diff options
Diffstat (limited to 'third_party/googleapis/google/devtools/containeranalysis')
35 files changed, 3889 insertions, 0 deletions
diff --git a/third_party/googleapis/google/devtools/containeranalysis/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/BUILD.bazel new file mode 100644 index 0000000..0d742e2 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/BUILD.bazel @@ -0,0 +1,41 @@ +# This build file includes a target for the Ruby wrapper library for +# google-cloud-container_analysis. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +# Export yaml configs. +exports_files(glob(["*.yaml"])) + +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", +) + +# Generates a Ruby wrapper client for containeranalysis. +# Ruby wrapper clients are versionless, but are generated from source protos +# for a particular service version, v1 in this case. +ruby_cloud_gapic_library( + name = "containeranalysis_ruby_wrapper", + srcs = ["//google/devtools/containeranalysis/v1:containeranalysis_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-container_analysis", + "ruby-cloud-env-prefix=CONTAINER_ANALYSIS", + "ruby-cloud-wrapper-of=v1:0.0", + "ruby-cloud-product-url=https://cloud.google.com/container-registry/docs/container-analysis", + "ruby-cloud-api-id=containeranalysis.googleapis.com", + "ruby-cloud-api-shortname=containeranalysis", + "ruby-cloud-migration-version=1.0", + ], + ruby_cloud_description = "The Container Analysis API is an implementation of Grafeas. It stores, and enables querying and retrieval of, critical metadata about all of your software artifacts.", + ruby_cloud_title = "Container Analysis", +) + +# Open Source package. +ruby_gapic_assembly_pkg( + name = "google-cloud-containeranalysis-ruby", + deps = [ + ":containeranalysis_ruby_wrapper", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1/BUILD.bazel new file mode 100644 index 0000000..1b9e277 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1/BUILD.bazel @@ -0,0 +1,407 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "containeranalysis_proto", + srcs = [ + "containeranalysis.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/iam/v1:iam_policy_proto", + "//google/iam/v1:policy_proto", + "//grafeas/v1:grafeas_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "containeranalysis_proto_with_info", + deps = [ + ":containeranalysis_proto", + "//google/cloud:common_resources_proto", + ], +) + +## DO NOT REMOVE +## Node.js library must be built based on both ContainerAnalysis v1 and +## Grafeas v1 protos. +proto_library_with_info( + name = "containeranalysis_grafeas_proto_with_info", + deps = [ + ":containeranalysis_proto", + "//google/cloud:common_resources_proto", + "//grafeas/v1:grafeas_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "containeranalysis_java_proto", + deps = [":containeranalysis_proto"], +) + +java_grpc_library( + name = "containeranalysis_java_grpc", + srcs = [":containeranalysis_proto"], + deps = [":containeranalysis_java_proto"], +) + +java_gapic_library( + name = "containeranalysis_java_gapic", + srcs = [":containeranalysis_proto_with_info"], + gapic_yaml = "containeranalysis_gapic.yaml", + grpc_service_config = "containeranalysis_grpc_service_config.json", + service_yaml = "containeranalysis_v1.yaml", + test_deps = [ + ":containeranalysis_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":containeranalysis_java_proto", + "//google/api:api_java_proto", + "//google/iam/v1:iam_java_proto", + "//grafeas/v1:common_java_proto", + ], +) + +java_gapic_test( + name = "containeranalysis_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.devtools.containeranalysis.v1.ContainerAnalysisClientHttpJsonTest", + "com.google.cloud.devtools.containeranalysis.v1.ContainerAnalysisClientTest", + ], + runtime_deps = [":containeranalysis_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-devtools-containeranalysis-v1-java", + transport = "grpc+rest", + deps = [ + ":containeranalysis_java_gapic", + ":containeranalysis_java_grpc", + ":containeranalysis_java_proto", + ":containeranalysis_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "containeranalysis_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1", + protos = [":containeranalysis_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + "//grafeas/v1:grafeas_go_proto", + ], +) + +# go_gapic_library( +# name = "containeranalysis_go_gapic", +# srcs = [":containeranalysis_proto_with_info"], +# grpc_service_config = "containeranalysis_grpc_service_config.json", +# importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1;containeranalysis", +# metadata = True, +# service_yaml = "containeranalysis_v1.yaml", +# deps = [ +# ":containeranalysis_go_proto", +# "//google/iam/v1:iam_go_proto", +# "//grafeas/v1:common_go_proto", +# ], +# ) + +# go_test( +# name = "containeranalysis_go_gapic_test", +# srcs = [":containeranalysis_go_gapic_srcjar_test"], +# embed = [":containeranalysis_go_gapic"], +# importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1", +# ) + +# # Open Source Packages +# go_gapic_assembly_pkg( +# name = "gapi-cloud-devtools-containeranalysis-v1-go", +# deps = [ +# ":containeranalysis_go_gapic", +# ":containeranalysis_go_gapic_srcjar-metadata.srcjar", +# ":containeranalysis_go_gapic_srcjar-test.srcjar", +# ":containeranalysis_go_proto", +# ], +# ) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "containeranalysis_py_gapic", + srcs = [":containeranalysis_proto"], + grpc_service_config = "containeranalysis_grpc_service_config.json", + opt_args = ["python-gapic-namespace=google.cloud.devtools"], + transport = "grpc", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + "//google/iam/v1:policy_py_proto", + "//grafeas/v1:grafeas_py_proto", + ], +) + +py_test( + name = "containeranalysis_py_gapic_test", + srcs = [ + "containeranalysis_py_gapic_pytest.py", + "containeranalysis_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":containeranalysis_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "devtools-containeranalysis-v1-py", + deps = [ + ":containeranalysis_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "containeranalysis_php_proto", + deps = [":containeranalysis_proto"], +) + +php_grpc_library( + name = "containeranalysis_php_grpc", + srcs = [":containeranalysis_proto"], + deps = [":containeranalysis_php_proto"], +) + +php_gapic_library( + name = "containeranalysis_php_gapic", + srcs = [":containeranalysis_proto_with_info"], + grpc_service_config = "containeranalysis_grpc_service_config.json", + service_yaml = "containeranalysis_v1.yaml", + deps = [ + ":containeranalysis_php_grpc", + ":containeranalysis_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-devtools-containeranalysis-v1-php", + deps = [ + ":containeranalysis_php_gapic", + ":containeranalysis_php_grpc", + ":containeranalysis_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "containeranalysis_nodejs_gapic", + package_name = "@google-cloud/containeranalysis", + ## DO NOT CHANGE: src must point to a combined proto target + src = ":containeranalysis_grafeas_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "containeranalysis_grpc_service_config.json", + main_service = "containeranalysis", + package = "google.devtools.containeranalysis.v1", + service_yaml = "containeranalysis_v1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "devtools-containeranalysis-v1-nodejs", + deps = [ + ":containeranalysis_nodejs_gapic", + ":containeranalysis_proto", + ## DO NOT CHANGE: must include Grafeas protos + "//grafeas/v1:grafeas_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "containeranalysis_ruby_proto", + deps = [":containeranalysis_proto"], +) + +ruby_grpc_library( + name = "containeranalysis_ruby_grpc", + srcs = [":containeranalysis_proto"], + deps = [":containeranalysis_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "containeranalysis_ruby_gapic", + srcs = [":containeranalysis_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-container_analysis-v1", + "ruby-cloud-env-prefix=CONTAINER_ANALYSIS", + "ruby-cloud-product-url=https://cloud.google.com/container-registry/docs/container-analysis", + "ruby-cloud-api-id=containeranalysis.googleapis.com", + "ruby-cloud-api-shortname=containeranalysis", + "ruby-cloud-extra-dependencies=grafeas-v1=>= 0.4|< 2.a", + ], + grpc_service_config = "containeranalysis_grpc_service_config.json", + ruby_cloud_description = "The Container Analysis API is an implementation of Grafeas. It stores, and enables querying and retrieval of, critical metadata about all of your software artifacts.", + ruby_cloud_title = "Container Analysis V1", + deps = [ + ":containeranalysis_ruby_grpc", + ":containeranalysis_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-devtools-containeranalysis-v1-ruby", + deps = [ + ":containeranalysis_ruby_gapic", + ":containeranalysis_ruby_grpc", + ":containeranalysis_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "containeranalysis_csharp_proto", + deps = [":containeranalysis_proto"], +) + +csharp_grpc_library( + name = "containeranalysis_csharp_grpc", + srcs = [":containeranalysis_proto"], + deps = [":containeranalysis_csharp_proto"], +) + +csharp_gapic_library( + name = "containeranalysis_csharp_gapic", + srcs = [":containeranalysis_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "containeranalysis_grpc_service_config.json", + service_yaml = "containeranalysis_v1.yaml", + deps = [ + ":containeranalysis_csharp_grpc", + ":containeranalysis_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-devtools-containeranalysis-v1-csharp", + deps = [ + ":containeranalysis_csharp_gapic", + ":containeranalysis_csharp_grpc", + ":containeranalysis_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "containeranalysis_cc_proto", + deps = [":containeranalysis_proto"], +) + +cc_grpc_library( + name = "containeranalysis_cc_grpc", + srcs = [":containeranalysis_proto"], + grpc_only = True, + deps = [":containeranalysis_cc_proto"], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis.proto b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis.proto new file mode 100644 index 0000000..c1bda55 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis.proto @@ -0,0 +1,156 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.devtools.containeranalysis.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "grafeas/v1/severity.proto"; + +option csharp_namespace = "Google.Cloud.DevTools.ContainerAnalysis.V1"; +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1;containeranalysis"; +option java_multiple_files = true; +option java_package = "com.google.containeranalysis.v1"; +option objc_class_prefix = "GCA"; +option ruby_package = "Google::Cloud::ContainerAnalysis::V1"; +option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1"; + +// Retrieves analysis results of Cloud components such as Docker container +// images. The Container Analysis API is an implementation of the +// [Grafeas](https://grafeas.io) API. +// +// Analysis results are stored as a series of occurrences. An `Occurrence` +// contains information about a specific analysis instance on a resource. An +// occurrence refers to a `Note`. A note contains details describing the +// analysis and is generally stored in a separate project, called a `Provider`. +// Multiple occurrences can refer to the same note. +// +// For example, an SSL vulnerability could affect multiple images. In this case, +// there would be one note for the vulnerability and an occurrence for each +// image with the vulnerability referring to that note. +service ContainerAnalysis { + option (google.api.default_host) = "containeranalysis.