Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.containeranalysis/v1alpha1.getOccurrence
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Returns the requested Occurrence
.
Using getOccurrence
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOccurrence(args: GetOccurrenceArgs, opts?: InvokeOptions): Promise<GetOccurrenceResult>
function getOccurrenceOutput(args: GetOccurrenceOutputArgs, opts?: InvokeOptions): Output<GetOccurrenceResult>
def get_occurrence(occurrence_id: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetOccurrenceResult
def get_occurrence_output(occurrence_id: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetOccurrenceResult]
func LookupOccurrence(ctx *Context, args *LookupOccurrenceArgs, opts ...InvokeOption) (*LookupOccurrenceResult, error)
func LookupOccurrenceOutput(ctx *Context, args *LookupOccurrenceOutputArgs, opts ...InvokeOption) LookupOccurrenceResultOutput
> Note: This function is named LookupOccurrence
in the Go SDK.
public static class GetOccurrence
{
public static Task<GetOccurrenceResult> InvokeAsync(GetOccurrenceArgs args, InvokeOptions? opts = null)
public static Output<GetOccurrenceResult> Invoke(GetOccurrenceInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetOccurrenceResult> getOccurrence(GetOccurrenceArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: google-native:containeranalysis/v1alpha1:getOccurrence
arguments:
# arguments dictionary
The following arguments are supported:
- Occurrence
Id string - Project string
- Occurrence
Id string - Project string
- occurrence
Id String - project String
- occurrence
Id string - project string
- occurrence_
id str - project str
- occurrence
Id String - project String
getOccurrence Result
The following output properties are available:
- Attestation
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Attestation Response Describes an attestation of an artifact.
- Build
Details Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. Build Details Response Build details for a verifiable build.
- Compliance
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Compliance Occurrence Response Describes whether or not a resource passes compliance checks.
- Create
Time string The time this
Occurrence
was created.- Deployment
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Deployment Response Describes the deployment of an artifact on a runtime.
- Derived
Image Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. Derived Response Describes how this resource derives from the basis in the associated note.
- Discovered
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Discovered Response Describes the initial scan status for this resource.
- Dsse
Attestation Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. DSSEAttestation Occurrence Response This represents a DSSE attestation occurrence
- Envelope
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Envelope Response https://github.com/secure-systems-lab/dsse
- Installation
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Installation Response Describes the installation of a package on the linked resource.
- Kind string
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- Name string
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- Note
Name string An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- Remediation string
A description of actions that can be taken to remedy the
Note
- Resource
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Resource Response The resource for which the
Occurrence
applies.- Resource
Url string The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- Sbom
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Document Occurrence Response Describes a specific software bill of materials document.
- Sbom
Reference Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. SBOMReference Occurrence Response This represents an SBOM reference occurrence
- Spdx
File Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. File Occurrence Response Describes a specific SPDX File.
- Spdx
Package Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. Package Info Occurrence Response Describes a specific SPDX Package.
- Spdx
Relationship Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. Relationship Occurrence Response Describes a specific relationship between SPDX elements.
- Update
Time string The time this
Occurrence
was last updated.- Upgrade
Pulumi.
Google Native. Container Analysis. V1Alpha1. Outputs. Upgrade Occurrence Response Describes an upgrade.
- Vulnerability
Details Pulumi.Google Native. Container Analysis. V1Alpha1. Outputs. Vulnerability Details Response Details of a security vulnerability note.
- Attestation
Attestation
Response Describes an attestation of an artifact.
- Build
Details BuildDetails Response Build details for a verifiable build.
- Compliance
Compliance
Occurrence Response Describes whether or not a resource passes compliance checks.
- Create
Time string The time this
Occurrence
was created.- Deployment
Deployment
Response Describes the deployment of an artifact on a runtime.
- Derived
Image DerivedResponse Describes how this resource derives from the basis in the associated note.
- Discovered
Discovered
Response Describes the initial scan status for this resource.
- Dsse
Attestation DSSEAttestationOccurrence Response This represents a DSSE attestation occurrence
- Envelope
Envelope
Response https://github.com/secure-systems-lab/dsse
- Installation
Installation
Response Describes the installation of a package on the linked resource.
- Kind string
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- Name string
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- Note
Name string An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- Remediation string
A description of actions that can be taken to remedy the
Note
- Resource
Resource
Response The resource for which the
Occurrence
applies.- Resource
Url string The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- Sbom
Document
Occurrence Response Describes a specific software bill of materials document.
- Sbom
Reference SBOMReferenceOccurrence Response This represents an SBOM reference occurrence
- Spdx
File FileOccurrence Response Describes a specific SPDX File.
- Spdx
Package PackageInfo Occurrence Response Describes a specific SPDX Package.
- Spdx
Relationship RelationshipOccurrence Response Describes a specific relationship between SPDX elements.
- Update
Time string The time this
Occurrence
was last updated.- Upgrade
Upgrade
Occurrence Response Describes an upgrade.
- Vulnerability
Details VulnerabilityDetails Response Details of a security vulnerability note.
- attestation
Attestation
Response Describes an attestation of an artifact.
- build
Details BuildDetails Response Build details for a verifiable build.
- compliance
Compliance
Occurrence Response Describes whether or not a resource passes compliance checks.
- create
Time String The time this
Occurrence
was created.- deployment
Deployment
Response Describes the deployment of an artifact on a runtime.
- derived
Image DerivedResponse Describes how this resource derives from the basis in the associated note.
- discovered
Discovered
Response Describes the initial scan status for this resource.
- dsse
Attestation DSSEAttestationOccurrence Response This represents a DSSE attestation occurrence
- envelope
Envelope
Response https://github.com/secure-systems-lab/dsse
- installation
Installation
Response Describes the installation of a package on the linked resource.
- kind String
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- name String
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- note
Name String An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- remediation String
A description of actions that can be taken to remedy the
Note
- resource
Resource
Response The resource for which the
Occurrence
applies.- resource
Url String The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- sbom
Document
Occurrence Response Describes a specific software bill of materials document.
- sbom
Reference SBOMReferenceOccurrence Response This represents an SBOM reference occurrence
- spdx
File FileOccurrence Response Describes a specific SPDX File.
- spdx
Package PackageInfo Occurrence Response Describes a specific SPDX Package.
- spdx
Relationship RelationshipOccurrence Response Describes a specific relationship between SPDX elements.
- update
Time String The time this
Occurrence
was last updated.- upgrade
Upgrade
Occurrence Response Describes an upgrade.
- vulnerability
Details VulnerabilityDetails Response Details of a security vulnerability note.
- attestation
Attestation
Response Describes an attestation of an artifact.
- build
Details BuildDetails Response Build details for a verifiable build.
- compliance
Compliance
Occurrence Response Describes whether or not a resource passes compliance checks.
- create
Time string The time this
Occurrence
was created.- deployment
Deployment
Response Describes the deployment of an artifact on a runtime.
- derived
Image DerivedResponse Describes how this resource derives from the basis in the associated note.
- discovered
Discovered
Response Describes the initial scan status for this resource.
- dsse
Attestation DSSEAttestationOccurrence Response This represents a DSSE attestation occurrence
- envelope
Envelope
Response https://github.com/secure-systems-lab/dsse
- installation
Installation
Response Describes the installation of a package on the linked resource.
- kind string
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- name string
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- note
Name string An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- remediation string
A description of actions that can be taken to remedy the
Note
- resource
Resource
Response The resource for which the
Occurrence
applies.- resource
Url string The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- sbom
Document
Occurrence Response Describes a specific software bill of materials document.
- sbom
Reference SBOMReferenceOccurrence Response This represents an SBOM reference occurrence
- spdx
File FileOccurrence Response Describes a specific SPDX File.
- spdx
Package PackageInfo Occurrence Response Describes a specific SPDX Package.
- spdx
Relationship RelationshipOccurrence Response Describes a specific relationship between SPDX elements.
- update
Time string The time this
Occurrence
was last updated.- upgrade
Upgrade
Occurrence Response Describes an upgrade.
- vulnerability
Details VulnerabilityDetails Response Details of a security vulnerability note.
- attestation
Attestation
Response Describes an attestation of an artifact.
- build_
details BuildDetails Response Build details for a verifiable build.
- compliance
Compliance
Occurrence Response Describes whether or not a resource passes compliance checks.
- create_
time str The time this
Occurrence
was created.- deployment
Deployment
Response Describes the deployment of an artifact on a runtime.
- derived_
image DerivedResponse Describes how this resource derives from the basis in the associated note.
- discovered
Discovered
Response Describes the initial scan status for this resource.
- dsse_
attestation DSSEAttestationOccurrence Response This represents a DSSE attestation occurrence
- envelope
Envelope
Response https://github.com/secure-systems-lab/dsse
- installation
Installation
Response Describes the installation of a package on the linked resource.
- kind str
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- name str
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- note_
name str An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- remediation str
A description of actions that can be taken to remedy the
Note
- resource
Resource
Response The resource for which the
Occurrence
applies.- resource_
url str The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- sbom
Document
Occurrence Response Describes a specific software bill of materials document.
- sbom_
reference SBOMReferenceOccurrence Response This represents an SBOM reference occurrence
- spdx_
file FileOccurrence Response Describes a specific SPDX File.
- spdx_
package PackageInfo Occurrence Response Describes a specific SPDX Package.
- spdx_
relationship RelationshipOccurrence Response Describes a specific relationship between SPDX elements.
- update_
time str The time this
Occurrence
was last updated.- upgrade
Upgrade
Occurrence Response Describes an upgrade.
- vulnerability_
details VulnerabilityDetails Response Details of a security vulnerability note.
- attestation Property Map
Describes an attestation of an artifact.
- build
Details Property Map Build details for a verifiable build.
- compliance Property Map
Describes whether or not a resource passes compliance checks.
- create
Time String The time this
Occurrence
was created.- deployment Property Map
Describes the deployment of an artifact on a runtime.
- derived
Image Property Map Describes how this resource derives from the basis in the associated note.
- discovered Property Map
Describes the initial scan status for this resource.
- dsse
Attestation Property Map This represents a DSSE attestation occurrence
- envelope Property Map
https://github.com/secure-systems-lab/dsse
- installation Property Map
Describes the installation of a package on the linked resource.
- kind String
This explicitly denotes which of the
Occurrence
details are specified. This field can be used as a filter in list requests.- name String
The name of the
Occurrence
in the form "projects/{project_id}/occurrences/{OCCURRENCE_ID}"- note
Name String An analysis note associated with this image, in the form "providers/{provider_id}/notes/{NOTE_ID}" This field can be used as a filter in list requests.
- remediation String
A description of actions that can be taken to remedy the
Note
- resource Property Map
The resource for which the
Occurrence
applies.- resource
Url String The unique URL of the image or the container for which the
Occurrence
applies. For example, https://gcr.io/project/image@sha256:foo This field can be used as a filter in list requests.- sbom Property Map
Describes a specific software bill of materials document.
- sbom
Reference Property Map This represents an SBOM reference occurrence
- spdx
File Property Map Describes a specific SPDX File.
- spdx
Package Property Map Describes a specific SPDX Package.
- spdx
Relationship Property Map Describes a specific relationship between SPDX elements.
- update
Time String The time this
Occurrence
was last updated.- upgrade Property Map
Describes an upgrade.
