- 2.81.0 (latest)
- 2.79.0
- 2.77.0
- 2.76.0
- 2.75.0
- 2.74.0
- 2.73.0
- 2.71.0
- 2.69.0
- 2.68.0
- 2.65.0
- 2.64.0
- 2.63.0
- 2.61.0
- 2.60.0
- 2.59.0
- 2.58.0
- 2.57.0
- 2.56.0
- 2.55.0
- 2.54.0
- 2.53.0
- 2.52.0
- 2.50.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.38.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.25.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.5
- 2.3.1
- 2.2.3
- 2.1.3
Package io.grafeas.v1 (2.81.0)
| GitHub Repository |
Client Classes
Client classes are the main entry point to using a package. They contain several variations of Java methods for each of the API's methods.
| Client | Description |
|---|---|
| io. |
Service Description: Grafeas API.
Retrieves analysis results of Cloud components such as Docker container images. |
Settings Classes
Settings classes can be used to configure credentials, endpoints, and retry settings for a Client.
| Settings | Description |
|---|---|
| io. |
Settings class to configure an instance of GrafeasClient.
The default instance has everything set to sensible defaults: |
Classes
| Class | Description |
|---|---|
| io. |
An alias to a repo revision. |
| io. |
An alias to a repo revision. |
| io. |
Artifact describes a build product. |
| io. |
Artifact describes a build product. |
| io. |
|
| io. |
Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one Authority for "QA" and one for
"build". This note is intended to act strictly as a grouping mechanism for |
| io. |
Note kind that represents a logical attestation "role" or "authority". For
example, an organization might have one Authority for "QA" and one for
"build". This note is intended to act strictly as a grouping mechanism for |
| io. |
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a |
| io. |
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a |
| io. |
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is |
| io. |
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is |
| io. |
BaseImage describes a base image of a container image. |
| io. |
BaseImage describes a base image of a container image. |
| io. |
Request to create notes in batch. |
| io. |
Request to create notes in batch. |
| io. |
Response for creating notes in batch. |
| io. |
Response for creating notes in batch. |
| io. |
Request to create occurrences in batch. |
| io. |
Request to create occurrences in batch. |
| io. |
Response for creating occurrences in batch. |
| io. |
Response for creating occurrences in batch. |
| io. |
|
| io. |
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. |
| io. |
Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. |
| io. |
Details of a build occurrence. |
| io. |
Details of a build occurrence. |
| io. |
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. |
| io. |
Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. |
| io. |
Protobuf type grafeas.v1.BuilderConfig |
| io. |
Protobuf type grafeas.v1.BuilderConfig |
| io. |
Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS |
| io. |
Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS |
| io. |
|
| io. |
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document |
| io. |
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document |
| io. |
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. |
| io. |
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. |
| io. |
Command describes a step performed as part of the build pipeline. |
| io. |
Command describes a step performed as part of the build pipeline. |
| io. |
|
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
|
| io. |
Protobuf type grafeas.v1.ComplianceNote |
| io. |
Protobuf type grafeas.v1.ComplianceNote |
| io. |
A compliance check that is a CIS benchmark. |
| io. |
A compliance check that is a CIS benchmark. |
| io. |
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. |
| io. |
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. |
| io. |
Describes the CIS benchmark version that is applicable to a given OS and os version. |
| io. |
Describes the CIS benchmark version that is applicable to a given OS and os version. |
| io. |
Request to create a new note. |
| io. |
Request to create a new note. |
| io. |
Request to create a new occurrence. |
| io. |
Request to create a new occurrence. |
| io. |
Protobuf type grafeas.v1.DSSEAttestationNote |
| io. |
Protobuf type grafeas.v1.DSSEAttestationNote |
| io. |
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a |
| io. |
This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a |
| io. |
Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. |
| io. |
Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. |
| io. |
Request to delete a note. |
| io. |
Request to delete a note. |
| io. |
Request to delete an occurrence. |
| io. |
Request to delete an occurrence. |
| io. |
|
| io. |
An artifact that can be deployed in some runtime. |
| io. |
An artifact that can be deployed in some runtime. |
| io. |
The period during which some deployable was active in a runtime. |
| io. |
The period during which some deployable was active in a runtime. |
| io. |
Digest information. |
| io. |
Digest information. |
| io. |
|
| io. |
A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A Discovery occurrence is created in a
