Google Cloud Native v0.30.0, Apr 14 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.30.0 published on Friday, Apr 14, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.containeranalysis/v1alpha1.getNote

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.30.0 published on Friday, Apr 14, 2023 by Pulumi

pulumi/pulumi-google-native

Using getNote

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNote(args: GetNoteArgs, opts?: InvokeOptions): Promise<GetNoteResult>
function getNoteOutput(args: GetNoteOutputArgs, opts?: InvokeOptions): Output<GetNoteResult>

def get_note(note_id: Optional[str] = None,
             project: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetNoteResult
def get_note_output(note_id: Optional[pulumi.Input[str]] = None,
             project: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetNoteResult]

func LookupNote(ctx *Context, args *LookupNoteArgs, opts ...InvokeOption) (*LookupNoteResult, error)
func LookupNoteOutput(ctx *Context, args *LookupNoteOutputArgs, opts ...InvokeOption) LookupNoteResultOutput

> Note: This function is named LookupNote in the Go SDK.

public static class GetNote 
{
    public static Task<GetNoteResult> InvokeAsync(GetNoteArgs args, InvokeOptions? opts = null)
    public static Output<GetNoteResult> Invoke(GetNoteInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetNoteResult> getNote(GetNoteArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: google-native:containeranalysis/v1alpha1:getNote
  arguments:
    # arguments dictionary

The following arguments are supported:

NoteId string
Project string

NoteId string
Project string

noteId String
project String

noteId string
project string

note_id str
project str

noteId String
project String

getNote Result

The following output properties are available:

AttestationAuthority Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.AttestationAuthorityResponse: A note describing an attestation role.
BaseImage Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.BasisResponse: A note describing a base image.
BuildType Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.BuildTypeResponse: Build provenance type for a verifiable build.
Compliance Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.ComplianceNoteResponse: A note describing a compliance check.
CreateTime string: The time this note was created. This field can be used as a filter in list requests.
Deployable Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.DeployableResponse: A note describing something that can be deployed.
Discovery Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.DiscoveryResponse: A note describing a provider/analysis type.
DsseAttestation Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.DSSEAttestationNoteResponse: A note describing a dsse attestation note.
ExpirationTime string: Time of expiration for this note, null if note does not expire.
Kind string: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
LongDescription string: A detailed description of this Note.
Name string: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
Package Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.PackageResponse: A note describing a package hosted by various package managers.
RelatedUrl List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.RelatedUrlResponse>: URLs associated with this note
Sbom Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.DocumentNoteResponse: A note describing a software bill of materials.
SbomReference Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.SBOMReferenceNoteResponse: A note describing a reference to an SBOM.
ShortDescription string: A one sentence description of this Note.
SpdxFile Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.FileNoteResponse: A note describing an SPDX File.
SpdxPackage Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.PackageInfoNoteResponse: A note describing an SPDX Package.
SpdxRelationship Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.RelationshipNoteResponse: A note describing a relationship between SPDX elements.
UpdateTime string: The time this note was last updated. This field can be used as a filter in list requests.
Upgrade Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.UpgradeNoteResponse: A note describing an upgrade.
VulnerabilityAssessment Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.VulnerabilityAssessmentNoteResponse: A note describing a vulnerability assessment.
VulnerabilityType Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Outputs.VulnerabilityTypeResponse: A package vulnerability type of note.

AttestationAuthority AttestationAuthorityResponse: A note describing an attestation role.
BaseImage BasisResponse: A note describing a base image.
BuildType BuildTypeResponse: Build provenance type for a verifiable build.
Compliance ComplianceNoteResponse: A note describing a compliance check.
CreateTime string: The time this note was created. This field can be used as a filter in list requests.
Deployable DeployableResponse: A note describing something that can be deployed.
Discovery DiscoveryResponse: A note describing a provider/analysis type.
DsseAttestation DSSEAttestationNoteResponse: A note describing a dsse attestation note.
ExpirationTime string: Time of expiration for this note, null if note does not expire.
Kind string: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
LongDescription string: A detailed description of this Note.
Name string: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
Package PackageResponse: A note describing a package hosted by various package managers.
RelatedUrl []RelatedUrlResponse: URLs associated with this note
Sbom DocumentNoteResponse: A note describing a software bill of materials.
SbomReference SBOMReferenceNoteResponse: A note describing a reference to an SBOM.
ShortDescription string: A one sentence description of this Note.
SpdxFile FileNoteResponse: A note describing an SPDX File.
SpdxPackage PackageInfoNoteResponse: A note describing an SPDX Package.
SpdxRelationship RelationshipNoteResponse: A note describing a relationship between SPDX elements.
UpdateTime string: The time this note was last updated. This field can be used as a filter in list requests.
Upgrade UpgradeNoteResponse: A note describing an upgrade.
VulnerabilityAssessment VulnerabilityAssessmentNoteResponse: A note describing a vulnerability assessment.
VulnerabilityType VulnerabilityTypeResponse: A package vulnerability type of note.

attestationAuthority AttestationAuthorityResponse: A note describing an attestation role.
baseImage BasisResponse: A note describing a base image.
buildType BuildTypeResponse: Build provenance type for a verifiable build.
compliance ComplianceNoteResponse: A note describing a compliance check.
createTime String: The time this note was created. This field can be used as a filter in list requests.
deployable DeployableResponse: A note describing something that can be deployed.
discovery DiscoveryResponse: A note describing a provider/analysis type.
dsseAttestation DSSEAttestationNoteResponse: A note describing a dsse attestation note.
expirationTime String: Time of expiration for this note, null if note does not expire.
kind String: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
longDescription String: A detailed description of this Note.
name String: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
package_ PackageResponse: A note describing a package hosted by various package managers.
relatedUrl List<RelatedUrlResponse>: URLs associated with this note
sbom DocumentNoteResponse: A note describing a software bill of materials.
sbomReference SBOMReferenceNoteResponse: A note describing a reference to an SBOM.
shortDescription String: A one sentence description of this Note.
spdxFile FileNoteResponse: A note describing an SPDX File.
spdxPackage PackageInfoNoteResponse: A note describing an SPDX Package.
spdxRelationship RelationshipNoteResponse: A note describing a relationship between SPDX elements.
updateTime String: The time this note was last updated. This field can be used as a filter in list requests.
upgrade UpgradeNoteResponse: A note describing an upgrade.
vulnerabilityAssessment VulnerabilityAssessmentNoteResponse: A note describing a vulnerability assessment.
vulnerabilityType VulnerabilityTypeResponse: A package vulnerability type of note.

