Google Native

Pulumi Official
Package maintained by Pulumi
v0.19.1 published on Tuesday, May 24, 2022 by Pulumi

getNote

Gets the specified note.

Using getNote

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNote(args: GetNoteArgs, opts?: InvokeOptions): Promise<GetNoteResult>
function getNoteOutput(args: GetNoteOutputArgs, opts?: InvokeOptions): Output<GetNoteResult>
def get_note(note_id: Optional[str] = None,
             project: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetNoteResult
def get_note_output(note_id: Optional[pulumi.Input[str]] = None,
             project: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetNoteResult]
func LookupNote(ctx *Context, args *LookupNoteArgs, opts ...InvokeOption) (*LookupNoteResult, error)
func LookupNoteOutput(ctx *Context, args *LookupNoteOutputArgs, opts ...InvokeOption) LookupNoteResultOutput

> Note: This function is named LookupNote in the Go SDK.

public static class GetNote 
{
    public static Task<GetNoteResult> InvokeAsync(GetNoteArgs args, InvokeOptions? opts = null)
    public static Output<GetNoteResult> Invoke(GetNoteInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetNoteResult> getNote(GetNoteArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: google-native:containeranalysis/v1beta1:getNote
  Arguments:
    # Arguments dictionary

The following arguments are supported:

NoteId string
Project string
NoteId string
Project string
noteId String
project String
noteId string
project string
noteId String
project String

getNote Result

The following output properties are available:

AttestationAuthority Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.AuthorityResponse

A note describing an attestation role.

BaseImage Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.BasisResponse

A note describing a base image.

Build Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.BuildResponse

A note describing build provenance for a verifiable build.

CreateTime string

The time this note was created. This field can be used as a filter in list requests.

Deployable Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.DeployableResponse

A note describing something that can be deployed.

Discovery Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.DiscoveryResponse

A note describing the initial analysis of a resource.

ExpirationTime string

Time of expiration for this note. Empty if note does not expire.

Intoto Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.InTotoResponse

A note describing an in-toto link.

Kind string

The type of analysis. This field can be used as a filter in list requests.

LongDescription string

A detailed description of this note.

Name string

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Package Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.PackageResponse

A note describing a package hosted by various package managers.

RelatedNoteNames List<string>

Other notes related to this note.

RelatedUrl List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.RelatedUrlResponse>

URLs associated with this note.

Sbom Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.DocumentNoteResponse

A note describing a software bill of materials.

ShortDescription string

A one sentence description of this note.

SpdxFile Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.FileNoteResponse

A note describing an SPDX File.

SpdxPackage Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.PackageInfoNoteResponse

A note describing an SPDX Package.

SpdxRelationship Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.RelationshipNoteResponse

A note describing an SPDX File.

UpdateTime string

The time this note was last updated. This field can be used as a filter in list requests.

Vulnerability Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Outputs.VulnerabilityResponse

A note describing a package vulnerability.

AttestationAuthority AuthorityResponse

A note describing an attestation role.

BaseImage BasisResponse

A note describing a base image.

Build BuildResponse

A note describing build provenance for a verifiable build.

CreateTime string

The time this note was created. This field can be used as a filter in list requests.

Deployable DeployableResponse

A note describing something that can be deployed.

Discovery DiscoveryResponse

A note describing the initial analysis of a resource.

ExpirationTime string

Time of expiration for this note. Empty if note does not expire.

Intoto InTotoResponse

A note describing an in-toto link.

Kind string

The type of analysis. This field can be used as a filter in list requests.

LongDescription string

A detailed description of this note.

Name string

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

Package PackageResponse

A note describing a package hosted by various package managers.

RelatedNoteNames []string

Other notes related to this note.

RelatedUrl []RelatedUrlResponse

URLs associated with this note.

Sbom DocumentNoteResponse

A note describing a software bill of materials.

ShortDescription string

A one sentence description of this note.

SpdxFile FileNoteResponse

A note describing an SPDX File.

SpdxPackage PackageInfoNoteResponse

A note describing an SPDX Package.

SpdxRelationship RelationshipNoteResponse

A note describing an SPDX File.

UpdateTime string

The time this note was last updated. This field can be used as a filter in list requests.

Vulnerability VulnerabilityResponse

A note describing a package vulnerability.

attestationAuthority AuthorityResponse

A note describing an attestation role.

baseImage BasisResponse

A note describing a base image.

build BuildResponse

A note describing build provenance for a verifiable build.

createTime String

The time this note was created. This field can be used as a filter in list requests.

deployable DeployableResponse

A note describing something that can be deployed.

discovery DiscoveryResponse

A note describing the initial analysis of a resource.

expirationTime String

Time of expiration for this note. Empty if note does not expire.

intoto InTotoResponse

A note describing an in-toto link.

kind String

The type of analysis. This field can be used as a filter in list requests.

longDescription String

A detailed description of this note.

name String

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

package_ PackageResponse

A note describing a package hosted by various package managers.

relatedNoteNames List<String>

Other notes related to this note.

relatedUrl List<RelatedUrlResponse>

URLs associated with this note.

sbom DocumentNoteResponse

A note describing a software bill of materials.

shortDescription String

A one sentence description of this note.

spdxFile FileNoteResponse

A note describing an SPDX File.

spdxPackage PackageInfoNoteResponse

A note describing an SPDX Package.

spdxRelationship RelationshipNoteResponse

A note describing an SPDX File.

updateTime String

The time this note was last updated. This field can be used as a filter in list requests.

vulnerability VulnerabilityResponse

A note describing a package vulnerability.

attestationAuthority AuthorityResponse

A note describing an attestation role.

baseImage BasisResponse

A note describing a base image.

build BuildResponse

A note describing build provenance for a verifiable build.

