Docs
Packages
google-native.containeranalysis/v1beta1.Note
Explore with Pulumi AI
Creates a new note. Auto-naming is currently not supported for this resource.
Create Note Resource
new Note(name: string, args: NoteArgs, opts?: CustomResourceOptions);@overload
def Note(resource_name: str,
opts: Optional[ResourceOptions] = None,
attestation_authority: Optional[AuthorityArgs] = None,
base_image: Optional[BasisArgs] = None,
build: Optional[BuildArgs] = None,
deployable: Optional[DeployableArgs] = None,
discovery: Optional[DiscoveryArgs] = None,
expiration_time: Optional[str] = None,
intoto: Optional[InTotoArgs] = None,
long_description: Optional[str] = None,
note_id: Optional[str] = None,
package: Optional[PackageArgs] = None,
project: Optional[str] = None,
related_note_names: Optional[Sequence[str]] = None,
related_url: Optional[Sequence[RelatedUrlArgs]] = None,
sbom: Optional[DocumentNoteArgs] = None,
sbom_reference: Optional[SBOMReferenceNoteArgs] = None,
short_description: Optional[str] = None,
spdx_file: Optional[FileNoteArgs] = None,
spdx_package: Optional[PackageInfoNoteArgs] = None,
spdx_relationship: Optional[RelationshipNoteArgs] = None,
vulnerability: Optional[VulnerabilityArgs] = None,
vulnerability_assessment: Optional[VulnerabilityAssessmentNoteArgs] = None)
@overload
def Note(resource_name: str,
args: NoteArgs,
opts: Optional[ResourceOptions] = None)func NewNote(ctx *Context, name string, args NoteArgs, opts ...ResourceOption) (*Note, error)public Note(string name, NoteArgs args, CustomResourceOptions? opts = null)type: google-native:containeranalysis/v1beta1:Note
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Note Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Note resource accepts the following input properties:
- Note
Id string Required. The ID to use for this note.
-
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Authority Args A note describing an attestation role.
- Base
Image Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Basis Args A note describing a base image.
- Build
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build Args A note describing build provenance for a verifiable build.
- Deployable
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Deployable Args A note describing something that can be deployed.
- Discovery
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Discovery Args A note describing the initial analysis of a resource.
- Expiration
Time string Time of expiration for this note. Empty if note does not expire.
- Intoto
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. In Toto Args A note describing an in-toto link.
- Long
Description string A detailed description of this note.
- Package
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Package Args A note describing a package hosted by various package managers.
- Project string
- List<string>
Other notes related to this note.
-
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url Args> URLs associated with this note.
- Sbom
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Document Note Args A note describing a software bill of materials.
- Sbom
Reference Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. SBOMReference Note Args A note describing an SBOM reference.
- Short
Description string A one sentence description of this note.
- Spdx
File Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. File Note Args A note describing an SPDX File.
- Spdx
Package Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Package Info Note Args A note describing an SPDX Package.
- Spdx
Relationship Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Relationship Note Args A note describing an SPDX File.
- Vulnerability
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Args A note describing a package vulnerability.
- Vulnerability
Assessment Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Assessment Note Args A note describing a vulnerability assessment.
- Note
Id string Required. The ID to use for this note.
-
Authority
Args A note describing an attestation role.
- Base
Image BasisArgs A note describing a base image.
- Build
Build
Args A note describing build provenance for a verifiable build.
- Deployable
Deployable
Args A note describing something that can be deployed.
- Discovery
Discovery
Args A note describing the initial analysis of a resource.
- Expiration
Time string Time of expiration for this note. Empty if note does not expire.
- Intoto
In
Toto Args A note describing an in-toto link.
- Long
Description string A detailed description of this note.
- Package
Package
Args A note describing a package hosted by various package managers.
- Project string
- []string
Other notes related to this note.
-
[]Related
Url Args URLs associated with this note.
- Sbom
Document
Note Args A note describing a software bill of materials.
- Sbom
Reference SBOMReferenceNote Args A note describing an SBOM reference.
- Short
Description string A one sentence description of this note.
- Spdx
File FileNote Args A note describing an SPDX File.
- Spdx
Package PackageInfo Note Args A note describing an SPDX Package.
- Spdx
Relationship RelationshipNote Args A note describing an SPDX File.
- Vulnerability
Vulnerability
Args A note describing a package vulnerability.
- Vulnerability
Assessment VulnerabilityAssessment Note Args A note describing a vulnerability assessment.
- note
Id String Required. The ID to use for this note.
-
Authority
Args A note describing an attestation role.
- base
Image BasisArgs A note describing a base image.
- build
Build
Args A note describing build provenance for a verifiable build.
- deployable
Deployable
Args A note describing something that can be deployed.
- discovery
Discovery
Args A note describing the initial analysis of a resource.
- expiration
Time String Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto Args A note describing an in-toto link.
- long
Description String A detailed description of this note.
- package_
Package
Args A note describing a package hosted by various package managers.
- project String
- List<String>
Other notes related to this note.
-
List<Related
Url Args> URLs associated with this note.