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Sets the access control policy on the specified note or occurrence. + // Requires `containeranalysis.notes.setIamPolicy` or + // `containeranalysis.occurrences.setIamPolicy` permission if the resource is + // a note or an occurrence, respectively. + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/notes/*}:setIamPolicy" + body: "*" + additional_bindings { + post: "/v1/{resource=projects/*/occurrences/*}:setIamPolicy" + body: "*" + } + }; + option (google.api.method_signature) = "resource,policy"; + } + + // Gets the access control policy for a note or an occurrence resource. + // Requires `containeranalysis.notes.setIamPolicy` or + // `containeranalysis.occurrences.setIamPolicy` permission if the resource is + // a note or occurrence, respectively. + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/notes/*}:getIamPolicy" + body: "*" + additional_bindings { + post: "/v1/{resource=projects/*/occurrences/*}:getIamPolicy" + body: "*" + } + }; + option (google.api.method_signature) = "resource"; + } + + // Returns the permissions that a caller has on the specified note or + // occurrence. Requires list permission on the project (for example, + // `containeranalysis.notes.list`). + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/notes/*}:testIamPermissions" + body: "*" + additional_bindings { + post: "/v1/{resource=projects/*/occurrences/*}:testIamPermissions" + body: "*" + } + }; + option (google.api.method_signature) = "resource,permissions"; + } + + // Gets a summary of the number and severity of occurrences. + rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) { + option (google.api.http) = { + get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary" + }; + option (google.api.method_signature) = "parent,filter"; + } +} + +// Request to get a vulnerability summary for some set of occurrences. +message GetVulnerabilityOccurrencesSummaryRequest { + // Required. The name of the project to get a vulnerability summary for in the form of + // `projects/[PROJECT_ID]`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // The filter expression. + string filter = 2; +} + +// A summary of how many vulnerability occurrences there are per resource and +// severity type. +message VulnerabilityOccurrencesSummary { + // Per resource and severity counts of fixable and total vulnerabilities. + message FixableTotalByDigest { + // The affected resource. + string resource_uri = 1; + + // The severity for this count. SEVERITY_UNSPECIFIED indicates total across + // all severities. + grafeas.v1.Severity severity = 2; + + // The number of fixable vulnerabilities associated with this resource. + int64 fixable_count = 3; + + // The total number of vulnerabilities associated with this resource. + int64 total_count = 4; + } + + // A listing by resource of the number of fixable and total vulnerabilities. + repeated FixableTotalByDigest counts = 1; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_gapic.yaml b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_gapic.yaml new file mode 100644 index 0000000..788491d --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_gapic.yaml @@ -0,0 +1,6 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 +# The settings of generated code in a specific language. +language_settings: + java: + package_name: com.google.cloud.devtools.containeranalysis.v1 diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_grpc_service_config.json b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_grpc_service_config.json new file mode 100755 index 0000000..ee15e6e --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_grpc_service_config.json @@ -0,0 +1,21 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.devtools.containeranalysis.v1.ContainerAnalysis", + "method": "SetIamPolicy" + }, + { + "service": "google.devtools.containeranalysis.v1.ContainerAnalysis", + "method": "GetIamPolicy" + }, + { + "service": "google.devtools.containeranalysis.v1.ContainerAnalysis", + "method": "TestIamPermissions" + } + ], + "timeout": "30s" + } + ] +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml new file mode 100644 index 0000000..c59b101 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml @@ -0,0 +1,27 @@ +type: google.api.Service +config_version: 3 +name: containeranalysis.googleapis.com +title: Container Analysis API + +apis: +- name: google.devtools.containeranalysis.v1.ContainerAnalysis + +documentation: + summary: |- + An implementation of the Grafeas API, which stores, and enables querying + and retrieval of critical metadata about all of your software artifacts. + overview: |- + The Container Analysis API allows you to store and retrieve metadata for a + container resource. + +backend: + rules: + - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*' + deadline: 30.0 + +authentication: + rules: + - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/BUILD.bazel new file mode 100644 index 0000000..3435eaf --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/BUILD.bazel @@ -0,0 +1,240 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +_PROTO_SUBPACKAGE_DEPS = [ + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_proto", + "//google/devtools/containeranalysis/v1beta1/cvss:cvss_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_proto", + "//google/devtools/containeranalysis/v1beta1/grafeas:grafeas_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_proto", + "//google/devtools/containeranalysis/v1beta1/source:source_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_proto", +] + +proto_library( + name = "containeranalysis_proto", + srcs = [ + "containeranalysis.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/iam/v1:iam_policy_proto", + "//google/iam/v1:policy_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "containeranalysis_proto_with_info", + deps = [ + "//google/cloud:common_resources_proto", + ":containeranalysis_proto", + ] + _PROTO_SUBPACKAGE_DEPS, +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +_JAVA_PROTO_SUBPACKAGE_DEPS = [ + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_java_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_java_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_java_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_java_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_java_proto", + "//google/devtools/containeranalysis/v1beta1/grafeas:grafeas_java_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_java_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_java_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_java_proto", + "//google/devtools/containeranalysis/v1beta1/source:source_java_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_java_proto", +] + +_JAVA_GRPC_SUBPACKAGE_DEPS = [ + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_java_grpc", + "//google/devtools/containeranalysis/v1beta1/build:build_java_grpc", + "//google/devtools/containeranalysis/v1beta1/common:common_java_grpc", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_java_grpc", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_java_grpc", + "//google/devtools/containeranalysis/v1beta1/grafeas:grafeas_java_grpc", + "//google/devtools/containeranalysis/v1beta1/image:image_java_grpc", + "//google/devtools/containeranalysis/v1beta1/package:package_java_grpc", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_java_grpc", + "//google/devtools/containeranalysis/v1beta1/source:source_java_grpc", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_java_grpc", +] + +java_proto_library( + name = "containeranalysis_java_proto", + deps = [":containeranalysis_proto"], +) + +java_grpc_library( + name = "containeranalysis_java_grpc", + srcs = [":containeranalysis_proto"], + deps = [":containeranalysis_java_proto"], +) + +java_gapic_library( + name = "containeranalysis_java_gapic", + srcs = [":containeranalysis_proto_with_info"], + gapic_yaml = "containeranalysis_gapic.yaml", + grpc_service_config = "containeranalysis_grpc_service_config.json", + test_deps = [ + ":containeranalysis_java_grpc", + ] + _JAVA_GRPC_SUBPACKAGE_DEPS, + transport = "grpc+rest", + deps = [ + ":containeranalysis_java_proto", + "//google/iam/v1:iam_java_proto", + ] + _JAVA_PROTO_SUBPACKAGE_DEPS, +) + +java_gapic_test( + name = "containeranalysis_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1ClientHttpJsonTest", + "com.google.cloud.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1ClientTest", + "com.google.cloud.devtools.containeranalysis.v1beta1.GrafeasV1Beta1ClientHttpJsonTest", + "com.google.cloud.devtools.containeranalysis.v1beta1.GrafeasV1Beta1ClientTest", + ], + runtime_deps = ["containeranalysis_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-devtools-containeranalysis-v1beta1-java", + transport = "grpc+rest", + deps = [ + ":containeranalysis_java_gapic", + ":containeranalysis_java_grpc", + ":containeranalysis_java_proto", + ":containeranalysis_proto", + ] + _JAVA_GRPC_SUBPACKAGE_DEPS + _JAVA_PROTO_SUBPACKAGE_DEPS + _PROTO_SUBPACKAGE_DEPS, +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "containeranalysis_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1", + protos = [":containeranalysis_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_gapic_library( + name = "containeranalysis_go_gapic", + srcs = [":containeranalysis_proto_with_info"], + grpc_service_config = "containeranalysis_grpc_service_config.json", + importpath = "cloud.google.com/go/containeranalysis/apiv1beta1;containeranalysis", + service_yaml = "containeranalysis_v1beta1.yaml", + transport = "grpc+rest", + deps = [ + ":containeranalysis_go_proto", + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_go_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_go_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_go_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_go_proto", + "//google/devtools/containeranalysis/v1beta1/grafeas:grafeas_go_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_go_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_go_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_go_proto", + "//google/devtools/containeranalysis/v1beta1/source:source_go_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_test( + name = "containeranalysis_go_gapic_test", + srcs = [":containeranalysis_go_gapic_srcjar_test"], + embed = [":containeranalysis_go_gapic"], + importpath = "cloud.google.com/go/containeranalysis/apiv1beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-devtools-containeranalysis-v1beta1-go", + deps = [ + ":containeranalysis_go_gapic", + ":containeranalysis_go_gapic_srcjar-test.srcjar", + ":containeranalysis_go_proto", + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_go_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_go_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_go_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_go_proto", + "//google/devtools/containeranalysis/v1beta1/grafeas:grafeas_go_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_go_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_go_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_go_proto", + "//google/devtools/containeranalysis/v1beta1/source:source_go_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_go_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "containeranalysis_nodejs_gapic", + package_name = "@google-cloud/containeranalysis", + src = ":containeranalysis_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "containeranalysis_grpc_service_config.json", + main_service = "containeranalysis", + package = "google.devtools.containeranalysis.v1beta1", + service_yaml = "containeranalysis_v1beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "devtools-containeranalysis-v1beta1-nodejs", + deps = [ + ":containeranalysis_nodejs_gapic", + ":containeranalysis_proto", + ] + _PROTO_SUBPACKAGE_DEPS, +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/BUILD.bazel new file mode 100644 index 0000000..347abf1 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/BUILD.bazel @@ -0,0 +1,59 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "attestation_proto", + srcs = [ + "attestation.proto", + ], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_proto", + ], +) + +proto_library_with_info( + name = "attestation_proto_with_info", + deps = [":attestation_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "attestation_java_proto", + deps = [":attestation_proto"], +) + +java_grpc_library( + name = "attestation_java_grpc", + srcs = [":attestation_proto"], + deps = [":attestation_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "attestation_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/attestation", + protos = [":attestation_proto"], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/attestation.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/attestation.proto new file mode 100644 index 0000000..0d3d6c9 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/attestation/attestation.proto @@ -0,0 +1,170 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.attestation; + +import "google/devtools/containeranalysis/v1beta1/common/common.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/attestation;attestation"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.attestation"; +option objc_class_prefix = "GRA"; + +// An attestation wrapper with a PGP-compatible signature. This message only +// supports `ATTACHED` signatures, where the payload that is signed is included +// alongside the signature itself in the same file. +message PgpSignedAttestation { + // Required. The raw content of the signature, as output by GNU Privacy Guard + // (GPG) or equivalent. Since this message only supports attached signatures, + // the payload that was signed must be attached. While the signature format + // supported is dependent on the verification implementation, currently only + // ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than + // `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor + // --output=signature.gpg payload.json` will create the signature content + // expected in this field in `signature.gpg` for the `payload.json` + // attestation payload. + string signature = 1; + + // Type (for example schema) of the attestation payload that was signed. + enum ContentType { + // `ContentType` is not set. + CONTENT_TYPE_UNSPECIFIED = 0; + // Atomic format attestation signature. See + // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md + // The payload extracted from `signature` is a JSON blob conforming to the + // linked schema. + SIMPLE_SIGNING_JSON = 1; + } + + // Type (for example schema) of the attestation payload that was signed. + // The verifier must ensure that the provided type is one that the verifier + // supports, and that the attestation payload is a valid instantiation of that + // type (for example by validating a JSON schema). + ContentType content_type = 3; + + // This field is used by verifiers to select the public key used to validate + // the signature. Note that the policy of the verifier ultimately determines + // which public keys verify a signature based on the context of the + // verification. There is no guarantee validation will succeed if the + // verifier has no key matching this ID, even if it has a key under a + // different ID that would verify the signature. Note that this ID should also + // be present in the signature content above, but that is not expected to be + // used by the verifier. + oneof key_id { + // The cryptographic fingerprint of the key used to generate the signature, + // as output by, e.g. `gpg --list-keys`. This should be the version 4, full + // 160-bit fingerprint, expressed as a 40 character hexidecimal string. See + // https://tools.ietf.org/html/rfc4880#section-12.2 for details. + // Implementations may choose to acknowledge "LONG", "SHORT", or other + // abbreviated key IDs, but only the full fingerprint is guaranteed to work. + // In gpg, the full fingerprint can be retrieved from the `fpr` field + // returned when calling --list-keys with --with-colons. For example: + // ``` + // gpg --with-colons --with-fingerprint --force-v4-certs \ + // --list-keys attester@example.com + // tru::1:1513631572:0:3:1:5 + // pub:...