attestationAuthority AttestationAuthorityResponse: A note describing an attestation role.
baseImage BasisResponse: A note describing a base image.
buildType BuildTypeResponse: Build provenance type for a verifiable build.
compliance ComplianceNoteResponse: A note describing a compliance check.
createTime string: The time this note was created. This field can be used as a filter in list requests.
deployable DeployableResponse: A note describing something that can be deployed.
discovery DiscoveryResponse: A note describing a provider/analysis type.
dsseAttestation DSSEAttestationNoteResponse: A note describing a dsse attestation note.
expirationTime string: Time of expiration for this note, null if note does not expire.
kind string: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
longDescription string: A detailed description of this Note.
name string: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
package PackageResponse: A note describing a package hosted by various package managers.
relatedUrl RelatedUrlResponse[]: URLs associated with this note
sbom DocumentNoteResponse: A note describing a software bill of materials.
sbomReference SBOMReferenceNoteResponse: A note describing a reference to an SBOM.
shortDescription string: A one sentence description of this Note.
spdxFile FileNoteResponse: A note describing an SPDX File.
spdxPackage PackageInfoNoteResponse: A note describing an SPDX Package.
spdxRelationship RelationshipNoteResponse: A note describing a relationship between SPDX elements.
updateTime string: The time this note was last updated. This field can be used as a filter in list requests.
upgrade UpgradeNoteResponse: A note describing an upgrade.
vulnerabilityAssessment VulnerabilityAssessmentNoteResponse: A note describing a vulnerability assessment.
vulnerabilityType VulnerabilityTypeResponse: A package vulnerability type of note.

attestation_authority AttestationAuthorityResponse: A note describing an attestation role.
base_image BasisResponse: A note describing a base image.
build_type BuildTypeResponse: Build provenance type for a verifiable build.
compliance ComplianceNoteResponse: A note describing a compliance check.
create_time str: The time this note was created. This field can be used as a filter in list requests.
deployable DeployableResponse: A note describing something that can be deployed.
discovery DiscoveryResponse: A note describing a provider/analysis type.
dsse_attestation DSSEAttestationNoteResponse: A note describing a dsse attestation note.
expiration_time str: Time of expiration for this note, null if note does not expire.
kind str: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
long_description str: A detailed description of this Note.
name str: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
package PackageResponse: A note describing a package hosted by various package managers.
related_url Sequence[RelatedUrlResponse]: URLs associated with this note
sbom DocumentNoteResponse: A note describing a software bill of materials.
sbom_reference SBOMReferenceNoteResponse: A note describing a reference to an SBOM.
short_description str: A one sentence description of this Note.
spdx_file FileNoteResponse: A note describing an SPDX File.
spdx_package PackageInfoNoteResponse: A note describing an SPDX Package.
spdx_relationship RelationshipNoteResponse: A note describing a relationship between SPDX elements.
update_time str: The time this note was last updated. This field can be used as a filter in list requests.
upgrade UpgradeNoteResponse: A note describing an upgrade.
vulnerability_assessment VulnerabilityAssessmentNoteResponse: A note describing a vulnerability assessment.
vulnerability_type VulnerabilityTypeResponse: A package vulnerability type of note.

attestationAuthority Property Map: A note describing an attestation role.
baseImage Property Map: A note describing a base image.
buildType Property Map: Build provenance type for a verifiable build.
compliance Property Map: A note describing a compliance check.
createTime String: The time this note was created. This field can be used as a filter in list requests.
deployable Property Map: A note describing something that can be deployed.
discovery Property Map: A note describing a provider/analysis type.
dsseAttestation Property Map: A note describing a dsse attestation note.
expirationTime String: Time of expiration for this note, null if note does not expire.
kind String: This explicitly denotes which kind of note is specified. This field can be used as a filter in list requests.
longDescription String: A detailed description of this Note.
name String: The name of the note in the form "projects/{provider_project_id}/notes/{NOTE_ID}"
package Property Map: A note describing a package hosted by various package managers.
relatedUrl List<Property Map>: URLs associated with this note
sbom Property Map: A note describing a software bill of materials.
sbomReference Property Map: A note describing a reference to an SBOM.
shortDescription String: A one sentence description of this Note.
spdxFile Property Map: A note describing an SPDX File.
spdxPackage Property Map: A note describing an SPDX Package.
spdxRelationship Property Map: A note describing a relationship between SPDX elements.
updateTime String: The time this note was last updated. This field can be used as a filter in list requests.
upgrade Property Map: A note describing an upgrade.
vulnerabilityAssessment Property Map: A note describing a vulnerability assessment.
vulnerabilityType Property Map: A package vulnerability type of note.

Supporting Types

AssessmentResponse

Cve string: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
Impacts List<string>: Contains information about the impact of this vulnerability, this will change with time.
Justification Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.JustificationResponse: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
LongDescription string: A detailed description of this Vex.
RelatedUris List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.URIResponse>: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
Remediations List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.RemediationResponse>: Specifies details on how to handle (and presumably, fix) a vulnerability.
ShortDescription string: A one sentence description of this Vex.
State string: Provides the state of this Vulnerability assessment.

Cve string: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
Impacts []string: Contains information about the impact of this vulnerability, this will change with time.
Justification JustificationResponse: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
LongDescription string: A detailed description of this Vex.
RelatedUris []URIResponse: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
Remediations []RemediationResponse: Specifies details on how to handle (and presumably, fix) a vulnerability.
ShortDescription string: A one sentence description of this Vex.
State string: Provides the state of this Vulnerability assessment.

cve String: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
impacts List<String>: Contains information about the impact of this vulnerability, this will change with time.
justification JustificationResponse: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
longDescription String: A detailed description of this Vex.
relatedUris List<URIResponse>: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
remediations List<RemediationResponse>: Specifies details on how to handle (and presumably, fix) a vulnerability.
shortDescription String: A one sentence description of this Vex.
state String: Provides the state of this Vulnerability assessment.

cve string: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
impacts string[]: Contains information about the impact of this vulnerability, this will change with time.
justification JustificationResponse: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
longDescription string: A detailed description of this Vex.
relatedUris URIResponse[]: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
remediations RemediationResponse[]: Specifies details on how to handle (and presumably, fix) a vulnerability.
shortDescription string: A one sentence description of this Vex.
state string: Provides the state of this Vulnerability assessment.

cve str: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
impacts Sequence[str]: Contains information about the impact of this vulnerability, this will change with time.
justification JustificationResponse: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
long_description str: A detailed description of this Vex.
related_uris Sequence[URIResponse]: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
remediations Sequence[RemediationResponse]: Specifies details on how to handle (and presumably, fix) a vulnerability.
short_description str: A one sentence description of this Vex.
state str: Provides the state of this Vulnerability assessment.

cve String: Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
impacts List<String>: Contains information about the impact of this vulnerability, this will change with time.
justification Property Map: Justification provides the justification when the state of the assessment if NOT_AFFECTED.
longDescription String: A detailed description of this Vex.
relatedUris List<Property Map>: Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
remediations List<Property Map>: Specifies details on how to handle (and presumably, fix) a vulnerability.
shortDescription String: A one sentence description of this Vex.
state String: Provides the state of this Vulnerability assessment.

AttestationAuthorityHintResponse

HumanReadableName string: The human readable name of this Attestation Authority, for example "qa".

HumanReadableName string: The human readable name of this Attestation Authority, for example "qa".

humanReadableName String: The human readable name of this Attestation Authority, for example "qa".

humanReadableName string: The human readable name of this Attestation Authority, for example "qa".

human_readable_name str: The human readable name of this Attestation Authority, for example "qa".

humanReadableName String: The human readable name of this Attestation Authority, for example "qa".