createTime string

The time this note was created. This field can be used as a filter in list requests.

deployable DeployableResponse

A note describing something that can be deployed.

discovery DiscoveryResponse

A note describing the initial analysis of a resource.

expirationTime string

Time of expiration for this note. Empty if note does not expire.

intoto InTotoResponse

A note describing an in-toto link.

kind string

The type of analysis. This field can be used as a filter in list requests.

longDescription string

A detailed description of this note.

name string

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

package PackageResponse

A note describing a package hosted by various package managers.

relatedNoteNames string[]

Other notes related to this note.

relatedUrl RelatedUrlResponse[]

URLs associated with this note.

sbom DocumentNoteResponse

A note describing a software bill of materials.

shortDescription string

A one sentence description of this note.

spdxFile FileNoteResponse

A note describing an SPDX File.

spdxPackage PackageInfoNoteResponse

A note describing an SPDX Package.

spdxRelationship RelationshipNoteResponse

A note describing an SPDX File.

updateTime string

The time this note was last updated. This field can be used as a filter in list requests.

vulnerability VulnerabilityResponse

A note describing a package vulnerability.

attestation_authority AuthorityResponse

A note describing an attestation role.

base_image BasisResponse

A note describing a base image.

build BuildResponse

A note describing build provenance for a verifiable build.

create_time str

The time this note was created. This field can be used as a filter in list requests.

deployable DeployableResponse

A note describing something that can be deployed.

discovery DiscoveryResponse

A note describing the initial analysis of a resource.

expiration_time str

Time of expiration for this note. Empty if note does not expire.

intoto InTotoResponse

A note describing an in-toto link.

kind str

The type of analysis. This field can be used as a filter in list requests.

long_description str

A detailed description of this note.

name str

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

package PackageResponse

A note describing a package hosted by various package managers.

related_note_names Sequence[str]

Other notes related to this note.

related_url Sequence[RelatedUrlResponse]

URLs associated with this note.

sbom DocumentNoteResponse

A note describing a software bill of materials.

short_description str

A one sentence description of this note.

spdx_file FileNoteResponse

A note describing an SPDX File.

spdx_package PackageInfoNoteResponse

A note describing an SPDX Package.

spdx_relationship RelationshipNoteResponse

A note describing an SPDX File.

update_time str

The time this note was last updated. This field can be used as a filter in list requests.

vulnerability VulnerabilityResponse

A note describing a package vulnerability.

attestationAuthority Property Map

A note describing an attestation role.

baseImage Property Map

A note describing a base image.

build Property Map

A note describing build provenance for a verifiable build.

createTime String

The time this note was created. This field can be used as a filter in list requests.

deployable Property Map

A note describing something that can be deployed.

discovery Property Map

A note describing the initial analysis of a resource.

expirationTime String

Time of expiration for this note. Empty if note does not expire.

intoto Property Map

A note describing an in-toto link.

kind String

The type of analysis. This field can be used as a filter in list requests.

longDescription String

A detailed description of this note.

name String

The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID].

package Property Map

A note describing a package hosted by various package managers.

relatedNoteNames List<String>

Other notes related to this note.

relatedUrl List<Property Map>

URLs associated with this note.

sbom Property Map

A note describing a software bill of materials.

shortDescription String

A one sentence description of this note.

spdxFile Property Map

A note describing an SPDX File.

spdxPackage Property Map

A note describing an SPDX Package.

spdxRelationship Property Map

A note describing an SPDX File.

updateTime String

The time this note was last updated. This field can be used as a filter in list requests.

vulnerability Property Map

A note describing a package vulnerability.

Supporting Types

ArtifactRuleResponse

ArtifactRule List<string>
ArtifactRule []string
artifactRule List<String>
artifactRule string[]
artifact_rule Sequence[str]
artifactRule List<String>

AuthorityResponse

Hint Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.HintResponse

Hint hints at the purpose of the attestation authority.

Hint HintResponse

Hint hints at the purpose of the attestation authority.

hint HintResponse

Hint hints at the purpose of the attestation authority.

hint HintResponse

Hint hints at the purpose of the attestation authority.

hint HintResponse

Hint hints at the purpose of the attestation authority.

hint Property Map

Hint hints at the purpose of the attestation authority.

BasisResponse

Fingerprint Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.FingerprintResponse

Immutable. The fingerprint of the base image.

ResourceUrl string

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

Fingerprint FingerprintResponse

Immutable. The fingerprint of the base image.

ResourceUrl string

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse

Immutable. The fingerprint of the base image.

resourceUrl String

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse

Immutable. The fingerprint of the base image.

resourceUrl string

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint FingerprintResponse

Immutable. The fingerprint of the base image.

resource_url str

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

fingerprint Property Map

Immutable. The fingerprint of the base image.

resourceUrl String

Immutable. The resource_url for the resource representing the basis of associated occurrence images.

BuildResponse

BuilderVersion string

Immutable. Version of the builder which produced this build.

Signature Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.BuildSignatureResponse

Signature of the build in occurrences pointing to this build note containing build details.

BuilderVersion string

Immutable. Version of the builder which produced this build.

Signature BuildSignatureResponse

Signature of the build in occurrences pointing to this build note containing build details.

builderVersion String

Immutable. Version of the builder which produced this build.

signature BuildSignatureResponse

Signature of the build in occurrences pointing to this build note containing build details.

builderVersion string

Immutable. Version of the builder which produced this build.

signature BuildSignatureResponse

Signature of the build in occurrences pointing to this build note containing build details.

builder_version str

Immutable. Version of the builder which produced this build.

signature BuildSignatureResponse

Signature of the build in occurrences pointing to this build note containing build details.

builderVersion String

Immutable. Version of the builder which produced this build.

signature Property Map

Signature of the build in occurrences pointing to this build note containing build details.