<SNIP>... + // fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: + // ``` + // Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`. + string pgp_key_id = 2; + } +} + +// An attestation wrapper that uses the Grafeas `Signature` message. +// This attestation must define the `serialized_payload` that the `signatures` +// verify and any metadata necessary to interpret that plaintext. The +// signatures should always be over the `serialized_payload` bytestring. +message GenericSignedAttestation { + // Type of the attestation plaintext that was signed. + enum ContentType { + // `ContentType` is not set. + CONTENT_TYPE_UNSPECIFIED = 0; + // Atomic format attestation signature. See + // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md + // The payload extracted in `plaintext` is a JSON blob conforming to the + // linked schema. + SIMPLE_SIGNING_JSON = 1; + } + + // Type (for example schema) of the attestation payload that was signed. + // The verifier must ensure that the provided type is one that the verifier + // supports, and that the attestation payload is a valid instantiation of that + // type (for example by validating a JSON schema). + ContentType content_type = 1; + + // The serialized payload that is verified by one or more `signatures`. + // The encoding and semantic meaning of this payload must match what is set in + // `content_type`. + bytes serialized_payload = 2; + + // One or more signatures over `serialized_payload`. Verifier implementations + // should consider this attestation message verified if at least one + // `signature` verifies `serialized_payload`. See `Signature` in common.proto + // for more details on signature structure and verification. + repeated Signature signatures = 3; +} + +// Note kind that represents a logical attestation "role" or "authority". For +// example, an organization might have one `Authority` for "QA" and one for +// "build". This note is intended to act strictly as a grouping mechanism for +// the attached occurrences (Attestations). This grouping mechanism also +// provides a security boundary, since IAM ACLs gate the ability for a principle +// to attach an occurrence to a given note. It also provides a single point of +// lookup to find all attached attestation occurrences, even if they don't all +// live in the same project. +message Authority { + // This submessage provides human-readable hints about the purpose of the + // authority. Because the name of a note acts as its resource reference, it is + // important to disambiguate the canonical name of the Note (which might be a + // UUID for security purposes) from "readable" names more suitable for debug + // output. Note that these hints should not be used to look up authorities in + // security sensitive contexts, such as when looking up attestations to + // verify. + message Hint { + // Required. The human readable name of this attestation authority, for + // example "qa". + string human_readable_name = 1; + } + + // Hint hints at the purpose of the attestation authority. + Hint hint = 1; +} + +// Details of an attestation occurrence. +message Details { + // Required. Attestation for the resource. + Attestation attestation = 1; +} + +// Occurrence that represents a single "attestation". The authenticity of an +// attestation can be verified using the attached signature. If the verifier +// trusts the public key of the signer, then verifying the signature is +// sufficient to establish trust. In this circumstance, the authority to which +// this attestation is attached is primarily useful for look-up (how to find +// this attestation if you already know the authority and artifact to be +// verified) and intent (which authority was this attestation intended to sign +// for). +message Attestation { + // Required. The signature, generally over the `resource_url`, that verifies + // this attestation. The semantics of the signature veracity are ultimately + // determined by the verification engine. + oneof signature { + // A PGP signed attestation. + PgpSignedAttestation pgp_signed_attestation = 1; + GenericSignedAttestation generic_signed_attestation = 2; + } +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/BUILD.bazel new file mode 100644 index 0000000..7d478fa --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/BUILD.bazel @@ -0,0 +1,58 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "build_proto", + srcs = [ + "build.proto", + ], + deps = [ + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_proto", + ], +) + +proto_library_with_info( + name = "build_proto_with_info", + deps = [":build_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", +) + +java_proto_library( + name = "build_java_proto", + deps = [":build_proto"], +) + +java_grpc_library( + name = "build_java_grpc", + srcs = [":build_proto"], + deps = [":build_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "build_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/build", + protos = [":build_proto"], + deps = [ + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/build.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/build.proto new file mode 100644 index 0000000..0a5a295 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/build/build.proto @@ -0,0 +1,96 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.build; + +import "google/devtools/containeranalysis/v1beta1/provenance/provenance.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/build;build"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.build"; +option objc_class_prefix = "GRA"; + +// Note holding the version of the provider's builder and the signature of the +// provenance message in the build details occurrence. +message Build { + // Required. Immutable. Version of the builder which produced this build. + string builder_version = 1; + + // Signature of the build in occurrences pointing to this build note + // containing build details. + BuildSignature signature = 2; +} + +// Message encapsulating the signature of the verified build. +message BuildSignature { + // Public key of the builder which can be used to verify that the related + // findings are valid and unchanged. If `key_type` is empty, this defaults + // to PEM encoded public keys. + // + // This field may be empty if `key_id` references an external key. + // + // For Cloud Build based signatures, this is a PEM encoded public + // key. To verify the Cloud Build signature, place the contents of + // this field into a file (public.pem). The signature field is base64-decoded + // into its binary representation in signature.bin, and the provenance bytes + // from `BuildDetails` are base64-decoded into a binary representation in + // signed.bin. OpenSSL can then verify the signature: + // `openssl sha256 -verify public.pem -signature signature.bin signed.bin` + string public_key = 1; + + // Required. Signature of the related `BuildProvenance`. In JSON, this is + // base-64 encoded. + bytes signature = 2; + + // An ID for the key used to sign. This could be either an ID for the key + // stored in `public_key` (such as the ID or fingerprint for a PGP key, or the + // CN for a cert), or a reference to an external key (such as a reference to a + // key in Cloud Key Management Service). + string key_id = 3; + + // Public key formats. + enum KeyType { + // `KeyType` is not set. + KEY_TYPE_UNSPECIFIED = 0; + // `PGP ASCII Armored` public key. + PGP_ASCII_ARMORED = 1; + // `PKIX PEM` public key. + PKIX_PEM = 2; + } + + // The type of the key, either stored in `public_key` or referenced in + // `key_id`. + KeyType key_type = 4; +} + +// Details of a build occurrence. +message Details { + // Required. The actual provenance for the build. + grafeas.v1beta1.provenance.BuildProvenance provenance = 1; + + // Serialized JSON representation of the provenance, used in generating the + // build signature in the corresponding build note. After verifying the + // signature, `provenance_bytes` can be unmarshalled and compared to the + // provenance to confirm that it is unchanged. A base64-encoded string + // representation of the provenance bytes is used for the signature in order + // to interoperate with openssl which expects this format for signature + // verification. + // + // The serialized form is captured both to avoid ambiguity in how the + // provenance is marshalled to json as well to prevent incompatibilities with + // future changes. + string provenance_bytes = 2; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/BUILD.bazel new file mode 100644 index 0000000..8654a53 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/BUILD.bazel @@ -0,0 +1,55 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "common_proto", + srcs = [ + "common.proto", + ], + deps = [], +) + +proto_library_with_info( + name = "common_proto_with_info", + deps = [":common_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "common_java_proto", + deps = [":common_proto"], +) + +java_grpc_library( + name = "common_java_grpc", + srcs = [":common_proto"], + deps = [":common_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "common_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/common", + protos = [":common_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/common.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/common.proto new file mode 100644 index 0000000..bb97a31 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/common/common.proto @@ -0,0 +1,101 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/common;common"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.common"; +option objc_class_prefix = "GRA"; + +// Kind represents the kinds of notes supported. +enum NoteKind { + // Unknown. + NOTE_KIND_UNSPECIFIED = 0; + // The note and occurrence represent a package vulnerability. + VULNERABILITY = 1; + // The note and occurrence assert build provenance. + BUILD = 2; + // This represents an image basis relationship. + IMAGE = 3; + // This represents a package installed via a package manager. + PACKAGE = 4; + // The note and occurrence track deployment events. + DEPLOYMENT = 5; + // The note and occurrence track the initial discovery status of a resource. + DISCOVERY = 6; + // This represents a logical "role" that can attest to artifacts. + ATTESTATION = 7; +} + +// Metadata for any related URL information. +message RelatedUrl { + // Specific URL associated with the resource. + string url = 1; + // Label to describe usage of the URL. + string label = 2; +} + +// Verifiers (e.g. Kritis implementations) MUST verify signatures +// with respect to the trust anchors defined in policy (e.g. a Kritis policy). +// Typically this means that the verifier has been configured with a map from +// `public_key_id` to public key material (and any required parameters, e.g. +// signing algorithm). +// +// In particular, verification implementations MUST NOT treat the signature +// `public_key_id` as anything more than a key lookup hint. The `public_key_id` +// DOES NOT validate or authenticate a public key; it only provides a mechanism +// for quickly selecting a public key ALREADY CONFIGURED on the verifier through +// a trusted channel. Verification implementations MUST reject signatures in any +// of the following circumstances: +// * The `public_key_id` is not recognized by the verifier. +// * The public key that `public_key_id` refers to does not verify the +// signature with respect to the payload. +// +// The `signature` contents SHOULD NOT be "attached" (where the payload is +// included with the serialized `signature` bytes). Verifiers MUST ignore any +// "attached" payload and only verify signatures with respect to explicitly +// provided payload (e.g. a `payload` field on the proto message that holds +// this Signature, or the canonical serialization of the proto message that +// holds this signature). +message Signature { + // The content of the signature, an opaque bytestring. + // The payload that this signature verifies MUST be unambiguously provided + // with the Signature during verification. A wrapper message might provide + // the payload explicitly. Alternatively, a message might have a canonical + // serialization that can always be unambiguously computed to derive the + // payload. + bytes signature = 1; + + // The identifier for the public key that verifies this signature. + // * The `public_key_id` is required. + // * The `public_key_id` MUST be an RFC3986 conformant URI. + // * When possible, the `public_key_id` SHOULD be an immutable reference, + // such as a cryptographic digest. + // + // Examples of valid `public_key_id`s: + // + // OpenPGP V4 public key fingerprint: + // * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" + // See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more + // details on this scheme. + // + // RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER + // serialization): + // * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" + // * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5" + string public_key_id = 2; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis.proto new file mode 100644 index 0000000..59f3ecd --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis.proto @@ -0,0 +1,219 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.devtools.containeranalysis.v1beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1;containeranalysis"; +option java_multiple_files = true; +option java_package = "com.google.containeranalysis.v1beta1"; +option objc_class_prefix = "GCA"; + +// Retrieves analysis results of Cloud components such as Docker container +// images. The Container Analysis API is an implementation of the +// [Grafeas](grafeas.io) API. +// +// Analysis results are stored as a series of occurrences. An `Occurrence` +// contains information about a specific analysis instance on a resource. An +// occurrence refers to a `Note`. A note contains details describing the +// analysis and is generally stored in a separate project, called a `Provider`. +// Multiple occurrences can refer to the same note. +// +// For example, an SSL vulnerability could affect multiple images. In this case, +// there would be one note for the vulnerability and an occurrence for each +// image with the vulnerability referring to that note. +service ContainerAnalysisV1Beta1 { + option (google.api.default_host) = "containeranalysis.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Sets the access control policy on the specified note or occurrence. + // Requires `containeranalysis.notes.setIamPolicy` or + // `containeranalysis.occurrences.setIamPolicy` permission if the resource is + // a note or an occurrence, respectively. + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1beta1/{resource=projects/*/notes/*}:setIamPolicy" + body: "*" + additional_bindings { + post: "/v1beta1/{resource=projects/*/occurrences/*}:setIamPolicy" + body: "*" + } + }; + option (google.api.method_signature) = "resource,policy"; + } + + // Gets the access control policy for a note or an occurrence resource. + // Requires `containeranalysis.notes.setIamPolicy` or + // `containeranalysis.occurrences.setIamPolicy` permission if the resource is + // a note or occurrence, respectively. + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1beta1/{resource=projects/*/notes/*}:getIamPolicy" + body: "*" + additional_bindings { + post: "/v1beta1/{resource=projects/*/occurrences/*}:getIamPolicy" + body: "*" + } + }; + option (google.api.method_signature) = "resource"; + } + + // Returns the permissions that a caller has on the specified note or + // occurrence. Requires list permission on the project (for example, + // `containeranalysis.notes.list`). + // + // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for + // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for + // occurrences. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1beta1/{resource=projects/*/notes/*}:testIamPermissions" + body: "*" + additional_bindings { + post: "/v1beta1/{resource=projects/*/occurrences/*}:testIamPermissions" + body: "*" + } + }; + option (google.api.method_signature) = "resource,permissions"; + } + + // Gets the specified scan configuration. + rpc GetScanConfig(GetScanConfigRequest) returns (ScanConfig) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/scanConfigs/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists scan configurations for the specified project. + rpc ListScanConfigs(ListScanConfigsRequest) returns (ListScanConfigsResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*}/scanConfigs" + }; + option (google.api.method_signature) = "parent,filter"; + } + + // Updates the specified scan configuration. + rpc UpdateScanConfig(UpdateScanConfigRequest) returns (ScanConfig) { + option (google.api.http) = { + put: "/v1beta1/{name=projects/*/scanConfigs/*}" + body: "scan_config" + }; + option (google.api.method_signature) = "name,scan_config"; + } +} + +// A scan configuration specifies whether Cloud components in a project have a +// particular type of analysis being run. For example, it can configure whether +// vulnerability scanning is being done on Docker images or not. +message ScanConfig { + option (google.api.resource) = { + type: "containeranalysis.googleapis.com/ScanConfig" + pattern: "projects/{project}/scanConfigs/{scan_config}" + }; + + // Output only. The name of the scan configuration in the form of + // `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`. + string name = 1; + + // Output only. A human-readable description of what the scan configuration + // does. + string description = 2; + + // Whether the scan is enabled. + bool enabled = 3; + + // Output only. The time this scan config was created. + google.protobuf.Timestamp create_time = 4; + + // Output only. The time this scan config was last updated. + google.protobuf.Timestamp update_time = 5; +} + +// Request to get a scan configuration. +message GetScanConfigRequest { + // Required. The name of the scan configuration in the form of + // `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "containeranalysis.googleapis.com/ScanConfig" + } + ]; +} + +// Request to list scan configurations. +message ListScanConfigsRequest { + // Required. The name of the project to list scan configurations for in the form of + // `projects/[PROJECT_ID]`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // Required. The filter expression. + string filter = 2 [(google.api.field_behavior) = REQUIRED]; + + // The number of scan configs to return in the list. + int32 page_size = 3; + + // Token to provide to skip to a particular spot in the list. + string page_token = 4; +} + +// Response for listing scan configurations. +message ListScanConfigsResponse { + // The scan configurations requested. + repeated ScanConfig scan_configs = 1; + + // The next pagination token in the list response. It should be used as + // `page_token` for the following request. An empty value means no more + // results. + string next_page_token = 2; +} + +// A request to update a scan configuration. +message UpdateScanConfigRequest { + // Required. The name of the scan configuration in the form of + // `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "containeranalysis.googleapis.com/ScanConfig" + } + ]; + + // Required. The updated scan configuration. + ScanConfig scan_config = 2 [(google.api.field_behavior) = REQUIRED]; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_gapic.yaml b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_gapic.yaml new file mode 100644 index 0000000..922b85d --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_gapic.yaml @@ -0,0 +1,6 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 +# The settings of generated code in a specific language. +language_settings: + java: + package_name: com.google.cloud.devtools.containeranalysis.v1beta1 diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_grpc_service_config.json b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_grpc_service_config.json new file mode 100755 index 0000000..fb50770 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_grpc_service_config.json @@ -0,0 +1,128 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "SetIamPolicy" + }, + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "GetIamPolicy" + }, + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "TestIamPermissions" + }, + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "UpdateScanConfig" + } + ], + "timeout": "30s" + }, + { + "name": [ + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "GetScanConfig" + }, + { + "service": "google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1", + "method": "ListScanConfigs" + } + ], + "timeout": "30s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE", + "DEADLINE_EXCEEDED" + ] + } + }, + { + "name": [ + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "GetOccurrence" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "ListOccurrences" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "DeleteOccurrence" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "GetOccurrenceNote" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "GetNote" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "ListNotes" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "DeleteNote" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "ListNoteOccurrences" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "GetVulnerabilityOccurrencesSummary" + } + ], + "timeout": "30s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE", + "DEADLINE_EXCEEDED" + ] + } + }, + { + "name": [ + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "CreateOccurrence" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "BatchCreateOccurrences" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "UpdateOccurrence" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "CreateNote" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "BatchCreateNotes" + }, + { + "service": "grafeas.v1beta1.GrafeasV1Beta1", + "method": "UpdateNote" + } + ], + "timeout": "30s" + } + ] +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_v1beta1.yaml b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_v1beta1.yaml new file mode 100644 index 0000000..d07177f --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/containeranalysis_v1beta1.yaml @@ -0,0 +1,33 @@ +type: google.api.Service +config_version: 3 +name: containeranalysis.googleapis.com +title: Container Analysis API + +apis: +- name: google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1 + +documentation: + summary: |- + An implementation of the Grafeas API, which stores, and enables querying + and retrieval of critical metadata about all of your software artifacts. + overview: |- + The Container Analysis API allows you to store and retrieve metadata for a + container resource. + +backend: + rules: + - selector: 'google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1.*' + deadline: 30.0 + - selector: 'google.longrunning.Operations.*' + deadline: 30.0 + +authentication: + rules: + - selector: 'google.devtools.containeranalysis.v1beta1.ContainerAnalysisV1Beta1.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.longrunning.Operations.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/BUILD.bazel new file mode 100644 index 0000000..4422f23 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/BUILD.bazel @@ -0,0 +1,55 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "cvss_proto", + srcs = [ + "cvss.proto", + ], + deps = [], +) + +proto_library_with_info( + name = "cvss_proto_with_info", + deps = [":cvss_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "cvss_java_proto", + deps = [":cvss_proto"], +) + +java_grpc_library( + name = "cvss_java_grpc", + srcs = [":cvss_proto"], + deps = [":cvss_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "cvss_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/cvss", + protos = [":cvss_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/cvss.