AttestationAuthorityResponse

Hint Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.AttestationAuthorityHintResponse

Hint AttestationAuthorityHintResponse

hint AttestationAuthorityHintResponse

hint AttestationAuthorityHintResponse

hint AttestationAuthorityHintResponse

hint Property Map

BasisResponse

Fingerprint Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.FingerprintResponse: The fingerprint of the base image.
ResourceUrl string: The resource_url for the resource representing the basis of associated occurrence images.

Fingerprint FingerprintResponse: The fingerprint of the base image.
ResourceUrl string: The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse: The fingerprint of the base image.
resourceUrl String: The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse: The fingerprint of the base image.
resourceUrl string: The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse: The fingerprint of the base image.
resource_url str: The resource_url for the resource representing the basis of associated occurrence images.

fingerprint Property Map: The fingerprint of the base image.
resourceUrl String: The resource_url for the resource representing the basis of associated occurrence images.

BuildSignatureResponse

KeyId string: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
KeyType string: The type of the key, either stored in public_key or referenced in key_id
PublicKey string: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
Signature string: Signature of the related BuildProvenance, encoded in a base64 string.

KeyId string: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
KeyType string: The type of the key, either stored in public_key or referenced in key_id
PublicKey string: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
Signature string: Signature of the related BuildProvenance, encoded in a base64 string.

keyId String: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
keyType String: The type of the key, either stored in public_key or referenced in key_id
publicKey String: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
signature String: Signature of the related BuildProvenance, encoded in a base64 string.

keyId string: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
keyType string: The type of the key, either stored in public_key or referenced in key_id
publicKey string: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
signature string: Signature of the related BuildProvenance, encoded in a base64 string.

key_id str: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
key_type str: The type of the key, either stored in public_key or referenced in key_id
public_key str: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
signature str: Signature of the related BuildProvenance, encoded in a base64 string.

keyId String: An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
keyType String: The type of the key, either stored in public_key or referenced in key_id
publicKey String: Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
signature String: Signature of the related BuildProvenance, encoded in a base64 string.

BuildTypeResponse

BuilderVersion string: Version of the builder which produced this Note.
Signature Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.BuildSignatureResponse: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

BuilderVersion string: Version of the builder which produced this Note.
Signature BuildSignatureResponse: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

builderVersion String: Version of the builder which produced this Note.
signature BuildSignatureResponse: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

builderVersion string: Version of the builder which produced this Note.
signature BuildSignatureResponse: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

builder_version str: Version of the builder which produced this Note.
signature BuildSignatureResponse: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

builderVersion String: Version of the builder which produced this Note.
signature Property Map: Signature of the build in Occurrences pointing to the Note containing this BuilderDetails.

CVSSResponse

AttackComplexity string: Defined in CVSS v3, CVSS v2
AttackVector string: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
Authentication string: Defined in CVSS v2
AvailabilityImpact string: Defined in CVSS v3, CVSS v2
BaseScore double: The base score is a function of the base metric scores.
ConfidentialityImpact string: Defined in CVSS v3, CVSS v2
ExploitabilityScore double
ImpactScore double
IntegrityImpact string: Defined in CVSS v3, CVSS v2
PrivilegesRequired string: Defined in CVSS v3
Scope string: Defined in CVSS v3
UserInteraction string: Defined in CVSS v3

AttackComplexity string: Defined in CVSS v3, CVSS v2
AttackVector string: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
Authentication string: Defined in CVSS v2
AvailabilityImpact string: Defined in CVSS v3, CVSS v2
BaseScore float64: The base score is a function of the base metric scores.
ConfidentialityImpact string: Defined in CVSS v3, CVSS v2
ExploitabilityScore float64
ImpactScore float64
IntegrityImpact string: Defined in CVSS v3, CVSS v2
PrivilegesRequired string: Defined in CVSS v3
Scope string: Defined in CVSS v3
UserInteraction string: Defined in CVSS v3

attackComplexity String: Defined in CVSS v3, CVSS v2
attackVector String: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
authentication String: Defined in CVSS v2
availabilityImpact String: Defined in CVSS v3, CVSS v2
baseScore Double: The base score is a function of the base metric scores.
confidentialityImpact String: Defined in CVSS v3, CVSS v2
exploitabilityScore Double
impactScore Double
integrityImpact String: Defined in CVSS v3, CVSS v2
privilegesRequired String: Defined in CVSS v3
scope String: Defined in CVSS v3
userInteraction String: Defined in CVSS v3

attackComplexity string: Defined in CVSS v3, CVSS v2
attackVector string: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
authentication string: Defined in CVSS v2
availabilityImpact string: Defined in CVSS v3, CVSS v2
baseScore number: The base score is a function of the base metric scores.
confidentialityImpact string: Defined in CVSS v3, CVSS v2
exploitabilityScore number
impactScore number
integrityImpact string: Defined in CVSS v3, CVSS v2
privilegesRequired string: Defined in CVSS v3
scope string: Defined in CVSS v3
userInteraction string: Defined in CVSS v3

attack_complexity str: Defined in CVSS v3, CVSS v2
attack_vector str: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
authentication str: Defined in CVSS v2
availability_impact str: Defined in CVSS v3, CVSS v2
base_score float: The base score is a function of the base metric scores.
confidentiality_impact str: Defined in CVSS v3, CVSS v2
exploitability_score float
impact_score float
integrity_impact str: Defined in CVSS v3, CVSS v2
privileges_required str: Defined in CVSS v3
scope str: Defined in CVSS v3
user_interaction str: Defined in CVSS v3

attackComplexity String: Defined in CVSS v3, CVSS v2
attackVector String: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
authentication String: Defined in CVSS v2
availabilityImpact String: Defined in CVSS v3, CVSS v2
baseScore Number: The base score is a function of the base metric scores.
confidentialityImpact String: Defined in CVSS v3, CVSS v2
exploitabilityScore Number
impactScore Number
integrityImpact String: Defined in CVSS v3, CVSS v2
privilegesRequired String: Defined in CVSS v3
scope String: Defined in CVSS v3
userInteraction String: Defined in CVSS v3

CisBenchmarkResponse

ProfileLevel int: The profile level of this CIS benchmark check.
Severity string: The severity level of this CIS benchmark check.

ProfileLevel int: The profile level of this CIS benchmark check.
Severity string: The severity level of this CIS benchmark check.

profileLevel Integer: The profile level of this CIS benchmark check.
severity String: The severity level of this CIS benchmark check.

profileLevel number: The profile level of this CIS benchmark check.
severity string: The severity level of this CIS benchmark check.

profile_level int: The profile level of this CIS benchmark check.
severity str: The severity level of this CIS benchmark check.

profileLevel Number: The profile level of this CIS benchmark check.
severity String: The severity level of this CIS benchmark check.

ComplianceNoteResponse

CisBenchmark Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.CisBenchmarkResponse: Right now we only have one compliance type, but we may add additional types in the future.
Description string: A description about this compliance check.
Rationale string: A rationale for the existence of this compliance check.
Remediation string: A description of remediation steps if the compliance check fails.
ScanInstructions string: Serialized scan instructions with a predefined format.
Title string: The title that identifies this compliance check.
Version List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.ComplianceVersionResponse>: The OS and config versions the benchmark applies to.

