ondemandscanning/v1 library
On-Demand Scanning API - v1
A service to scan container images for vulnerabilities.
For more information, see cloud.google.com/container-analysis/docs/on-demand-scanning/
Create an instance of OnDemandScanningApi to access these resources:
Classes
- AnalyzePackagesRequestV1
- AnalyzePackagesRequest is the request to analyze a list of packages and create Vulnerability Occurrences for it.
- AttestationOccurrence
- Occurrence that represents a single "attestation".
- BinarySourceInfo
- BuildDefinition
- BuildOccurrence
- Details of a build occurrence.
- BuildProvenance
- Provenance of a build.
- CloudRepoSourceContext
- A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
- ComplianceOccurrence
- An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
- DiscoveryOccurrence
- Provides information about the analysis status of a discovered resource.
- DSSEAttestationOccurrence
- Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
- Envelope
- MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto.
- FileHashes
- Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
- GerritSourceContext
- A SourceContext referring to a Gerrit project.
- GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation
- Identifies the event that kicked off the build.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata
- Other properties of the build.
- ImageOccurrence
- Details of the derived image portion of the DockerImage relationship.
- InTotoProvenance
- InTotoSlsaProvenanceV1
- InTotoStatement
- Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload.
- LanguagePackageDependency
- Indicates a language package available between this package and the customer's resource artifact.
- ListOperationsResponse
- The response message for Operations.ListOperations.
- ListVulnerabilitiesResponseV1
- ListVulnerabilitiesResponse contains a single page of vulnerabilities resulting from a scan.
- Location
- An occurrence of a particular package installation found within a system's filesystem.
- Maintainer
- Metadata
- Other properties of the build.
- Occurrence
- An instance of an analysis type that has been found on a resource.
- OnDemandScanningApi
- A service to scan container images for vulnerabilities.
- Operation
- This resource represents a long-running operation that is the result of a network API call.
- PackageData
- PackageIssue
- A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
- PackageOccurrence
- Details on how a particular software package was installed on a system.
- PackageVersion
- ProjectsLocationsOperationsResource
- ProjectsLocationsResource
- ProjectsLocationsScansResource
- ProjectsLocationsScansVulnerabilitiesResource
- ProjectsResource
- ProvenanceBuilder
- Remediation
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- RepoId
- A unique identifier for a Cloud Repo.
- RunDetails
- SbomReferenceIntotoPayload
- The actual payload that contains the SBOM Reference data.
- SBOMReferenceOccurrence
- The occurrence representing an SBOM reference as applied to a specific resource.
- SlsaMetadata
- Other properties of the build.
- SlsaProvenance
- SlsaProvenanceV1
- Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.
- SlsaProvenanceZeroTwo
- See full explanation of fields at slsa.dev/provenance/v0.2.
- Source
- Source describes the location of the source used for the build.
- SourceContext
- A SourceContext is a reference to a tree of files.
- UpgradeOccurrence
- An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade.
- VexAssessment
- VexAssessment provides all publisher provided Vex information that is related to this vulnerability.
- VulnerabilityOccurrence
- An occurrence of a severity vulnerability on a resource.
- WindowsUpdate
- Windows Update represents the metadata about the update for the Windows operating system.
Typedefs
- AliasContext = $AliasContext
- An alias to a repo revision.
- AnalysisCompleted = $AnalysisCompleted
- Indicates which analysis completed successfully.
- Artifact = $Artifact
- Artifact describes a build product.
- BuilderConfig = $Shared00
- BuildMetadata = $BuildMetadata
- Category = $Category
- The category to which the update belongs.
- Command = $Command
- Command describes a step performed as part of the build pipeline.
- Completeness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- CVSS = $CVSS
- Common Vulnerability Scoring System.
- DeploymentOccurrence = $DeploymentOccurrence
- The period during which some deployable was active in a runtime.
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- EnvelopeSignature = $EnvelopeSignature
- FileLocation = $FileLocation
- Indicates the location at which a package was found.
- Fingerprint = $Fingerprint
- A set of properties that uniquely identify a given Docker image.
- GitSourceContext = $GitSourceContext
- A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
- GrafeasV1FileLocation = $FileLocation
- Indicates the location at which a package was found.
- GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder = $Shared00
- Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness = $GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness
- Indicates that the builder claims certain fields in this message to be complete.
- GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource = $GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource
- Describes where the config file that kicked off the build came from.
- GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial = $Material
- The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- Hash = $Hash
- Container message for hash values.
- Identity = $Identity
- The unique identifier of the update.
- Justification = $Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Jwt = $Jwt
- Layer = $Layer
- Layer holds metadata specific to a layer of a Docker image.
- License = $License
- License information.
- Material = $Material
- NonCompliantFile = $NonCompliantFile
- Details about files that caused a compliance check to fail.
- ProjectRepoId = $ProjectRepoId
- Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
- Recipe = $Recipe
- Steps taken to build the artifact.
- RelatedUrl = $RelatedUrl
- Metadata for any related URL information.
- ResourceDescriptor = $ResourceDescriptor
- SbomReferenceIntotoPredicate = $SbomReferenceIntotoPredicate
- A predicate which describes the SBOM being referenced.
- SBOMStatus = $SBOMStatus
- The status of an SBOM generation.
- Signature = $Signature
- Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
- SlsaBuilder = $Shared00
- SlsaCompleteness = $Completeness
- Indicates that the builder claims certain fields in this message to be complete.
- SlsaRecipe = $SlsaRecipe
- Steps taken to build the artifact.
- Status = $Status
-
The
Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. - Subject = $Subject
- UpgradeDistribution = $UpgradeDistribution
- The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE).
- Version = $Version
- Version contains structured information about the version of a package.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.