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/cvss.proto new file mode 100644 index 0000000..3484441 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/cvss/cvss.proto @@ -0,0 +1,85 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.vulnerability; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/cvss;cvss"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.vulnerability"; +option objc_class_prefix = "GRA"; + +// Common Vulnerability Scoring System version 3. +// For details, see https://www.first.org/cvss/specification-document +message CVSSv3 { + // The base score is a function of the base metric scores. + float base_score = 1; + + float exploitability_score = 2; + + float impact_score = 3; + + // Base Metrics + // Represents the intrinsic characteristics of a vulnerability that are + // constant over time and across user environments. + AttackVector attack_vector = 5; + AttackComplexity attack_complexity = 6; + PrivilegesRequired privileges_required = 7; + UserInteraction user_interaction = 8; + Scope scope = 9; + Impact confidentiality_impact = 10; + Impact integrity_impact = 11; + Impact availability_impact = 12; + + enum AttackVector { + ATTACK_VECTOR_UNSPECIFIED = 0; + ATTACK_VECTOR_NETWORK = 1; + ATTACK_VECTOR_ADJACENT = 2; + ATTACK_VECTOR_LOCAL = 3; + ATTACK_VECTOR_PHYSICAL = 4; + } + + enum AttackComplexity { + ATTACK_COMPLEXITY_UNSPECIFIED = 0; + ATTACK_COMPLEXITY_LOW = 1; + ATTACK_COMPLEXITY_HIGH = 2; + } + + enum PrivilegesRequired { + PRIVILEGES_REQUIRED_UNSPECIFIED = 0; + PRIVILEGES_REQUIRED_NONE = 1; + PRIVILEGES_REQUIRED_LOW = 2; + PRIVILEGES_REQUIRED_HIGH = 3; + } + + enum UserInteraction { + USER_INTERACTION_UNSPECIFIED = 0; + USER_INTERACTION_NONE = 1; + USER_INTERACTION_REQUIRED = 2; + } + + enum Scope { + SCOPE_UNSPECIFIED = 0; + SCOPE_UNCHANGED = 1; + SCOPE_CHANGED = 2; + } + + enum Impact { + IMPACT_UNSPECIFIED = 0; + IMPACT_HIGH = 1; + IMPACT_LOW = 2; + IMPACT_NONE = 3; + } +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/BUILD.bazel new file mode 100644 index 0000000..921d489 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/BUILD.bazel @@ -0,0 +1,56 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "deployment_proto", + srcs = [ + "deployment.proto", + ], + deps = [ + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "deployment_proto_with_info", + deps = [":deployment_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", +) + +java_proto_library( + name = "deployment_java_proto", + deps = [":deployment_proto"], +) + +java_grpc_library( + name = "deployment_java_grpc", + srcs = [":deployment_proto"], + deps = [":deployment_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "deployment_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/deployment", + protos = [":deployment_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/deployment.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/deployment.proto new file mode 100644 index 0000000..7bc8dc8 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/deployment/deployment.proto @@ -0,0 +1,74 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.deployment; + +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/deployment;deployment"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.deployment"; +option objc_class_prefix = "GRA"; + +// An artifact that can be deployed in some runtime. +message Deployable { + // Required. Resource URI for the artifact being deployed. + repeated string resource_uri = 1; +} + +// Details of a deployment occurrence. +message Details { + // Required. Deployment history for the resource. + Deployment deployment = 1; +} + +// The period during which some deployable was active in a runtime. +message Deployment { + // Identity of the user that triggered this deployment. + string user_email = 1; + + // Required. Beginning of the lifetime of this deployment. + google.protobuf.Timestamp deploy_time = 2; + + // End of the lifetime of this deployment. + google.protobuf.Timestamp undeploy_time = 3; + + // Configuration used to create this deployment. + string config = 4; + + // Address of the runtime element hosting this deployment. + string address = 5; + + // Output only. Resource URI for the artifact being deployed taken from + // the deployable field with the same name. + repeated string resource_uri = 6; + + // Types of platforms. + enum Platform { + // Unknown. + PLATFORM_UNSPECIFIED = 0; + // Google Container Engine. + GKE = 1; + // Google App Engine: Flexible Environment. + FLEX = 2; + // Custom user-defined platform. + CUSTOM = 3; + } + // Platform hosting this deployment. + Platform platform = 7; + + // next_id = 8; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/BUILD.bazel new file mode 100644 index 0000000..58a4b6c --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/BUILD.bazel @@ -0,0 +1,61 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "discovery_proto", + srcs = [ + "discovery.proto", + ], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_proto", + "//google/rpc:status_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "discovery_proto_with_info", + deps = [":discovery_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", +) + +java_proto_library( + name = "discovery_java_proto", + deps = [":discovery_proto"], +) + +java_grpc_library( + name = "discovery_java_grpc", + srcs = [":discovery_proto"], + deps = [":discovery_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "discovery_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/discovery", + protos = [":discovery_proto"], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + "//google/rpc:status_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/discovery.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/discovery.proto new file mode 100644 index 0000000..edfa043 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/discovery/discovery.proto @@ -0,0 +1,86 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.discovery; + +import "google/devtools/containeranalysis/v1beta1/common/common.proto"; +import "google/protobuf/timestamp.proto"; +import "google/rpc/status.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/discovery;discovery"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.discovery"; +option objc_class_prefix = "GRA"; + +// A note that indicates a type of analysis a provider would perform. This note +// exists in a provider's project. A `Discovery` occurrence is created in a +// consumer's project at the start of analysis. +message Discovery { + // Required. Immutable. The kind of analysis that is handled by this + // discovery. + grafeas.v1beta1.NoteKind analysis_kind = 1; +} + +// Details of a discovery occurrence. +message Details { + // Required. Analysis status for the discovered resource. + Discovered discovered = 1; +} + +// Provides information about the analysis status of a discovered resource. +message Discovered { + // Whether the resource is continuously analyzed. + enum ContinuousAnalysis { + // Unknown. + CONTINUOUS_ANALYSIS_UNSPECIFIED = 0; + // The resource is continuously analyzed. + ACTIVE = 1; + // The resource is ignored for continuous analysis. + INACTIVE = 2; + } + + // Whether the resource is continuously analyzed. + ContinuousAnalysis continuous_analysis = 1; + + // The last time continuous analysis was done for this resource. + google.protobuf.Timestamp last_analysis_time = 2; + + // Analysis status for a resource. Currently for initial analysis only (not + // updated in continuous analysis). + enum AnalysisStatus { + // Unknown. + ANALYSIS_STATUS_UNSPECIFIED = 0; + // Resource is known but no action has been taken yet. + PENDING = 1; + // Resource is being analyzed. + SCANNING = 2; + // Analysis has finished successfully. + FINISHED_SUCCESS = 3; + // Analysis has finished unsuccessfully, the analysis itself is in a bad + // state. + FINISHED_FAILED = 4; + // The resource is known not to be supported + FINISHED_UNSUPPORTED = 5; + } + + // The status of discovery for the resource. + AnalysisStatus analysis_status = 3; + + // When an error is encountered this will contain a LocalizedMessage under + // details to show to the user. The LocalizedMessage is output only and + // populated by the API. + google.rpc.Status analysis_status_error = 4; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/BUILD.bazel new file mode 100644 index 0000000..dccc9ec --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/BUILD.bazel @@ -0,0 +1,82 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "grafeas_proto", + srcs = [ + "grafeas.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_proto", + "//google/rpc:status_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "grafeas_proto_with_info", + deps = [":grafeas_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "grafeas_java_proto", + deps = [":grafeas_proto"], +) + +java_grpc_library( + name = "grafeas_java_grpc", + srcs = [":grafeas_proto"], + deps = [":grafeas_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "grafeas_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/grafeas", + protos = [":grafeas_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/devtools/containeranalysis/v1beta1/attestation:attestation_go_proto", + "//google/devtools/containeranalysis/v1beta1/build:build_go_proto", + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + "//google/devtools/containeranalysis/v1beta1/deployment:deployment_go_proto", + "//google/devtools/containeranalysis/v1beta1/discovery:discovery_go_proto", + "//google/devtools/containeranalysis/v1beta1/image:image_go_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_go_proto", + "//google/devtools/containeranalysis/v1beta1/provenance:provenance_go_proto", + "//google/devtools/containeranalysis/v1beta1/vulnerability:vulnerability_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/grafeas.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/grafeas.proto new file mode 100644 index 0000000..8952164 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/grafeas/grafeas.proto @@ -0,0 +1,506 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/devtools/containeranalysis/v1beta1/attestation/attestation.proto"; +import "google/devtools/containeranalysis/v1beta1/build/build.proto"; +import "google/devtools/containeranalysis/v1beta1/common/common.proto"; +import "google/devtools/containeranalysis/v1beta1/deployment/deployment.proto"; +import "google/devtools/containeranalysis/v1beta1/discovery/discovery.proto"; +import "google/devtools/containeranalysis/v1beta1/image/image.proto"; +import "google/devtools/containeranalysis/v1beta1/package/package.proto"; +import "google/devtools/containeranalysis/v1beta1/provenance/provenance.proto"; +import "google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/grafeas;grafeas"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1"; +option objc_class_prefix = "GRA"; + +// [Grafeas](grafeas.io) API. +// +// Retrieves analysis results of Cloud components such as Docker container +// images. +// +// Analysis results are stored as a series of occurrences. An `Occurrence` +// contains information about a specific analysis instance on a resource. An +// occurrence refers to a `Note`. A note contains details describing the +// analysis and is generally stored in a separate project, called a `Provider`. +// Multiple occurrences can refer to the same note. +// +// For example, an SSL vulnerability could affect multiple images. In this case, +// there would be one note for the vulnerability and an occurrence for each +// image with the vulnerability referring to that note. +service GrafeasV1Beta1 { + option (google.api.default_host) = "containeranalysis.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Gets the specified occurrence. + rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/occurrences/*}" + }; + } + + // Lists occurrences for the specified project. + rpc ListOccurrences(ListOccurrencesRequest) + returns (ListOccurrencesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*}/occurrences" + }; + } + + // Deletes the specified occurrence. For example, use this method to delete an + // occurrence when the occurrence is no longer applicable for the given + // resource. + rpc DeleteOccurrence(DeleteOccurrenceRequest) + returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1beta1/{name=projects/*/occurrences/*}" + }; + } + + // Creates a new occurrence. + rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*}/occurrences" + body: "occurrence" + }; + } + + // Creates new occurrences in batch. + rpc BatchCreateOccurrences(BatchCreateOccurrencesRequest) + returns (BatchCreateOccurrencesResponse) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*}/occurrences:batchCreate" + body: "*" + }; + } + + // Updates the specified occurrence. + rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) { + option (google.api.http) = { + patch: "/v1beta1/{name=projects/*/occurrences/*}" + body: "occurrence" + }; + } + + // Gets the note attached to the specified occurrence. Consumer projects can + // use this method to get a note that belongs to a provider project. + rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/occurrences/*}/notes" + }; + } + + // Gets the specified note. + rpc GetNote(GetNoteRequest) returns (Note) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/notes/*}" + }; + } + + // Lists notes for the specified project. + rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*}/notes" + }; + } + + // Deletes the specified note. + rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1beta1/{name=projects/*/notes/*}" + }; + } + + // Creates a new note. + rpc CreateNote(CreateNoteRequest) returns (Note) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*}/notes" + body: "note" + }; + } + + // Creates new notes in batch. + rpc BatchCreateNotes(BatchCreateNotesRequest) + returns (BatchCreateNotesResponse) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*}/notes:batchCreate" + body: "*" + }; + } + + // Updates the specified note. + rpc