BuildSignatureResponse

KeyId string

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

KeyType string

The type of the key, either stored in public_key or referenced in key_id.

PublicKey string

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

Signature string

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

KeyId string

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

KeyType string

The type of the key, either stored in public_key or referenced in key_id.

PublicKey string

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

Signature string

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

keyId String

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

keyType String

The type of the key, either stored in public_key or referenced in key_id.

publicKey String

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature String

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

keyId string

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

keyType string

The type of the key, either stored in public_key or referenced in key_id.

publicKey string

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature string

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

key_id str

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

key_type str

The type of the key, either stored in public_key or referenced in key_id.

public_key str

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature str

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

keyId String

An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

keyType String

The type of the key, either stored in public_key or referenced in key_id.

publicKey String

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature String

Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

CVSSResponse

AttackComplexity string

Defined in CVSS v3, CVSS v2

AttackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

Authentication string

Defined in CVSS v2

AvailabilityImpact string

Defined in CVSS v3, CVSS v2

BaseScore double

The base score is a function of the base metric scores.

ConfidentialityImpact string

Defined in CVSS v3, CVSS v2

ExploitabilityScore double
ImpactScore double
IntegrityImpact string

Defined in CVSS v3, CVSS v2

PrivilegesRequired string

Defined in CVSS v3

Scope string

Defined in CVSS v3

UserInteraction string

Defined in CVSS v3

AttackComplexity string

Defined in CVSS v3, CVSS v2

AttackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

Authentication string

Defined in CVSS v2

AvailabilityImpact string

Defined in CVSS v3, CVSS v2

BaseScore float64

The base score is a function of the base metric scores.

ConfidentialityImpact string

Defined in CVSS v3, CVSS v2

ExploitabilityScore float64
ImpactScore float64
IntegrityImpact string

Defined in CVSS v3, CVSS v2

PrivilegesRequired string

Defined in CVSS v3

Scope string

Defined in CVSS v3

UserInteraction string

Defined in CVSS v3

attackComplexity String

Defined in CVSS v3, CVSS v2

attackVector String

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

authentication String

Defined in CVSS v2

availabilityImpact String

Defined in CVSS v3, CVSS v2

baseScore Double

The base score is a function of the base metric scores.

confidentialityImpact String

Defined in CVSS v3, CVSS v2

exploitabilityScore Double
impactScore Double
integrityImpact String

Defined in CVSS v3, CVSS v2

privilegesRequired String

Defined in CVSS v3

scope String

Defined in CVSS v3

userInteraction String

Defined in CVSS v3

attackComplexity string

Defined in CVSS v3, CVSS v2

attackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

authentication string

Defined in CVSS v2

availabilityImpact string

Defined in CVSS v3, CVSS v2

baseScore number

The base score is a function of the base metric scores.

confidentialityImpact string

Defined in CVSS v3, CVSS v2

exploitabilityScore number
impactScore number
integrityImpact string

Defined in CVSS v3, CVSS v2

privilegesRequired string

Defined in CVSS v3

scope string

Defined in CVSS v3

userInteraction string

Defined in CVSS v3

attack_complexity str

Defined in CVSS v3, CVSS v2

attack_vector str

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

authentication str

Defined in CVSS v2

availability_impact str

Defined in CVSS v3, CVSS v2

base_score float

The base score is a function of the base metric scores.

confidentiality_impact str

Defined in CVSS v3, CVSS v2

exploitability_score float
impact_score float
integrity_impact str

Defined in CVSS v3, CVSS v2

privileges_required str

Defined in CVSS v3

scope str

Defined in CVSS v3

user_interaction str

Defined in CVSS v3

attackComplexity String

Defined in CVSS v3, CVSS v2

attackVector String

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2

authentication String

Defined in CVSS v2

availabilityImpact String

Defined in CVSS v3, CVSS v2

baseScore Number

The base score is a function of the base metric scores.

confidentialityImpact String

Defined in CVSS v3, CVSS v2

exploitabilityScore Number
impactScore Number
integrityImpact String

Defined in CVSS v3, CVSS v2

privilegesRequired String

Defined in CVSS v3

scope String

Defined in CVSS v3

userInteraction String

Defined in CVSS v3

CVSSv3Response

AttackComplexity string
AttackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

AvailabilityImpact string
BaseScore double

The base score is a function of the base metric scores.

ConfidentialityImpact string
ExploitabilityScore double
ImpactScore double
IntegrityImpact string
PrivilegesRequired string
Scope string
UserInteraction string
AttackComplexity string
AttackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

AvailabilityImpact string
BaseScore float64

The base score is a function of the base metric scores.

ConfidentialityImpact string
ExploitabilityScore float64
ImpactScore float64
IntegrityImpact string
PrivilegesRequired string
Scope string
UserInteraction string
attackComplexity String
attackVector String

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

availabilityImpact String
baseScore Double

The base score is a function of the base metric scores.

confidentialityImpact String
exploitabilityScore Double
impactScore Double
integrityImpact String
privilegesRequired String
scope String
userInteraction String
attackComplexity string
attackVector string

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

availabilityImpact string
baseScore number

The base score is a function of the base metric scores.

confidentialityImpact string
exploitabilityScore number
impactScore number
integrityImpact string
privilegesRequired string
scope string
userInteraction string
attack_complexity str
attack_vector str

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

availability_impact str
base_score float

The base score is a function of the base metric scores.

confidentiality_impact str
exploitability_score float
impact_score float
integrity_impact str
privileges_required str
scope str
user_interaction str
attackComplexity String
attackVector String

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

availabilityImpact String
baseScore Number

The base score is a function of the base metric scores.

confidentialityImpact String
exploitabilityScore Number
impactScore Number
integrityImpact String
privilegesRequired String
scope String
userInteraction String

DeployableResponse

ResourceUri List<string>

Resource URI for the artifact being deployed.