consumer's project at the start of analysis. |
| io. |
A note that indicates a type of analysis a provider would perform. This note
exists in a provider's project. A Discovery occurrence is created in a
consumer's project at the start of analysis. |
| io. |
Provides information about the analysis status of a discovered resource. |
| io. |
Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource. |
| io. |
Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource. |
| io. |
Provides information about the analysis status of a discovered resource. |
| io. |
The status of an SBOM generation. |
| io. |
The status of an SBOM generation. |
| io. |
The status of an vulnerability attestation generation. |
| io. |
The status of an vulnerability attestation generation. |
| io. |
This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror. |
| io. |
This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror. |
| io. |
|
| io. |
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. |
| io. |
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. |
| io. |
Protobuf type grafeas.v1.EnvelopeSignature |
| io. |
Protobuf type grafeas.v1.EnvelopeSignature |
| io. |
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build. |
| io. |
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build. |
| io. |
Indicates the location at which a package was found. |
| io. |
Indicates the location at which a package was found. |
| io. |
A set of properties that uniquely identify a given Docker image. |
| io. |
A set of properties that uniquely identify a given Docker image. |
| io. |
A SourceContext referring to a Gerrit project. |
| io. |
A SourceContext referring to a Gerrit project. |
| io. |
Request to get a note. |
| io. |
Request to get a note. |
| io. |
Request to get the note to which the specified occurrence is attached. |
| io. |
Request to get the note to which the specified occurrence is attached. |
| io. |
Request to get an occurrence. |
| io. |
Request to get an occurrence. |
| io. |
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). |
| io. |
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). |
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
|
| io. |
Grafeas API. Retrieves analysis results of Cloud components such as Docker container images. |
| io. |
Base class for the server implementation of the service Grafeas. Grafeas API. |
| io. |
|
| io. |
Builder for GrafeasSettings. |
| io. |
Container message for hash values. |
| io. |
Container message for hash values. |
| io. |
|
| io. |
Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: |
| io. |
Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: |
| io. |
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>. |
| io. |
Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM <DockerImage.Basis in attached Note>. |
| io. |
Protobuf type grafeas.v1.InTotoProvenance |
| io. |
Protobuf type grafeas.v1.InTotoProvenance |
| io. |
|
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1 |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.BuildDefinition |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.BuildDefinition |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.BuildMetadata |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.BuildMetadata |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1 |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.ProvenanceBuilder |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.ProvenanceBuilder |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.ResourceDescriptor |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.ResourceDescriptor |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.RunDetails |
| io. |
Protobuf type grafeas.v1.InTotoSlsaProvenanceV1.RunDetails |
| io. |
Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts. |
| io. |
Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts. |
| io. |
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. |
| io. |
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. |
| io. |
|
| io. |
Protobuf type grafeas.v1.Jwt |
| io. |
Protobuf type grafeas.v1.Jwt |
| io. |
Layer holds metadata specific to a layer of a Docker image. |
| io. |
Layer holds metadata specific to a layer of a Docker image. |
| io. |
Details about the layer a package was found in. |
| io. |
Details about the layer a package was found in. |
| io. |
License information. |
| io. |
License information. |
| io. |
Request to list occurrences for a note. |
| io. |
Request to list occurrences for a note. |
| io. |
Response for listing occurrences for a note. |
| io. |
Response for listing occurrences for a note. |
| io. |
Request to list notes. |
| io. |
Request to list notes. |
| io. |
Response for listing notes. |
| io. |
Response for listing notes. |
| io. |
Request to list occurrences. |
| io. |
Request to list occurrences. |
| io. |
Response for listing occurrences. |
| io. |
Response for listing occurrences. |
| io. |
An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in /var/lib/dpkg/status.
|
| io. |
An occurrence of a particular package installation found within a system's
filesystem. E.g., glibc was found in /var/lib/dpkg/status.