- vulnerability
Details Property Map Details of a security vulnerability note.
Supporting Types
AnalysisCompletedResponse
- Analysis
Type List<string> type of analysis that were completed on a resource.
- Analysis
Type []string type of analysis that were completed on a resource.
- analysis
Type List<String> type of analysis that were completed on a resource.
- analysis
Type string[] type of analysis that were completed on a resource.
- analysis_
type Sequence[str] type of analysis that were completed on a resource.
- analysis
Type List<String> type of analysis that were completed on a resource.
ArtifactResponse
- Checksum string
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- Name string
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- Names List<string>
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
- Checksum string
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- Name string
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- Names []string
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
- checksum String
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- name String
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- names List<String>
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
- checksum string
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- name string
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- names string[]
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
- checksum str
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- name str
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- names Sequence[str]
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
- checksum String
Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
- name String
Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.Name of the artifact. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. This field is deprecated in favor of the pluralnames
field; it continues to exist here to allow existing BuildProvenance serialized to json in google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to deserialize back into proto.- names List<String>
Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to
docker push
. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
AttestationResponse
BuildDetailsResponse
- Intoto
Provenance Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. In Toto Provenance Response Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- Intoto
Statement Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. In Toto Statement Response In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- Provenance
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Build Provenance Response The actual provenance
- Provenance
Bytes string Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
- Intoto
Provenance InToto Provenance Response Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- Intoto
Statement InToto Statement Response In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- Provenance
Build
Provenance Response The actual provenance
- Provenance
Bytes string Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
- intoto
Provenance InToto Provenance Response Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- intoto
Statement InToto Statement Response In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- provenance
Build
Provenance Response The actual provenance
- provenance
Bytes String Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
- intoto
Provenance InToto Provenance Response Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- intoto
Statement InToto Statement Response In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- provenance
Build
Provenance Response The actual provenance
- provenance
Bytes string Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
- intoto_
provenance InToto Provenance Response Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- intoto_
statement InToto Statement Response In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- provenance
Build
Provenance Response The actual provenance
- provenance_
bytes str Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
- intoto
Provenance Property Map Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
- intoto
Statement Property Map In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
- provenance Property Map
The actual provenance
- provenance
Bytes String Serialized JSON representation of the provenance, used in generating the
BuildSignature
in the corresponding Result. After verifying the signature,provenance_bytes
can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
BuildProvenanceResponse
- Build
Options Dictionary<string, string> Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- Builder
Version string Version string of the builder at the time this build was executed.
- Built
Artifacts List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Artifact Response> Output of the build.
- Commands
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Command Response> Commands requested by the build.
- Create
Time string Time at which the build was created.
- Creator string
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- Finish
Time string Time at which execution of the build was finished.
- Logs
Bucket string Google Cloud Storage bucket where logs were written.
- Project string
ID of the project.
- Source
Provenance Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Source Response Details of the Source input to the build.
- Start
Time string Time at which execution of the build was started.
- Trigger
Id string Trigger identifier if the build was triggered automatically; empty if not.
- Build
Options map[string]string Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- Builder
Version string Version string of the builder at the time this build was executed.
- Built
Artifacts []ArtifactResponse Output of the build.
- Commands
[]Command
Response Commands requested by the build.
- Create
Time string Time at which the build was created.
- Creator string
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- Finish
Time string Time at which execution of the build was finished.
- Logs
Bucket string Google Cloud Storage bucket where logs were written.
- Project string
ID of the project.
- Source
Provenance SourceResponse Details of the Source input to the build.
- Start
Time string Time at which execution of the build was started.
- Trigger
Id string Trigger identifier if the build was triggered automatically; empty if not.
- build
Options Map<String,String> Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- builder
Version String Version string of the builder at the time this build was executed.
- built
Artifacts List<ArtifactResponse> Output of the build.
- commands
List<Command
Response> Commands requested by the build.
- create
Time String Time at which the build was created.
- creator String
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- finish
Time String Time at which execution of the build was finished.
- logs
Bucket String Google Cloud Storage bucket where logs were written.
- project String
ID of the project.
- source
Provenance SourceResponse Details of the Source input to the build.
- start
Time String Time at which execution of the build was started.
- trigger
Id String Trigger identifier if the build was triggered automatically; empty if not.
- build
Options {[key: string]: string} Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- builder
Version string Version string of the builder at the time this build was executed.
- built
Artifacts ArtifactResponse[] Output of the build.
- commands
Command
Response[] Commands requested by the build.
- create
Time string Time at which the build was created.
- creator string
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- finish
Time string Time at which execution of the build was finished.
- logs
Bucket string Google Cloud Storage bucket where logs were written.
- project string
ID of the project.
- source
Provenance SourceResponse Details of the Source input to the build.
- start
Time string Time at which execution of the build was started.
- trigger
Id string Trigger identifier if the build was triggered automatically; empty if not.
- build_
options Mapping[str, str] Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- builder_
version str Version string of the builder at the time this build was executed.
- built_
artifacts Sequence[ArtifactResponse] Output of the build.
- commands
Sequence[Command
Response] Commands requested by the build.
- create_
time str Time at which the build was created.
- creator str
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- finish_
time str Time at which execution of the build was finished.
- logs_
bucket str Google Cloud Storage bucket where logs were written.
- project str
ID of the project.
- source_
provenance SourceResponse Details of the Source input to the build.
- start_
time str Time at which execution of the build was started.
- trigger_
id str Trigger identifier if the build was triggered automatically; empty if not.
- build
Options Map<String> Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
- builder
Version String Version string of the builder at the time this build was executed.
- built
Artifacts List<Property Map> Output of the build.
- commands List<Property Map>
Commands requested by the build.
- create
Time String Time at which the build was created.
- creator String
E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
- finish
Time String Time at which execution of the build was finished.
- logs
Bucket String Google Cloud Storage bucket where logs were written.
- project String
ID of the project.
- source
Provenance Property Map Details of the Source input to the build.
- start
Time String Time at which execution of the build was started.
- trigger
Id String Trigger identifier if the build was triggered automatically; empty if not.
CVSSResponse
- Attack
Complexity string Defined in CVSS v3, CVSS v2
- Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
Defined in CVSS v2
- Availability
Impact string Defined in CVSS v3, CVSS v2
- Base
Score double The base score is a function of the base metric scores.
- Confidentiality
Impact string Defined in CVSS v3, CVSS v2
- Exploitability
Score double - Impact
Score double - Integrity
Impact string Defined in CVSS v3, CVSS v2
- Privileges
Required string Defined in CVSS v3
- Scope string
Defined in CVSS v3
- User
Interaction string Defined in CVSS v3
- Attack
Complexity string Defined in CVSS v3, CVSS v2
- Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
Defined in CVSS v2
- Availability
Impact string Defined in CVSS v3, CVSS v2
- Base
Score float64 The base score is a function of the base metric scores.
- Confidentiality
Impact string Defined in CVSS v3, CVSS v2
- Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact string Defined in CVSS v3, CVSS v2
- Privileges
Required string Defined in CVSS v3
- Scope string
Defined in CVSS v3
- User
Interaction string Defined in CVSS v3
- attack
Complexity String Defined in CVSS v3, CVSS v2
- attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
Defined in CVSS v2
- availability
Impact String Defined in CVSS v3, CVSS v2
- base
Score Double The base score is a function of the base metric scores.
- confidentiality
Impact String Defined in CVSS v3, CVSS v2
- exploitability
Score Double - impact
Score Double - integrity
Impact String Defined in CVSS v3, CVSS v2
- privileges
Required String Defined in CVSS v3
- scope String
Defined in CVSS v3
- user
Interaction String Defined in CVSS v3
- attack
Complexity string Defined in CVSS v3, CVSS v2
- attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication string
Defined in CVSS v2
- availability
Impact string Defined in CVSS v3, CVSS v2
- base
Score number The base score is a function of the base metric scores.
- confidentiality
Impact string Defined in CVSS v3, CVSS v2
- exploitability
Score number - impact
Score number - integrity
Impact string Defined in CVSS v3, CVSS v2
- privileges
Required string Defined in CVSS v3
- scope string
Defined in CVSS v3
- user
Interaction string Defined in CVSS v3
- attack_
complexity str Defined in CVSS v3, CVSS v2
- attack_
vector str Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication str
Defined in CVSS v2
- availability_
impact str Defined in CVSS v3, CVSS v2
- base_
score float The base score is a function of the base metric scores.
- confidentiality_
impact str Defined in CVSS v3, CVSS v2
- exploitability_
score float - impact_
score float - integrity_
impact str Defined in CVSS v3, CVSS v2
- privileges_
required str Defined in CVSS v3
- scope str
Defined in CVSS v3
- user_
interaction str Defined in CVSS v3
- attack
Complexity String Defined in CVSS v3, CVSS v2
- attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
Defined in CVSS v2
- availability
Impact String Defined in CVSS v3, CVSS v2
- base
Score Number The base score is a function of the base metric scores.
- confidentiality
Impact String Defined in CVSS v3, CVSS v2
- exploitability
Score Number - impact
Score Number - integrity
Impact String Defined in CVSS v3, CVSS v2
- privileges
Required String Defined in CVSS v3
- scope String
Defined in CVSS v3
- user
Interaction String Defined in CVSS v3
CommandResponse
- Args List<string>
Command-line arguments used when executing this Command.
- Dir string
Working directory (relative to project source root) used when running this Command.
- Env List<string>
Environment variables set before running this Command.
- Name string
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- Wait
For List<string> The ID(s) of the Command(s) that this Command depends on.
- Args []string
Command-line arguments used when executing this Command.
- Dir string
Working directory (relative to project source root) used when running this Command.
- Env []string
Environment variables set before running this Command.
- Name string
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- Wait
For []string The ID(s) of the Command(s) that this Command depends on.
- args List<String>
Command-line arguments used when executing this Command.
- dir String
Working directory (relative to project source root) used when running this Command.
- env List<String>
Environment variables set before running this Command.
- name String
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- wait
For List<String> The ID(s) of the Command(s) that this Command depends on.
- args string[]
Command-line arguments used when executing this Command.
- dir string
Working directory (relative to project source root) used when running this Command.
- env string[]
Environment variables set before running this Command.
- name string
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- wait
For string[] The ID(s) of the Command(s) that this Command depends on.
- args Sequence[str]
Command-line arguments used when executing this Command.
- dir str
Working directory (relative to project source root) used when running this Command.
- env Sequence[str]
Environment variables set before running this Command.
- name str
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- wait_
for Sequence[str] The ID(s) of the Command(s) that this Command depends on.
- args List<String>
Command-line arguments used when executing this Command.
- dir String
Working directory (relative to project source root) used when running this Command.
- env List<String>
Environment variables set before running this Command.
- name String
Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to
docker pull
.- wait
For List<String> The ID(s) of the Command(s) that this Command depends on.
CompletenessResponse
- Arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- Environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- Materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- Arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- Environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- Materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments Boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment Boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials Boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments Boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment Boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials Boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
ComplianceOccurrenceResponse
- Non
Compliance stringReason The reason for non compliance of these files.
- Non
Compliant List<Pulumi.Files Google Native. Container Analysis. V1Alpha1. Inputs. Non Compliant File Response> A list of files which are violating compliance checks.
- Non
Compliance stringReason The reason for non compliance of these files.