ResourceUri []string

Resource URI for the artifact being deployed.

resourceUri List<String>

Resource URI for the artifact being deployed.

resourceUri string[]

Resource URI for the artifact being deployed.

resource_uri Sequence[str]

Resource URI for the artifact being deployed.

resourceUri List<String>

Resource URI for the artifact being deployed.

DetailResponse

CpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

Description string

A vendor-specific description of this note.

FixedLocation Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VulnerabilityLocationResponse

The fix for this specific package version.

IsObsolete bool

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

MaxAffectedVersion Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionResponse

The max version of the package in which the vulnerability exists.

MinAffectedVersion Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionResponse

The min version of the package in which the vulnerability exists.

Package string

The name of the package where the vulnerability was found.

PackageType string

The type of package; whether native or non native(ruby gems, node.js packages etc).

SeverityName string

The severity (eg: distro assigned severity) for this vulnerability.

Source string

The source from which the information in this Detail was obtained.

SourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

Vendor string

The name of the vendor of the product.

CpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

Description string

A vendor-specific description of this note.

FixedLocation VulnerabilityLocationResponse

The fix for this specific package version.

IsObsolete bool

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

MaxAffectedVersion VersionResponse

The max version of the package in which the vulnerability exists.

MinAffectedVersion VersionResponse

The min version of the package in which the vulnerability exists.

Package string

The name of the package where the vulnerability was found.

PackageType string

The type of package; whether native or non native(ruby gems, node.js packages etc).

SeverityName string

The severity (eg: distro assigned severity) for this vulnerability.

Source string

The source from which the information in this Detail was obtained.

SourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

Vendor string

The name of the vendor of the product.

cpeUri String

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description String

A vendor-specific description of this note.

fixedLocation VulnerabilityLocationResponse

The fix for this specific package version.

isObsolete Boolean

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

maxAffectedVersion VersionResponse

The max version of the package in which the vulnerability exists.

minAffectedVersion VersionResponse

The min version of the package in which the vulnerability exists.

packageType String

The type of package; whether native or non native(ruby gems, node.js packages etc).

package_ String

The name of the package where the vulnerability was found.

severityName String

The severity (eg: distro assigned severity) for this vulnerability.

source String

The source from which the information in this Detail was obtained.

sourceUpdateTime String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

vendor String

The name of the vendor of the product.

cpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description string

A vendor-specific description of this note.

fixedLocation VulnerabilityLocationResponse

The fix for this specific package version.

isObsolete boolean

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

maxAffectedVersion VersionResponse

The max version of the package in which the vulnerability exists.

minAffectedVersion VersionResponse

The min version of the package in which the vulnerability exists.

package string

The name of the package where the vulnerability was found.

packageType string

The type of package; whether native or non native(ruby gems, node.js packages etc).

severityName string

The severity (eg: distro assigned severity) for this vulnerability.

source string

The source from which the information in this Detail was obtained.

sourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

vendor string

The name of the vendor of the product.

cpe_uri str

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description str

A vendor-specific description of this note.

fixed_location VulnerabilityLocationResponse

The fix for this specific package version.

is_obsolete bool

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

max_affected_version VersionResponse

The max version of the package in which the vulnerability exists.

min_affected_version VersionResponse

The min version of the package in which the vulnerability exists.

package str

The name of the package where the vulnerability was found.

package_type str

The type of package; whether native or non native(ruby gems, node.js packages etc).

severity_name str

The severity (eg: distro assigned severity) for this vulnerability.

source str

The source from which the information in this Detail was obtained.

source_update_time str

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

vendor str

The name of the vendor of the product.

cpeUri String

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description String

A vendor-specific description of this note.

fixedLocation Property Map

The fix for this specific package version.

isObsolete Boolean

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

maxAffectedVersion Property Map

The max version of the package in which the vulnerability exists.

minAffectedVersion Property Map

The min version of the package in which the vulnerability exists.

package String

The name of the package where the vulnerability was found.

packageType String

The type of package; whether native or non native(ruby gems, node.js packages etc).

severityName String

The severity (eg: distro assigned severity) for this vulnerability.

source String

The source from which the information in this Detail was obtained.

sourceUpdateTime String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

vendor String

The name of the vendor of the product.

DigestResponse

Algo string

SHA1, SHA512 etc.

DigestValue string

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

Algo string

SHA1, SHA512 etc.

DigestValue string

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

algo String

SHA1, SHA512 etc.

digestValue String

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

algo string

SHA1, SHA512 etc.

digestValue string

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

algo str

SHA1, SHA512 etc.

digest_value str

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

algo String

SHA1, SHA512 etc.

digestValue String

Value of the digest encoded. For example: SHA512 - base64 encoding, SHA1 - hex encoding.

DiscoveryResponse

AnalysisKind string

Immutable. The kind of analysis that is handled by this discovery.

AnalysisKind string

Immutable. The kind of analysis that is handled by this discovery.

analysisKind String

Immutable. The kind of analysis that is handled by this discovery.

analysisKind string

Immutable. The kind of analysis that is handled by this discovery.

analysis_kind str

Immutable. The kind of analysis that is handled by this discovery.

analysisKind String

Immutable. The kind of analysis that is handled by this discovery.

DistributionResponse

Architecture string

The CPU architecture for which packages in this distribution channel were built.

CpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package.

Description string

The distribution channel-specific description of this package.

LatestVersion Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionResponse

The latest available version of this package in this distribution channel.