|
| io. |
Other properties of the build. |
| io. |
Other properties of the build. |
| io. |
Details about files that caused a compliance check to fail. |
| io. |
Details about files that caused a compliance check to fail. |
| io. |
A type of analysis that can be done for a resource. |
| io. |
A type of analysis that can be done for a resource. |
| io. |
|
| io. |
Builder for projects/{project}/notes/{note}. |
| io. |
An instance of an analysis type that has been found on a resource. |
| io. |
An instance of an analysis type that has been found on a resource. |
| io. |
|
| io. |
Builder for projects/{project}/occurrences/{occurrence}. |
| io. |
|
| io. |
PackageNote represents a particular package version. |
| io. |
PackageNote represents a particular package version. |
| io. |
Details on how a particular software package was installed on a system. |
| io. |
Details on how a particular software package was installed on a system. |
| io. |
|
| io. |
Builder for projects/{project}. |
| io. |
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. |
| io. |
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. |
| io. |
|
| io. |
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
| io. |
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
| io. |
Metadata for any related URL information. |
| io. |
Metadata for any related URL information. |
| io. |
A unique identifier for a Cloud Repo. |
| io. |
A unique identifier for a Cloud Repo. |
| io. |
The note representing an SBOM reference. |
| io. |
The note representing an SBOM reference. |
| io. |
The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more |
| io. |
The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more |
| io. |
|
| io. |
The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md |
| io. |
The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md |
| io. |
A predicate which describes the SBOM being referenced. |
| io. |
A predicate which describes the SBOM being referenced. |
| io. |
|
| io. |
The location of the secret. |
| io. |
The location of the secret. |
| io. |
The note representing a secret. |
| io. |
The note representing a secret. |
| io. |
The occurrence provides details of a secret. |
| io. |
The occurrence provides details of a secret. |
| io. |
The status of the secret with a timestamp. |
| io. |
The status of the secret with a timestamp. |
| io. |
|
| io. |
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from |
| io. |
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from |
| io. |
Protobuf type grafeas.v1.SlsaProvenance |
| io. |
Protobuf type grafeas.v1.SlsaProvenance |
| io. |
Protobuf type grafeas.v1.SlsaProvenance.Material |
| io. |
Protobuf type grafeas.v1.SlsaProvenance.Material |
| io. |
Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder |
| io. |
Protobuf type grafeas.v1.SlsaProvenance.SlsaBuilder |
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
Other properties of the build. |
| io. |
Other properties of the build. |
| io. |
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
| io. |
Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. |
| io. |
|
| io. |
See full explanation of fields at slsa.dev/provenance/v0.2. |
| io. |
See full explanation of fields at slsa.dev/provenance/v0.2. |
| io. |
Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance. |
| io. |
Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance. |
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
Indicates that the builder claims certain fields in this message to be complete. |
| io. |
Describes where the config file that kicked off the build came from. This is effectively a pointer to the source where buildConfig came from. |
| io. |
Describes where the config file that kicked off the build came from. This is effectively a pointer to the source where buildConfig came from. |
| io. |
Identifies the event that kicked off the build. |
| io. |
Identifies the event that kicked off the build. |
| io. |
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. |
| io. |
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. |
| io. |
Other properties of the build. |
| io. |
Other properties of the build. |
| io. |
|
| io. |
Source describes the location of the source used for the build. |
| io. |
Source describes the location of the source used for the build. |
| io. |
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. |
| io. |
A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. |
| io. |
Protobuf type grafeas.v1.Subject |
| io. |
Protobuf type grafeas.v1.Subject |
| io. |
Request to update a note. |
| io. |
Request to update a note. |
| io. |
Request to update an occurrence. |
| io. |
Request to update an occurrence. |
| io. |
|
| io. |
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. |
| io. |
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. |
| io. |
An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field |
| io. |
An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field |
| io. |
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). |
| io. |
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). |
| io. |
Version contains structured information about the version of a package. |
| io. |
Version contains structured information about the version of a package. |
| io. |
|
| io. |
|
| io. |
A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE. |
| io. |
Assessment provides all information that is related to a single vulnerability for this product. |
| io. |
Assessment provides all information that is related to a single vulnerability for this product. |
| io. |
Justification provides the justification when the state of the assessment if NOT_AFFECTED. |
| io. |
Justification provides the justification when the state of the assessment if NOT_AFFECTED. |
| io. |
Specifies details on how to handle (and presumably, fix) a vulnerability. |
| io. |
Specifies details on how to handle (and presumably, fix) a vulnerability. |
| io. |
A single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE. |
| io. |
Product contains information about a product and how to uniquely identify it. (-- api-linter: core::0123::resource-annotation=disabled |
| io. |
Product contains information about a product and how to uniquely identify it. (-- api-linter: core::0123::resource-annotation=disabled |
| io. |
Publisher contains information about the publisher of this Note. (-- api-linter: core::0123::resource-annotation=disabled |
| io. |
Publisher contains information about the publisher of this Note. (-- api-linter: core::0123::resource-annotation=disabled |
| io. |
A security vulnerability that can be found in resources. |
| io. |
A security vulnerability that can be found in resources. |
| io. |
A detail for a distro and package affected by this vulnerability and its associated fix (if one is available). |
| io. |
A detail for a distro and package affected by this vulnerability and its associated fix (if one is available). |
| io. |
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail |
| io. |
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail |
| io. |
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase |
| io. |
Protobuf type grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase |
| io. |
An occurrence of a severity vulnerability on a resource. |
| io. |
An occurrence of a severity vulnerability on a resource. |
| io. |
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available). |
| io. |
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available). |
| io. |
VexAssessment provides all publisher provided Vex information that is related to this vulnerability. |
| io. |
VexAssessment provides all publisher provided Vex information that is related to this vulnerability. |
| io. |
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at |
| io. |
Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at |
| io. |
The category to which the update belongs. |
| io. |
The category to which the update belongs. |
| io. |
The unique identifier of the update. |
| io. |
The unique identifier of the update. |