UpdateNote(UpdateNoteRequest) returns (Note) { + option (google.api.http) = { + patch: "/v1beta1/{name=projects/*/notes/*}" + body: "note" + }; + } + + // Lists occurrences referencing the specified note. Provider projects can use + // this method to get all occurrences across consumer projects referencing the + // specified note. + rpc ListNoteOccurrences(ListNoteOccurrencesRequest) + returns (ListNoteOccurrencesResponse) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/notes/*}/occurrences" + }; + } + + // Gets a summary of the number and severity of occurrences. + rpc GetVulnerabilityOccurrencesSummary( + GetVulnerabilityOccurrencesSummaryRequest) + returns (VulnerabilityOccurrencesSummary) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*}/occurrences:vulnerabilitySummary" + }; + } +} + +// An instance of an analysis type that has been found on a resource. +message Occurrence { + // Output only. The name of the occurrence in the form of + // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. + string name = 1; + + // Required. Immutable. The resource for which the occurrence applies. + Resource resource = 2; + + // Required. Immutable. The analysis note associated with this occurrence, in + // the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be + // used as a filter in list requests. + string note_name = 3; + + // Output only. This explicitly denotes which of the occurrence details are + // specified. This field can be used as a filter in list requests. + grafeas.v1beta1.NoteKind kind = 4; + + // A description of actions that can be taken to remedy the note. + string remediation = 5; + + // Output only. The time this occurrence was created. + google.protobuf.Timestamp create_time = 6; + + // Output only. The time this occurrence was last updated. + google.protobuf.Timestamp update_time = 7; + + // Required. Immutable. Describes the details of the note kind found on this + // resource. + oneof details { + // Describes a security vulnerability. + grafeas.v1beta1.vulnerability.Details vulnerability = 8; + // Describes a verifiable build. + grafeas.v1beta1.build.Details build = 9; + // Describes how this resource derives from the basis in the associated + // note. + grafeas.v1beta1.image.Details derived_image = 10; + // Describes the installation of a package on the linked resource. + grafeas.v1beta1.package.Details installation = 11; + // Describes the deployment of an artifact on a runtime. + grafeas.v1beta1.deployment.Details deployment = 12; + // Describes when a resource was discovered. + grafeas.v1beta1.discovery.Details discovered = 13; + // Describes an attestation of an artifact. + grafeas.v1beta1.attestation.Details attestation = 14; + } + + // next_id = 15; +} + +// An entity that can have metadata. For example, a Docker image. +message Resource { + // The name of the resource. For example, the name of a Docker image - + // "Debian". + string name = 1; + // Required. The unique URI of the resource. For example, + // `https://gcr.io/project/image@sha256:foo` for a Docker image. + string uri = 2; + // The hash of the resource content. For example, the Docker digest. + grafeas.v1beta1.provenance.Hash content_hash = 3; + + // next_id = 4; +} + +// A type of analysis that can be done for a resource. +message Note { + // Output only. The name of the note in the form of + // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. + string name = 1; + + // A one sentence description of this note. + string short_description = 2; + + // A detailed description of this note. + string long_description = 3; + + // Output only. The type of analysis. This field can be used as a filter in + // list requests. + grafeas.v1beta1.NoteKind kind = 4; + + // URLs associated with this note. + repeated grafeas.v1beta1.RelatedUrl related_url = 5; + + // Time of expiration for this note. Empty if note does not expire. + google.protobuf.Timestamp expiration_time = 6; + + // Output only. The time this note was created. This field can be used as a + // filter in list requests. + google.protobuf.Timestamp create_time = 7; + + // Output only. The time this note was last updated. This field can be used as + // a filter in list requests. + google.protobuf.Timestamp update_time = 8; + + // Other notes related to this note. + repeated string related_note_names = 9; + + // Required. Immutable. The type of analysis this note represents. + oneof type { + // A note describing a package vulnerability. + grafeas.v1beta1.vulnerability.Vulnerability vulnerability = 10; + // A note describing build provenance for a verifiable build. + grafeas.v1beta1.build.Build build = 11; + // A note describing a base image. + grafeas.v1beta1.image.Basis base_image = 12; + // A note describing a package hosted by various package managers. + grafeas.v1beta1.package.Package package = 13; + // A note describing something that can be deployed. + grafeas.v1beta1.deployment.Deployable deployable = 14; + // A note describing the initial analysis of a resource. + grafeas.v1beta1.discovery.Discovery discovery = 15; + // A note describing an attestation role. + grafeas.v1beta1.attestation.Authority attestation_authority = 16; + } + + // next_id = 17; +} + +// Request to get an occurrence. +message GetOccurrenceRequest { + // The name of the occurrence in the form of + // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. + string name = 1; +} + +// Request to list occurrences. +message ListOccurrencesRequest { + // The name of the project to list occurrences for in the form of + // `projects/[PROJECT_ID]`. + string parent = 1; + + // The filter expression. + string filter = 2; + + // Number of occurrences to return in the list. + int32 page_size = 3; + + // Token to provide to skip to a particular spot in the list. + string page_token = 4; + + // next_id = 7; +} + +// Response for listing occurrences. +message ListOccurrencesResponse { + // The occurrences requested. + repeated Occurrence occurrences = 1; + // The next pagination token in the list response. It should be used as + // `page_token` for the following request. An empty value means no more + // results. + string next_page_token = 2; +} + +// Request to delete a occurrence. +message DeleteOccurrenceRequest { + // The name of the occurrence in the form of + // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. + string name = 1; +} + +// Request to create a new occurrence. +message CreateOccurrenceRequest { + // The name of the project in the form of `projects/[PROJECT_ID]`, under which + // the occurrence is to be created. + string parent = 1; + // The occurrence to create. + Occurrence occurrence = 2; +} + +// Request to update an occurrence. +message UpdateOccurrenceRequest { + // The name of the occurrence in the form of + // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. + string name = 1; + // The updated occurrence. + Occurrence occurrence = 2; + // The fields to update. + google.protobuf.FieldMask update_mask = 3; +} + +// Request to get a note. +message GetNoteRequest { + // The name of the note in the form of + // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. + string name = 1; +} + +// Request to get the note to which the specified occurrence is attached. +message GetOccurrenceNoteRequest { + // The name of the occurrence in the form of + // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. + string name = 1; +} + +// Request to list notes. +message ListNotesRequest { + // The name of the project to list notes for in the form of + // `projects/[PROJECT_ID]`. + string parent = 1; + // The filter expression. + string filter = 2; + // Number of notes to return in the list. + int32 page_size = 3; + // Token to provide to skip to a particular spot in the list. + string page_token = 4; +} + +// Response for listing notes. +message ListNotesResponse { + // The notes requested. + repeated Note notes = 1; + // The next pagination token in the list response. It should be used as + // `page_token` for the following request. An empty value means no more + // results. + string next_page_token = 2; +} + +// Request to delete a note. +message DeleteNoteRequest { + // The name of the note in the form of + // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. + string name = 1; +} + +// Request to create a new note. +message CreateNoteRequest { + // The name of the project in the form of `projects/[PROJECT_ID]`, under which + // the note is to be created. + string parent = 1; + // The ID to use for this note. + string note_id = 2; + // The note to create. + Note note = 3; +} + +// Request to update a note. +message UpdateNoteRequest { + // The name of the note in the form of + // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. + string name = 1; + // The updated note. + Note note = 2; + // The fields to update. + google.protobuf.FieldMask update_mask = 3; +} + +// Request to list occurrences for a note. +message ListNoteOccurrencesRequest { + // The name of the note to list occurrences for in the form of + // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. + string name = 1; + // The filter expression. + string filter = 2; + // Number of occurrences to return in the list. + int32 page_size = 3; + // Token to provide to skip to a particular spot in the list. + string page_token = 4; +} + +// Response for listing occurrences for a note. +message ListNoteOccurrencesResponse { + // The occurrences attached to the specified note. + repeated Occurrence occurrences = 1; + // Token to provide to skip to a particular spot in the list. + string next_page_token = 2; +} + +// Request to create notes in batch. +message BatchCreateNotesRequest { + // The name of the project in the form of `projects/[PROJECT_ID]`, under which + // the notes are to be created. + string parent = 1; + + // The notes to create. + map<string, Note> notes = 2; +} + +// Response for creating notes in batch. +message BatchCreateNotesResponse { + // The notes that were created. + repeated Note notes = 1; +} + +// Request to create occurrences in batch. +message BatchCreateOccurrencesRequest { + // The name of the project in the form of `projects/[PROJECT_ID]`, under which + // the occurrences are to be created. + string parent = 1; + // The occurrences to create. + repeated Occurrence occurrences = 2; +} + +// Response for creating occurrences in batch. +message BatchCreateOccurrencesResponse { + // The occurrences that were created. + repeated Occurrence occurrences = 1; +} + +// Request to get a vulnerability summary for some set of occurrences. +message GetVulnerabilityOccurrencesSummaryRequest { + // The name of the project to get a vulnerability summary for in the form of + // `projects/[PROJECT_ID]`. + string parent = 1; + // The filter expression. + string filter = 2; +} + +// A summary of how many vulnerability occurrences there are per resource and +// severity type. +message VulnerabilityOccurrencesSummary { + // A listing by resource of the number of fixable and total vulnerabilities. + repeated FixableTotalByDigest counts = 1; + + // Per resource and severity counts of fixable and total vulnerabilities. + message FixableTotalByDigest { + // The affected resource. + Resource resource = 1; + // The severity for this count. SEVERITY_UNSPECIFIED indicates total across + // all severities. + grafeas.v1beta1.vulnerability.Severity severity = 2; + // The number of fixable vulnerabilities associated with this resource. + int64 fixable_count = 3; + // The total number of vulnerabilities associated with this resource. + int64 total_count = 4; + } +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/BUILD.bazel new file mode 100644 index 0000000..7fbc648 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/BUILD.bazel @@ -0,0 +1,54 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "image_proto", + srcs = [ + "image.proto", + ], + deps = [], +) + +proto_library_with_info( + name = "image_proto_with_info", + deps = [":image_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", +) + +java_proto_library( + name = "image_java_proto", + deps = [":image_proto"], +) + +java_grpc_library( + name = "image_java_grpc", + srcs = [":image_proto"], + deps = [":image_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "image_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/image", + protos = [":image_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/image.