containeranalysis/v1 library

Container Analysis API - v1

This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in both Artifact Registry and with Advanced Vulnerability Insights (runtime scanning) in GKE. In addition, the Container Analysis API is an implementation of the Grafeas API, which enables storing, querying, and retrieval of critical metadata about all of your software artifacts.

For more information, see cloud.google.com/container-analysis/api/reference/rest/

Create an instance of ContainerAnalysisApi to access these resources:

• ProjectsResource
  • ProjectsLocationsResource
    • ProjectsLocationsNotesResource
      • ProjectsLocationsNotesOccurrencesResource
    • ProjectsLocationsOccurrencesResource
    • ProjectsLocationsResourcesResource
  • ProjectsNotesResource
    • ProjectsNotesOccurrencesResource
  • ProjectsOccurrencesResource
  • ProjectsResourcesResource

Classes

Assessment

Assessment provides all information that is related to a single vulnerability for this product.

AttestationNote

Note kind that represents a logical attestation "role" or "authority".

AttestationOccurrence

Occurrence that represents a single "attestation".

BatchCreateNotesRequest

Request to create notes in batch.

BatchCreateNotesResponse

Response for creating notes in batch.

BatchCreateOccurrencesRequest

Request to create occurrences in batch.

BatchCreateOccurrencesResponse

Response for creating occurrences in batch.

Binding

Associates members, or principals, with a role.

BuildDefinition

BuildNote

Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.

BuildOccurrence

Details of a build occurrence.

BuildProvenance

Provenance of a build.

CisBenchmark

A compliance check that is a CIS benchmark.

CloudRepoSourceContext

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

ComplianceNote

ComplianceOccurrence

An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.

ContainerAnalysisApi

This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in both Artifact Registry and with Advanced Vulnerability Insights (runtime scanning) in GKE.

CVSSv3

Common Vulnerability Scoring System version 3.

DeploymentNote

An artifact that can be deployed in some runtime.

Detail

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

Digest

Digest information.

DiscoveryNote

A note that indicates a type of analysis a provider would perform.

DiscoveryOccurrence

Provides information about the analysis status of a discovered resource.

Distribution

This represents a particular channel of distribution for a given package.

DSSEAttestationNote

DSSEAttestationOccurrence

Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.

DSSEHint

This submessage provides human-readable hints about the purpose of the authority.

Envelope

MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto.

ExportSBOMRequest

The request to generate and export SBOM.

ExportSBOMResponse

The response from a call to ExportSBOM.

FileHashes

Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.

FixableTotalByDigest

Per resource and severity counts of fixable and total vulnerabilities.

GerritSourceContext

A SourceContext referring to a Gerrit project.

GetIamPolicyRequest

Request message for GetIamPolicy method.

GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation

Identifies the event that kicked off the build.

GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata

Other properties of the build.

Hint

This submessage provides human-readable hints about the purpose of the authority.

ImageNote

Basis describes the base image portion (Note) of the DockerImage relationship.

ImageOccurrence

Details of the derived image portion of the DockerImage relationship.

InTotoProvenance

InTotoSlsaProvenanceV1

InTotoStatement

Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload.

KnowledgeBase

ListNoteOccurrencesResponse

Response for listing occurrences for a note.

ListNotesResponse

Response for listing notes.

ListOccurrencesResponse

Response for listing occurrences.

Location

An occurrence of a particular package installation found within a system's filesystem.

Metadata

Other properties of the build.

Note

A type of analysis that can be done for a resource.

Occurrence

An instance of an analysis type that has been found on a resource.

PackageIssue

A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).

PackageNote

PackageNote represents a particular package version.

PackageOccurrence

Details on how a particular software package was installed on a system.

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

Product

Product contains information about a product and how to uniquely identify it.

ProjectsLocationsNotesOccurrencesResource

ProjectsLocationsNotesResource

ProjectsLocationsOccurrencesResource

ProjectsLocationsResource

ProjectsLocationsResourcesResource

ProjectsNotesOccurrencesResource

ProjectsNotesResource

ProjectsOccurrencesResource

ProjectsResource

ProjectsResourcesResource

ProvenanceBuilder

Publisher

Publisher contains information about the publisher of this Note.

Remediation

Specifies details on how to handle (and presumably, fix) a vulnerability.

RepoId

A unique identifier for a Cloud Repo.

RunDetails

SbomReferenceIntotoPayload

The actual payload that contains the SBOM Reference data.