- Non
Compliant []NonFiles Compliant File Response A list of files which are violating compliance checks.
- non
Compliance StringReason The reason for non compliance of these files.
- non
Compliant List<NonFiles Compliant File Response> A list of files which are violating compliance checks.
- non
Compliance stringReason The reason for non compliance of these files.
- non
Compliant NonFiles Compliant File Response[] A list of files which are violating compliance checks.
- non_
compliance_ strreason The reason for non compliance of these files.
- non_
compliant_ Sequence[Nonfiles Compliant File Response] A list of files which are violating compliance checks.
- non
Compliance StringReason The reason for non compliance of these files.
- non
Compliant List<Property Map>Files A list of files which are violating compliance checks.
DSSEAttestationOccurrenceResponse
- Envelope
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Envelope Response If doing something security critical, make sure to verify the signatures in this metadata.
- Statement
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. In Toto Statement Response
- Envelope
Envelope
Response If doing something security critical, make sure to verify the signatures in this metadata.
- Statement
In
Toto Statement Response
- envelope
Envelope
Response If doing something security critical, make sure to verify the signatures in this metadata.
- statement
In
Toto Statement Response
- envelope
Envelope
Response If doing something security critical, make sure to verify the signatures in this metadata.
- statement
In
Toto Statement Response
- envelope
Envelope
Response If doing something security critical, make sure to verify the signatures in this metadata.
- statement
In
Toto Statement Response
- envelope Property Map
If doing something security critical, make sure to verify the signatures in this metadata.
- statement Property Map
DeploymentResponse
- Address string
Address of the runtime element hosting this deployment.
- Config string
Configuration used to create this deployment.
- Deploy
Time string Beginning of the lifetime of this deployment.
- Platform string
Platform hosting this deployment.
- Resource
Uri List<string> Resource URI for the artifact being deployed taken from the deployable field with the same name.
- Undeploy
Time string End of the lifetime of this deployment.
- User
Email string Identity of the user that triggered this deployment.
- Address string
Address of the runtime element hosting this deployment.
- Config string
Configuration used to create this deployment.
- Deploy
Time string Beginning of the lifetime of this deployment.
- Platform string
Platform hosting this deployment.
- Resource
Uri []string Resource URI for the artifact being deployed taken from the deployable field with the same name.
- Undeploy
Time string End of the lifetime of this deployment.
- User
Email string Identity of the user that triggered this deployment.
- address String
Address of the runtime element hosting this deployment.
- config String
Configuration used to create this deployment.
- deploy
Time String Beginning of the lifetime of this deployment.
- platform String
Platform hosting this deployment.
- resource
Uri List<String> Resource URI for the artifact being deployed taken from the deployable field with the same name.
- undeploy
Time String End of the lifetime of this deployment.
- user
Email String Identity of the user that triggered this deployment.
- address string
Address of the runtime element hosting this deployment.
- config string
Configuration used to create this deployment.
- deploy
Time string Beginning of the lifetime of this deployment.
- platform string
Platform hosting this deployment.
- resource
Uri string[] Resource URI for the artifact being deployed taken from the deployable field with the same name.
- undeploy
Time string End of the lifetime of this deployment.
- user
Email string Identity of the user that triggered this deployment.
- address str
Address of the runtime element hosting this deployment.
- config str
Configuration used to create this deployment.
- deploy_
time str Beginning of the lifetime of this deployment.
- platform str
Platform hosting this deployment.
- resource_
uri Sequence[str] Resource URI for the artifact being deployed taken from the deployable field with the same name.
- undeploy_
time str End of the lifetime of this deployment.
- user_
email str Identity of the user that triggered this deployment.
- address String
Address of the runtime element hosting this deployment.
- config String
Configuration used to create this deployment.
- deploy
Time String Beginning of the lifetime of this deployment.
- platform String
Platform hosting this deployment.
- resource
Uri List<String> Resource URI for the artifact being deployed taken from the deployable field with the same name.
- undeploy
Time String End of the lifetime of this deployment.
- user
Email String Identity of the user that triggered this deployment.
DerivedResponse
- Base
Resource stringUrl This contains the base image URL for the derived image occurrence.
- Distance int
The number of layers by which this image differs from the associated image basis.
- Fingerprint
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Fingerprint Response The fingerprint of the derived image.
- Layer
Info List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Layer Response> This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
- Base
Resource stringUrl This contains the base image URL for the derived image occurrence.
- Distance int
The number of layers by which this image differs from the associated image basis.
- Fingerprint
Fingerprint
Response The fingerprint of the derived image.
- Layer
Info []LayerResponse This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
- base
Resource StringUrl This contains the base image URL for the derived image occurrence.
- distance Integer
The number of layers by which this image differs from the associated image basis.
- fingerprint
Fingerprint
Response The fingerprint of the derived image.
- layer
Info List<LayerResponse> This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
- base
Resource stringUrl This contains the base image URL for the derived image occurrence.
- distance number
The number of layers by which this image differs from the associated image basis.
- fingerprint
Fingerprint
Response The fingerprint of the derived image.
- layer
Info LayerResponse[] This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
- base_
resource_ strurl This contains the base image URL for the derived image occurrence.
- distance int
The number of layers by which this image differs from the associated image basis.
- fingerprint
Fingerprint
Response The fingerprint of the derived image.
- layer_
info Sequence[LayerResponse] This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
- base
Resource StringUrl This contains the base image URL for the derived image occurrence.
- distance Number
The number of layers by which this image differs from the associated image basis.
- fingerprint Property Map
The fingerprint of the derived image.
- layer
Info List<Property Map> This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
DiscoveredResponse
- Analysis
Completed Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Analysis Completed Response The list of analysis that were completed for a resource.
- Analysis
Error List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Status Response> Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- Analysis
Status string The status of discovery for the resource.
- Analysis
Status Pulumi.Error Google Native. Container Analysis. V1Alpha1. Inputs. Status Response When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- Archive
Time string The time occurrences related to this discovery occurrence were archived.
- Continuous
Analysis string Whether the resource is continuously analyzed.
- Cpe string
The CPE of the resource being scanned.
- Last
Scan stringTime The last time this resource was scanned.
- Operation
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Operation Response An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
- Analysis
Completed AnalysisCompleted Response The list of analysis that were completed for a resource.
- Analysis
Error []StatusResponse Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- Analysis
Status string The status of discovery for the resource.
- Analysis
Status StatusError Response When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- Archive
Time string The time occurrences related to this discovery occurrence were archived.
- Continuous
Analysis string Whether the resource is continuously analyzed.
- Cpe string
The CPE of the resource being scanned.
- Last
Scan stringTime The last time this resource was scanned.
- Operation
Operation
Response An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
- analysis
Completed AnalysisCompleted Response The list of analysis that were completed for a resource.
- analysis
Error List<StatusResponse> Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- analysis
Status String The status of discovery for the resource.
- analysis
Status StatusError Response When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- archive
Time String The time occurrences related to this discovery occurrence were archived.
- continuous
Analysis String Whether the resource is continuously analyzed.
- cpe String
The CPE of the resource being scanned.
- last
Scan StringTime The last time this resource was scanned.
- operation
Operation
Response An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
- analysis
Completed AnalysisCompleted Response The list of analysis that were completed for a resource.
- analysis
Error StatusResponse[] Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- analysis
Status string The status of discovery for the resource.
- analysis
Status StatusError Response When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- archive
Time string The time occurrences related to this discovery occurrence were archived.
- continuous
Analysis string Whether the resource is continuously analyzed.
- cpe string
The CPE of the resource being scanned.
- last
Scan stringTime The last time this resource was scanned.
- operation
Operation
Response An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
- analysis_
completed AnalysisCompleted Response The list of analysis that were completed for a resource.
- analysis_
error Sequence[StatusResponse] Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- analysis_
status str The status of discovery for the resource.
- analysis_
status_ Statuserror Response When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- archive_
time str The time occurrences related to this discovery occurrence were archived.
- continuous_
analysis str Whether the resource is continuously analyzed.
- cpe str
The CPE of the resource being scanned.
- last_
scan_ strtime The last time this resource was scanned.
- operation
Operation
Response An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
- analysis
Completed Property Map The list of analysis that were completed for a resource.
- analysis
Error List<Property Map> Indicates any errors encountered during analysis of a resource. There could be 0 or more of these errors.
- analysis
Status String The status of discovery for the resource.
- analysis
Status Property MapError When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage output only and populated by the API.
- archive
Time String The time occurrences related to this discovery occurrence were archived.
- continuous
Analysis String Whether the resource is continuously analyzed.
- cpe String
The CPE of the resource being scanned.
- last
Scan StringTime The last time this resource was scanned.
- operation Property Map
An operation that indicates the status of the current scan. This field is deprecated, do not use.
Output only. An operation that indicates the status of the current scan. This field is deprecated, do not use.
DocumentOccurrenceResponse
- Create
Time string Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- Creator
Comment string A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- Creators List<string>
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- Document
Comment string A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- External
Document List<string>Refs Identify any external SPDX documents referenced within this SPDX document
- License
List stringVersion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- Namespace string
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- Title string
Identify name of this document as designated by creator
- Create
Time string Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- Creator
Comment string A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- Creators []string
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- Document
Comment string A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- External
Document []stringRefs Identify any external SPDX documents referenced within this SPDX document
- License
List stringVersion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- Namespace string
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- Title string
Identify name of this document as designated by creator
- create
Time String Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- creator
Comment String A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- creators List<String>
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- document
Comment String A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- external
Document List<String>Refs Identify any external SPDX documents referenced within this SPDX document
- license
List StringVersion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- namespace String
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- title String
Identify name of this document as designated by creator
- create
Time string Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- creator
Comment string A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- creators string[]
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- document
Comment string A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- external
Document string[]Refs Identify any external SPDX documents referenced within this SPDX document
- license
List stringVersion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- namespace string
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- title string
Identify name of this document as designated by creator
- create_
time str Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- creator_
comment str A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- creators Sequence[str]
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- document_
comment str A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- external_
document_ Sequence[str]refs Identify any external SPDX documents referenced within this SPDX document
- license_
list_ strversion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- namespace str
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- title str
Identify name of this document as designated by creator
- create
Time String Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard
- creator
Comment String A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields
- creators List<String>
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name
- document
Comment String A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document
- external
Document List<String>Refs Identify any external SPDX documents referenced within this SPDX document
- license
List StringVersion A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created
- namespace String
Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the ‘#’ delimiter
- title String
Identify name of this document as designated by creator
EnvelopeResponse
- Payload string
The bytes being signed
- Payload
Type string The type of payload being signed
- Signatures
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Envelope Signature Response> The signatures over the payload
- Payload string
The bytes being signed
- Payload
Type string The type of payload being signed
- Signatures
[]Envelope
Signature Response The signatures over the payload
- payload String
The bytes being signed
- payload
Type String The type of payload being signed
- signatures
List<Envelope
Signature Response> The signatures over the payload
- payload string
The bytes being signed
- payload
Type string The type of payload being signed
- signatures
Envelope
Signature Response[] The signatures over the payload
- payload str
The bytes being signed
- payload_
type str The type of payload being signed
- signatures
Sequence[Envelope
Signature Response] The signatures over the payload
- payload String
The bytes being signed
- payload
Type String The type of payload being signed
- signatures List<Property Map>
The signatures over the payload
EnvelopeSignatureResponse
FileLocationResponse
- File
Path string For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
- File
Path string For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
- file
Path String For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
- file
Path string For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
- file_
path str For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
- file
Path String For jars that are contained inside .war files, this filepath can indicate the path to war file combined with the path to jar file.