- sbom
Document
Note Args A note describing a software bill of materials.
- sbom
Reference SBOMReferenceNote Args A note describing an SBOM reference.
- short
Description String A one sentence description of this note.
- spdx
File FileNote Args A note describing an SPDX File.
- spdx
Package PackageInfo Note Args A note describing an SPDX Package.
- spdx
Relationship RelationshipNote Args A note describing an SPDX File.
- vulnerability
Vulnerability
Args A note describing a package vulnerability.
- vulnerability
Assessment VulnerabilityAssessment Note Args A note describing a vulnerability assessment.
- note
Id string Required. The ID to use for this note.
-
Authority
Args A note describing an attestation role.
- base
Image BasisArgs A note describing a base image.
- build
Build
Args A note describing build provenance for a verifiable build.
- deployable
Deployable
Args A note describing something that can be deployed.
- discovery
Discovery
Args A note describing the initial analysis of a resource.
- expiration
Time string Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto Args A note describing an in-toto link.
- long
Description string A detailed description of this note.
- package
Package
Args A note describing a package hosted by various package managers.
- project string
- string[]
Other notes related to this note.
-
Related
Url Args[] URLs associated with this note.
- sbom
Document
Note Args A note describing a software bill of materials.
- sbom
Reference SBOMReferenceNote Args A note describing an SBOM reference.
- short
Description string A one sentence description of this note.
- spdx
File FileNote Args A note describing an SPDX File.
- spdx
Package PackageInfo Note Args A note describing an SPDX Package.
- spdx
Relationship RelationshipNote Args A note describing an SPDX File.
- vulnerability
Vulnerability
Args A note describing a package vulnerability.
- vulnerability
Assessment VulnerabilityAssessment Note Args A note describing a vulnerability assessment.
- note_
id str Required. The ID to use for this note.
-
Authority
Args A note describing an attestation role.
- base_
image BasisArgs A note describing a base image.
- build
Build
Args A note describing build provenance for a verifiable build.
- deployable
Deployable
Args A note describing something that can be deployed.
- discovery
Discovery
Args A note describing the initial analysis of a resource.
- expiration_
time str Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto Args A note describing an in-toto link.
- long_
description str A detailed description of this note.
- package
Package
Args A note describing a package hosted by various package managers.
- project str
- Sequence[str]
Other notes related to this note.
-
Sequence[Related
Url Args] URLs associated with this note.
- sbom
Document
Note Args A note describing a software bill of materials.
- sbom_
reference SBOMReferenceNote Args A note describing an SBOM reference.
- short_
description str A one sentence description of this note.
- spdx_
file FileNote Args A note describing an SPDX File.
- spdx_
package PackageInfo Note Args A note describing an SPDX Package.
- spdx_
relationship RelationshipNote Args A note describing an SPDX File.
- vulnerability
Vulnerability
Args A note describing a package vulnerability.
- vulnerability_
assessment VulnerabilityAssessment Note Args A note describing a vulnerability assessment.
- note
Id String Required. The ID to use for this note.
- Property Map
A note describing an attestation role.
- base
Image Property Map A note describing a base image.
- build Property Map
A note describing build provenance for a verifiable build.
- deployable Property Map
A note describing something that can be deployed.
- discovery Property Map
A note describing the initial analysis of a resource.
- expiration
Time String Time of expiration for this note. Empty if note does not expire.
- intoto Property Map
A note describing an in-toto link.
- long
Description String A detailed description of this note.
- package Property Map
A note describing a package hosted by various package managers.
- project String
- List<String>
Other notes related to this note.
- List<Property Map>
URLs associated with this note.
- sbom Property Map
A note describing a software bill of materials.
- sbom
Reference Property Map A note describing an SBOM reference.
- short
Description String A one sentence description of this note.
- spdx
File Property Map A note describing an SPDX File.
- spdx
Package Property Map A note describing an SPDX Package.
- spdx
Relationship Property Map A note describing an SPDX File.
- vulnerability Property Map
A note describing a package vulnerability.
- vulnerability
Assessment Property Map A note describing a vulnerability assessment.
Outputs
All input properties are implicitly available as output properties. Additionally, the Note resource produces the following output properties:
- Create
Time string The time this note was created. This field can be used as a filter in list requests.
- Id string
The provider-assigned unique ID for this managed resource.
- Kind string
The type of analysis. This field can be used as a filter in list requests.
- Name string
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- Update
Time string The time this note was last updated. This field can be used as a filter in list requests.
- Create
Time string The time this note was created. This field can be used as a filter in list requests.
- Id string
The provider-assigned unique ID for this managed resource.
- Kind string
The type of analysis. This field can be used as a filter in list requests.
- Name string
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- Update
Time string The time this note was last updated. This field can be used as a filter in list requests.
- create
Time String The time this note was created. This field can be used as a filter in list requests.
- id String
The provider-assigned unique ID for this managed resource.
- kind String
The type of analysis. This field can be used as a filter in list requests.
- name String
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- update
Time String The time this note was last updated. This field can be used as a filter in list requests.