Maintainer string

A freeform string denoting the maintainer of this package.

Url string

The distribution channel-specific homepage for this package.

Architecture string

The CPU architecture for which packages in this distribution channel were built.

CpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package.

Description string

The distribution channel-specific description of this package.

LatestVersion VersionResponse

The latest available version of this package in this distribution channel.

Maintainer string

A freeform string denoting the maintainer of this package.

Url string

The distribution channel-specific homepage for this package.

architecture String

The CPU architecture for which packages in this distribution channel were built.

cpeUri String

The cpe_uri in CPE format denoting the package manager version distributing a package.

description String

The distribution channel-specific description of this package.

latestVersion VersionResponse

The latest available version of this package in this distribution channel.

maintainer String

A freeform string denoting the maintainer of this package.

url String

The distribution channel-specific homepage for this package.

architecture string

The CPU architecture for which packages in this distribution channel were built.

cpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package.

description string

The distribution channel-specific description of this package.

latestVersion VersionResponse

The latest available version of this package in this distribution channel.

maintainer string

A freeform string denoting the maintainer of this package.

url string

The distribution channel-specific homepage for this package.

architecture str

The CPU architecture for which packages in this distribution channel were built.

cpe_uri str

The cpe_uri in CPE format denoting the package manager version distributing a package.

description str

The distribution channel-specific description of this package.

latest_version VersionResponse

The latest available version of this package in this distribution channel.

maintainer str

A freeform string denoting the maintainer of this package.

url str

The distribution channel-specific homepage for this package.

architecture String

The CPU architecture for which packages in this distribution channel were built.

cpeUri String

The cpe_uri in CPE format denoting the package manager version distributing a package.

description String

The distribution channel-specific description of this package.

latestVersion Property Map

The latest available version of this package in this distribution channel.

maintainer String

A freeform string denoting the maintainer of this package.

url String

The distribution channel-specific homepage for this package.

DocumentNoteResponse

DataLicence string

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

SpdxVersion string

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

DataLicence string

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

SpdxVersion string

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence String

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

spdxVersion String

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence string

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

spdxVersion string

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

data_licence str

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

spdx_version str

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

dataLicence String

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")

spdxVersion String

Provide a reference number that can be used to understand how to parse and interpret the rest of the file

ExternalRefResponse

Category string

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

Comment string

Human-readable information about the purpose and target of the reference

Locator string

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

Type string

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

Category string

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

Comment string

Human-readable information about the purpose and target of the reference

Locator string

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

Type string

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category String

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

comment String

Human-readable information about the purpose and target of the reference

locator String

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

type String

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category string

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

comment string

Human-readable information about the purpose and target of the reference

locator string

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

type string

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category str

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

comment str

Human-readable information about the purpose and target of the reference

locator str

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

type str

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

category String

An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package

comment String

Human-readable information about the purpose and target of the reference

locator String

The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location

type String

Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)

FileNoteResponse

Checksum List<string>

Provide a unique identifier to match analysis information on each specific file in a package

FileType string

This field provides information about the type of file identified

Title string

Identify the full path and filename that corresponds to the file information in this section

Checksum []string

Provide a unique identifier to match analysis information on each specific file in a package

FileType string

This field provides information about the type of file identified

Title string

Identify the full path and filename that corresponds to the file information in this section

checksum List<String>

Provide a unique identifier to match analysis information on each specific file in a package

fileType String

This field provides information about the type of file identified

title String

Identify the full path and filename that corresponds to the file information in this section

checksum string[]

Provide a unique identifier to match analysis information on each specific file in a package

fileType string

This field provides information about the type of file identified

title string

Identify the full path and filename that corresponds to the file information in this section

checksum Sequence[str]

Provide a unique identifier to match analysis information on each specific file in a package

file_type str

This field provides information about the type of file identified

title str

Identify the full path and filename that corresponds to the file information in this section

checksum List<String>

Provide a unique identifier to match analysis information on each specific file in a package

fileType String

This field provides information about the type of file identified

title String

Identify the full path and filename that corresponds to the file information in this section

FingerprintResponse

V1Name string

The layer ID of the final layer in the Docker image's v1 representation.

V2Blob List<string>

The ordered list of v2 blobs that represent a given image.

V2Name string

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

V1Name string

The layer ID of the final layer in the Docker image's v1 representation.

V2Blob []string

The ordered list of v2 blobs that represent a given image.

V2Name string

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

v1Name String

The layer ID of the final layer in the Docker image's v1 representation.

v2Blob List<String>

The ordered list of v2 blobs that represent a given image.

v2Name String

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

v1Name string

The layer ID of the final layer in the Docker image's v1 representation.

v2Blob string[]

The ordered list of v2 blobs that represent a given image.

v2Name string

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

v1_name str

The layer ID of the final layer in the Docker image's v1 representation.

v2_blob Sequence[str]

The ordered list of v2 blobs that represent a given image.

v2_name str

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

v1Name String

The layer ID of the final layer in the Docker image's v1 representation.

v2Blob List<String>

The ordered list of v2 blobs that represent a given image.

v2Name String

The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.

HintResponse

HumanReadableName string

The human readable name of this attestation authority, for example "qa".

HumanReadableName string

The human readable name of this attestation authority, for example "qa".

humanReadableName String

The human readable name of this attestation authority, for example "qa".

humanReadableName string

The human readable name of this attestation authority, for example "qa".

human_readable_name str

The human readable name of this attestation authority, for example "qa".

humanReadableName String

The human readable name of this attestation authority, for example "qa".

InTotoResponse

ExpectedCommand List<string>

This field contains the expected command used to perform the step.