FileOccurrenceResponse
- Attributions List<string>
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- Comment string
This field provides a place for the SPDX file creator to record any general comments about the file
- Contributors List<string>
This field provides a place for the SPDX file creator to record file contributors
- Copyright string
Identify the copyright holder of the file, as well as any dates present
- Files
License List<string>Info This field contains the license information actually found in the file, if any
- License
Concluded Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. License Response This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- Notice string
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
- Attributions []string
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- Comment string
This field provides a place for the SPDX file creator to record any general comments about the file
- Contributors []string
This field provides a place for the SPDX file creator to record file contributors
- Copyright string
Identify the copyright holder of the file, as well as any dates present
- Files
License []stringInfo This field contains the license information actually found in the file, if any
- License
Concluded LicenseResponse This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- Notice string
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
- attributions List<String>
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- comment String
This field provides a place for the SPDX file creator to record any general comments about the file
- contributors List<String>
This field provides a place for the SPDX file creator to record file contributors
- copyright String
Identify the copyright holder of the file, as well as any dates present
- files
License List<String>Info This field contains the license information actually found in the file, if any
- license
Concluded LicenseResponse This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- notice String
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
- attributions string[]
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- comment string
This field provides a place for the SPDX file creator to record any general comments about the file
- contributors string[]
This field provides a place for the SPDX file creator to record file contributors
- copyright string
Identify the copyright holder of the file, as well as any dates present
- files
License string[]Info This field contains the license information actually found in the file, if any
- license
Concluded LicenseResponse This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- notice string
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
- attributions Sequence[str]
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- comment str
This field provides a place for the SPDX file creator to record any general comments about the file
- contributors Sequence[str]
This field provides a place for the SPDX file creator to record file contributors
- copyright str
Identify the copyright holder of the file, as well as any dates present
- files_
license_ Sequence[str]info This field contains the license information actually found in the file, if any
- license_
concluded LicenseResponse This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- notice str
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
- attributions List<String>
This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts
- comment String
This field provides a place for the SPDX file creator to record any general comments about the file
- contributors List<String>
This field provides a place for the SPDX file creator to record file contributors
- copyright String
Identify the copyright holder of the file, as well as any dates present
- files
License List<String>Info This field contains the license information actually found in the file, if any
- license
Concluded Property Map This field contains the license the SPDX file creator has concluded as governing the file or alternative values if the governing license cannot be determined
- notice String
This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file
FingerprintResponse
- V1Name string
The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- V2Blob List<string>
The ordered list of v2 blobs that represent a given image.
- V2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
- V1Name string
The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- V2Blob []string
The ordered list of v2 blobs that represent a given image.
- V2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
- v1Name String
The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- v2Blob List<String>
The ordered list of v2 blobs that represent a given image.
- v2Name String
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
- v1Name string
The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- v2Blob string[]
The ordered list of v2 blobs that represent a given image.
- v2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
- v1_
name str The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- v2_
blob Sequence[str] The ordered list of v2 blobs that represent a given image.
- v2_
name str The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
- v1Name String
The layer-id of the final layer in the Docker image's v1 representation. This field can be used as a filter in list requests.
- v2Blob List<String>
The ordered list of v2 blobs that represent a given image.
- v2Name String
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept. This field can be used as a filter in list requests.
GoogleDevtoolsContaineranalysisV1alpha1AliasContextResponse
GoogleDevtoolsContaineranalysisV1alpha1CloudRepoSourceContextResponse
- Alias
Context Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- Repo
Id Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Repo Id Response The ID of the repo.
- Revision
Id string A revision ID.
- Alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- Repo
Id GoogleDevtools Containeranalysis V1alpha1Repo Id Response The ID of the repo.
- Revision
Id string A revision ID.
- alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- repo
Id GoogleDevtools Containeranalysis V1alpha1Repo Id Response The ID of the repo.
- revision
Id String A revision ID.
- alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- repo
Id GoogleDevtools Containeranalysis V1alpha1Repo Id Response The ID of the repo.
- revision
Id string A revision ID.
- alias_
context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- repo_
id GoogleDevtools Containeranalysis V1alpha1Repo Id Response The ID of the repo.
- revision_
id str A revision ID.
- alias
Context Property Map An alias, which may be a branch or tag.
- repo
Id Property Map The ID of the repo.
- revision
Id String A revision ID.
GoogleDevtoolsContaineranalysisV1alpha1GerritSourceContextResponse
- Alias
Context Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- Gerrit
Project string The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- Host
Uri string The URI of a running Gerrit instance.
- Revision
Id string A revision (commit) ID.
- Alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- Gerrit
Project string The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- Host
Uri string The URI of a running Gerrit instance.
- Revision
Id string A revision (commit) ID.
- alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- gerrit
Project String The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- host
Uri String The URI of a running Gerrit instance.
- revision
Id String A revision (commit) ID.
- alias
Context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- gerrit
Project string The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- host
Uri string The URI of a running Gerrit instance.
- revision
Id string A revision (commit) ID.
- alias_
context GoogleDevtools Containeranalysis V1alpha1Alias Context Response An alias, which may be a branch or tag.
- gerrit_
project str The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- host_
uri str The URI of a running Gerrit instance.
- revision_
id str A revision (commit) ID.
- alias
Context Property Map An alias, which may be a branch or tag.
- gerrit
Project String The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
- host
Uri String The URI of a running Gerrit instance.
- revision
Id String A revision (commit) ID.
GoogleDevtoolsContaineranalysisV1alpha1GitSourceContextResponse
- Revision
Id string Git commit hash.
- Url string
Git repository URL.
- Revision
Id string Git commit hash.
- Url string
Git repository URL.
- revision
Id String Git commit hash.
- url String
Git repository URL.
- revision
Id string Git commit hash.
- url string
Git repository URL.
- revision_
id str Git commit hash.
- url str
Git repository URL.
- revision
Id String Git commit hash.
- url String
Git repository URL.
GoogleDevtoolsContaineranalysisV1alpha1ProjectRepoIdResponse
GoogleDevtoolsContaineranalysisV1alpha1RepoIdResponse
- Project
Repo Pulumi.Id Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Project Repo Id Response A combination of a project ID and a repo name.
- Uid string
A server-assigned, globally unique identifier.
- Project
Repo GoogleId Devtools Containeranalysis V1alpha1Project Repo Id Response A combination of a project ID and a repo name.
- Uid string
A server-assigned, globally unique identifier.
- project
Repo GoogleId Devtools Containeranalysis V1alpha1Project Repo Id Response A combination of a project ID and a repo name.
- uid String
A server-assigned, globally unique identifier.
- project
Repo GoogleId Devtools Containeranalysis V1alpha1Project Repo Id Response A combination of a project ID and a repo name.
- uid string
A server-assigned, globally unique identifier.
- project_
repo_ Googleid Devtools Containeranalysis V1alpha1Project Repo Id Response A combination of a project ID and a repo name.
- uid str
A server-assigned, globally unique identifier.
- project
Repo Property MapId A combination of a project ID and a repo name.
- uid String
A server-assigned, globally unique identifier.
GoogleDevtoolsContaineranalysisV1alpha1SlsaProvenanceZeroTwoSlsaCompletenessResponse
- Environment bool
If true, the builder claims that invocation.environment is complete.
- Materials bool
If true, the builder claims that materials is complete.
- Parameters bool
If true, the builder claims that invocation.parameters is complete.
- Environment bool
If true, the builder claims that invocation.environment is complete.
- Materials bool
If true, the builder claims that materials is complete.
- Parameters bool
If true, the builder claims that invocation.parameters is complete.
- environment Boolean
If true, the builder claims that invocation.environment is complete.
- materials Boolean
If true, the builder claims that materials is complete.
- parameters Boolean
If true, the builder claims that invocation.parameters is complete.
- environment boolean
If true, the builder claims that invocation.environment is complete.
- materials boolean
If true, the builder claims that materials is complete.
- parameters boolean
If true, the builder claims that invocation.parameters is complete.
- environment bool
If true, the builder claims that invocation.environment is complete.
- materials bool
If true, the builder claims that materials is complete.
- parameters bool
If true, the builder claims that invocation.parameters is complete.
- environment Boolean
If true, the builder claims that invocation.environment is complete.
- materials Boolean
If true, the builder claims that materials is complete.
- parameters Boolean
If true, the builder claims that invocation.parameters is complete.
GoogleDevtoolsContaineranalysisV1alpha1SlsaProvenanceZeroTwoSlsaConfigSourceResponse
- Digest Dictionary<string, string>
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- Entry
Point string String identifying the entry point into the build.
- Uri string
URI indicating the identity of the source of the config.
- Digest map[string]string
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- Entry
Point string String identifying the entry point into the build.
- Uri string
URI indicating the identity of the source of the config.
- digest Map<String,String>
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- entry
Point String String identifying the entry point into the build.
- uri String
URI indicating the identity of the source of the config.
- digest {[key: string]: string}
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- entry
Point string String identifying the entry point into the build.
- uri string
URI indicating the identity of the source of the config.
- digest Mapping[str, str]
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- entry_
point str String identifying the entry point into the build.
- uri str
URI indicating the identity of the source of the config.
- digest Map<String>
Collection of cryptographic digests for the contents of the artifact specified by invocation.configSource.uri.
- entry
Point String String identifying the entry point into the build.
- uri String
URI indicating the identity of the source of the config.
GoogleDevtoolsContaineranalysisV1alpha1SlsaProvenanceZeroTwoSlsaInvocationResponse
- Config
Source Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Config Source Response Describes where the config file that kicked off the build came from.
- Environment Dictionary<string, string>
Any other builder-controlled inputs necessary for correctly evaluating the build.
- Parameters Dictionary<string, string>
Collection of all external inputs that influenced the build on top of invocation.configSource.
- Config
Source GoogleDevtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Config Source Response Describes where the config file that kicked off the build came from.
- Environment map[string]string
Any other builder-controlled inputs necessary for correctly evaluating the build.
- Parameters map[string]string
Collection of all external inputs that influenced the build on top of invocation.configSource.
- config
Source GoogleDevtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Config Source Response Describes where the config file that kicked off the build came from.
- environment Map<String,String>
Any other builder-controlled inputs necessary for correctly evaluating the build.
- parameters Map<String,String>
Collection of all external inputs that influenced the build on top of invocation.configSource.
- config
Source GoogleDevtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Config Source Response Describes where the config file that kicked off the build came from.
- environment {[key: string]: string}
Any other builder-controlled inputs necessary for correctly evaluating the build.
- parameters {[key: string]: string}
Collection of all external inputs that influenced the build on top of invocation.configSource.
- config_
source GoogleDevtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Config Source Response Describes where the config file that kicked off the build came from.
- environment Mapping[str, str]
Any other builder-controlled inputs necessary for correctly evaluating the build.
- parameters Mapping[str, str]
Collection of all external inputs that influenced the build on top of invocation.configSource.
- config
Source Property Map Describes where the config file that kicked off the build came from.
- environment Map<String>
Any other builder-controlled inputs necessary for correctly evaluating the build.
