You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/ondemandscanning_v1.projects.locations.scans.html
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -96,7 +96,7 @@ <h3>Method Details</h3>
96
96
The object takes the form of:
97
97
98
98
{ # AnalyzePackagesRequest is the request to analyze a list of packages and create Vulnerability Occurrences for it.
99
-
"includeOsvData": True or False, # Whether to include OSV data in the scan.
99
+
"includeOsvData": True or False, # [DEPRECATED] Whether to include OSV data in the scan. For backwards compatibility reasons, this field can be neither removed nor renamed.
100
100
"packages": [ # The packages to analyze.
101
101
{
102
102
"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability may manifest. Examples include distro or storage location for vulnerable jar.
Copy file name to clipboardExpand all lines: docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
+122-6Lines changed: 122 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,7 @@ <h3>Method Details</h3>
124
124
],
125
125
},
126
126
"build": { # Details of a build occurrence. # Describes a verifiable build.
127
-
"intotoProvenance": { # In-toto Provenance representation as defined in spec.
127
+
"intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
128
128
"builderConfig": { # required
129
129
"id": "A String",
130
130
},
@@ -158,7 +158,88 @@ <h3>Method Details</h3>
158
158
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
159
159
},
160
160
},
161
-
"provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
161
+
"intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
"predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
164
+
"provenance": {
165
+
"builderConfig": { # required
166
+
"id": "A String",
167
+
},
168
+
"materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
169
+
"A String",
170
+
],
171
+
"metadata": { # Other properties of the build.
172
+
"buildFinishedOn": "A String", # The timestamp of when the build completed.
173
+
"buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
174
+
"buildStartedOn": "A String", # The timestamp of when the build started.
175
+
"completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
176
+
"arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
177
+
"environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
178
+
"materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
179
+
},
180
+
"reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
181
+
},
182
+
"recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
183
+
"arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
184
+
{
185
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
186
+
},
187
+
],
188
+
"definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
189
+
"entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
190
+
"environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
191
+
{
192
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
193
+
},
194
+
],
195
+
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
196
+
},
197
+
},
198
+
"slsaProvenance": {
199
+
"builder": { # required
200
+
"id": "A String",
201
+
},
202
+
"materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
203
+
{
204
+
"digest": {
205
+
"a_key": "A String",
206
+
},
207
+
"uri": "A String",
208
+
},
209
+
],
210
+
"metadata": { # Other properties of the build.
211
+
"buildFinishedOn": "A String", # The timestamp of when the build completed.
212
+
"buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
213
+
"buildStartedOn": "A String", # The timestamp of when the build started.
214
+
"completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
215
+
"arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
216
+
"environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
217
+
"materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
218
+
},
219
+
"reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
220
+
},
221
+
"recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
222
+
"arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
223
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
224
+
},
225
+
"definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
226
+
"entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
227
+
"environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
228
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
229
+
},
230
+
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
231
+
},
232
+
},
233
+
"subject": [
234
+
{
235
+
"digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
236
+
"a_key": "A String",
237
+
},
238
+
"name": "A String",
239
+
},
240
+
],
241
+
},
242
+
"provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
162
243
"buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
163
244
"a_key": "A String",
164
245
},
@@ -315,7 +396,7 @@ <h3>Method Details</h3>
315
396
"cpe": "A String", # The CPE of the resource being scanned.
316
397
"lastScanTime": "A String", # The last time this resource was scanned.
317
398
},
318
-
"dsseAttestation": { # Describes an attestation of an artifact using dsse.
399
+
"dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
319
400
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
320
401
"payload": "A String",
321
402
"payloadType": "A String",
@@ -327,7 +408,8 @@ <h3>Method Details</h3>
327
408
],
328
409
},
329
410
"statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
330
-
"predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
"predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
331
413
"provenance": {
332
414
"builderConfig": { # required
333
415
"id": "A String",
@@ -362,15 +444,49 @@ <h3>Method Details</h3>
362
444
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
363
445
},
364
446
},
447
+
"slsaProvenance": {
448
+
"builder": { # required
449
+
"id": "A String",
450
+
},
451
+
"materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
452
+
{
453
+
"digest": {
454
+
"a_key": "A String",
455
+
},
456
+
"uri": "A String",
457
+
},
458
+
],
459
+
"metadata": { # Other properties of the build.
460
+
"buildFinishedOn": "A String", # The timestamp of when the build completed.
461
+
"buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
462
+
"buildStartedOn": "A String", # The timestamp of when the build started.
463
+
"completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
464
+
"arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
465
+
"environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
466
+
"materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
467
+
},
468
+
"reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
469
+
},
470
+
"recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
471
+
"arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
472
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
473
+
},
474
+
"definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
475
+
"entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
476
+
"environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
477
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
478
+
},
479
+
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
"digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
0 commit comments