ExpectedMaterials List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ArtifactRuleResponse>

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

ExpectedProducts List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ArtifactRuleResponse>
SigningKeys List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.SigningKeyResponse>

This field contains the public keys that can be used to verify the signatures on the step metadata.

StepName string

This field identifies the name of the step in the supply chain.

Threshold string

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

ExpectedCommand []string

This field contains the expected command used to perform the step.

ExpectedMaterials []ArtifactRuleResponse

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

ExpectedProducts []ArtifactRuleResponse
SigningKeys []SigningKeyResponse

This field contains the public keys that can be used to verify the signatures on the step metadata.

StepName string

This field identifies the name of the step in the supply chain.

Threshold string

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

expectedCommand List<String>

This field contains the expected command used to perform the step.

expectedMaterials List<ArtifactRuleResponse>

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

expectedProducts List<ArtifactRuleResponse>
signingKeys List<SigningKeyResponse>

This field contains the public keys that can be used to verify the signatures on the step metadata.

stepName String

This field identifies the name of the step in the supply chain.

threshold String

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

expectedCommand string[]

This field contains the expected command used to perform the step.

expectedMaterials ArtifactRuleResponse[]

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

expectedProducts ArtifactRuleResponse[]
signingKeys SigningKeyResponse[]

This field contains the public keys that can be used to verify the signatures on the step metadata.

stepName string

This field identifies the name of the step in the supply chain.

threshold string

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

expected_command Sequence[str]

This field contains the expected command used to perform the step.

expected_materials Sequence[ArtifactRuleResponse]

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

expected_products Sequence[ArtifactRuleResponse]
signing_keys Sequence[SigningKeyResponse]

This field contains the public keys that can be used to verify the signatures on the step metadata.

step_name str

This field identifies the name of the step in the supply chain.

threshold str

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

expectedCommand List<String>

This field contains the expected command used to perform the step.

expectedMaterials List<Property Map>

The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.

expectedProducts List<Property Map>
signingKeys List<Property Map>

This field contains the public keys that can be used to verify the signatures on the step metadata.

stepName String

This field identifies the name of the step in the supply chain.

threshold String

This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.

KnowledgeBaseResponse

Name string

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

Url string

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

Name string

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

Url string

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

name String

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

url String

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

name string

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

url string

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

name str

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

url str

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

name String

The KB name (generally of the form KB[0-9]+ i.e. KB123456).

url String

A link to the KB in the Windows update catalog - https://www.catalog.update.microsoft.com/

LicenseResponse

Comments string

Comments

Expression string

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

Comments string

Comments

Expression string

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments String

Comments

expression String

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments string

Comments

expression string

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments str

Comments

expression str

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

comments String

Comments

expression String

Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".

PackageInfoNoteResponse

Analyzed bool

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

Attribution string

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

Checksum string

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

Copyright string

Identify the copyright holders of the package, as well as any dates present

DetailedDescription string

A more detailed description of the package

DownloadLocation string

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

ExternalRefs List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ExternalRefResponse>

ExternalRef

FilesLicenseInfo List<string>

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

HomePage string

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

LicenseDeclared Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.LicenseResponse

List the licenses that have been declared by the authors of the package

Originator string

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

PackageType string

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

SummaryDescription string

A short description of the package

Supplier string

Identify the actual distribution source for the package/directory identified in the SPDX file

Title string

Identify the full name of the package as given by the Package Originator

VerificationCode string

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

Version string

Identify the version of the package

Analyzed bool

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

Attribution string

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

Checksum string

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

Copyright string

Identify the copyright holders of the package, as well as any dates present

DetailedDescription string

A more detailed description of the package

DownloadLocation string

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

ExternalRefs []ExternalRefResponse

ExternalRef

FilesLicenseInfo []string

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

HomePage string

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

LicenseDeclared LicenseResponse

List the licenses that have been declared by the authors of the package

Originator string

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

PackageType string

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

SummaryDescription string

A short description of the package

Supplier string

Identify the actual distribution source for the package/directory identified in the SPDX file

Title string

Identify the full name of the package as given by the Package Originator

VerificationCode string

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

Version string

Identify the version of the package

analyzed Boolean

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

attribution String

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

checksum String

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

copyright String

Identify the copyright holders of the package, as well as any dates present

detailedDescription String

A more detailed description of the package

downloadLocation String

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

externalRefs List<ExternalRefResponse>

ExternalRef

filesLicenseInfo List<String>

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

homePage String

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

licenseDeclared LicenseResponse

List the licenses that have been declared by the authors of the package

originator String

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

packageType String

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

summaryDescription String

A short description of the package

supplier String

Identify the actual distribution source for the package/directory identified in the SPDX file

title String

Identify the full name of the package as given by the Package Originator

verificationCode String

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

version String

Identify the version of the package

analyzed boolean

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

attribution string

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

checksum string

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

copyright string

Identify the copyright holders of the package, as well as any dates present

detailedDescription string

A more detailed description of the package

downloadLocation string

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

externalRefs ExternalRefResponse[]

ExternalRef

filesLicenseInfo string[]

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

homePage string

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

licenseDeclared LicenseResponse

List the licenses that have been declared by the authors of the package

originator string

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

packageType string

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

summaryDescription string

A short description of the package

supplier string

Identify the actual distribution source for the package/directory identified in the SPDX file

title string

Identify the full name of the package as given by the Package Originator

verificationCode string

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

version string

Identify the version of the package

analyzed bool

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

attribution str

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

checksum str

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

copyright str

Identify the copyright holders of the package, as well as any dates present

detailed_description str

A more detailed description of the package

download_location str

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

external_refs Sequence[ExternalRefResponse]

ExternalRef

files_license_info Sequence[str]