- parameters Map<String>
Collection of all external inputs that influenced the build on top of invocation.configSource.
GoogleDevtoolsContaineranalysisV1alpha1SlsaProvenanceZeroTwoSlsaMaterialResponse
GoogleDevtoolsContaineranalysisV1alpha1SlsaProvenanceZeroTwoSlsaMetadataResponse
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- build
Started StringOn The timestamp of when the build started.
- completeness
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
- build
Finished stringOn The timestamp of when the build completed.
- build
Invocation stringId Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- build
Started stringOn The timestamp of when the build started.
- completeness
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible boolean
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
- build_
finished_ stron The timestamp of when the build completed.
- build_
invocation_ strid Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- build_
started_ stron The timestamp of when the build started.
- completeness
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible bool
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies this particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis.
- build
Started StringOn The timestamp of when the build started.
- completeness Property Map
Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running invocation on materials will produce bit-for-bit identical output.
GoogleDevtoolsContaineranalysisV1alpha1SourceContextResponse
- Cloud
Repo Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Cloud Repo Source Context Response A SourceContext referring to a revision in a Google Cloud Source Repo.
- Gerrit
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Gerrit Source Context Response A SourceContext referring to a Gerrit project.
- Git
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Git Source Context Response A SourceContext referring to any third party Git repo (e.g., GitHub).
- Labels Dictionary<string, string>
Labels with user defined metadata.
- Cloud
Repo GoogleDevtools Containeranalysis V1alpha1Cloud Repo Source Context Response A SourceContext referring to a revision in a Google Cloud Source Repo.
- Gerrit
Google
Devtools Containeranalysis V1alpha1Gerrit Source Context Response A SourceContext referring to a Gerrit project.
- Git
Google
Devtools Containeranalysis V1alpha1Git Source Context Response A SourceContext referring to any third party Git repo (e.g., GitHub).
- Labels map[string]string
Labels with user defined metadata.
- cloud
Repo GoogleDevtools Containeranalysis V1alpha1Cloud Repo Source Context Response A SourceContext referring to a revision in a Google Cloud Source Repo.
- gerrit
Google
Devtools Containeranalysis V1alpha1Gerrit Source Context Response A SourceContext referring to a Gerrit project.
- git
Google
Devtools Containeranalysis V1alpha1Git Source Context Response A SourceContext referring to any third party Git repo (e.g., GitHub).
- labels Map<String,String>
Labels with user defined metadata.
- cloud
Repo GoogleDevtools Containeranalysis V1alpha1Cloud Repo Source Context Response A SourceContext referring to a revision in a Google Cloud Source Repo.
- gerrit
Google
Devtools Containeranalysis V1alpha1Gerrit Source Context Response A SourceContext referring to a Gerrit project.
- git
Google
Devtools Containeranalysis V1alpha1Git Source Context Response A SourceContext referring to any third party Git repo (e.g., GitHub).
- labels {[key: string]: string}
Labels with user defined metadata.
- cloud_
repo GoogleDevtools Containeranalysis V1alpha1Cloud Repo Source Context Response A SourceContext referring to a revision in a Google Cloud Source Repo.
- gerrit
Google
Devtools Containeranalysis V1alpha1Gerrit Source Context Response A SourceContext referring to a Gerrit project.
- git
Google
Devtools Containeranalysis V1alpha1Git Source Context Response A SourceContext referring to any third party Git repo (e.g., GitHub).
- labels Mapping[str, str]
Labels with user defined metadata.
- cloud
Repo Property Map A SourceContext referring to a revision in a Google Cloud Source Repo.
- gerrit Property Map
A SourceContext referring to a Gerrit project.
- git Property Map
A SourceContext referring to any third party Git repo (e.g., GitHub).
- labels Map<String>
Labels with user defined metadata.
HashResponse
InTotoProvenanceResponse
- Builder
Config Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Builder Config Response required
- Materials List<string>
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- Metadata
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Metadata Response - Recipe
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
- Builder
Config BuilderConfig Response required
- Materials []string
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- Metadata
Metadata
Response - Recipe
Recipe
Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
- builder
Config BuilderConfig Response required
- materials List<String>
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Metadata
Response - recipe
Recipe
Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
- builder
Config BuilderConfig Response required
- materials string[]
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Metadata
Response - recipe
Recipe
Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
- builder_
config BuilderConfig Response required
- materials Sequence[str]
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Metadata
Response - recipe
Recipe
Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
- builder
Config Property Map required
- materials List<String>
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata Property Map
- recipe Property Map
Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
InTotoStatementResponse
- Predicate
Type string "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- Provenance
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. In Toto Provenance Response Generic Grafeas provenance.
- Slsa
Provenance Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Provenance Response SLSA 0.1 provenance.
- Slsa
Provenance Pulumi.Zero Two Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Provenance Zero Two Response SLSA 0.2 provenance.
- Subject
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Subject Response> subject is the subjects of the intoto statement
- Type string
Always "https://in-toto.io/Statement/v0.1".
- Predicate
Type string "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- Provenance
In
Toto Provenance Response Generic Grafeas provenance.
- Slsa
Provenance SlsaProvenance Response SLSA 0.1 provenance.
- Slsa
Provenance SlsaZero Two Provenance Zero Two Response SLSA 0.2 provenance.
- Subject
[]Subject
Response subject is the subjects of the intoto statement
- Type string
Always "https://in-toto.io/Statement/v0.1".
- predicate
Type String "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- provenance
In
Toto Provenance Response Generic Grafeas provenance.
- slsa
Provenance SlsaProvenance Response SLSA 0.1 provenance.
- slsa
Provenance SlsaZero Two Provenance Zero Two Response SLSA 0.2 provenance.
- subject
List<Subject
Response> subject is the subjects of the intoto statement
- type String
Always "https://in-toto.io/Statement/v0.1".
- predicate
Type string "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- provenance
In
Toto Provenance Response Generic Grafeas provenance.
- slsa
Provenance SlsaProvenance Response SLSA 0.1 provenance.
- slsa
Provenance SlsaZero Two Provenance Zero Two Response SLSA 0.2 provenance.
- subject
Subject
Response[] subject is the subjects of the intoto statement
- type string
Always "https://in-toto.io/Statement/v0.1".
- predicate_
type str "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- provenance
In
Toto Provenance Response Generic Grafeas provenance.
- slsa_
provenance SlsaProvenance Response SLSA 0.1 provenance.
- slsa_
provenance_ Slsazero_ two Provenance Zero Two Response SLSA 0.2 provenance.
- subject
Sequence[Subject
Response] subject is the subjects of the intoto statement
- type str
Always "https://in-toto.io/Statement/v0.1".
- predicate
Type String "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
- provenance Property Map
Generic Grafeas provenance.
- slsa
Provenance Property Map SLSA 0.1 provenance.
- slsa
Provenance Property MapZero Two SLSA 0.2 provenance.
- subject List<Property Map>
subject is the subjects of the intoto statement
- type String
Always "https://in-toto.io/Statement/v0.1".
InstallationResponse
- Architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- License
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. License Response Licenses that have been declared by the authors of the package.
- Location
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Location Response> All of the places within the filesystem versions of this package have been found.
- Name string
The name of the installed package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Version
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Version Response The version of the package.
- Architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- License
License
Response Licenses that have been declared by the authors of the package.
- Location
[]Location
Response All of the places within the filesystem versions of this package have been found.
- Name string
The name of the installed package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Version
Version
Response The version of the package.
- architecture String
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- license
License
Response Licenses that have been declared by the authors of the package.
- location
List<Location
Response> All of the places within the filesystem versions of this package have been found.
- name String
The name of the installed package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- version
Version
Response The version of the package.
- architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- license
License
Response Licenses that have been declared by the authors of the package.
- location
Location
Response[] All of the places within the filesystem versions of this package have been found.
- name string
The name of the installed package.
- package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- version
Version
Response The version of the package.
- architecture str
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe_
uri str The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- license
License
Response Licenses that have been declared by the authors of the package.
- location
Sequence[Location
Response] All of the places within the filesystem versions of this package have been found.
- name str
The name of the installed package.
- package_
type str The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- version
Version
Response The version of the package.
- architecture String
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- license Property Map
Licenses that have been declared by the authors of the package.
- location List<Property Map>
All of the places within the filesystem versions of this package have been found.
- name String
The name of the installed package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- version Property Map
The version of the package.
JustificationResponse
- Details string
Additional details on why this justification was chosen.
- Justification
Type string The justification type for this vulnerability.
- Details string
Additional details on why this justification was chosen.
- Justification
Type string The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type String The justification type for this vulnerability.
- details string
Additional details on why this justification was chosen.
- justification
Type string The justification type for this vulnerability.
- details str
Additional details on why this justification was chosen.
- justification_
type str The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type String The justification type for this vulnerability.
LayerResponse
LicenseResponse
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments string
Comments
- expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments str
Comments
- expression str
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
LocationResponse
- Cpe
Uri string Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- Path string
The path from which we gathered that this package/version is installed.
- Version
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Version Response Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
- Cpe
Uri string Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- Path string
The path from which we gathered that this package/version is installed.
- Version
Version
Response Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
- cpe
Uri String Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- path String
The path from which we gathered that this package/version is installed.
- version
Version
Response Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
- cpe
Uri string Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- path string
The path from which we gathered that this package/version is installed.
- version
Version
Response Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
- cpe_
uri str Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- path str
The path from which we gathered that this package/version is installed.
- version
Version
Response Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
- cpe
Uri String Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
Deprecated. The cpe_uri in cpe format denoting the package manager version distributing a package.
- path String
The path from which we gathered that this package/version is installed.
- version Property Map
Deprecated. The version installed at this location.
Deprecated. The version installed at this location.
MaterialResponse
MetadataResponse
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Completeness
Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started StringOn The timestamp of when the build started.
- completeness
Completeness
Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished stringOn The timestamp of when the build completed.
- build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started stringOn The timestamp of when the build started.
- completeness
Completeness
Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build_
finished_ stron The timestamp of when the build completed.
- build_
invocation_ strid Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build_
started_ stron The timestamp of when the build started.
- completeness
Completeness
Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started StringOn The timestamp of when the build started.
- completeness Property Map
Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
NonCompliantFileResponse
- Display
Command string Command to display the non-compliant files.
- Path string
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- Reason string
Explains why a file is non compliant for a CIS check.
- Display
Command string Command to display the non-compliant files.
- Path string
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- Reason string
Explains why a file is non compliant for a CIS check.
- display
Command String Command to display the non-compliant files.
- path String
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- reason String
Explains why a file is non compliant for a CIS check.
- display
Command string Command to display the non-compliant files.
- path string
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- reason string
Explains why a file is non compliant for a CIS check.
- display_
command str Command to display the non-compliant files.
- path str
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- reason str
Explains why a file is non compliant for a CIS check.
- display
Command String Command to display the non-compliant files.
- path String
display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if
display_command
is set.- reason String
Explains why a file is non compliant for a CIS check.
OperationResponse
- Done bool
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- Error
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Status Response The error result of the operation in case of failure or cancellation.
- Metadata Dictionary<string, string>
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- Name string
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- Response Dictionary<string, string>
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
- Done bool
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- Error
Status
Response The error result of the operation in case of failure or cancellation.
- Metadata map[string]string
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- Name string
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- Response map[string]string
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
- done Boolean
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- error
Status
Response The error result of the operation in case of failure or cancellation.