CisBenchmark CisBenchmarkResponse: Right now we only have one compliance type, but we may add additional types in the future.
Description string: A description about this compliance check.
Rationale string: A rationale for the existence of this compliance check.
Remediation string: A description of remediation steps if the compliance check fails.
ScanInstructions string: Serialized scan instructions with a predefined format.
Title string: The title that identifies this compliance check.
Version []ComplianceVersionResponse: The OS and config versions the benchmark applies to.

cisBenchmark CisBenchmarkResponse: Right now we only have one compliance type, but we may add additional types in the future.
description String: A description about this compliance check.
rationale String: A rationale for the existence of this compliance check.
remediation String: A description of remediation steps if the compliance check fails.
scanInstructions String: Serialized scan instructions with a predefined format.
title String: The title that identifies this compliance check.
version List<ComplianceVersionResponse>: The OS and config versions the benchmark applies to.

cisBenchmark CisBenchmarkResponse: Right now we only have one compliance type, but we may add additional types in the future.
description string: A description about this compliance check.
rationale string: A rationale for the existence of this compliance check.
remediation string: A description of remediation steps if the compliance check fails.
scanInstructions string: Serialized scan instructions with a predefined format.
title string: The title that identifies this compliance check.
version ComplianceVersionResponse[]: The OS and config versions the benchmark applies to.

cis_benchmark CisBenchmarkResponse: Right now we only have one compliance type, but we may add additional types in the future.
description str: A description about this compliance check.
rationale str: A rationale for the existence of this compliance check.
remediation str: A description of remediation steps if the compliance check fails.
scan_instructions str: Serialized scan instructions with a predefined format.
title str: The title that identifies this compliance check.
version Sequence[ComplianceVersionResponse]: The OS and config versions the benchmark applies to.

cisBenchmark Property Map: Right now we only have one compliance type, but we may add additional types in the future.
description String: A description about this compliance check.
rationale String: A rationale for the existence of this compliance check.
remediation String: A description of remediation steps if the compliance check fails.
scanInstructions String: Serialized scan instructions with a predefined format.
title String: The title that identifies this compliance check.
version List<Property Map>: The OS and config versions the benchmark applies to.

ComplianceVersionResponse

BenchmarkDocument string: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
CpeUri string: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
Version string: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

BenchmarkDocument string: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
CpeUri string: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
Version string: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

benchmarkDocument String: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
cpeUri String: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
version String: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

benchmarkDocument string: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
cpeUri string: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
version string: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

benchmark_document str: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
cpe_uri str: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
version str: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

benchmarkDocument String: The name of the document that defines this benchmark, e.g. "CIS Container-Optimized OS".
cpeUri String: The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
version String: The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.

DSSEAttestationNoteResponse

Hint Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.DSSEHintResponse: DSSEHint hints at the purpose of the attestation authority.

Hint DSSEHintResponse: DSSEHint hints at the purpose of the attestation authority.

hint DSSEHintResponse: DSSEHint hints at the purpose of the attestation authority.

hint DSSEHintResponse: DSSEHint hints at the purpose of the attestation authority.

hint DSSEHintResponse: DSSEHint hints at the purpose of the attestation authority.

hint Property Map: DSSEHint hints at the purpose of the attestation authority.

DSSEHintResponse

HumanReadableName string: The human readable name of this attestation authority, for example "cloudbuild-prod".

HumanReadableName string: The human readable name of this attestation authority, for example "cloudbuild-prod".

humanReadableName String: The human readable name of this attestation authority, for example "cloudbuild-prod".

humanReadableName string: The human readable name of this attestation authority, for example "cloudbuild-prod".

human_readable_name str: The human readable name of this attestation authority, for example "cloudbuild-prod".

humanReadableName String: The human readable name of this attestation authority, for example "cloudbuild-prod".

DeployableResponse

ResourceUri List<string>: Resource URI for the artifact being deployed.

ResourceUri []string: Resource URI for the artifact being deployed.

resourceUri List<String>: Resource URI for the artifact being deployed.

resourceUri string[]: Resource URI for the artifact being deployed.

resource_uri Sequence[str]: Resource URI for the artifact being deployed.

resourceUri List<String>: Resource URI for the artifact being deployed.

DetailResponse

CpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
Description string: A vendor-specific description of this note.
FixedLocation Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VulnerabilityLocationResponse: The fix for this specific package version.
IsObsolete bool: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
MaxAffectedVersion Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: The max version of the package in which the vulnerability exists.
MinAffectedVersion Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: The min version of the package in which the vulnerability exists.
Package string: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
PackageType string: The type of package; whether native or non native(ruby gems, node.js packages etc)
SeverityName string: The severity (eg: distro assigned severity) for this vulnerability.
Source string: The source from which the information in this Detail was obtained.
Vendor string: The vendor of the product. e.g. "google"

CpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
Description string: A vendor-specific description of this note.
FixedLocation VulnerabilityLocationResponse: The fix for this specific package version.
IsObsolete bool: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
MaxAffectedVersion VersionResponse: The max version of the package in which the vulnerability exists.
MinAffectedVersion VersionResponse: The min version of the package in which the vulnerability exists.
Package string: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
PackageType string: The type of package; whether native or non native(ruby gems, node.js packages etc)
SeverityName string: The severity (eg: distro assigned severity) for this vulnerability.
Source string: The source from which the information in this Detail was obtained.
Vendor string: The vendor of the product. e.g. "google"

cpeUri String: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
description String: A vendor-specific description of this note.
fixedLocation VulnerabilityLocationResponse: The fix for this specific package version.
isObsolete Boolean: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
maxAffectedVersion VersionResponse: The max version of the package in which the vulnerability exists.
minAffectedVersion VersionResponse: The min version of the package in which the vulnerability exists.
packageType String: The type of package; whether native or non native(ruby gems, node.js packages etc)
package_ String: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
severityName String: The severity (eg: distro assigned severity) for this vulnerability.
source String: The source from which the information in this Detail was obtained.
vendor String: The vendor of the product. e.g. "google"

cpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
description string: A vendor-specific description of this note.
fixedLocation VulnerabilityLocationResponse: The fix for this specific package version.
isObsolete boolean: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
maxAffectedVersion VersionResponse: The max version of the package in which the vulnerability exists.
minAffectedVersion VersionResponse: The min version of the package in which the vulnerability exists.
package string: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
packageType string: The type of package; whether native or non native(ruby gems, node.js packages etc)
severityName string: The severity (eg: distro assigned severity) for this vulnerability.
source string: The source from which the information in this Detail was obtained.
vendor string: The vendor of the product. e.g. "google"

cpe_uri str: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
description str: A vendor-specific description of this note.
fixed_location VulnerabilityLocationResponse: The fix for this specific package version.
is_obsolete bool: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
max_affected_version VersionResponse: The max version of the package in which the vulnerability exists.
min_affected_version VersionResponse: The min version of the package in which the vulnerability exists.
package str: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
package_type str: The type of package; whether native or non native(ruby gems, node.js packages etc)
severity_name str: The severity (eg: distro assigned severity) for this vulnerability.
source str: The source from which the information in this Detail was obtained.
vendor str: The vendor of the product. e.g. "google"

cpeUri String: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
description String: A vendor-specific description of this note.
fixedLocation Property Map: The fix for this specific package version.
isObsolete Boolean: Whether this Detail is obsolete. Occurrences are expected not to point to obsolete details.
maxAffectedVersion Property Map: The max version of the package in which the vulnerability exists.
minAffectedVersion Property Map: The min version of the package in which the vulnerability exists.
package String: The name of the package where the vulnerability was found. This field can be used as a filter in list requests.
packageType String: The type of package; whether native or non native(ruby gems, node.js packages etc)
severityName String: The severity (eg: distro assigned severity) for this vulnerability.
source String: The source from which the information in this Detail was obtained.
vendor String: The vendor of the product. e.g. "google"

DigestResponse

Algo string: SHA1, SHA512 etc.
DigestBytes string: Value of the digest.