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

home_page str

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

license_declared LicenseResponse

List the licenses that have been declared by the authors of the package

originator str

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

package_type str

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

summary_description str

A short description of the package

supplier str

Identify the actual distribution source for the package/directory identified in the SPDX file

title str

Identify the full name of the package as given by the Package Originator

verification_code str

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

version str

Identify the version of the package

analyzed Boolean

Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document

attribution String

A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts

checksum String

Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file

copyright String

Identify the copyright holders of the package, as well as any dates present

detailedDescription String

A more detailed description of the package

downloadLocation String

This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created

externalRefs List<Property Map>

ExternalRef

filesLicenseInfo List<String>

Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found

homePage String

Provide a place for the SPDX file creator to record a web site that serves as the package's home page

licenseDeclared Property Map

List the licenses that have been declared by the authors of the package

originator String

If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came

packageType String

The type of package: OS, MAVEN, GO, GO_STDLIB, etc.

summaryDescription String

A short description of the package

supplier String

Identify the actual distribution source for the package/directory identified in the SPDX file

title String

Identify the full name of the package as given by the Package Originator

verificationCode String

This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file

version String

Identify the version of the package

PackageResponse

Architecture string

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

CpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

Description string

The description of this package.

Digest List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DigestResponse>

Hash value, typically a file digest, that allows unique identification a specific package.

Distribution List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DistributionResponse>

The various channels by which a package is distributed.

License Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.LicenseResponse

Licenses that have been declared by the authors of the package.

Maintainer string

A freeform text denoting the maintainer of this package.

Name string

Immutable. The name of the package.

PackageType string

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

Url string

The homepage for this package.

Version Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionResponse

The version of the package.

Architecture string

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

CpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

Description string

The description of this package.

Digest []DigestResponse

Hash value, typically a file digest, that allows unique identification a specific package.

Distribution []DistributionResponse

The various channels by which a package is distributed.

License LicenseResponse

Licenses that have been declared by the authors of the package.

Maintainer string

A freeform text denoting the maintainer of this package.

Name string

Immutable. The name of the package.

PackageType string

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

Url string

The homepage for this package.

Version VersionResponse

The version of the package.

architecture String

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

cpeUri String

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

description String

The description of this package.

digest List<DigestResponse>

Hash value, typically a file digest, that allows unique identification a specific package.

distribution List<DistributionResponse>

The various channels by which a package is distributed.

license LicenseResponse

Licenses that have been declared by the authors of the package.

maintainer String

A freeform text denoting the maintainer of this package.

name String

Immutable. The name of the package.

packageType String

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

url String

The homepage for this package.

version VersionResponse

The version of the package.

architecture string

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

cpeUri string

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

description string

The description of this package.

digest DigestResponse[]

Hash value, typically a file digest, that allows unique identification a specific package.

distribution DistributionResponse[]

The various channels by which a package is distributed.

license LicenseResponse

Licenses that have been declared by the authors of the package.

maintainer string

A freeform text denoting the maintainer of this package.

name string

Immutable. The name of the package.

packageType string

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

url string

The homepage for this package.

version VersionResponse

The version of the package.

architecture str

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

cpe_uri str

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

description str

The description of this package.

digest Sequence[DigestResponse]

Hash value, typically a file digest, that allows unique identification a specific package.

distribution Sequence[DistributionResponse]

The various channels by which a package is distributed.

license LicenseResponse

Licenses that have been declared by the authors of the package.

maintainer str

A freeform text denoting the maintainer of this package.

name str

Immutable. The name of the package.

package_type str

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

url str

The homepage for this package.

version VersionResponse

The version of the package.

architecture String

The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.

cpeUri String

The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.

description String

The description of this package.

digest List<Property Map>

Hash value, typically a file digest, that allows unique identification a specific package.

distribution List<Property Map>

The various channels by which a package is distributed.

license Property Map

Licenses that have been declared by the authors of the package.

maintainer String

A freeform text denoting the maintainer of this package.

name String

Immutable. The name of the package.

packageType String

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

url String

The homepage for this package.

version Property Map

The version of the package.

RelatedUrlResponse

Label string

Label to describe usage of the URL.

Url string

Specific URL associated with the resource.

Label string

Label to describe usage of the URL.

Url string

Specific URL associated with the resource.

label String

Label to describe usage of the URL.

url String

Specific URL associated with the resource.

label string

Label to describe usage of the URL.

url string

Specific URL associated with the resource.

label str

Label to describe usage of the URL.

url str

Specific URL associated with the resource.

label String

Label to describe usage of the URL.

url String

Specific URL associated with the resource.

RelationshipNoteResponse

Type string

The type of relationship between the source and target SPDX elements

Type string

The type of relationship between the source and target SPDX elements

type String

The type of relationship between the source and target SPDX elements

type string

The type of relationship between the source and target SPDX elements

type str

The type of relationship between the source and target SPDX elements

type String

The type of relationship between the source and target SPDX elements

SigningKeyResponse

KeyId string

key_id is an identifier for the signing key.

KeyScheme string

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

KeyType string

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

PublicKeyValue string

This field contains the actual public key.

KeyId string

key_id is an identifier for the signing key.

KeyScheme string

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

KeyType string

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

PublicKeyValue string

This field contains the actual public key.

keyId String

key_id is an identifier for the signing key.

keyScheme String

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

keyType String

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

publicKeyValue String

This field contains the actual public key.

keyId string

key_id is an identifier for the signing key.

keyScheme string

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

keyType string

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

publicKeyValue string

This field contains the actual public key.

key_id str

key_id is an identifier for the signing key.

key_scheme str

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

key_type str

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

public_key_value str

This field contains the actual public key.

keyId String

key_id is an identifier for the signing key.

keyScheme String

This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".

keyType String

This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".

publicKeyValue String

This field contains the actual public key.