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/image.proto new file mode 100644 index 0000000..91ee33e --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/image/image.proto @@ -0,0 +1,145 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.image; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/image;image"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.image"; +option objc_class_prefix = "GRA"; + +// Layer holds metadata specific to a layer of a Docker image. +message Layer { + // Instructions from Dockerfile. + enum Directive { + // Default value for unsupported/missing directive. + DIRECTIVE_UNSPECIFIED = 0; + + // https://docs.docker.com/engine/reference/builder/ + MAINTAINER = 1; + + // https://docs.docker.com/engine/reference/builder/ + RUN = 2; + + // https://docs.docker.com/engine/reference/builder/ + CMD = 3; + + // https://docs.docker.com/engine/reference/builder/ + LABEL = 4; + + // https://docs.docker.com/engine/reference/builder/ + EXPOSE = 5; + + // https://docs.docker.com/engine/reference/builder/ + ENV = 6; + + // https://docs.docker.com/engine/reference/builder/ + ADD = 7; + + // https://docs.docker.com/engine/reference/builder/ + COPY = 8; + + // https://docs.docker.com/engine/reference/builder/ + ENTRYPOINT = 9; + + // https://docs.docker.com/engine/reference/builder/ + VOLUME = 10; + + // https://docs.docker.com/engine/reference/builder/ + USER = 11; + + // https://docs.docker.com/engine/reference/builder/ + WORKDIR = 12; + + // https://docs.docker.com/engine/reference/builder/ + ARG = 13; + + // https://docs.docker.com/engine/reference/builder/ + ONBUILD = 14; + + // https://docs.docker.com/engine/reference/builder/ + STOPSIGNAL = 15; + + // https://docs.docker.com/engine/reference/builder/ + HEALTHCHECK = 16; + + // https://docs.docker.com/engine/reference/builder/ + SHELL = 17; + } + + // Required. The recovered Dockerfile directive used to construct this layer. + Directive directive = 1; + + // The recovered arguments to the Dockerfile directive. + string arguments = 2; +} + +// A set of properties that uniquely identify a given Docker image. +message Fingerprint { + // Required. The layer ID of the final layer in the Docker image's v1 + // representation. + string v1_name = 1; + + // Required. The ordered list of v2 blobs that represent a given image. + repeated string v2_blob = 2; + + // Output only. The name of the image's v2 blobs computed via: + // [bottom] := v2_blob[bottom] + // [N] := sha256(v2_blob[N] + " " + v2_name[N+1]) + // Only the name of the final blob is kept. + string v2_name = 3; +} + +// Basis describes the base image portion (Note) of the DockerImage +// relationship. Linked occurrences are derived from this or an +// equivalent image via: +// FROM <Basis.resource_url> +// Or an equivalent reference, e.g. a tag of the resource_url. +message Basis { + // Required. Immutable. The resource_url for the resource representing the + // basis of associated occurrence images. + string resource_url = 1; + + // Required. Immutable. The fingerprint of the base image. + Fingerprint fingerprint = 2; +} + +// Details of an image occurrence. +message Details { + // Required. Immutable. The child image derived from the base image. + Derived derived_image = 1; +} + +// Derived describes the derived image portion (Occurrence) of the DockerImage +// relationship. This image would be produced from a Dockerfile with FROM +// <DockerImage.Basis in attached Note>. +message Derived { + // Required. The fingerprint of the derived image. + Fingerprint fingerprint = 1; + + // Output only. The number of layers by which this image differs from the + // associated image basis. + int32 distance = 2; + + // This contains layer-specific metadata, if populated it has length + // "distance" and is ordered with [distance] being the layer immediately + // following the base image and [1] being the final layer. + repeated Layer layer_info = 3; + + // Output only. This contains the base image URL for the derived image + // occurrence. + string base_resource_url = 4; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/BUILD.bazel new file mode 100644 index 0000000..93d7e02 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/BUILD.bazel @@ -0,0 +1,55 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "package_proto", + srcs = [ + "package.proto", + ], + deps = [], +) + +proto_library_with_info( + name = "package_proto_with_info", + deps = [":package_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "package_java_proto", + deps = [":package_proto"], +) + +java_grpc_library( + name = "package_java_grpc", + srcs = [":package_proto"], + deps = [":package_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "package_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/package", + protos = [":package_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/package.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/package.proto new file mode 100644 index 0000000..59cac20 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/package/package.proto @@ -0,0 +1,127 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.package; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/package"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.pkg"; +option objc_class_prefix = "GRA"; + +// Instruction set architectures supported by various package managers. +enum Architecture { + // Unknown architecture. + ARCHITECTURE_UNSPECIFIED = 0; + // X86 architecture. + X86 = 1; + // X64 architecture. + X64 = 2; +} + +// This represents a particular channel of distribution for a given package. +// E.g., Debian's jessie-backports dpkg mirror. +message Distribution { + // Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) + // denoting the package manager version distributing a package. + string cpe_uri = 1; + + // The CPU architecture for which packages in this distribution channel were + // built. + Architecture architecture = 2; + + // The latest available version of this package in this distribution channel. + Version latest_version = 3; + + // A freeform string denoting the maintainer of this package. + string maintainer = 4; + + // The distribution channel-specific homepage for this package. + string url = 5; + + // The distribution channel-specific description of this package. + string description = 6; +} + +// An occurrence of a particular package installation found within a system's +// filesystem. E.g., glibc was found in `/var/lib/dpkg/status`. +message Location { + // Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) + // denoting the package manager version distributing a package. + string cpe_uri = 1; + + // The version installed at this location. + Version version = 2; + + // The path from which we gathered that this package/version is installed. + string path = 3; +} + +// This represents a particular package that is distributed over various +// channels. E.g., glibc (aka libc6) is distributed by many, at various +// versions. +message Package { + // Required. Immutable. The name of the package. + string name = 1; + + // The various channels by which a package is distributed. + repeated Distribution distribution = 10; +} + +// Details of a package occurrence. +message Details { + // Required. Where the package was installed. + Installation installation = 1; +} + +// This represents how a particular software package may be installed on a +// system. +message Installation { + // Output only. The name of the installed package. + string name = 1; + + // Required. All of the places within the filesystem versions of this package + // have been found. + repeated Location location = 2; +} + +// Version contains structured information about the version of a package. +message Version { + // Used to correct mistakes in the version numbering scheme. + int32 epoch = 1; + + // Required only when version kind is NORMAL. The main part of the version + // name. + string name = 2; + + // The iteration of the package build from the above version. + string revision = 3; + + // Whether this is an ordinary package version or a sentinel MIN/MAX version. + enum VersionKind { + // Unknown. + VERSION_KIND_UNSPECIFIED = 0; + // A standard package version. + NORMAL = 1; + // A special version representing negative infinity. + MINIMUM = 2; + // A special version representing positive infinity. + MAXIMUM = 3; + }; + + // Required. Distinguishes between sentinel MIN/MAX versions and normal + // versions. + VersionKind kind = 4; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/BUILD.bazel new file mode 100644 index 0000000..acb9f69 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/BUILD.bazel @@ -0,0 +1,60 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "provenance_proto", + srcs = [ + "provenance.proto", + ], + deps = [ + "//google/devtools/containeranalysis/v1beta1/source:source_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "provenance_proto_with_info", + deps = [":provenance_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "provenance_java_proto", + deps = [":provenance_proto"], +) + +java_grpc_library( + name = "provenance_java_grpc", + srcs = [":provenance_proto"], + deps = [":provenance_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "provenance_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/provenance", + protos = [":provenance_proto"], + deps = [ + "//google/devtools/containeranalysis/v1beta1/source:source_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/provenance.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/provenance.proto new file mode 100644 index 0000000..761877c --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/provenance/provenance.proto @@ -0,0 +1,164 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.provenance; + +import "google/devtools/containeranalysis/v1beta1/source/source.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/provenance;provenance"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.provenance"; +option objc_class_prefix = "GRA"; + +// Provenance of a build. Contains all information needed to verify the full +// details about the build from source to completion. +message BuildProvenance { + // Required. Unique identifier of the build. + string id = 1; + + // ID of the project. + string project_id = 2; + + // Commands requested by the build. + repeated Command commands = 3; + + // Output of the build. + repeated Artifact built_artifacts = 4; + + // Time at which the build was created. + google.protobuf.Timestamp create_time = 5; + + // Time at which execution of the build was started. + google.protobuf.Timestamp start_time = 6; + + // Time at which execution of the build was finished. + google.protobuf.Timestamp end_time = 7; + + // E-mail address of the user who initiated this build. Note that this was the + // user's e-mail address at the time the build was initiated; this address may + // not represent the same end-user for all time. + string creator = 8; + + // URI where any logs for this provenance were written. + string logs_uri = 9; + + // Details of the Source input to the build. + Source source_provenance = 10; + + // Trigger identifier if the build was triggered automatically; empty if not. + string trigger_id = 11; + + // Special options applied to this build. This is a catch-all field where + // build providers can enter any desired additional details. + map<string, string> build_options = 12; + + // Version string of the builder at the time this build was executed. + string builder_version = 13; + + // next_id = 14 +} + +// Source describes the location of the source used for the build. +message Source { + // If provided, the input binary artifacts for the build came from this + // location. + string artifact_storage_source_uri = 1; + + // Hash(es) of the build source, which can be used to verify that the original + // source integrity was maintained in the build. + // + // The keys to this map are file paths used as build source and the values + // contain the hash values for those files. + // + // If the build source came in a single package such as a gzipped tarfile + // (.tar.gz), the FileHash will be for the single path to that file. + map<string, FileHashes> file_hashes = 2; + + // If provided, the source code used for the build came from this location. + grafeas.v1beta1.source.SourceContext context = 3; + + // If provided, some of the source code used for the build may be found in + // these locations, in the case where the source repository had multiple + // remotes or submodules. This list will not include the context specified in + // the context field. + repeated grafeas.v1beta1.source.SourceContext additional_contexts = 4; +} + +// Container message for hashes of byte content of files, used in source +// messages to verify integrity of source input to the build. +message FileHashes { + // Required. Collection of file hashes. + repeated Hash file_hash = 1; +} + +// Container message for hash values. +message Hash { + // Specifies the hash algorithm. + enum HashType { + // Unknown. + HASH_TYPE_UNSPECIFIED = 0; + // A SHA-256 hash. + SHA256 = 1; + } + + // Required. The type of hash that was performed. + HashType type = 1; + // Required. The hash value. + bytes value = 2; +} + +// Command describes a step performed as part of the build pipeline. +message Command { + // Required. Name of the command, as presented on the command line, or if the + // command is packaged as a Docker container, as presented to `docker pull`. + string name = 1; + + // Environment variables set before running this command. + repeated string env = 2; + + // Command-line arguments used when executing this command. + repeated string args = 3; + + // Working directory (relative to project source root) used when running this + // command. + string dir = 4; + + // Optional unique identifier for this command, used in wait_for to reference + // this command as a dependency. + string id = 5; + + // The ID(s) of the command(s) that this command depends on. + repeated string wait_for = 6; +} + +// Artifact describes a build product. +message Artifact { + // Hash or checksum value of a binary, or Docker Registry 2.0 digest of a + // container. + string checksum = 1; + + // Artifact ID, if any; for container images, this will be a URL by digest + // like `gcr.io/projectID/imagename@sha256:123456`. + string id = 2; + + // Related artifact names. This may be the path to a binary or jar file, or in + // the case of a container build, the name used to push the container image to + // Google Container Registry, as presented to `docker push`. Note that a + // single Artifact ID can have multiple names, for example if two tags are + // applied to one image. + repeated string names = 3; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/BUILD.bazel new file mode 100644 index 0000000..4369b3c --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/BUILD.bazel @@ -0,0 +1,55 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "source_proto", + srcs = [ + "source.proto", + ], + deps = [], +) + +proto_library_with_info( + name = "source_proto_with_info", + deps = [":source_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "source_java_proto", + deps = [":source_proto"], +) + +java_grpc_library( + name = "source_java_grpc", + srcs = [":source_proto"], + deps = [":source_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "source_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/source", + protos = [":source_proto"], + deps = [], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/source.