
method. - GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation
- Identifies the event that kicked off the build.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata
- Other properties of the build.
- Hint
- This submessage provides human-readable hints about the purpose of the authority.
- ImageNote
- Basis describes the base image portion (Note) of the DockerImage relationship.
- ImageOccurrence
- Details of the derived image portion of the DockerImage relationship.
- InTotoProvenance
- InTotoSlsaProvenanceV1
- InTotoStatement
- Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload.
- KnowledgeBase
- ListNoteOccurrencesResponse
- Response for listing occurrences for a note.
- ListNotesResponse
- Response for listing notes.
- ListOccurrencesResponse
- Response for listing occurrences.
- Location
- An occurrence of a particular package installation found within a system's filesystem.
- Metadata
- Other properties of the build.
- Note
- A type of analysis that can be done for a resource.
- Occurrence
- An instance of an analysis type that has been found on a resource.
- PackageIssue
- A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
- PackageNote
- PackageNote represents a particular package version.
- PackageOccurrence
- Details on how a particular software package was installed on a system.
- Policy
- An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
- Product
- Product contains information about a product and how to uniquely identify it.
- ProjectsNotesOccurrencesResource
- ProjectsNotesResource
- ProjectsOccurrencesResource
- ProjectsResource
- ProvenanceBuilder
- Publisher
- Publisher contains information about the publisher of this Note.
- Remediation
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- RepoId
- A unique identifier for a Cloud Repo.
- RunDetails
- SbomReferenceIntotoPayload
- The actual payload that contains the SBOM Reference data.
- SBOMReferenceNote
- The note representing an SBOM reference.
- SBOMReferenceOccurrence
- The occurrence representing an SBOM reference as applied to a specific resource.
- SetIamPolicyRequest
-
Request message for
SetIamPolicy
method. - SlsaMetadata
- Other properties of the build.
- SlsaProvenance
- SlsaProvenanceV1
- Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.
- SlsaProvenanceZeroTwo
- See full explanation of fields at slsa.dev/provenance/v0.2.
- Source
- Source describes the location of the source used for the build.
- SourceContext
- A SourceContext is a reference to a tree of files.
- UpgradeNote
- An Upgrade Note represents a potential upgrade of a package to a given version.
- UpgradeOccurrence
- An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade.
- VexAssessment
- VexAssessment provides all publisher provided Vex information that is related to this vulnerability.
- VulnerabilityAssessmentNote
- A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE.
- VulnerabilityNote
- A security vulnerability that can be found in resources.
- VulnerabilityOccurrence
- An occurrence of a severity vulnerability on a resource.
- VulnerabilityOccurrencesSummary
- A summary of how many vulnerability occurrences there are per resource and severity type.
- WindowsDetail
- WindowsUpdate
- Windows Update represents the metadata about the update for the Windows operating system.
Typedefs
- AliasContext = $AliasContext
- An alias to a repo revision.
- AnalysisCompleted = $AnalysisCompleted
- Indicates which analysis completed successfully.
- Artifact = $Artifact
- Artifact describes a build product.
- BuilderConfig = $Shared00
- BuildMetadata = $BuildMetadata
- Category = $Category
- The category to which the update belongs.
- Command = $Command
- Command describes a step performed as part of the build pipeline.
- Completeness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- CVSS = $CVSS
- Common Vulnerability Scoring System.
- DeploymentOccurrence = $DeploymentOccurrence
- The period during which some deployable was active in a runtime.
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- EnvelopeSignature = $EnvelopeSignature
- Expr = $Expr
- Represents a textual expression in the Common Expression Language (CEL) syntax.
- Fingerprint = $Fingerprint
- A set of properties that uniquely identify a given Docker image.
- GetPolicyOptions = $GetPolicyOptions
- Encapsulates settings provided to GetIamPolicy.
- GitSourceContext = $GitSourceContext
- A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
- GrafeasV1FileLocation = $FileLocation
- Indicates the location at which a package was found.
- GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder = $Shared00
- Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness = $GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness
- Indicates that the builder claims certain fields in this message to be complete.
- GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource = $GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource
- Describes where the config file that kicked off the build came from.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial = $Material
- The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- Hash = $Hash
- Container message for hash values.
- Identity = $Identity
- The unique identifier of the update.
- Justification = $Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Jwt = $Jwt
- Layer = $Layer
- Layer holds metadata specific to a layer of a Docker image.
- License = $License
- License information.
- Material = $Material
- NonCompliantFile = $NonCompliantFile
- Details about files that caused a compliance check to fail.
- ProjectRepoId = $ProjectRepoId
- Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
- Recipe = $Recipe
- Steps taken to build the artifact.
- RelatedUrl = $RelatedUrl
- Metadata for any related URL information.
- ResourceDescriptor = $ResourceDescriptor
- SbomReferenceIntotoPredicate = $SbomReferenceIntotoPredicate
- A predicate which describes the SBOM being referenced.
- SBOMStatus = $SBOMStatus
- The status of an SBOM generation.
- Signature = $Signature
- Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
- SlsaBuilder = $Shared00
- SlsaCompleteness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- SlsaRecipe = $SlsaRecipe
- Steps taken to build the artifact.
- Status = $Status
-
The
Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. - Subject = $Subject
- TestIamPermissionsRequest = $TestIamPermissionsRequest00
-
Request message for
TestIamPermissions
method. - TestIamPermissionsResponse = $PermissionsResponse
-
Response message for
TestIamPermissions
method. - UpgradeDistribution = $UpgradeDistribution
- The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE).
- Version = $Version
- Version contains structured information about the version of a package.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.