- create
Time string The time this note was created. This field can be used as a filter in list requests.
- id string
The provider-assigned unique ID for this managed resource.
- kind string
The type of analysis. This field can be used as a filter in list requests.
- name string
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- update
Time string The time this note was last updated. This field can be used as a filter in list requests.
- create_
time str The time this note was created. This field can be used as a filter in list requests.
- id str
The provider-assigned unique ID for this managed resource.
- kind str
The type of analysis. This field can be used as a filter in list requests.
- name str
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- update_
time str The time this note was last updated. This field can be used as a filter in list requests.
- create
Time String The time this note was created. This field can be used as a filter in list requests.
- id String
The provider-assigned unique ID for this managed resource.
- kind String
The type of analysis. This field can be used as a filter in list requests.
- name String
The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID].- update
Time String The time this note was last updated. This field can be used as a filter in list requests.
Supporting Types
ArtifactRule
- Artifact
Rule List<string>
- Artifact
Rule []string
- artifact
Rule List<String>
- artifact
Rule string[]
- artifact_
rule Sequence[str]
- artifact
Rule List<String>
ArtifactRuleResponse
- Artifact
Rule List<string>
- Artifact
Rule []string
- artifact
Rule List<String>
- artifact
Rule string[]
- artifact_
rule Sequence[str]
- artifact
Rule List<String>
Assessment
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts List<string>
Contains information about the impact of this vulnerability, this will change with time.
- Justification
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Justification Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string A detailed description of this Vex.
-
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url> Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Remediation> Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string A one sentence description of this Vex.
- State
Pulumi.
Google Native. Container Analysis. V1Beta1. Assessment State Provides the state of this Vulnerability assessment.
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts []string
Contains information about the impact of this vulnerability, this will change with time.
- Justification Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string A detailed description of this Vex.
-
[]Related
Url Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations []Remediation
Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string A one sentence description of this Vex.
- State
Assessment
State Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String A detailed description of this Vex.
-
List<Related
Url> Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Remediation>
Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String A one sentence description of this Vex.
- state
Assessment
State Provides the state of this Vulnerability assessment.
- cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts string[]
Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description string A detailed description of this Vex.
-
Related
Url[] Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations Remediation[]
Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description string A one sentence description of this Vex.
- state
Assessment
State Provides the state of this Vulnerability assessment.
- cve str
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts Sequence[str]
Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long_
description str A detailed description of this Vex.
-
Sequence[Related
Url] Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations Sequence[Remediation]
Specifies details on how to handle (and presumably, fix) a vulnerability.
- short_
description str A one sentence description of this Vex.
- state
Assessment
State Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification Property Map
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String A detailed description of this Vex.
- List<Property Map>
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Property Map>
Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String A one sentence description of this Vex.
- state "STATE_UNSPECIFIED" | "AFFECTED" | "NOT_AFFECTED" | "FIXED" | "UNDER_INVESTIGATION"
Provides the state of this Vulnerability assessment.
AssessmentResponse
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts List<string>
Contains information about the impact of this vulnerability, this will change with time.
- Justification
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Justification Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string A detailed description of this Vex.
-
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url Response> Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Remediation Response> Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string A one sentence description of this Vex.
- State string
Provides the state of this Vulnerability assessment.
- Cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- Impacts []string
Contains information about the impact of this vulnerability, this will change with time.
- Justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string A detailed description of this Vex.
-
[]Related
Url Response Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
[]Remediation
Response Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string A one sentence description of this Vex.
- State string
Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String A detailed description of this Vex.
-
List<Related
Url Response> Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
List<Remediation
Response> Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String A one sentence description of this Vex.
- state String
Provides the state of this Vulnerability assessment.
- cve string
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts string[]
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description string A detailed description of this Vex.
-
Related
Url Response[] Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Remediation
Response[] Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description string A one sentence description of this Vex.
- state string
Provides the state of this Vulnerability assessment.
- cve str
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts Sequence[str]
Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long_
description str A detailed description of this Vex.
-
Sequence[Related
Url Response] Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Sequence[Remediation
Response] Specifies details on how to handle (and presumably, fix) a vulnerability.
- short_
description str A one sentence description of this Vex.
- state str
Provides the state of this Vulnerability assessment.
- cve String
Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
- impacts List<String>
Contains information about the impact of this vulnerability, this will change with time.
- justification Property Map
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String A detailed description of this Vex.
- List<Property Map>
Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Property Map>
Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String A one sentence description of this Vex.
- state String
Provides the state of this Vulnerability assessment.
AssessmentState
- State
Unspecified - STATE_UNSPECIFIED
No state is specified.
- Affected
- AFFECTED
This product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- Fixed
- FIXED
This product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- Assessment
State State Unspecified - STATE_UNSPECIFIED
No state is specified.
- Assessment
State Affected - AFFECTED
This product is known to be affected by this vulnerability.
- Assessment
State Not Affected - NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- Assessment
State Fixed - FIXED
This product contains a fix for this vulnerability.
- Assessment
State Under Investigation - UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- State
Unspecified - STATE_UNSPECIFIED
No state is specified.