Algo string: SHA1, SHA512 etc.
DigestBytes string: Value of the digest.

algo String: SHA1, SHA512 etc.
digestBytes String: Value of the digest.

algo string: SHA1, SHA512 etc.
digestBytes string: Value of the digest.

algo str: SHA1, SHA512 etc.
digest_bytes str: Value of the digest.

algo String: SHA1, SHA512 etc.
digestBytes String: Value of the digest.

DiscoveryResponse

AnalysisKind string: The kind of analysis that is handled by this discovery.

AnalysisKind string: The kind of analysis that is handled by this discovery.

analysisKind String: The kind of analysis that is handled by this discovery.

analysisKind string: The kind of analysis that is handled by this discovery.

analysis_kind str: The kind of analysis that is handled by this discovery.

analysisKind String: The kind of analysis that is handled by this discovery.

DistributionResponse

Architecture string: The CPU architecture for which packages in this distribution channel were built
CpeUri string: The cpe_uri in cpe format denoting the package manager version distributing a package.
Description string: The distribution channel-specific description of this package.
LatestVersion Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: The latest available version of this package in this distribution channel.
Maintainer string: A freeform string denoting the maintainer of this package.
Url string: The distribution channel-specific homepage for this package.

Architecture string: The CPU architecture for which packages in this distribution channel were built
CpeUri string: The cpe_uri in cpe format denoting the package manager version distributing a package.
Description string: The distribution channel-specific description of this package.
LatestVersion VersionResponse: The latest available version of this package in this distribution channel.
Maintainer string: A freeform string denoting the maintainer of this package.
Url string: The distribution channel-specific homepage for this package.

architecture String: The CPU architecture for which packages in this distribution channel were built
cpeUri String: The cpe_uri in cpe format denoting the package manager version distributing a package.
description String: The distribution channel-specific description of this package.
latestVersion VersionResponse: The latest available version of this package in this distribution channel.
maintainer String: A freeform string denoting the maintainer of this package.
url String: The distribution channel-specific homepage for this package.

architecture string: The CPU architecture for which packages in this distribution channel were built
cpeUri string: The cpe_uri in cpe format denoting the package manager version distributing a package.
description string: The distribution channel-specific description of this package.
latestVersion VersionResponse: The latest available version of this package in this distribution channel.
maintainer string: A freeform string denoting the maintainer of this package.
url string: The distribution channel-specific homepage for this package.

architecture str: The CPU architecture for which packages in this distribution channel were built
cpe_uri str: The cpe_uri in cpe format denoting the package manager version distributing a package.
description str: The distribution channel-specific description of this package.
latest_version VersionResponse: The latest available version of this package in this distribution channel.
maintainer str: A freeform string denoting the maintainer of this package.
url str: The distribution channel-specific homepage for this package.

architecture String: The CPU architecture for which packages in this distribution channel were built
cpeUri String: The cpe_uri in cpe format denoting the package manager version distributing a package.
description String: The distribution channel-specific description of this package.
latestVersion Property Map: The latest available version of this package in this distribution channel.
maintainer String: A freeform string denoting the maintainer of this package.
url String: The distribution channel-specific homepage for this package.

DocumentNoteResponse

DataLicence string: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
SpdxVersion string: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

DataLicence string: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
SpdxVersion string: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence String: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
spdxVersion String: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence string: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
spdxVersion string: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

data_licence str: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
spdx_version str: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence String: Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
spdxVersion String: Provide a reference number that can be used to understand how to parse and interpret the rest of the file

ExternalRefResponse

Category string: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
Comment string: Human-readable information about the purpose and target of the reference
Locator string: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
Type string: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

Category string: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
Comment string: Human-readable information about the purpose and target of the reference
Locator string: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
Type string: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category String: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
comment String: Human-readable information about the purpose and target of the reference
locator String: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
type String: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category string: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
comment string: Human-readable information about the purpose and target of the reference
locator string: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
type string: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category str: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
comment str: Human-readable information about the purpose and target of the reference
locator str: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
type str: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category String: An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
comment String: Human-readable information about the purpose and target of the reference
locator String: The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
type String: Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

FileLocationResponse

FilePath string: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

FilePath string: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

filePath String: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

filePath string: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

file_path str: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

filePath String: For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.

FileNoteResponse

Checksum List<string>: Provide a unique identifier to match analysis information on each specific file in a package
FileType string: This field provides information about the type of file identified
Title string: Identify the full path and filename that corresponds to the file information in this section

Checksum []string: Provide a unique identifier to match analysis information on each specific file in a package
FileType string: This field provides information about the type of file identified
Title string: Identify the full path and filename that corresponds to the file information in this section

checksum List<String>: Provide a unique identifier to match analysis information on each specific file in a package
fileType String: This field provides information about the type of file identified
title String: Identify the full path and filename that corresponds to the file information in this section

checksum string[]: Provide a unique identifier to match analysis information on each specific file in a package
fileType string: This field provides information about the type of file identified
title string: Identify the full path and filename that corresponds to the file information in this section

checksum Sequence[str]: Provide a unique identifier to match analysis information on each specific file in a package
file_type str: This field provides information about the type of file identified
title str: Identify the full path and filename that corresponds to the file information in this section

checksum List<String>: Provide a unique identifier to match analysis information on each specific file in a package
fileType String: This field provides information about the type of file identified
title String: Identify the full path and filename that corresponds to the file information in this section

FingerprintResponse

V1Name string: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
V2Blob List<string>: The ordered list of v2 blobs that represent a given image.
V2Name string: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

V1Name string: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
V2Blob []string: The ordered list of v2 blobs that represent a given image.
V2Name string: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

v1Name String: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
v2Blob List<String>: The ordered list of v2 blobs that represent a given image.
v2Name String: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

v1Name string: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
v2Blob string[]: The ordered list of v2 blobs that represent a given image.
v2Name string: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

v1_name str: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
v2_blob Sequence[str]: The ordered list of v2 blobs that represent a given image.
v2_name str: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

v1Name String: The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
v2Blob List<String>: The ordered list of v2 blobs that represent a given image.
v2Name String: The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.

IdentifierHelperResponse

Field string: The field that is set in the API proto.
GenericUri string: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

Field string: The field that is set in the API proto.
GenericUri string: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

field String: The field that is set in the API proto.
genericUri String: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

field string: The field that is set in the API proto.
genericUri string: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

field str: The field that is set in the API proto.
generic_uri str: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

field String: The field that is set in the API proto.
genericUri String: Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.