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/source.proto new file mode 100644 index 0000000..01be060 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/source/source.proto @@ -0,0 +1,134 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.source; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/source;source"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.source"; +option objc_class_prefix = "GRA"; + +// A SourceContext is a reference to a tree of files. A SourceContext together +// with a path point to a unique revision of a single file or directory. +message SourceContext { + // A SourceContext can refer any one of the following types of repositories. + oneof context { + // A SourceContext referring to a revision in a Google Cloud Source Repo. + CloudRepoSourceContext cloud_repo = 1; + + // A SourceContext referring to a Gerrit project. + GerritSourceContext gerrit = 2; + + // A SourceContext referring to any third party Git repo (e.g., GitHub). + GitSourceContext git = 3; + } + + // Labels with user defined metadata. + map<string, string> labels = 4; +} + +// An alias to a repo revision. +message AliasContext { + // The type of an alias. + enum Kind { + // Unknown. + KIND_UNSPECIFIED = 0; + // Git tag. + FIXED = 1; + // Git branch. + MOVABLE = 2; + // Used to specify non-standard aliases. For example, if a Git repo has a + // ref named "refs/foo/bar". + OTHER = 4; + } + + // The alias kind. + Kind kind = 1; + + // The alias name. + string name = 2; +} + +// A CloudRepoSourceContext denotes a particular revision in a Google Cloud +// Source Repo. +message CloudRepoSourceContext { + // The ID of the repo. + RepoId repo_id = 1; + + // A revision in a Cloud Repo can be identified by either its revision ID or + // its alias. + oneof revision { + // A revision ID. + string revision_id = 2; + + // An alias, which may be a branch or tag. + AliasContext alias_context = 3; + } +} + +// A SourceContext referring to a Gerrit project. +message GerritSourceContext { + // The URI of a running Gerrit instance. + string host_uri = 1; + + // The full project name within the host. Projects may be nested, so + // "project/subproject" is a valid project name. The "repo name" is the + // hostURI/project. + string gerrit_project = 2; + + // A revision in a Gerrit project can be identified by either its revision ID + // or its alias. + oneof revision { + // A revision (commit) ID. + string revision_id = 3; + + // An alias, which may be a branch or tag. + AliasContext alias_context = 4; + } +} + +// A GitSourceContext denotes a particular revision in a third party Git +// repository (e.g., GitHub). +message GitSourceContext { + // Git repository URL. + string url = 1; + + // Git commit hash. + string revision_id = 2; +} + +// A unique identifier for a Cloud Repo. +message RepoId { + // A cloud repo can be identified by either its project ID and repository name + // combination, or its globally unique identifier. + oneof id { + // A combination of a project ID and a repo name. + ProjectRepoId project_repo_id = 1; + + // A server-assigned, globally unique identifier. + string uid = 2; + } +} + +// Selects a repo using a Google Cloud Platform project ID (e.g., +// winged-cargo-31) and a repo name within that project. +message ProjectRepoId { + // The ID of the project. + string project_id = 1; + + // The name of the repo. Leave empty for the default repo. + string repo_name = 2; +} diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/BUILD.bazel b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/BUILD.bazel new file mode 100644 index 0000000..a721464 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/BUILD.bazel @@ -0,0 +1,64 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "vulnerability_proto", + srcs = [ + "vulnerability.proto", + ], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_proto", + "//google/devtools/containeranalysis/v1beta1/cvss:cvss_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "vulnerability_proto_with_info", + deps = [":vulnerability_proto"], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "vulnerability_java_proto", + deps = [":vulnerability_proto"], +) + +java_grpc_library( + name = "vulnerability_java_grpc", + srcs = [":vulnerability_proto"], + deps = [":vulnerability_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load("@com_google_googleapis_imports//:imports.bzl", "go_proto_library") + +go_proto_library( + name = "vulnerability_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/vulnerability", + protos = [":vulnerability_proto"], + deps = [ + "//google/devtools/containeranalysis/v1beta1/common:common_go_proto", + "//google/devtools/containeranalysis/v1beta1/cvss:cvss_go_proto", + "//google/devtools/containeranalysis/v1beta1/package:package_go_proto", + ], +) diff --git a/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto new file mode 100644 index 0000000..d83c7e4 --- /dev/null +++ b/third_party/googleapis/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto @@ -0,0 +1,203 @@ +// Copyright 2018 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1beta1.vulnerability; + +import "google/protobuf/timestamp.proto"; +import "google/devtools/containeranalysis/v1beta1/common/common.proto"; +import "google/devtools/containeranalysis/v1beta1/cvss/cvss.proto"; +import "google/devtools/containeranalysis/v1beta1/package/package.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/vulnerability;vulnerability"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1beta1.vulnerability"; +option objc_class_prefix = "GRA"; + +// Note provider-assigned severity/impact ranking. +enum Severity { + // Unknown. + SEVERITY_UNSPECIFIED = 0; + // Minimal severity. + MINIMAL = 1; + // Low severity. + LOW = 2; + // Medium severity. + MEDIUM = 3; + // High severity. + HIGH = 4; + // Critical severity. + CRITICAL = 5; +} + +// Vulnerability provides metadata about a security vulnerability in a Note. +message Vulnerability { + // The CVSS score for this vulnerability. + float cvss_score = 1; + + // Note provider assigned impact of the vulnerability. + Severity severity = 2; + + // All information about the package to specifically identify this + // vulnerability. One entry per (version range and cpe_uri) the package + // vulnerability has manifested in. + repeated Detail details = 3; + + // Identifies all appearances of this vulnerability in the package for a + // specific distro/location. For example: glibc in + // cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 + message Detail { + // Required. The CPE URI in + // [cpe format](https://cpe.mitre.org/specification/) in which the + // vulnerability manifests. Examples include distro or storage location for + // vulnerable jar. + string cpe_uri = 1; + + // Required. The name of the package where the vulnerability was found. + string package = 2; + + // The min version of the package in which the vulnerability exists. + grafeas.v1beta1.package.Version min_affected_version = 3; + + // The max version of the package in which the vulnerability exists. + grafeas.v1beta1.package.Version max_affected_version = 4; + + // The severity (eg: distro assigned severity) for this vulnerability. + string severity_name = 5; + + // A vendor-specific description of this note. + string description = 6; + + // The fix for this specific package version. + VulnerabilityLocation fixed_location = 7; + + // The type of package; whether native or non native(ruby gems, node.js + // packages etc). + string package_type = 8; + + // Whether this detail is obsolete. Occurrences are expected not to point to + // obsolete details. + bool is_obsolete = 9; + + // The time this information was last changed at the source. This is an + // upstream timestamp from the underlying information source - e.g. Ubuntu + // security tracker. + google.protobuf.Timestamp source_update_time = 10; + } + + // The full description of the CVSSv3. + CVSSv3 cvss_v3 = 4; + + // Windows details get their own format because the information format and + // model don't match a normal detail. Specifically Windows updates are done as + // patches, thus Windows vulnerabilities really are a missing package, rather + // than a package being at an incorrect version. + repeated WindowsDetail windows_details = 5; + + message WindowsDetail { + // Required. The CPE URI in + // [cpe format](https://cpe.mitre.org/specification/) in which the + // vulnerability manifests. Examples include distro or storage location for + // vulnerable jar. + string cpe_uri = 1; + + // Required. The name of the vulnerability. + string name = 2; + + // The description of the vulnerability. + string description = 3; + + // Required. The names of the KBs which have hotfixes to mitigate this + // vulnerability. Note that there may be multiple hotfixes (and thus + // multiple KBs) that mitigate a given vulnerability. Currently any listed + // kb's presence is considered a fix. + repeated KnowledgeBase fixing_kbs = 4; + + message KnowledgeBase { + // The KB name (generally of the form KB[0-9]+ i.e. KB123456). + string name = 1; + // A link to the KB in the Windows update catalog - + // https://www.catalog.update.microsoft.com/ + string url = 2; + } + } + + // The time this information was last changed at the source. This is an + // upstream timestamp from the underlying information source - e.g. Ubuntu + // security tracker. + google.protobuf.Timestamp source_update_time = 6; + + // Next free ID is 7. +} + +// Details of a vulnerability Occurrence. +message Details { + // The type of package; whether native or non native(ruby gems, node.js + // packages etc) + string type = 1; + + // Output only. The note provider assigned Severity of the vulnerability. + Severity severity = 2; + + // Output only. The CVSS score of this vulnerability. CVSS score is on a + // scale of 0-10 where 0 indicates low severity and 10 indicates high + // severity. + float cvss_score = 3; + + // Required. The set of affected locations and their fixes (if available) + // within the associated resource. + repeated PackageIssue package_issue = 4; + + // Output only. A one sentence description of this vulnerability. + string short_description = 5; + + // Output only. A detailed description of this vulnerability. + string long_description = 6; + + // Output only. URLs related to this vulnerability. + repeated grafeas.v1beta1.RelatedUrl related_urls = 7; + + // The distro assigned severity for this vulnerability when it is + // available, and note provider assigned severity when distro has not yet + // assigned a severity for this vulnerability. + Severity effective_severity = 8; +} + +// This message wraps a location affected by a vulnerability and its +// associated fix (if one is available). +message PackageIssue { + // Required. The location of the vulnerability. + VulnerabilityLocation affected_location = 1; + + // The location of the available fix for vulnerability. + VulnerabilityLocation fixed_location = 2; + + // Deprecated, use Details.effective_severity instead + // The severity (e.g., distro assigned severity) for this vulnerability. + string severity_name = 3; +} + +// The location of the vulnerability. +message VulnerabilityLocation { + // Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) + // format. Examples include distro or storage location for vulnerable jar. + string cpe_uri = 1; + + // Required. The package being described. + string package = 2; + + // Required. The version of the package being described. + grafeas.v1beta1.package.Version version = 3; +} |