- Affected
- AFFECTED
This product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- Fixed
- FIXED
This product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- State
Unspecified - STATE_UNSPECIFIED
No state is specified.
- Affected
- AFFECTED
This product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- Fixed
- FIXED
This product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- STATE_UNSPECIFIED
- STATE_UNSPECIFIED
No state is specified.
- AFFECTED
- AFFECTED
This product is known to be affected by this vulnerability.
- NOT_AFFECTED
- NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- FIXED
- FIXED
This product contains a fix for this vulnerability.
- UNDER_INVESTIGATION
- UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- "STATE_UNSPECIFIED"
- STATE_UNSPECIFIED
No state is specified.
- "AFFECTED"
- AFFECTED
This product is known to be affected by this vulnerability.
- "NOT_AFFECTED"
- NOT_AFFECTED
This product is known to be not affected by this vulnerability.
- "FIXED"
- FIXED
This product contains a fix for this vulnerability.
- "UNDER_INVESTIGATION"
- UNDER_INVESTIGATION
It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
Authority
- Hint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Hint Hint hints at the purpose of the attestation authority.
- hint Property Map
Hint hints at the purpose of the attestation authority.
AuthorityResponse
- Hint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Hint Response Hint hints at the purpose of the attestation authority.
- Hint
Hint
Response Hint hints at the purpose of the attestation authority.
- hint
Hint
Response Hint hints at the purpose of the attestation authority.
- hint
Hint
Response Hint hints at the purpose of the attestation authority.
- hint
Hint
Response Hint hints at the purpose of the attestation authority.
- hint Property Map
Hint hints at the purpose of the attestation authority.
Basis
- Fingerprint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Fingerprint Immutable. The fingerprint of the base image.
- Resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- Fingerprint Fingerprint
Immutable. The fingerprint of the base image.
- Resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
Immutable. The fingerprint of the base image.
- resource
Url String Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
Immutable. The fingerprint of the base image.
- resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
Immutable. The fingerprint of the base image.
- resource_
url str Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Property Map
Immutable. The fingerprint of the base image.
- resource
Url String Immutable. The resource_url for the resource representing the basis of associated occurrence images.
BasisResponse
- Fingerprint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Fingerprint Response Immutable. The fingerprint of the base image.
- Resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- Fingerprint
Fingerprint
Response Immutable. The fingerprint of the base image.
- Resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response Immutable. The fingerprint of the base image.
- resource
Url String Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response Immutable. The fingerprint of the base image.
- resource
Url string Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response Immutable. The fingerprint of the base image.
- resource_
url str Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Property Map
Immutable. The fingerprint of the base image.
- resource
Url String Immutable. The resource_url for the resource representing the basis of associated occurrence images.
Build
- Builder
Version string Immutable. Version of the builder which produced this build.
- Signature
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build Signature Signature of the build in occurrences pointing to this build note containing build details.
- Builder
Version string Immutable. Version of the builder which produced this build.
- Signature
Build
Signature Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String Immutable. Version of the builder which produced this build.
- signature
Build
Signature Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version string Immutable. Version of the builder which produced this build.
- signature
Build
Signature Signature of the build in occurrences pointing to this build note containing build details.
- builder_
version str Immutable. Version of the builder which produced this build.
- signature
Build
Signature Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String Immutable. Version of the builder which produced this build.
- signature Property Map
Signature of the build in occurrences pointing to this build note containing build details.
BuildResponse
- Builder
Version string Immutable. Version of the builder which produced this build.
- Signature
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build Signature Response Signature of the build in occurrences pointing to this build note containing build details.
- Builder
Version string Immutable. Version of the builder which produced this build.
- Signature
Build
Signature Response Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version string Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response Signature of the build in occurrences pointing to this build note containing build details.
- builder_
version str Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String Immutable. Version of the builder which produced this build.
- signature Property Map
Signature of the build in occurrences pointing to this build note containing build details.
BuildSignature
- Signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- Key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- Key
Type Pulumi.Google Native. Container Analysis. V1Beta1. Build Signature Key Type The type of the key, either stored in
public_keyor referenced inkey_id.- Public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- Signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- Key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- Key
Type BuildSignature Key Type The type of the key, either stored in
public_keyor referenced inkey_id.- Public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- key
Id String An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type BuildSignature Key Type The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key String Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type BuildSignature Key Type The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature str
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- key_
id str An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key_
type BuildSignature Key Type The type of the key, either stored in
public_keyor referenced inkey_id.- public_
key str Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.- key
Id String An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type "KEY_TYPE_UNSPECIFIED" | "PGP_ASCII_ARMORED" | "PKIX_PEM" The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key String Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
BuildSignatureKeyType
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - Pkix
Pem - PKIX_PEM
PKIX PEMpublic key.
- Build
Signature Key Type Key Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - Build
Signature Key Type Pgp Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - Build
Signature Key Type Pkix Pem - PKIX_PEM
PKIX PEMpublic key.
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - Pkix
Pem - PKIX_PEM
PKIX PEMpublic key.