VersionResponse

Epoch int

Used to correct mistakes in the version numbering scheme.

Inclusive bool

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

Kind string

Distinguishes between sentinel MIN/MAX versions and normal versions.

Name string

Required only when version kind is NORMAL. The main part of the version name.

Revision string

The iteration of the package build from the above version.

Epoch int

Used to correct mistakes in the version numbering scheme.

Inclusive bool

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

Kind string

Distinguishes between sentinel MIN/MAX versions and normal versions.

Name string

Required only when version kind is NORMAL. The main part of the version name.

Revision string

The iteration of the package build from the above version.

epoch Integer

Used to correct mistakes in the version numbering scheme.

inclusive Boolean

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

kind String

Distinguishes between sentinel MIN/MAX versions and normal versions.

name String

Required only when version kind is NORMAL. The main part of the version name.

revision String

The iteration of the package build from the above version.

epoch number

Used to correct mistakes in the version numbering scheme.

inclusive boolean

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

kind string

Distinguishes between sentinel MIN/MAX versions and normal versions.

name string

Required only when version kind is NORMAL. The main part of the version name.

revision string

The iteration of the package build from the above version.

epoch int

Used to correct mistakes in the version numbering scheme.

inclusive bool

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

kind str

Distinguishes between sentinel MIN/MAX versions and normal versions.

name str

Required only when version kind is NORMAL. The main part of the version name.

revision str

The iteration of the package build from the above version.

epoch Number

Used to correct mistakes in the version numbering scheme.

inclusive Boolean

Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.

kind String

Distinguishes between sentinel MIN/MAX versions and normal versions.

name String

Required only when version kind is NORMAL. The main part of the version name.

revision String

The iteration of the package build from the above version.

VulnerabilityLocationResponse

CpeUri string

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

Package string

The package being described.

Version Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionResponse

The version of the package being described.

CpeUri string

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

Package string

The package being described.

Version VersionResponse

The version of the package being described.

cpeUri String

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

package_ String

The package being described.

version VersionResponse

The version of the package being described.

cpeUri string

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

package string

The package being described.

version VersionResponse

The version of the package being described.

cpe_uri str

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

package str

The package being described.

version VersionResponse

The version of the package being described.

cpeUri String

The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.

package String

The package being described.

version Property Map

The version of the package being described.

VulnerabilityResponse

CvssScore double

The CVSS score for this vulnerability.

CvssV2 Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.CVSSResponse

The full description of the CVSS for version 2.

CvssV3 Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.CVSSv3Response

The full description of the CVSS for version 3.

Cwe List<string>

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

Details List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DetailResponse>

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

Severity string

Note provider assigned impact of the vulnerability.

SourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

WindowsDetails List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.WindowsDetailResponse>

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

CvssScore float64

The CVSS score for this vulnerability.

CvssV2 CVSSResponse

The full description of the CVSS for version 2.

CvssV3 CVSSv3Response

The full description of the CVSS for version 3.

Cwe []string

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

Details []DetailResponse

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

Severity string

Note provider assigned impact of the vulnerability.

SourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

WindowsDetails []WindowsDetailResponse

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

cvssScore Double

The CVSS score for this vulnerability.

cvssV2 CVSSResponse

The full description of the CVSS for version 2.

cvssV3 CVSSv3Response

The full description of the CVSS for version 3.

cwe List<String>

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

details List<DetailResponse>

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

severity String

Note provider assigned impact of the vulnerability.

sourceUpdateTime String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

windowsDetails List<WindowsDetailResponse>

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

cvssScore number

The CVSS score for this vulnerability.

cvssV2 CVSSResponse

The full description of the CVSS for version 2.

cvssV3 CVSSv3Response

The full description of the CVSS for version 3.

cwe string[]

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

details DetailResponse[]

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

severity string

Note provider assigned impact of the vulnerability.

sourceUpdateTime string

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

windowsDetails WindowsDetailResponse[]

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

cvss_score float

The CVSS score for this vulnerability.

cvss_v2 CVSSResponse

The full description of the CVSS for version 2.

cvss_v3 CVSSv3Response

The full description of the CVSS for version 3.

cwe Sequence[str]

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

details Sequence[DetailResponse]

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

severity str

Note provider assigned impact of the vulnerability.

source_update_time str

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

windows_details Sequence[WindowsDetailResponse]

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

cvssScore Number

The CVSS score for this vulnerability.

cvssV2 Property Map

The full description of the CVSS for version 2.

cvssV3 Property Map

The full description of the CVSS for version 3.

cwe List<String>

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

details List<Property Map>

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

severity String

Note provider assigned impact of the vulnerability.

sourceUpdateTime String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

windowsDetails List<Property Map>

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

WindowsDetailResponse

CpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

Description string

The description of the vulnerability.

FixingKbs List<Pulumi.GoogleNative.ContainerAnalysis.V1Beta1.Inputs.KnowledgeBaseResponse>

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

Name string

The name of the vulnerability.

CpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

Description string

The description of the vulnerability.

FixingKbs []KnowledgeBaseResponse

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

Name string

The name of the vulnerability.

cpeUri String

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description String

The description of the vulnerability.

fixingKbs List<KnowledgeBaseResponse>

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

name String

The name of the vulnerability.

cpeUri string

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description string

The description of the vulnerability.

fixingKbs KnowledgeBaseResponse[]

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

name string

The name of the vulnerability.

cpe_uri str

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description str

The description of the vulnerability.

fixing_kbs Sequence[KnowledgeBaseResponse]

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

name str

The name of the vulnerability.

cpeUri String

The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

description String

The description of the vulnerability.

fixingKbs List<Property Map>

The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.

name String

The name of the vulnerability.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0