containeranalysis/v1 library
Container Analysis API - v1
This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in both Artifact Registry and with Advanced Vulnerability Insights (runtime scanning) in GKE. In addition, the Container Analysis API is an implementation of the Grafeas API, which enables storing, querying, and retrieval of critical metadata about all of your software artifacts.
For more information, see cloud.google.com/container-analysis/api/reference/rest/
Create an instance of ContainerAnalysisApi to access these resources:
Classes
- Assessment
- Assessment provides all information that is related to a single vulnerability for this product.
- AttestationNote
- Note kind that represents a logical attestation "role" or "authority".
- AttestationOccurrence
- Occurrence that represents a single "attestation".
- BatchCreateNotesRequest
- Request to create notes in batch.
- BatchCreateNotesResponse
- Response for creating notes in batch.
- BatchCreateOccurrencesRequest
- Request to create occurrences in batch.
- BatchCreateOccurrencesResponse
- Response for creating occurrences in batch.
- Binding
-
Associates
members
, or principals, with arole
. - BuildDefinition
- BuildNote
- Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
- BuildOccurrence
- Details of a build occurrence.
- BuildProvenance
- Provenance of a build.
- CisBenchmark
- A compliance check that is a CIS benchmark.
- CloudRepoSourceContext
- A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
- ComplianceNote
- ComplianceOccurrence
- An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
- ComplianceVersion
- Describes the CIS benchmark version that is applicable to a given OS and os version.
- ContainerAnalysisApi
- This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in both Artifact Registry and with Advanced Vulnerability Insights (runtime scanning) in GKE.
- CVSSv3
- Common Vulnerability Scoring System version 3.
- DeploymentNote
- An artifact that can be deployed in some runtime.
- Detail
- A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
- Digest
- Digest information.
- DiscoveryNote
- A note that indicates a type of analysis a provider would perform.
- DiscoveryOccurrence
- Provides information about the analysis status of a discovered resource.
- Distribution
- This represents a particular channel of distribution for a given package.
- DSSEAttestationNote
- DSSEAttestationOccurrence
- Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
- DSSEHint
- This submessage provides human-readable hints about the purpose of the authority.
- Envelope
- MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto.
- ExportSBOMRequest
- The request to generate and export SBOM.
- ExportSBOMResponse
- The response from a call to ExportSBOM.
- FileHashes
- Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
- FixableTotalByDigest
- Per resource and severity counts of fixable and total vulnerabilities.
- GerritSourceContext
- A SourceContext referring to a Gerrit project.
- GetIamPolicyRequest
-
Request message for
GetIamPolicy
method. - GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation
- Identifies the event that kicked off the build.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata
- Other properties of the build.
- Hint
- This submessage provides human-readable hints about the purpose of the authority.
- ImageNote
- Basis describes the base image portion (Note) of the DockerImage relationship.
- ImageOccurrence
- Details of the derived image portion of the DockerImage relationship.
- InTotoProvenance
- InTotoSlsaProvenanceV1
- InTotoStatement
- Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload.
- KnowledgeBase
- ListNoteOccurrencesResponse
- Response for listing occurrences for a note.
- ListNotesResponse
- Response for listing notes.
- ListOccurrencesResponse
- Response for listing occurrences.
- Location
- An occurrence of a particular package installation found within a system's filesystem.
- Metadata
- Other properties of the build.
- Note
- A type of analysis that can be done for a resource.
- Occurrence
- An instance of an analysis type that has been found on a resource.
- PackageIssue
- A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
- PackageNote
- PackageNote represents a particular package version.
- PackageOccurrence
- Details on how a particular software package was installed on a system.
- Policy
- An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
- Product
- Product contains information about a product and how to uniquely identify it.
- ProjectsLocationsNotesOccurrencesResource
- ProjectsLocationsNotesResource
- ProjectsLocationsOccurrencesResource
- ProjectsLocationsResource
- ProjectsLocationsResourcesResource
- ProjectsNotesOccurrencesResource
- ProjectsNotesResource
- ProjectsOccurrencesResource
- ProjectsResource
- ProjectsResourcesResource
- ProvenanceBuilder
- Publisher
- Publisher contains information about the publisher of this Note.
- Remediation
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- RepoId
- A unique identifier for a Cloud Repo.