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - Pkix
Pem - PKIX_PEM
PKIX PEMpublic key.
- KEY_TYPE_UNSPECIFIED
- KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - PGP_ASCII_ARMORED
- PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - PKIX_PEM
- PKIX_PEM
PKIX PEMpublic key.
- "KEY_TYPE_UNSPECIFIED"
- KEY_TYPE_UNSPECIFIED
KeyTypeis not set. - "PGP_ASCII_ARMORED"
- PGP_ASCII_ARMORED
PGP ASCII Armoredpublic key. - "PKIX_PEM"
- PKIX_PEM
PKIX PEMpublic key.
BuildSignatureResponse
- Key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- Key
Type string The type of the key, either stored in
public_keyor referenced inkey_id.- Public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- Signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
- Key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- Key
Type string The type of the key, either stored in
public_keyor referenced inkey_id.- Public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- Signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
- key
Id String An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type String The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key String Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- signature String
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
- key
Id string An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type string The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key string Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- signature string
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
- key_
id str An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key_
type str The type of the key, either stored in
public_keyor referenced inkey_id.- public_
key str Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- signature str
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
- key
Id String An ID for the key used to sign. This could be either an ID for the key stored in
public_key(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).- key
Type String The type of the key, either stored in
public_keyor referenced inkey_id.- public
Key String Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_typeis empty, this defaults to PEM encoded public keys. This field may be empty ifkey_idreferences an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetailsare base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin- signature String
Signature of the related
BuildProvenance. In JSON, this is base-64 encoded.
CVSS
- Attack
Complexity Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAttack Complexity Defined in CVSS v3, CVSS v2
- Attack
Vector Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAttack Vector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSAuthentication Defined in CVSS v2
- Availability
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAvailability Impact Defined in CVSS v3, CVSS v2
- Base
Score double The base score is a function of the base metric scores.
- Confidentiality
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSConfidentiality Impact Defined in CVSS v3, CVSS v2
- Exploitability
Score double - Impact
Score double - Integrity
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSIntegrity Impact Defined in CVSS v3, CVSS v2
- Privileges
Required Pulumi.Google Native. Container Analysis. V1Beta1. CVSSPrivileges Required Defined in CVSS v3
- Scope
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSScope Defined in CVSS v3
- User
Interaction Pulumi.Google Native. Container Analysis. V1Beta1. CVSSUser Interaction Defined in CVSS v3
- Attack
Complexity CVSSAttackComplexity Defined in CVSS v3, CVSS v2
- Attack
Vector CVSSAttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication CVSSAuthentication
Defined in CVSS v2
- Availability
Impact CVSSAvailabilityImpact Defined in CVSS v3, CVSS v2
- Base
Score float64 The base score is a function of the base metric scores.
- Confidentiality
Impact CVSSConfidentialityImpact Defined in CVSS v3, CVSS v2
- Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact CVSSIntegrityImpact Defined in CVSS v3, CVSS v2
- Privileges
Required CVSSPrivilegesRequired Defined in CVSS v3
- Scope CVSSScope
Defined in CVSS v3
- User
Interaction CVSSUserInteraction Defined in CVSS v3
- attack
Complexity CVSSAttackComplexity Defined in CVSS v3, CVSS v2
- attack
Vector CVSSAttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
Defined in CVSS v2
- availability
Impact CVSSAvailabilityImpact Defined in CVSS v3, CVSS v2
- base
Score Double The base score is a function of the base metric scores.
- confidentiality
Impact CVSSConfidentialityImpact Defined in CVSS v3, CVSS v2
- exploitability
Score Double - impact
Score Double - integrity
Impact CVSSIntegrityImpact Defined in CVSS v3, CVSS v2
- privileges
Required CVSSPrivilegesRequired Defined in CVSS v3
- scope CVSSScope
Defined in CVSS v3
- user
Interaction CVSSUserInteraction Defined in CVSS v3
- attack
Complexity CVSSAttackComplexity Defined in CVSS v3, CVSS v2
- attack
Vector CVSSAttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
Defined in CVSS v2
- availability
Impact CVSSAvailabilityImpact Defined in CVSS v3, CVSS v2
- base
Score number The base score is a function of the base metric scores.
- confidentiality
Impact CVSSConfidentialityImpact Defined in CVSS v3, CVSS v2
- exploitability
Score number - impact
Score number - integrity
Impact CVSSIntegrityImpact Defined in CVSS v3, CVSS v2
- privileges
Required CVSSPrivilegesRequired Defined in CVSS v3
- scope CVSSScope
Defined in CVSS v3
- user
Interaction CVSSUserInteraction Defined in CVSS v3
- attack_
complexity CVSSAttackComplexity Defined in CVSS v3, CVSS v2
- attack_
vector CVSSAttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
Defined in CVSS v2
- availability_
impact CVSSAvailabilityImpact Defined in CVSS v3, CVSS v2
- base_
score float The base score is a function of the base metric scores.