- metadata Map<String,String>
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- name String
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- response Map<String,String>
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
- done boolean
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- error
Status
Response The error result of the operation in case of failure or cancellation.
- metadata {[key: string]: string}
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- name string
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- response {[key: string]: string}
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
- done bool
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- error
Status
Response The error result of the operation in case of failure or cancellation.
- metadata Mapping[str, str]
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- name str
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- response Mapping[str, str]
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
- done Boolean
If the value is
false
, it means the operation is still in progress. Iftrue
, the operation is completed, and eithererror
orresponse
is available.- error Property Map
The error result of the operation in case of failure or cancellation.
- metadata Map<String>
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
- name String
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the
name
should be a resource name ending withoperations/{unique_id}
.- response Map<String>
The normal response of the operation in case of success. If the original method returns no data on success, such as
Delete
, the response isgoogle.protobuf.Empty
. If the original method is standardGet
/Create
/Update
, the response should be the resource. For other methods, the response should have the typeXxxResponse
, whereXxx
is the original method name. For example, if the original method name isTakeSnapshot()
, the inferred response type isTakeSnapshotResponse
.
PackageInfoOccurrenceResponse
- Comment string
A place for the SPDX file creator to record any general comments about the package being described
- Filename string
Provide the actual file name of the package, or path of the directory being treated as a package
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Concluded Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. License Response package or alternative values, if the governing license cannot be determined
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Source
Info string Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- Summary
Description string A short description of the package
- Title string
Identify the full name of the package as given by the Package Originator
- Version string
Identify the version of the package
- Comment string
A place for the SPDX file creator to record any general comments about the package being described
- Filename string
Provide the actual file name of the package, or path of the directory being treated as a package
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Concluded LicenseResponse package or alternative values, if the governing license cannot be determined
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Source
Info string Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- Summary
Description string A short description of the package
- Title string
Identify the full name of the package as given by the Package Originator
- Version string
Identify the version of the package
- comment String
A place for the SPDX file creator to record any general comments about the package being described
- filename String
Provide the actual file name of the package, or path of the directory being treated as a package
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Concluded LicenseResponse package or alternative values, if the governing license cannot be determined
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- source
Info String Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- summary
Description String A short description of the package
- title String
Identify the full name of the package as given by the Package Originator
- version String
Identify the version of the package
- comment string
A place for the SPDX file creator to record any general comments about the package being described
- filename string
Provide the actual file name of the package, or path of the directory being treated as a package
- home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Concluded LicenseResponse package or alternative values, if the governing license cannot be determined
- package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- source
Info string Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- summary
Description string A short description of the package
- title string
Identify the full name of the package as given by the Package Originator
- version string
Identify the version of the package
- comment str
A place for the SPDX file creator to record any general comments about the package being described
- filename str
Provide the actual file name of the package, or path of the directory being treated as a package
- home_
page str Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license_
concluded LicenseResponse package or alternative values, if the governing license cannot be determined
- package_
type str The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- source_
info str Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- summary_
description str A short description of the package
- title str
Identify the full name of the package as given by the Package Originator
- version str
Identify the version of the package
- comment String
A place for the SPDX file creator to record any general comments about the package being described
- filename String
Provide the actual file name of the package, or path of the directory being treated as a package
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Concluded Property Map package or alternative values, if the governing license cannot be determined
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- source
Info String Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package
- summary
Description String A short description of the package
- title String
Identify the full name of the package as given by the Package Originator
- version String
Identify the version of the package
PackageIssueResponse
- Affected
Location Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Vulnerability Location Response The location of the vulnerability.
- Effective
Severity string The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- Fixed
Location Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Vulnerability Location Response The location of the available fix for vulnerability.
- Package
Type string The type of package (e.g. OS, MAVEN, GO).
- Severity
Name string
- Affected
Location VulnerabilityLocation Response The location of the vulnerability.
- Effective
Severity string The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- Fixed
Location VulnerabilityLocation Response The location of the available fix for vulnerability.
- Package
Type string The type of package (e.g. OS, MAVEN, GO).
- Severity
Name string
- affected
Location VulnerabilityLocation Response The location of the vulnerability.
- effective
Severity String The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- fixed
Location VulnerabilityLocation Response The location of the available fix for vulnerability.
- package
Type String The type of package (e.g. OS, MAVEN, GO).
- severity
Name String
- affected
Location VulnerabilityLocation Response The location of the vulnerability.
- effective
Severity string The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- fixed
Location VulnerabilityLocation Response The location of the available fix for vulnerability.
- package
Type string The type of package (e.g. OS, MAVEN, GO).
- severity
Name string
- affected_
location VulnerabilityLocation Response The location of the vulnerability.
- effective_
severity str The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- fixed_
location VulnerabilityLocation Response The location of the available fix for vulnerability.
- package_
type str The type of package (e.g. OS, MAVEN, GO).
- severity_
name str
- affected
Location Property Map The location of the vulnerability.
- effective
Severity String The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
- fixed
Location Property Map The location of the available fix for vulnerability.
- package
Type String The type of package (e.g. OS, MAVEN, GO).
- severity
Name String
PgpSignedAttestationResponse
- Content
Type string Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- Pgp
Key stringId The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- Signature string
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
- Content
Type string Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- Pgp
Key stringId The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- Signature string
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
- content
Type String Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- pgp
Key StringId The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- signature String
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
- content
Type string Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- pgp
Key stringId The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- signature string
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
- content_
type str Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- pgp_
key_ strid The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- signature str
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
- content
Type String Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema).
- pgp
Key StringId The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
gpg --list-keys
. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from thefpr
field returned when calling --list-keys with --with-colons. For example:gpg --with-colons --with-fingerprint --force-v4-certs \ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.- signature String
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (
--armor
to gpg), non-clearsigned (--sign
rather than--clearsign
to gpg) are supported. Concretely,gpg --sign --armor --output=signature.gpg payload.json
will create the signature content expected in this field insignature.gpg
for thepayload.json
attestation payload.
RecipeResponse
- Arguments
List<Immutable
Dictionary<string, string>> Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- Defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- Entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- Environment
List<Immutable
Dictionary<string, string>> Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- Type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- Arguments []map[string]string
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- Defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- Entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- Environment []map[string]string
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- Type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments List<Map<String,String>>
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- defined
In StringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point String String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment List<Map<String,String>>
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- type String
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments {[key: string]: string}[]
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment {[key: string]: string}[]
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments Sequence[Mapping[str, str]]
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- defined_
in_ strmaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry_
point str String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment Sequence[Mapping[str, str]]
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- type str
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments List<Map<String>>
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
- defined
In StringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point String String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment List<Map<String>>
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
- type String
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
RelationshipOccurrenceResponse
- Comment string
A place for the SPDX file creator to record any general comments about the relationship
- Source string
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- Target string
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- Type string
The type of relationship between the source and target SPDX elements
- Comment string
A place for the SPDX file creator to record any general comments about the relationship
- Source string
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- Target string
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- Type string
The type of relationship between the source and target SPDX elements
- comment String
A place for the SPDX file creator to record any general comments about the relationship
- source String
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- target String
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- type String
The type of relationship between the source and target SPDX elements
- comment string
A place for the SPDX file creator to record any general comments about the relationship
- source string
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- target string
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- type string
The type of relationship between the source and target SPDX elements
- comment str
A place for the SPDX file creator to record any general comments about the relationship
- source str
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- target str
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- type str
The type of relationship between the source and target SPDX elements
- comment String
A place for the SPDX file creator to record any general comments about the relationship
- source String
Also referred to as SPDXRef-A The source SPDX element (file, package, etc)
- target String
Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it
- type String
The type of relationship between the source and target SPDX elements
RemediationResponse
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string The type of remediation that can be applied.
- Remediation
Uri Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. URIResponse Contains the URL where to obtain the remediation.
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string The type of remediation that can be applied.
- Remediation
Uri URIResponse Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String The type of remediation that can be applied.
- remediation
Uri URIResponse Contains the URL where to obtain the remediation.
- details string
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type string The type of remediation that can be applied.
- remediation
Uri URIResponse Contains the URL where to obtain the remediation.
- details str
Contains a comprehensive human-readable discussion of the remediation.
- remediation_
type str The type of remediation that can be applied.
- remediation_
uri URIResponse Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String The type of remediation that can be applied.
- remediation
Uri Property Map Contains the URL where to obtain the remediation.
RepoSourceResponse
- Branch
Name string Name of the branch to build.
- Commit
Sha string Explicit commit SHA to build.
- Project string
ID of the project that owns the repo.
- Repo
Name string Name of the repo.
- Tag
Name string Name of the tag to build.
- Branch
Name string Name of the branch to build.
- Commit
Sha string Explicit commit SHA to build.
- Project string
ID of the project that owns the repo.
- Repo
Name string Name of the repo.
- Tag
Name string Name of the tag to build.
- branch
Name String Name of the branch to build.
- commit
Sha String Explicit commit SHA to build.
- project String
ID of the project that owns the repo.
- repo
Name String Name of the repo.
- tag
Name String Name of the tag to build.
- branch
Name string Name of the branch to build.
- commit
Sha string Explicit commit SHA to build.
- project string
ID of the project that owns the repo.
- repo
Name string Name of the repo.
- tag
Name string Name of the tag to build.
- branch_
name str Name of the branch to build.
- commit_
sha str Explicit commit SHA to build.
- project str
ID of the project that owns the repo.
- repo_
name str Name of the repo.
- tag_
name str Name of the tag to build.
- branch
Name String Name of the branch to build.
- commit
Sha String Explicit commit SHA to build.
- project String
ID of the project that owns the repo.
- repo
Name String Name of the repo.
- tag
Name String Name of the tag to build.
ResourceResponse
- Content
Hash Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Hash Response The hash of the resource content. E.g., the Docker digest.
- Name string
The name of the resource. E.g., the name of a Docker image - "Debian".
- Uri string
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
- Content
Hash HashResponse The hash of the resource content. E.g., the Docker digest.
- Name string
The name of the resource. E.g., the name of a Docker image - "Debian".
- Uri string
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
- content
Hash HashResponse The hash of the resource content. E.g., the Docker digest.
- name String
The name of the resource. E.g., the name of a Docker image - "Debian".
- uri String
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
- content
Hash HashResponse The hash of the resource content. E.g., the Docker digest.
- name string
The name of the resource. E.g., the name of a Docker image - "Debian".
- uri string
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
- content_
hash HashResponse The hash of the resource content. E.g., the Docker digest.
- name str
The name of the resource. E.g., the name of a Docker image - "Debian".
- uri str
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
- content
Hash Property Map The hash of the resource content. E.g., the Docker digest.
- name String
The name of the resource. E.g., the name of a Docker image - "Debian".
- uri String
The unique URI of the resource. E.g., "https://gcr.io/project/image@sha256:foo" for a Docker image.
SBOMReferenceOccurrenceResponse
- Payload
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Sbom Reference Intoto Payload Response The actual payload that contains the SBOM reference data.
- Payload
Type string The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- Signatures
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Envelope Signature Response> The signatures over the payload.
- Payload
Sbom
Reference Intoto Payload Response The actual payload that contains the SBOM reference data.
- Payload
Type string The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- Signatures
[]Envelope
Signature Response The signatures over the payload.