- RunDetails
- SbomReferenceIntotoPayload
- The actual payload that contains the SBOM Reference data.
- SBOMReferenceNote
- The note representing an SBOM reference.
- SBOMReferenceOccurrence
- The occurrence representing an SBOM reference as applied to a specific resource.
- SetIamPolicyRequest
-
Request message for
SetIamPolicy
method. - SlsaMetadata
- Other properties of the build.
- SlsaProvenance
- SlsaProvenanceV1
- Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.
- SlsaProvenanceZeroTwo
- See full explanation of fields at slsa.dev/provenance/v0.2.
- Source
- Source describes the location of the source used for the build.
- SourceContext
- A SourceContext is a reference to a tree of files.
- UpgradeNote
- An Upgrade Note represents a potential upgrade of a package to a given version.
- UpgradeOccurrence
- An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade.
- VexAssessment
- VexAssessment provides all publisher provided Vex information that is related to this vulnerability.
- VulnerabilityAssessmentNote
- A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE.
- VulnerabilityNote
- A security vulnerability that can be found in resources.
- VulnerabilityOccurrence
- An occurrence of a severity vulnerability on a resource.
- VulnerabilityOccurrencesSummary
- A summary of how many vulnerability occurrences there are per resource and severity type.
- WindowsDetail
- WindowsUpdate
- Windows Update represents the metadata about the update for the Windows operating system.
Typedefs
- AliasContext = $AliasContext
- An alias to a repo revision.
- AnalysisCompleted = $AnalysisCompleted
- Indicates which analysis completed successfully.
- Artifact = $Artifact
- Artifact describes a build product.
- BuilderConfig = $Shared00
- BuildMetadata = $BuildMetadata
- Category = $Category
- The category to which the update belongs.
- CloudStorageLocation = $Empty
- Empty placeholder to denote that this is a Google Cloud Storage export request.
- Command = $Command
- Command describes a step performed as part of the build pipeline.
- Completeness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- CVSS = $CVSS
- Common Vulnerability Scoring System.
- DeploymentOccurrence = $DeploymentOccurrence
- The period during which some deployable was active in a runtime.
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- EnvelopeSignature = $EnvelopeSignature
- Expr = $Expr
- Represents a textual expression in the Common Expression Language (CEL) syntax.
- Fingerprint = $Fingerprint
- A set of properties that uniquely identify a given Docker image.
- GetPolicyOptions = $GetPolicyOptions
- Encapsulates settings provided to GetIamPolicy.
- GitSourceContext = $GitSourceContext
- A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
- GrafeasV1FileLocation = $FileLocation
- Indicates the location at which a package was found.
- GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder = $Shared00
- Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness = $GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness
- Indicates that the builder claims certain fields in this message to be complete.
- GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource = $GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource
- Describes where the config file that kicked off the build came from.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial = $Material
- The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- Hash = $Hash
- Container message for hash values.
- Identity = $Identity
- The unique identifier of the update.
- Justification = $Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Jwt = $Jwt
- Layer = $Layer
- Layer holds metadata specific to a layer of a Docker image.
- License = $License
- License information.
- Material = $Material
- NonCompliantFile = $NonCompliantFile
- Details about files that caused a compliance check to fail.
- ProjectRepoId = $ProjectRepoId
- Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
- Recipe = $Recipe
- Steps taken to build the artifact.
- RelatedUrl = $RelatedUrl
- Metadata for any related URL information.
- ResourceDescriptor = $ResourceDescriptor
- SbomReferenceIntotoPredicate = $SbomReferenceIntotoPredicate
- A predicate which describes the SBOM being referenced.
- SBOMStatus = $SBOMStatus
- The status of an SBOM generation.
- Signature = $Signature
- Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
- SlsaBuilder = $Shared00
- SlsaCompleteness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- SlsaRecipe = $SlsaRecipe
- Steps taken to build the artifact.
- Status = $Status
-
The
Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. - Subject = $Subject
- TestIamPermissionsRequest = $TestIamPermissionsRequest00
-
Request message for
TestIamPermissions
method. - TestIamPermissionsResponse = $PermissionsResponse
-
Response message for
TestIamPermissions
method. - UpgradeDistribution = $UpgradeDistribution
- The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE).
- Version = $Version
- Version contains structured information about the version of a package.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.