- confidentiality_
impact CVSSConfidentialityImpact Defined in CVSS v3, CVSS v2
- exploitability_
score float - impact_
score float - integrity_
impact CVSSIntegrityImpact Defined in CVSS v3, CVSS v2
- privileges_
required CVSSPrivilegesRequired Defined in CVSS v3
- scope CVSSScope
Defined in CVSS v3
- user_
interaction CVSSUserInteraction Defined in CVSS v3
- attack
Complexity "ATTACK_COMPLEXITY_UNSPECIFIED" | "ATTACK_COMPLEXITY_LOW" | "ATTACK_COMPLEXITY_HIGH" | "ATTACK_COMPLEXITY_MEDIUM" Defined in CVSS v3, CVSS v2
- attack
Vector "ATTACK_VECTOR_UNSPECIFIED" | "ATTACK_VECTOR_NETWORK" | "ATTACK_VECTOR_ADJACENT" | "ATTACK_VECTOR_LOCAL" | "ATTACK_VECTOR_PHYSICAL" Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication "AUTHENTICATION_UNSPECIFIED" | "AUTHENTICATION_MULTIPLE" | "AUTHENTICATION_SINGLE" | "AUTHENTICATION_NONE"
Defined in CVSS v2
- availability
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" Defined in CVSS v3, CVSS v2
- base
Score Number The base score is a function of the base metric scores.
- confidentiality
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" Defined in CVSS v3, CVSS v2
- exploitability
Score Number - impact
Score Number - integrity
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" Defined in CVSS v3, CVSS v2
- privileges
Required "PRIVILEGES_REQUIRED_UNSPECIFIED" | "PRIVILEGES_REQUIRED_NONE" | "PRIVILEGES_REQUIRED_LOW" | "PRIVILEGES_REQUIRED_HIGH" Defined in CVSS v3
- scope "SCOPE_UNSPECIFIED" | "SCOPE_UNCHANGED" | "SCOPE_CHANGED"
Defined in CVSS v3
- user
Interaction "USER_INTERACTION_UNSPECIFIED" | "USER_INTERACTION_NONE" | "USER_INTERACTION_REQUIRED" Defined in CVSS v3
CVSSAttackComplexity
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
- CVSSAttack
Complexity Attack Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity Low - ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity High - ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity Medium - ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_MEDIUM
- ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
- "ATTACK_COMPLEXITY_UNSPECIFIED"
- ATTACK_COMPLEXITY_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_LOW"
- ATTACK_COMPLEXITY_LOW
Defined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_HIGH"
- ATTACK_COMPLEXITY_HIGH
Defined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_MEDIUM"
- ATTACK_COMPLEXITY_MEDIUM
Defined in CVSS v2
CVSSAttackVector
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
- CVSSAttack
Vector Attack Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Network - ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Adjacent - ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Local - ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Physical - ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
- "ATTACK_VECTOR_UNSPECIFIED"
- ATTACK_VECTOR_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_NETWORK"
- ATTACK_VECTOR_NETWORK
Defined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_ADJACENT"
- ATTACK_VECTOR_ADJACENT
Defined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_LOCAL"
- ATTACK_VECTOR_LOCAL
Defined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_PHYSICAL"
- ATTACK_VECTOR_PHYSICAL
Defined in CVSS v3
CVSSAuthentication
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLE
Defined in CVSS v2
- Authentication
None - AUTHENTICATION_NONE
Defined in CVSS v2
- CVSSAuthentication
Authentication Unspecified - AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- CVSSAuthentication
Authentication Multiple - AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- CVSSAuthentication
Authentication Single - AUTHENTICATION_SINGLE
Defined in CVSS v2
- CVSSAuthentication
Authentication None - AUTHENTICATION_NONE
Defined in CVSS v2
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLE
Defined in CVSS v2
- Authentication
None - AUTHENTICATION_NONE
Defined in CVSS v2
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLE
Defined in CVSS v2
- Authentication
None - AUTHENTICATION_NONE
Defined in CVSS v2
- AUTHENTICATION_UNSPECIFIED
- AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- AUTHENTICATION_MULTIPLE
- AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- AUTHENTICATION_SINGLE
- AUTHENTICATION_SINGLE
Defined in CVSS v2
- AUTHENTICATION_NONE
- AUTHENTICATION_NONE
Defined in CVSS v2
- "AUTHENTICATION_UNSPECIFIED"
- AUTHENTICATION_UNSPECIFIED
Defined in CVSS v2
- "AUTHENTICATION_MULTIPLE"
- AUTHENTICATION_MULTIPLE
Defined in CVSS v2
- "AUTHENTICATION_SINGLE"
- AUTHENTICATION_SINGLE
Defined in CVSS v2
- "AUTHENTICATION_NONE"
- AUTHENTICATION_NONE
Defined in CVSS v2
CVSSAvailabilityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- CVSSAvailability
Impact Impact Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- CVSSAvailability
Impact Impact High - IMPACT_HIGH
Defined in CVSS v3
- CVSSAvailability
Impact Impact Low - IMPACT_LOW
Defined in CVSS v3
- CVSSAvailability
Impact Impact None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- CVSSAvailability
Impact Impact Partial - IMPACT_PARTIAL
Defined in CVSS v2
- CVSSAvailability
Impact Impact Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGH
Defined in CVSS v3
- IMPACT_LOW
- IMPACT_LOW
Defined in CVSS v3
- IMPACT_NONE
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIAL
Defined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETE
Defined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGH
Defined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOW
Defined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIAL
Defined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETE
Defined in CVSS v2
CVSSConfidentialityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- CVSSConfidentiality
Impact Impact Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- CVSSConfidentiality
Impact Impact High - IMPACT_HIGH
Defined in CVSS v3
- CVSSConfidentiality
Impact Impact Low - IMPACT_LOW
Defined in CVSS v3
- CVSSConfidentiality
Impact Impact None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- CVSSConfidentiality
Impact Impact Partial - IMPACT_PARTIAL
Defined in CVSS v2
- CVSSConfidentiality
Impact Impact Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGH
Defined in CVSS v3
- IMPACT_LOW
- IMPACT_LOW
Defined in CVSS v3
- IMPACT_NONE
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIAL
Defined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETE
Defined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGH
Defined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOW
Defined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIAL
Defined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETE
Defined in CVSS v2
CVSSIntegrityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- CVSSIntegrity
Impact Impact Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- CVSSIntegrity
Impact Impact High - IMPACT_HIGH
Defined in CVSS v3
- CVSSIntegrity
Impact Impact Low - IMPACT_LOW
Defined in CVSS v3
- CVSSIntegrity
Impact Impact None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- CVSSIntegrity
Impact Impact Partial - IMPACT_PARTIAL
Defined in CVSS v2
- CVSSIntegrity
Impact Impact Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGH
Defined in CVSS v3
- Impact
Low - IMPACT_LOW
Defined in CVSS v3
- Impact
None - IMPACT_NONE
Defined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIAL
Defined in CVSS v2
- Impact
Complete - IMPACT_COMPLETE
Defined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGH
Defined in CVSS v3
- IMPACT_LOW
- IMPACT_LOW
Defined in CVSS v3
- IMPACT_NONE
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIAL
Defined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETE
Defined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
Defined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGH
Defined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOW
Defined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONE
Defined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIAL
Defined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETE
Defined in CVSS v2
CVSSPrivilegesRequired
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
- CVSSPrivileges
Required Privileges Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- CVSSPrivileges
Required Privileges Required None - PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- CVSSPrivileges
Required Privileges Required Low - PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- CVSSPrivileges
Required Privileges Required High - PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
- "PRIVILEGES_REQUIRED_UNSPECIFIED"
- PRIVILEGES_REQUIRED_UNSPECIFIED
Defined in CVSS v3
- "PRIVILEGES_REQUIRED_NONE"
- PRIVILEGES_REQUIRED_NONE
Defined in CVSS v3
- "PRIVILEGES_REQUIRED_LOW"
- PRIVILEGES_REQUIRED_LOW
Defined in CVSS v3
- "PRIVILEGES_REQUIRED_HIGH"
- PRIVILEGES_REQUIRED_HIGH
Defined in CVSS v3
CVSSResponse
- Attack
Complexity string Defined in CVSS v3, CVSS v2
- Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
Defined in CVSS v2
- Availability
Impact string Defined in CVSS v3, CVSS v2
- Base
Score double The base score is a function of the base metric scores.
- Confidentiality
Impact string Defined in CVSS v3, CVSS v2
- Exploitability
Score double - Impact
Score double - Integrity
Impact string Defined in CVSS v3, CVSS v2
- Privileges
Required string Defined in CVSS v3
- Scope string
Defined in CVSS v3
- User
Interaction string Defined in CVSS v3
- Attack
Complexity string Defined in CVSS v3, CVSS v2
- Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
Defined in CVSS v2
- Availability
Impact string Defined in CVSS v3, CVSS v2
- Base
Score float64 The base score is a function of the base metric scores.
- Confidentiality
Impact string Defined in CVSS v3, CVSS v2
- Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact string Defined in CVSS v3, CVSS v2
- Privileges
Required string Defined in CVSS v3
- Scope string
Defined in CVSS v3
- User
Interaction string Defined in CVSS v3
- attack
Complexity String Defined in CVSS v3, CVSS v2
- attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
Defined in CVSS v2
- availability
Impact String Defined in CVSS v3, CVSS v2
- base
Score Double The base score is a function of the base metric scores.
- confidentiality
Impact String Defined in CVSS v3, CVSS v2
- exploitability
Score Double - impact
Score Double - integrity
Impact String Defined in CVSS v3, CVSS v2
- privileges
Required String Defined in CVSS v3
- scope String
Defined in CVSS v3
- user
Interaction String Defined in CVSS v3
- attack
Complexity string Defined in CVSS v3, CVSS v2
- attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication string
Defined in CVSS v2
- availability
Impact string Defined in CVSS v3, CVSS v2
- base
Score number The base score is a function of the base metric scores.