- payload
Sbom
Reference Intoto Payload Response The actual payload that contains the SBOM reference data.
- payload
Type String The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- signatures
List<Envelope
Signature Response> The signatures over the payload.
- payload
Sbom
Reference Intoto Payload Response The actual payload that contains the SBOM reference data.
- payload
Type string The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- signatures
Envelope
Signature Response[] The signatures over the payload.
- payload
Sbom
Reference Intoto Payload Response The actual payload that contains the SBOM reference data.
- payload_
type str The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- signatures
Sequence[Envelope
Signature Response] The signatures over the payload.
- payload Property Map
The actual payload that contains the SBOM reference data.
- payload
Type String The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'.
- signatures List<Property Map>
The signatures over the payload.
SbomReferenceIntotoPayloadResponse
- Predicate
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Sbom Reference Intoto Predicate Response Additional parameters of the Predicate. Includes the actual data about the SBOM.
- Predicate
Type string URI identifying the type of the Predicate.
- Subject
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Subject Response> Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- Type string
Identifier for the schema of the Statement.
- Predicate
Sbom
Reference Intoto Predicate Response Additional parameters of the Predicate. Includes the actual data about the SBOM.
- Predicate
Type string URI identifying the type of the Predicate.
- Subject
[]Subject
Response Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- Type string
Identifier for the schema of the Statement.
- predicate
Sbom
Reference Intoto Predicate Response Additional parameters of the Predicate. Includes the actual data about the SBOM.
- predicate
Type String URI identifying the type of the Predicate.
- subject
List<Subject
Response> Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- type String
Identifier for the schema of the Statement.
- predicate
Sbom
Reference Intoto Predicate Response Additional parameters of the Predicate. Includes the actual data about the SBOM.
- predicate
Type string URI identifying the type of the Predicate.
- subject
Subject
Response[] Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- type string
Identifier for the schema of the Statement.
- predicate
Sbom
Reference Intoto Predicate Response Additional parameters of the Predicate. Includes the actual data about the SBOM.
- predicate_
type str URI identifying the type of the Predicate.
- subject
Sequence[Subject
Response] Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- type str
Identifier for the schema of the Statement.
- predicate Property Map
Additional parameters of the Predicate. Includes the actual data about the SBOM.
- predicate
Type String URI identifying the type of the Predicate.
- subject List<Property Map>
Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
- type String
Identifier for the schema of the Statement.
SbomReferenceIntotoPredicateResponse
- Digest Dictionary<string, string>
A map of algorithm to digest of the contents of the SBOM.
- Location string
The location of the SBOM.
- Mime
Type string The mime type of the SBOM.
- Referrer
Id string The person or system referring this predicate to the consumer.
- Digest map[string]string
A map of algorithm to digest of the contents of the SBOM.
- Location string
The location of the SBOM.
- Mime
Type string The mime type of the SBOM.
- Referrer
Id string The person or system referring this predicate to the consumer.
- digest Map<String,String>
A map of algorithm to digest of the contents of the SBOM.
- location String
The location of the SBOM.
- mime
Type String The mime type of the SBOM.
- referrer
Id String The person or system referring this predicate to the consumer.
- digest {[key: string]: string}
A map of algorithm to digest of the contents of the SBOM.
- location string
The location of the SBOM.
- mime
Type string The mime type of the SBOM.
- referrer
Id string The person or system referring this predicate to the consumer.
- digest Mapping[str, str]
A map of algorithm to digest of the contents of the SBOM.
- location str
The location of the SBOM.
- mime_
type str The mime type of the SBOM.
- referrer_
id str The person or system referring this predicate to the consumer.
- digest Map<String>
A map of algorithm to digest of the contents of the SBOM.
- location String
The location of the SBOM.
- mime
Type String The mime type of the SBOM.
- referrer
Id String The person or system referring this predicate to the consumer.
SlsaCompletenessResponse
- Arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- Environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- Materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- Arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- Environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- Materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments Boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment Boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials Boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments bool
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment bool
If true, the builder claims that recipe.environment is claimed to be complete.
- materials bool
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
- arguments Boolean
If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
- environment Boolean
If true, the builder claims that recipe.environment is claimed to be complete.
- materials Boolean
If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
SlsaMetadataResponse
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- Build
Finished stringOn The timestamp of when the build completed.
- Build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- Build
Started stringOn The timestamp of when the build started.
- Completeness
Slsa
Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- Reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started StringOn The timestamp of when the build started.
- completeness
Slsa
Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished stringOn The timestamp of when the build completed.
- build
Invocation stringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started stringOn The timestamp of when the build started.
- completeness
Slsa
Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build_
finished_ stron The timestamp of when the build completed.
- build_
invocation_ strid Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build_
started_ stron The timestamp of when the build started.
- completeness
Slsa
Completeness Response Indicates that the builder claims certain fields in this message to be complete.
- reproducible bool
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
- build
Finished StringOn The timestamp of when the build completed.
- build
Invocation StringId Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
- build
Started StringOn The timestamp of when the build started.
- completeness Property Map
Indicates that the builder claims certain fields in this message to be complete.
- reproducible Boolean
If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
SlsaProvenanceResponse
- Builder
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Builder Response builder is the builder of this provenance
- Materials
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Material Response> The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- Metadata
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Metadata Response metadata is the metadata of the provenance
- Recipe
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Slsa Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
- Builder
Slsa
Builder Response builder is the builder of this provenance
- Materials
[]Material
Response The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- Metadata
Slsa
Metadata Response metadata is the metadata of the provenance
- Recipe
Slsa
Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
- builder_
Slsa
Builder Response builder is the builder of this provenance
- materials
List<Material
Response> The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Slsa
Metadata Response metadata is the metadata of the provenance
- recipe
Slsa
Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
- builder
Slsa
Builder Response builder is the builder of this provenance
- materials
Material
Response[] The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Slsa
Metadata Response metadata is the metadata of the provenance
- recipe
Slsa
Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
- builder
Slsa
Builder Response builder is the builder of this provenance
- materials
Sequence[Material
Response] The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata
Slsa
Metadata Response metadata is the metadata of the provenance
- recipe
Slsa
Recipe Response Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
- builder Property Map
builder is the builder of this provenance
- materials List<Property Map>
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
- metadata Property Map
metadata is the metadata of the provenance
- recipe Property Map
Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
SlsaProvenanceZeroTwoResponse
- Build
Config Dictionary<string, string> Lists the steps in the build.
- Build
Type string URI indicating what type of build was performed.
- Builder
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Builder Response Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- Invocation
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Invocation Response Identifies the event that kicked off the build.
- Materials
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Material Response> The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- Metadata
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Metadata Response Other properties of the build.
- Build
Config map[string]string Lists the steps in the build.
- Build
Type string URI indicating what type of build was performed.
- Builder
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Builder Response Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- Invocation
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Invocation Response Identifies the event that kicked off the build.
- Materials
[]Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Material Response The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- Metadata
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Metadata Response Other properties of the build.
- build
Config Map<String,String> Lists the steps in the build.
- build
Type String URI indicating what type of build was performed.
- builder_
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Builder Response Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- invocation
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Invocation Response Identifies the event that kicked off the build.
- materials
List<Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Material Response> The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- metadata
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Metadata Response Other properties of the build.
- build
Config {[key: string]: string} Lists the steps in the build.
- build
Type string URI indicating what type of build was performed.
- builder
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Builder Response Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- invocation
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Invocation Response Identifies the event that kicked off the build.
- materials
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Material Response[] The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- metadata
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Metadata Response Other properties of the build.
- build_
config Mapping[str, str] Lists the steps in the build.
- build_
type str URI indicating what type of build was performed.
- builder
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Builder Response Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- invocation
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Invocation Response Identifies the event that kicked off the build.
- materials
Sequence[Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Material Response] The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- metadata
Google
Devtools Containeranalysis V1alpha1Slsa Provenance Zero Two Slsa Metadata Response Other properties of the build.
- build
Config Map<String> Lists the steps in the build.
- build
Type String URI indicating what type of build was performed.
- builder Property Map
Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
- invocation Property Map
Identifies the event that kicked off the build.
- materials List<Property Map>
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
- metadata Property Map
Other properties of the build.
SlsaRecipeResponse
- Arguments Dictionary<string, string>
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- Defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- Entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- Environment Dictionary<string, string>
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- Type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- Arguments map[string]string
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- Defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- Entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- Environment map[string]string
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- Type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments Map<String,String>
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- defined
In StringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point String String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment Map<String,String>
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- type String
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments {[key: string]: string}
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- defined
In stringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point string String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment {[key: string]: string}
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- type string
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments Mapping[str, str]
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- defined_
in_ strmaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry_
point str String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment Mapping[str, str]
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- type str
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
- arguments Map<String>
Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
- defined
In StringMaterial Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
- entry
Point String String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
- environment Map<String>
Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
- type String
URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
SourceResponse
- Additional
Contexts List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Source Context Response> If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- Artifact
Storage Pulumi.Source Google Native. Container Analysis. V1Alpha1. Inputs. Storage Source Response If provided, the input binary artifacts for the build came from this location.
- Context
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Google Devtools Containeranalysis V1alpha1Source Context Response If provided, the source code used for the build came from this location.
- File
Hashes Dictionary<string, string> Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- Repo
Source Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Repo Source Response If provided, get source from this location in a Cloud Repo.
- Storage
Source Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Storage Source Response If provided, get the source from this location in Google Cloud Storage.
- Additional
Contexts []GoogleDevtools Containeranalysis V1alpha1Source Context Response If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- Artifact
Storage StorageSource Source Response If provided, the input binary artifacts for the build came from this location.
- Context
Google
Devtools Containeranalysis V1alpha1Source Context Response If provided, the source code used for the build came from this location.
- File
Hashes map[string]string Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- Repo
Source RepoSource Response If provided, get source from this location in a Cloud Repo.
- Storage
Source StorageSource Response If provided, get the source from this location in Google Cloud Storage.
- additional
Contexts List<GoogleDevtools Containeranalysis V1alpha1Source Context Response> If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- artifact
Storage StorageSource Source Response If provided, the input binary artifacts for the build came from this location.
- context
Google
Devtools Containeranalysis V1alpha1Source Context Response If provided, the source code used for the build came from this location.
- file
Hashes Map<String,String> Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- repo
Source RepoSource Response If provided, get source from this location in a Cloud Repo.
- storage
Source StorageSource Response If provided, get the source from this location in Google Cloud Storage.
- additional
Contexts GoogleDevtools Containeranalysis V1alpha1Source Context Response[] If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- artifact
Storage StorageSource Source Response If provided, the input binary artifacts for the build came from this location.
- context
Google
Devtools Containeranalysis V1alpha1Source Context Response If provided, the source code used for the build came from this location.
- file
Hashes {[key: string]: string} Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- repo
Source RepoSource Response If provided, get source from this location in a Cloud Repo.
- storage
Source StorageSource Response If provided, get the source from this location in Google Cloud Storage.
- additional_
contexts Sequence[GoogleDevtools Containeranalysis V1alpha1Source Context Response] If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- artifact_
storage_ Storagesource Source Response If provided, the input binary artifacts for the build came from this location.
- context
Google
Devtools Containeranalysis V1alpha1Source Context Response If provided, the source code used for the build came from this location.
- file_
hashes Mapping[str, str] Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- repo_
source RepoSource Response If provided, get source from this location in a Cloud Repo.
