containeranalysis/v1beta1 library

Container Analysis API - v1beta1

An implementation of the Grafeas API, which stores, and enables querying and retrieval of critical metadata about all of your software artifacts.

For more information, see cloud.google.com/container-analysis/api/reference/rest/

Create an instance of ContainerAnalysisApi to access these resources:

Classes

ArtifactHashes
Defines a hash object for use in Materials and Products.
ArtifactRule
Defines an object to declare an in-toto artifact rule
Attestation
Occurrence that represents a single "attestation".
Authority
Note kind that represents a logical attestation "role" or "authority".
Basis
Basis describes the base image portion (Note) of the DockerImage relationship.
BatchCreateNotesRequest
Request to create notes in batch.
BatchCreateNotesResponse
Response for creating notes in batch.
BatchCreateOccurrencesRequest
Request to create occurrences in batch.
BatchCreateOccurrencesResponse
Response for creating occurrences in batch.
Binding
Associates members, or principals, with a role.
Build
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
BuildProvenance
Provenance of a build.
BuildSignature
Message encapsulating the signature of the verified build.
CloudRepoSourceContext
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
ContainerAnalysisApi
An implementation of the Grafeas API, which stores, and enables querying and retrieval of critical metadata about all of your software artifacts.
CVSSv3
Common Vulnerability Scoring System version 3.
Deployable
An artifact that can be deployed in some runtime.
Derived
Derived describes the derived image portion (Occurrence) of the DockerImage relationship.
Detail
Identifies all appearances of this vulnerability in the package for a specific distro/location.
Details
Details of an attestation occurrence.
Discovered
Provides information about the analysis status of a discovered resource.
Discovery
A note that indicates a type of analysis a provider would perform.
Distribution
This represents a particular channel of distribution for a given package.
DocumentNote
DocumentNote represents an SPDX Document Creation Infromation section: https://spdx.github.io/spdx-spec/2-document-creation-information/
DocumentOccurrence
DocumentOccurrence represents an SPDX Document Creation Information section: https://spdx.github.io/spdx-spec/2-document-creation-information/
ExternalRef
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
FileHashes
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
FileNote
FileNote represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/
FileOccurrence
FileOccurrence represents an SPDX File Information section: https://spdx.github.io/spdx-spec/4-file-information/
FixableTotalByDigest
Per resource and severity counts of fixable and total vulnerabilities.
GenericSignedAttestation
An attestation wrapper that uses the Grafeas Signature message.
GerritSourceContext
A SourceContext referring to a Gerrit project.
GetIamPolicyRequest
Request message for GetIamPolicy method.
GrafeasV1beta1BuildDetails
Details of a build occurrence.
GrafeasV1beta1DeploymentDetails
Details of a deployment occurrence.
GrafeasV1beta1DiscoveryDetails
Details of a discovery occurrence.
GrafeasV1beta1ImageDetails
Details of an image occurrence.
GrafeasV1beta1IntotoArtifact
GrafeasV1beta1IntotoDetails
This corresponds to a signed in-toto link - it is made up of one or more signatures and the in-toto link itself.
GrafeasV1beta1IntotoSignature
A signature object consists of the KeyID used and the signature itself.
GrafeasV1beta1PackageDetails
Details of a package occurrence.
GrafeasV1beta1VulnerabilityDetails
Details of a vulnerability Occurrence.
Hash
Container message for hash values.
Hint
This submessage provides human-readable hints about the purpose of the authority.
Installation
This represents how a particular software package may be installed on a system.
InToto
This contains the fields corresponding to the definition of a software supply chain step in an in-toto layout.
KnowledgeBase
Layer
Layer holds metadata specific to a layer of a Docker image.
License
License information: https://spdx.github.io/spdx-spec/3-package-information/#315-declared-license
This corresponds to an in-toto link.
ListNoteOccurrencesResponse
Response for listing occurrences for a note.
ListNotesResponse
Response for listing notes.
ListOccurrencesResponse
Response for listing occurrences.
ListScanConfigsResponse
Response for listing scan configurations.
Location
An occurrence of a particular package installation found within a system's filesystem.
Note
A type of analysis that can be done for a resource.
Occurrence
An instance of an analysis type that has been found on a resource.
Package
This represents a particular package that is distributed over various channels.
PackageInfoNote
PackageInfoNote represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/
PackageInfoOccurrence
PackageInfoOccurrence represents an SPDX Package Information section: https://spdx.github.io/spdx-spec/3-package-information/
PackageIssue
This message wraps a location affected by a vulnerability and its associated fix (if one is available).
PgpSignedAttestation
An attestation wrapper with a PGP-compatible signature.
Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
ProjectsNotesOccurrencesResource
ProjectsNotesResource
ProjectsOccurrencesResource
ProjectsResource
ProjectsScanConfigsResource
RelationshipNote
RelationshipNote represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/
RelationshipOccurrence
RelationshipOccurrence represents an SPDX Relationship section: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/
RepoId
A unique identifier for a Cloud Repo.
Resource
An entity that can have metadata.
ScanConfig
A scan configuration specifies whether Cloud components in a project have a particular type of analysis being run.
SetIamPolicyRequest
Request message for SetIamPolicy method.
SigningKey
This defines the format used to record keys used in the software supply chain.
Source
Source describes the location of the source used for the build.
SourceContext
A SourceContext is a reference to a tree of files.
Version
Version contains structured information about the version of a package.
Vulnerability
Vulnerability provides metadata about a security vulnerability in a Note.
VulnerabilityLocation
The location of the vulnerability.
VulnerabilityOccurrencesSummary
A summary of how many vulnerability occurrences there are per resource and severity type.
WindowsDetail

Typedefs

AliasContext = $AliasContext
An alias to a repo revision.
Artifact = $Artifact
Artifact describes a build product.
ByProducts = $Shared02
Defines an object for the byproducts field in in-toto links.
Command = $Command
Command describes a step performed as part of the build pipeline.
Deployment = $Shared03
The period during which some deployable was active in a runtime.
Empty = $Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
Environment = $Shared02
Defines an object for the environment field in in-toto links.
Expr = $Expr
Represents a textual expression in the Common Expression Language (CEL) syntax.
Fingerprint = $Fingerprint
A set of properties that uniquely identify a given Docker image.
GetPolicyOptions = $GetPolicyOptions
Encapsulates settings provided to GetIamPolicy.
GitSourceContext = $GitSourceContext
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
ProjectRepoId = $ProjectRepoId
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
RelatedUrl = $RelatedUrl
Metadata for any related URL information.
Signature = $Signature
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Status = $Status
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.
TestIamPermissionsRequest = $TestIamPermissionsRequest
Request message for TestIamPermissions method.
TestIamPermissionsResponse = $TestIamPermissionsResponse
Response message for TestIamPermissions method.

Exceptions / Errors

ApiRequestError
Represents a general error reported by the API endpoint.
DetailedApiRequestError
Represents a specific error reported by the API endpoint.