JustificationResponse

Details string: Additional details on why this justification was chosen.
JustificationType string: The justification type for this vulnerability.

Details string: Additional details on why this justification was chosen.
JustificationType string: The justification type for this vulnerability.

details String: Additional details on why this justification was chosen.
justificationType String: The justification type for this vulnerability.

details string: Additional details on why this justification was chosen.
justificationType string: The justification type for this vulnerability.

details str: Additional details on why this justification was chosen.
justification_type str: The justification type for this vulnerability.

details String: Additional details on why this justification was chosen.
justificationType String: The justification type for this vulnerability.

LicenseResponse

Comments string: Comments
Expression string: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

Comments string: Comments
Expression string: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments String: Comments
expression String: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments string: Comments
expression string: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments str: Comments
expression str: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments String: Comments
expression String: Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

PackageInfoNoteResponse

Analyzed bool: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
Attribution string: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
Checksum string: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
Copyright string: Identify the copyright holders of the package, as well as any dates present
DetailedDescription string: A more detailed description of the package
DownloadLocation string: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
ExternalRefs List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.ExternalRefResponse>: ExternalRef
FilesLicenseInfo List<string>: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
HomePage string: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
LicenseDeclared Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.LicenseResponse: List the licenses that have been declared by the authors of the package
Originator string: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
PackageType string: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
SummaryDescription string: A short description of the package
Supplier string: Identify the actual distribution source for the package/directory identified in the SPDX file
Title string: Identify the full name of the package as given by the Package Originator
VerificationCode string: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
Version string: Identify the version of the package

Analyzed bool: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
Attribution string: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
Checksum string: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
Copyright string: Identify the copyright holders of the package, as well as any dates present
DetailedDescription string: A more detailed description of the package
DownloadLocation string: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
ExternalRefs []ExternalRefResponse: ExternalRef
FilesLicenseInfo []string: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
HomePage string: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
LicenseDeclared LicenseResponse: List the licenses that have been declared by the authors of the package
Originator string: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
PackageType string: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
SummaryDescription string: A short description of the package
Supplier string: Identify the actual distribution source for the package/directory identified in the SPDX file
Title string: Identify the full name of the package as given by the Package Originator
VerificationCode string: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
Version string: Identify the version of the package

analyzed Boolean: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
attribution String: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
checksum String: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
copyright String: Identify the copyright holders of the package, as well as any dates present
detailedDescription String: A more detailed description of the package
downloadLocation String: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
externalRefs List<ExternalRefResponse>: ExternalRef
filesLicenseInfo List<String>: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
homePage String: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
licenseDeclared LicenseResponse: List the licenses that have been declared by the authors of the package
originator String: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
packageType String: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
summaryDescription String: A short description of the package
supplier String: Identify the actual distribution source for the package/directory identified in the SPDX file
title String: Identify the full name of the package as given by the Package Originator
verificationCode String: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
version String: Identify the version of the package

analyzed boolean: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
attribution string: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
checksum string: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
copyright string: Identify the copyright holders of the package, as well as any dates present
detailedDescription string: A more detailed description of the package
downloadLocation string: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
externalRefs ExternalRefResponse[]: ExternalRef
filesLicenseInfo string[]: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
homePage string: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
licenseDeclared LicenseResponse: List the licenses that have been declared by the authors of the package
originator string: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
packageType string: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
summaryDescription string: A short description of the package
supplier string: Identify the actual distribution source for the package/directory identified in the SPDX file
title string: Identify the full name of the package as given by the Package Originator
verificationCode string: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
version string: Identify the version of the package

analyzed bool: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
attribution str: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
checksum str: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
copyright str: Identify the copyright holders of the package, as well as any dates present
detailed_description str: A more detailed description of the package
download_location str: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
external_refs Sequence[ExternalRefResponse]: ExternalRef
files_license_info Sequence[str]: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
home_page str: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
license_declared LicenseResponse: List the licenses that have been declared by the authors of the package
originator str: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
package_type str: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
summary_description str: A short description of the package
supplier str: Identify the actual distribution source for the package/directory identified in the SPDX file
title str: Identify the full name of the package as given by the Package Originator
verification_code str: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
version str: Identify the version of the package

analyzed Boolean: Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
attribution String: A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
checksum String: Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
copyright String: Identify the copyright holders of the package, as well as any dates present
detailedDescription String: A more detailed description of the package
downloadLocation String: This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
externalRefs List<Property Map>: ExternalRef
filesLicenseInfo List<String>: Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
homePage String: Provide a place for the SPDX file creator to record a web site that serves as the package's home page
licenseDeclared Property Map: List the licenses that have been declared by the authors of the package
originator String: If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
packageType String: The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
summaryDescription String: A short description of the package
supplier String: Identify the actual distribution source for the package/directory identified in the SPDX file
title String: Identify the full name of the package as given by the Package Originator
verificationCode String: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
version String: Identify the version of the package

PackageResponse

Architecture string: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
CpeUri string: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
Description string: The description of this package.
Digest List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.DigestResponse>: Hash value, typically a file digest, that allows unique identification a specific package.
Distribution List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.DistributionResponse>: The various channels by which a package is distributed.
License Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.LicenseResponse: Licenses that have been declared by the authors of the package.
Maintainer string: A freeform text denoting the maintainer of this package.
Name string: The name of the package.
PackageType string: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
Url string: The homepage for this package.
Version Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: The version of the package.

Architecture string: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
CpeUri string: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
Description string: The description of this package.
Digest []DigestResponse: Hash value, typically a file digest, that allows unique identification a specific package.
Distribution []DistributionResponse: The various channels by which a package is distributed.
License LicenseResponse: Licenses that have been declared by the authors of the package.
Maintainer string: A freeform text denoting the maintainer of this package.
Name string: The name of the package.
PackageType string: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
Url string: The homepage for this package.
Version VersionResponse: The version of the package.

architecture String: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
cpeUri String: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
description String: The description of this package.
digest List<DigestResponse>: Hash value, typically a file digest, that allows unique identification a specific package.
distribution List<DistributionResponse>: The various channels by which a package is distributed.
license LicenseResponse: Licenses that have been declared by the authors of the package.
maintainer String: A freeform text denoting the maintainer of this package.
name String: The name of the package.
packageType String: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
url String: The homepage for this package.
version VersionResponse: The version of the package.

architecture string: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
cpeUri string: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
description string: The description of this package.
digest DigestResponse[]: Hash value, typically a file digest, that allows unique identification a specific package.
distribution DistributionResponse[]: The various channels by which a package is distributed.
license LicenseResponse: Licenses that have been declared by the authors of the package.
maintainer string: A freeform text denoting the maintainer of this package.
name string: The name of the package.
packageType string: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
url string: The homepage for this package.
version VersionResponse: The version of the package.

architecture str: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
cpe_uri str: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
description str: The description of this package.
digest Sequence[DigestResponse]: Hash value, typically a file digest, that allows unique identification a specific package.
distribution Sequence[DistributionResponse]: The various channels by which a package is distributed.
license LicenseResponse: Licenses that have been declared by the authors of the package.
maintainer str: A freeform text denoting the maintainer of this package.
name str: The name of the package.
package_type str: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
url str: The homepage for this package.
version VersionResponse: The version of the package.

architecture String: The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
cpeUri String: The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
description String: The description of this package.
digest List<Property Map>: Hash value, typically a file digest, that allows unique identification a specific package.
distribution List<Property Map>: The various channels by which a package is distributed.
license Property Map: Licenses that have been declared by the authors of the package.
maintainer String: A freeform text denoting the maintainer of this package.
name String: The name of the package.
packageType String: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
url String: The homepage for this package.
version Property Map: The version of the package.