- storage_
source StorageSource Response If provided, get the source from this location in Google Cloud Storage.
- additional
Contexts List<Property Map> If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
- artifact
Storage Property MapSource If provided, the input binary artifacts for the build came from this location.
- context Property Map
If provided, the source code used for the build came from this location.
- file
Hashes Map<String> Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
- repo
Source Property Map If provided, get source from this location in a Cloud Repo.
- storage
Source Property Map If provided, get the source from this location in Google Cloud Storage.
StatusResponse
- Code int
The status code, which should be an enum value of google.rpc.Code.
- Details
List<Immutable
Dictionary<string, string>> A list of messages that carry the error details. There is a common set of message types for APIs to use.
- Message string
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- Code int
The status code, which should be an enum value of google.rpc.Code.
- Details []map[string]string
A list of messages that carry the error details. There is a common set of message types for APIs to use.
- Message string
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- code Integer
The status code, which should be an enum value of google.rpc.Code.
- details List<Map<String,String>>
A list of messages that carry the error details. There is a common set of message types for APIs to use.
- message String
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- code number
The status code, which should be an enum value of google.rpc.Code.
- details {[key: string]: string}[]
A list of messages that carry the error details. There is a common set of message types for APIs to use.
- message string
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- code int
The status code, which should be an enum value of google.rpc.Code.
- details Sequence[Mapping[str, str]]
A list of messages that carry the error details. There is a common set of message types for APIs to use.
- message str
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- code Number
The status code, which should be an enum value of google.rpc.Code.
- details List<Map<String>>
A list of messages that carry the error details. There is a common set of message types for APIs to use.
- message String
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
StorageSourceResponse
- Bucket string
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- Generation string
Google Cloud Storage generation for the object.
- Object string
Google Cloud Storage object containing source.
- Bucket string
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- Generation string
Google Cloud Storage generation for the object.
- Object string
Google Cloud Storage object containing source.
- bucket String
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- generation String
Google Cloud Storage generation for the object.
- object String
Google Cloud Storage object containing source.
- bucket string
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- generation string
Google Cloud Storage generation for the object.
- object string
Google Cloud Storage object containing source.
- bucket str
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- generation str
Google Cloud Storage generation for the object.
- object str
Google Cloud Storage object containing source.
- bucket String
Google Cloud Storage bucket containing source (see [Bucket Name Requirements] (https://cloud.google.com/storage/docs/bucket-naming#requirements)).
- generation String
Google Cloud Storage generation for the object.
- object String
Google Cloud Storage object containing source.
SubjectResponse
URIResponse
UpgradeDistributionResponse
- Classification string
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- Cpe
Uri string Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- Cve List<string>
The cve that would be resolved by this upgrade.
- Severity string
The severity as specified by the upstream operating system.
- Classification string
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- Cpe
Uri string Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- Cve []string
The cve that would be resolved by this upgrade.
- Severity string
The severity as specified by the upstream operating system.
- classification String
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- cpe
Uri String Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- cve List<String>
The cve that would be resolved by this upgrade.
- severity String
The severity as specified by the upstream operating system.
- classification string
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- cpe
Uri string Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- cve string[]
The cve that would be resolved by this upgrade.
- severity string
The severity as specified by the upstream operating system.
- classification str
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- cpe_
uri str Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- cve Sequence[str]
The cve that would be resolved by this upgrade.
- severity str
The severity as specified by the upstream operating system.
- classification String
The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed.
- cpe
Uri String Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
- cve List<String>
The cve that would be resolved by this upgrade.
- severity String
The severity as specified by the upstream operating system.
UpgradeOccurrenceResponse
- Distribution
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Upgrade Distribution Response Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- Package string
Required - The package this Upgrade is for.
- Parsed
Version Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Version Response Required - The version of the package in a machine + human readable form.
- Distribution
Upgrade
Distribution Response Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- Package string
Required - The package this Upgrade is for.
- Parsed
Version VersionResponse Required - The version of the package in a machine + human readable form.
- distribution
Upgrade
Distribution Response Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- package_ String
Required - The package this Upgrade is for.
- parsed
Version VersionResponse Required - The version of the package in a machine + human readable form.
- distribution
Upgrade
Distribution Response Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- package string
Required - The package this Upgrade is for.
- parsed
Version VersionResponse Required - The version of the package in a machine + human readable form.
- distribution
Upgrade
Distribution Response Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- package str
Required - The package this Upgrade is for.
- parsed_
version VersionResponse Required - The version of the package in a machine + human readable form.
- distribution Property Map
Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
- package String
Required - The package this Upgrade is for.
- parsed
Version Property Map Required - The version of the package in a machine + human readable form.
VersionResponse
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- Kind string
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- Name string
The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- Kind string
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- Name string
The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- epoch Integer
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- kind String
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- name String
The main part of the version name.
- revision String
The iteration of the package build from the above version.
- epoch number
Used to correct mistakes in the version numbering scheme.
- inclusive boolean
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- kind string
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- name string
The main part of the version name.
- revision string
The iteration of the package build from the above version.
- epoch int
Used to correct mistakes in the version numbering scheme.
- inclusive bool
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- kind str
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- name str
The main part of the version name.
- revision str
The iteration of the package build from the above version.
- epoch Number
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is vulnerable, when defining the version bounds. For example, if the minimum version is 2.0, inclusive=true would say 2.0 is vulnerable, while inclusive=false would say it's not
- kind String
Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored.
- name String
The main part of the version name.
- revision String
The iteration of the package build from the above version.
VexAssessmentResponse
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts List<string>
Contains information about the impact of this vulnerability, this will change with time.
- Justification
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Justification Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Note
Name string The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. URIResponse> Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
List<Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Remediation Response> Specifies details on how to handle (and presumably, fix) a vulnerability.
- State string
Provides the state of this Vulnerability assessment.
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts []string
Contains information about the impact of this vulnerability, this will change with time.
- Justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Note
Name string The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- []URIResponse
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
[]Remediation
Response Specifies details on how to handle (and presumably, fix) a vulnerability.
- State string
Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- note
Name String The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- List<URIResponse>
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
List<Remediation
Response> Specifies details on how to handle (and presumably, fix) a vulnerability.
- state String
Provides the state of this Vulnerability assessment.
- cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts string[]
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- note
Name string The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- URIResponse[]
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Remediation
Response[] Specifies details on how to handle (and presumably, fix) a vulnerability.
- state string
Provides the state of this Vulnerability assessment.
- cve str
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts Sequence[str]
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- note_
name str The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- Sequence[URIResponse]
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Sequence[Remediation
Response] Specifies details on how to handle (and presumably, fix) a vulnerability.
- state str
Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification Property Map
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- note
Name String The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form:
projects/[PROJECT_ID]/notes/[NOTE_ID]
.- List<Property Map>
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Property Map>
Specifies details on how to handle (and presumably, fix) a vulnerability.
- state String
Provides the state of this Vulnerability assessment.
VulnerabilityDetailsResponse
- Cvss
Score double The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- Cvss
V2 Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. CVSSResponse The CVSS v2 score of this vulnerability.
- Cvss
V3 Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. CVSSResponse The CVSS v3 score of this vulnerability.
- Cvss
Version string CVSS version used to populate cvss_score and severity.
- Effective
Severity string The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- Package
Issue List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Package Issue Response> The set of affected locations and their fixes (if available) within the associated resource.
- Severity string
The note provider assigned Severity of the vulnerability.
- Type string
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- Vex
Assessment Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. Vex Assessment Response VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
- Cvss
Score float64 The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- Cvss
V2 CVSSResponse The CVSS v2 score of this vulnerability.
- Cvss
V3 CVSSResponse The CVSS v3 score of this vulnerability.
- Cvss
Version string CVSS version used to populate cvss_score and severity.
- Effective
Severity string The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- Package
Issue []PackageIssue Response The set of affected locations and their fixes (if available) within the associated resource.
- Severity string
The note provider assigned Severity of the vulnerability.
- Type string
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- Vex
Assessment VexAssessment Response VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
- cvss
Score Double The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- cvss
V2 CVSSResponse The CVSS v2 score of this vulnerability.
- cvss
V3 CVSSResponse The CVSS v3 score of this vulnerability.
- cvss
Version String CVSS version used to populate cvss_score and severity.
- effective
Severity String The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- package
Issue List<PackageIssue Response> The set of affected locations and their fixes (if available) within the associated resource.
- severity String
The note provider assigned Severity of the vulnerability.
- type String
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- vex
Assessment VexAssessment Response VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
- cvss
Score number The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- cvss
V2 CVSSResponse The CVSS v2 score of this vulnerability.
- cvss
V3 CVSSResponse The CVSS v3 score of this vulnerability.
- cvss
Version string CVSS version used to populate cvss_score and severity.
- effective
Severity string The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- package
Issue PackageIssue Response[] The set of affected locations and their fixes (if available) within the associated resource.
- severity string
The note provider assigned Severity of the vulnerability.
- type string
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- vex
Assessment VexAssessment Response VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
- cvss_
score float The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- cvss_
v2 CVSSResponse The CVSS v2 score of this vulnerability.
- cvss_
v3 CVSSResponse The CVSS v3 score of this vulnerability.
- cvss_
version str CVSS version used to populate cvss_score and severity.
- effective_
severity str The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- package_
issue Sequence[PackageIssue Response] The set of affected locations and their fixes (if available) within the associated resource.
- severity str
The note provider assigned Severity of the vulnerability.
- type str
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- vex_
assessment VexAssessment Response VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
- cvss
Score Number The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
- cvss
V2 Property Map The CVSS v2 score of this vulnerability.
- cvss
V3 Property Map The CVSS v3 score of this vulnerability.
- cvss
Version String CVSS version used to populate cvss_score and severity.
- effective
Severity String The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
- package
Issue List<Property Map> The set of affected locations and their fixes (if available) within the associated resource.
- severity String
The note provider assigned Severity of the vulnerability.
- type String
The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
- vex
Assessment Property Map VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
VulnerabilityLocationResponse
- Cpe
Uri string The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- File
Location List<Pulumi.Google Native. Container Analysis. V1Alpha1. Inputs. File Location Response> The file location at which this package was found.
- Package string
The package being described.
- Version
Pulumi.
Google Native. Container Analysis. V1Alpha1. Inputs. Version Response The version of the package being described. This field can be used as a filter in list requests.
- Cpe
Uri string The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- File
Location []FileLocation Response The file location at which this package was found.
- Package string
The package being described.
- Version
Version
Response The version of the package being described. This field can be used as a filter in list requests.
- cpe
Uri String The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- file
Location List<FileLocation Response> The file location at which this package was found.
- package_ String
The package being described.
- version
Version
Response The version of the package being described. This field can be used as a filter in list requests.
- cpe
Uri string The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- file
Location FileLocation Response[] The file location at which this package was found.
- package string
The package being described.
- version
Version
Response The version of the package being described. This field can be used as a filter in list requests.
- cpe_
uri str The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- file_
location Sequence[FileLocation Response] The file location at which this package was found.
- package str
The package being described.
- version
Version
Response The version of the package being described. This field can be used as a filter in list requests.
- cpe
Uri String The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
- file
Location List<Property Map> The file location at which this package was found.
- package String
The package being described.
- version Property Map
The version of the package being described. This field can be used as a filter in list requests.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.