SBOMReferenceNote

The note representing an SBOM reference.

SBOMReferenceOccurrence

The occurrence representing an SBOM reference as applied to a specific resource.

SetIamPolicyRequest

Request message for SetIamPolicy method.

SlsaMetadata

Other properties of the build.

SlsaProvenance

SlsaProvenanceV1

Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.

SlsaProvenanceZeroTwo

See full explanation of fields at slsa.dev/provenance/v0.2.

Source

Source describes the location of the source used for the build.

SourceContext

A SourceContext is a reference to a tree of files.

UpgradeNote

An Upgrade Note represents a potential upgrade of a package to a given version.

UpgradeOccurrence

An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade.

VexAssessment

VexAssessment provides all publisher provided Vex information that is related to this vulnerability.

VulnerabilityAssessmentNote

A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE.

VulnerabilityNote

A security vulnerability that can be found in resources.

VulnerabilityOccurrence

An occurrence of a severity vulnerability on a resource.

VulnerabilityOccurrencesSummary

A summary of how many vulnerability occurrences there are per resource and severity type.

WindowsDetail

WindowsUpdate

Windows Update represents the metadata about the update for the Windows operating system.

Typedefs

AliasContext = $AliasContext

An alias to a repo revision.

AnalysisCompleted = $AnalysisCompleted

Indicates which analysis completed successfully.

Artifact = $Artifact

Artifact describes a build product.

BuilderConfig = $Shared00

BuildMetadata = $BuildMetadata

Category = $Category

The category to which the update belongs.

CloudStorageLocation = $Empty

Empty placeholder to denote that this is a Google Cloud Storage export request.

Command = $Command

Command describes a step performed as part of the build pipeline.

Completeness = $Completeness

Indicates that the builder claims certain fields in this message to be complete.

ComplianceVersion = $ComplianceVersion

Describes the CIS benchmark version that is applicable to a given OS and os version.

CVSS = $CVSS

Common Vulnerability Scoring System.

DeploymentOccurrence = $DeploymentOccurrence

The period during which some deployable was active in a runtime.

Empty = $Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.

EnvelopeSignature = $EnvelopeSignature

Expr = $Expr

Represents a textual expression in the Common Expression Language (CEL) syntax.

Fingerprint = $Fingerprint

A set of properties that uniquely identify a given Docker image.

GetPolicyOptions = $GetPolicyOptions00

Encapsulates settings provided to GetIamPolicy.

GitSourceContext = $GitSourceContext

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

GrafeasV1FileLocation = $FileLocation

Indicates the location at which a package was found.

GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder = $Shared00

Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.

GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness = $GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness

Indicates that the builder claims certain fields in this message to be complete.

GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource = $GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource

Describes where the config file that kicked off the build came from.

GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial = $Material

The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.

Hash = $Hash

Container message for hash values.

Identity = $Identity

The unique identifier of the update.

Justification = $Justification

Justification provides the justification when the state of the assessment if NOT_AFFECTED.

Jwt = $Jwt

Layer = $Layer

Layer holds metadata specific to a layer of a Docker image.

License = $License

License information.

Material = $Material

NonCompliantFile = $NonCompliantFile

Details about files that caused a compliance check to fail.

ProjectRepoId = $ProjectRepoId

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

Recipe = $Recipe

Steps taken to build the artifact.

RelatedUrl = $RelatedUrl

Metadata for any related URL information.

ResourceDescriptor = $ResourceDescriptor

SbomReferenceIntotoPredicate = $SbomReferenceIntotoPredicate

A predicate which describes the SBOM being referenced.

SBOMStatus = $SBOMStatus

The status of an SBOM generation.

Signature = $Signature

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).

SlsaBuilder = $Shared00

SlsaCompleteness = $Completeness

Indicates that the builder claims certain fields in this message to be complete.

SlsaRecipe = $SlsaRecipe

Steps taken to build the artifact.

Status = $Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.

Subject = $Subject

TestIamPermissionsRequest = $TestIamPermissionsRequest00

Request message for TestIamPermissions method.

TestIamPermissionsResponse = $PermissionsResponse

Response message for TestIamPermissions method.

UpgradeDistribution = $UpgradeDistribution

The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE).

Version = $Version

Version contains structured information about the version of a package.

Exceptions / Errors

ApiRequestError

Represents a general error reported by the API endpoint.

DetailedApiRequestError

Represents a specific error reported by the API endpoint.