ProductResponse

IdentifierHelper Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.IdentifierHelperResponse: Helps in identifying the underlying product.
Name string: Name of the product.

IdentifierHelper IdentifierHelperResponse: Helps in identifying the underlying product.
Name string: Name of the product.

identifierHelper IdentifierHelperResponse: Helps in identifying the underlying product.
name String: Name of the product.

identifierHelper IdentifierHelperResponse: Helps in identifying the underlying product.
name string: Name of the product.

identifier_helper IdentifierHelperResponse: Helps in identifying the underlying product.
name str: Name of the product.

identifierHelper Property Map: Helps in identifying the underlying product.
name String: Name of the product.

PublisherResponse

IssuingAuthority string: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
Name string: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
PublisherNamespace string: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

IssuingAuthority string: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
Name string: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
PublisherNamespace string: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

issuingAuthority String: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
name String: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
publisherNamespace String: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

issuingAuthority string: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
name string: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
publisherNamespace string: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

issuing_authority str: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
name str: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
publisher_namespace str: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

issuingAuthority String: Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
name String: Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
publisherNamespace String: The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io

RelatedUrlResponse

Label string: Label to describe usage of the URL
Url string: Specific URL to associate with the note

Label string: Label to describe usage of the URL
Url string: Specific URL to associate with the note

label String: Label to describe usage of the URL
url String: Specific URL to associate with the note

label string: Label to describe usage of the URL
url string: Specific URL to associate with the note

label str: Label to describe usage of the URL
url str: Specific URL to associate with the note

label String: Label to describe usage of the URL
url String: Specific URL to associate with the note

RelationshipNoteResponse

Type string: The type of relationship between the source and target SPDX elements

Type string: The type of relationship between the source and target SPDX elements

type String: The type of relationship between the source and target SPDX elements

type string: The type of relationship between the source and target SPDX elements

type str: The type of relationship between the source and target SPDX elements

type String: The type of relationship between the source and target SPDX elements

RemediationResponse

Details string: Contains a comprehensive human-readable discussion of the remediation.
RemediationType string: The type of remediation that can be applied.
RemediationUri Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.URIResponse: Contains the URL where to obtain the remediation.

Details string: Contains a comprehensive human-readable discussion of the remediation.
RemediationType string: The type of remediation that can be applied.
RemediationUri URIResponse: Contains the URL where to obtain the remediation.

details String: Contains a comprehensive human-readable discussion of the remediation.
remediationType String: The type of remediation that can be applied.
remediationUri URIResponse: Contains the URL where to obtain the remediation.

details string: Contains a comprehensive human-readable discussion of the remediation.
remediationType string: The type of remediation that can be applied.
remediationUri URIResponse: Contains the URL where to obtain the remediation.

details str: Contains a comprehensive human-readable discussion of the remediation.
remediation_type str: The type of remediation that can be applied.
remediation_uri URIResponse: Contains the URL where to obtain the remediation.

details String: Contains a comprehensive human-readable discussion of the remediation.
remediationType String: The type of remediation that can be applied.
remediationUri Property Map: Contains the URL where to obtain the remediation.

SBOMReferenceNoteResponse

Format string: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
Version string: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

Format string: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
Version string: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

format String: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
version String: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

format string: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
version string: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

format str: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
version str: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

format String: The format that SBOM takes. E.g. may be spdx, cyclonedx, etc...
version String: The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3.

URIResponse

Label string: A label for the URI.
Uri string: The unique resource identifier.

Label string: A label for the URI.
Uri string: The unique resource identifier.

label String: A label for the URI.
uri String: The unique resource identifier.

label string: A label for the URI.
uri string: The unique resource identifier.

label str: A label for the URI.
uri str: The unique resource identifier.

label String: A label for the URI.
uri String: The unique resource identifier.

UpgradeDistributionResponse

Classification string: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
CpeUri string: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
Cve List<string>: The cve that would be resolved by this upgrade.
Severity string: The severity as specified by the upstream operating system.

Classification string: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
CpeUri string: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
Cve []string: The cve that would be resolved by this upgrade.
Severity string: The severity as specified by the upstream operating system.

classification String: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
cpeUri String: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
cve List<String>: The cve that would be resolved by this upgrade.
severity String: The severity as specified by the upstream operating system.

classification string: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
cpeUri string: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
cve string[]: The cve that would be resolved by this upgrade.
severity string: The severity as specified by the upstream operating system.

classification str: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
cpe_uri str: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
cve Sequence[str]: The cve that would be resolved by this upgrade.
severity str: The severity as specified by the upstream operating system.

classification String: The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
cpeUri String: Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
cve List<String>: The cve that would be resolved by this upgrade.
severity String: The severity as specified by the upstream operating system.

UpgradeNoteResponse

Distributions List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.UpgradeDistributionResponse>: Metadata about the upgrade for each specific operating system.
Package string: Required - The package this Upgrade is for.
Version Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: Required - The version of the package in machine + human readable form.

Distributions []UpgradeDistributionResponse: Metadata about the upgrade for each specific operating system.
Package string: Required - The package this Upgrade is for.
Version VersionResponse: Required - The version of the package in machine + human readable form.

distributions List<UpgradeDistributionResponse>: Metadata about the upgrade for each specific operating system.
package_ String: Required - The package this Upgrade is for.
version VersionResponse: Required - The version of the package in machine + human readable form.

distributions UpgradeDistributionResponse[]: Metadata about the upgrade for each specific operating system.
package string: Required - The package this Upgrade is for.
version VersionResponse: Required - The version of the package in machine + human readable form.

distributions Sequence[UpgradeDistributionResponse]: Metadata about the upgrade for each specific operating system.
package str: Required - The package this Upgrade is for.
version VersionResponse: Required - The version of the package in machine + human readable form.

distributions List<Property Map>: Metadata about the upgrade for each specific operating system.
package String: Required - The package this Upgrade is for.
version Property Map: Required - The version of the package in machine + human readable form.

VersionResponse

Epoch int: Used to correct mistakes in the version numbering scheme.
Inclusive bool: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
Kind string: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
Name string: The main part of the version name.
Revision string: The iteration of the package build from the above version.

Epoch int: Used to correct mistakes in the version numbering scheme.
Inclusive bool: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
Kind string: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
Name string: The main part of the version name.
Revision string: The iteration of the package build from the above version.

epoch Integer: Used to correct mistakes in the version numbering scheme.
inclusive Boolean: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
kind String: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
name String: The main part of the version name.
revision String: The iteration of the package build from the above version.

epoch number: Used to correct mistakes in the version numbering scheme.
inclusive boolean: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
kind string: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
name string: The main part of the version name.
revision string: The iteration of the package build from the above version.

epoch int: Used to correct mistakes in the version numbering scheme.
inclusive bool: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
kind str: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
name str: The main part of the version name.
revision str: The iteration of the package build from the above version.

epoch Number: Used to correct mistakes in the version numbering scheme.
inclusive Boolean: Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
kind String: Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
name String: The main part of the version name.
revision String: The iteration of the package build from the above version.

VulnerabilityAssessmentNoteResponse

Assessment Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.AssessmentResponse: Represents a vulnerability assessment for the product.
LanguageCode string: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
LongDescription string: A detailed description of this Vex.
Product Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.ProductResponse: The product affected by this vex.
Publisher Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.PublisherResponse: Publisher details of this Note.
ShortDescription string: A one sentence description of this Vex.
Title string: The title of the note. E.g. Vex-Debian-11.4

Assessment AssessmentResponse: Represents a vulnerability assessment for the product.
LanguageCode string: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
LongDescription string: A detailed description of this Vex.
Product ProductResponse: The product affected by this vex.
Publisher PublisherResponse: Publisher details of this Note.
ShortDescription string: A one sentence description of this Vex.
Title string: The title of the note. E.g. Vex-Debian-11.4

assessment AssessmentResponse: Represents a vulnerability assessment for the product.
languageCode String: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
longDescription String: A detailed description of this Vex.
product ProductResponse: The product affected by this vex.
publisher PublisherResponse: Publisher details of this Note.
shortDescription String: A one sentence description of this Vex.
title String: The title of the note. E.g. Vex-Debian-11.4

assessment AssessmentResponse: Represents a vulnerability assessment for the product.
languageCode string: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
longDescription string: A detailed description of this Vex.
product ProductResponse: The product affected by this vex.
publisher PublisherResponse: Publisher details of this Note.
shortDescription string: A one sentence description of this Vex.
title string: The title of the note. E.g. Vex-Debian-11.4

assessment AssessmentResponse: Represents a vulnerability assessment for the product.
language_code str: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
long_description str: A detailed description of this Vex.
product ProductResponse: The product affected by this vex.
publisher PublisherResponse: Publisher details of this Note.
short_description str: A one sentence description of this Vex.
title str: The title of the note. E.g. Vex-Debian-11.4

assessment Property Map: Represents a vulnerability assessment for the product.
languageCode String: Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
longDescription String: A detailed description of this Vex.
product Property Map: The product affected by this vex.
publisher Property Map: Publisher details of this Note.
shortDescription String: A one sentence description of this Vex.
title String: The title of the note. E.g. Vex-Debian-11.4

VulnerabilityLocationResponse

CpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
FileLocation List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.FileLocationResponse>: The file location at which this package was found.
Package string: The package being described.
Version Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.VersionResponse: The version of the package being described. This field can be used as a filter in list requests.

CpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
FileLocation []FileLocationResponse: The file location at which this package was found.
Package string: The package being described.
Version VersionResponse: The version of the package being described. This field can be used as a filter in list requests.

cpeUri String: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
fileLocation List<FileLocationResponse>: The file location at which this package was found.
package_ String: The package being described.
version VersionResponse: The version of the package being described. This field can be used as a filter in list requests.

cpeUri string: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
fileLocation FileLocationResponse[]: The file location at which this package was found.
package string: The package being described.
version VersionResponse: The version of the package being described. This field can be used as a filter in list requests.

cpe_uri str: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
file_location Sequence[FileLocationResponse]: The file location at which this package was found.
package str: The package being described.
version VersionResponse: The version of the package being described. This field can be used as a filter in list requests.

cpeUri String: The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
fileLocation List<Property Map>: The file location at which this package was found.
package String: The package being described.
version Property Map: The version of the package being described. This field can be used as a filter in list requests.

VulnerabilityTypeResponse

CvssScore double: The CVSS score for this Vulnerability.
CvssV2 Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.CVSSResponse: The full description of the CVSS for version 2.
CvssVersion string: CVSS version used to populate cvss_score and severity.
Cwe List<string>: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
Details List<Pulumi.GoogleNative.ContainerAnalysis.V1Alpha1.Inputs.DetailResponse>: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
Severity string: Note provider assigned impact of the vulnerability

CvssScore float64: The CVSS score for this Vulnerability.
CvssV2 CVSSResponse: The full description of the CVSS for version 2.
CvssVersion string: CVSS version used to populate cvss_score and severity.
Cwe []string: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
Details []DetailResponse: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
Severity string: Note provider assigned impact of the vulnerability

cvssScore Double: The CVSS score for this Vulnerability.
cvssV2 CVSSResponse: The full description of the CVSS for version 2.
cvssVersion String: CVSS version used to populate cvss_score and severity.
cwe List<String>: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
details List<DetailResponse>: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
severity String: Note provider assigned impact of the vulnerability

cvssScore number: The CVSS score for this Vulnerability.
cvssV2 CVSSResponse: The full description of the CVSS for version 2.
cvssVersion string: CVSS version used to populate cvss_score and severity.
cwe string[]: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
details DetailResponse[]: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
severity string: Note provider assigned impact of the vulnerability

cvss_score float: The CVSS score for this Vulnerability.
cvss_v2 CVSSResponse: The full description of the CVSS for version 2.
cvss_version str: CVSS version used to populate cvss_score and severity.
cwe Sequence[str]: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
details Sequence[DetailResponse]: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
severity str: Note provider assigned impact of the vulnerability

cvssScore Number: The CVSS score for this Vulnerability.
cvssV2 Property Map: The full description of the CVSS for version 2.
cvssVersion String: CVSS version used to populate cvss_score and severity.
cwe List<String>: A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
details List<Property Map>: All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
severity String: Note provider assigned impact of the vulnerability

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.30.0 published on Friday, Apr 14, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.containeranalysis/v1alpha1.getNote

On this page

On this page

Using getNote

getNote Result

Supporting Types

AssessmentResponse

AttestationAuthorityHintResponse

AttestationAuthorityResponse

BasisResponse

BuildSignatureResponse

BuildTypeResponse

CVSSResponse

CisBenchmarkResponse

ComplianceNoteResponse

ComplianceVersionResponse

DSSEAttestationNoteResponse

DSSEHintResponse

DeployableResponse

DetailResponse

DigestResponse

DiscoveryResponse

DistributionResponse

DocumentNoteResponse

ExternalRefResponse

FileLocationResponse

FileNoteResponse

FingerprintResponse

IdentifierHelperResponse

JustificationResponse

LicenseResponse

PackageInfoNoteResponse

PackageResponse

ProductResponse

PublisherResponse

RelatedUrlResponse

RelationshipNoteResponse

RemediationResponse

SBOMReferenceNoteResponse

URIResponse

UpgradeDistributionResponse

UpgradeNoteResponse

VersionResponse

VulnerabilityAssessmentNoteResponse

VulnerabilityLocationResponse

VulnerabilityTypeResponse

Package Details

On this page

On this page