- confidentiality
Impact string Defined in CVSS v3, CVSS v2
- exploitability
Score number - impact
Score number - integrity
Impact string Defined in CVSS v3, CVSS v2
- privileges
Required string Defined in CVSS v3
- scope string
Defined in CVSS v3
- user
Interaction string Defined in CVSS v3
- attack_
complexity str Defined in CVSS v3, CVSS v2
- attack_
vector str Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication str
Defined in CVSS v2
- availability_
impact str Defined in CVSS v3, CVSS v2
- base_
score float The base score is a function of the base metric scores.
- confidentiality_
impact str Defined in CVSS v3, CVSS v2
- exploitability_
score float - impact_
score float - integrity_
impact str Defined in CVSS v3, CVSS v2
- privileges_
required str Defined in CVSS v3
- scope str
Defined in CVSS v3
- user_
interaction str Defined in CVSS v3
- attack
Complexity String Defined in CVSS v3, CVSS v2
- attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
Defined in CVSS v2
- availability
Impact String Defined in CVSS v3, CVSS v2
- base
Score Number The base score is a function of the base metric scores.
- confidentiality
Impact String Defined in CVSS v3, CVSS v2
- exploitability
Score Number - impact
Score Number - integrity
Impact String Defined in CVSS v3, CVSS v2
- privileges
Required String Defined in CVSS v3
- scope String
Defined in CVSS v3
- user
Interaction String Defined in CVSS v3
CVSSScope
- Scope
Unspecified - SCOPE_UNSPECIFIED
Defined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGED
Defined in CVSS v3
- Scope
Changed - SCOPE_CHANGED
Defined in CVSS v3
- CVSSScope
Scope Unspecified - SCOPE_UNSPECIFIED
Defined in CVSS v3
- CVSSScope
Scope Unchanged - SCOPE_UNCHANGED
Defined in CVSS v3
- CVSSScope
Scope Changed - SCOPE_CHANGED
Defined in CVSS v3
- Scope
Unspecified - SCOPE_UNSPECIFIED
Defined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGED
Defined in CVSS v3
- Scope
Changed - SCOPE_CHANGED
Defined in CVSS v3
- Scope
Unspecified - SCOPE_UNSPECIFIED
Defined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGED
Defined in CVSS v3
- Scope
Changed - SCOPE_CHANGED
Defined in CVSS v3
- SCOPE_UNSPECIFIED
- SCOPE_UNSPECIFIED
Defined in CVSS v3
- SCOPE_UNCHANGED
- SCOPE_UNCHANGED
Defined in CVSS v3
- SCOPE_CHANGED
- SCOPE_CHANGED
Defined in CVSS v3
- "SCOPE_UNSPECIFIED"
- SCOPE_UNSPECIFIED
Defined in CVSS v3
- "SCOPE_UNCHANGED"
- SCOPE_UNCHANGED
Defined in CVSS v3
- "SCOPE_CHANGED"
- SCOPE_CHANGED
Defined in CVSS v3
CVSSUserInteraction
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONE
Defined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIRED
Defined in CVSS v3
- CVSSUser
Interaction User Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- CVSSUser
Interaction User Interaction None - USER_INTERACTION_NONE
Defined in CVSS v3
- CVSSUser
Interaction User Interaction Required - USER_INTERACTION_REQUIRED
Defined in CVSS v3
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONE
Defined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIRED
Defined in CVSS v3
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONE
Defined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIRED
Defined in CVSS v3
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- USER_INTERACTION_NONE
- USER_INTERACTION_NONE
Defined in CVSS v3
- USER_INTERACTION_REQUIRED
- USER_INTERACTION_REQUIRED
Defined in CVSS v3
- "USER_INTERACTION_UNSPECIFIED"
- USER_INTERACTION_UNSPECIFIED
Defined in CVSS v3
- "USER_INTERACTION_NONE"
- USER_INTERACTION_NONE
Defined in CVSS v3
- "USER_INTERACTION_REQUIRED"
- USER_INTERACTION_REQUIRED
Defined in CVSS v3
CVSSv3
- Attack
Complexity Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Attack Complexity - Attack
Vector Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Attack Vector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Availability Impact - Base
Score double The base score is a function of the base metric scores.
- Confidentiality
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Confidentiality Impact - Exploitability
Score double - Impact
Score double - Integrity
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Integrity Impact - Privileges
Required Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Privileges Required - Scope
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSv3Scope - User
Interaction Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3User Interaction
- Attack
Complexity CVSSv3AttackComplexity - Attack
Vector CVSSv3AttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact CVSSv3AvailabilityImpact - Base
Score float64 The base score is a function of the base metric scores.
- Confidentiality
Impact CVSSv3ConfidentialityImpact - Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact CVSSv3IntegrityImpact - Privileges
Required CVSSv3PrivilegesRequired - Scope CVSSv3Scope
- User
Interaction CVSSv3UserInteraction
- attack
Complexity CVSSv3AttackComplexity - attack
Vector CVSSv3AttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact CVSSv3AvailabilityImpact - base
Score Double The base score is a function of the base metric scores.
- confidentiality
Impact CVSSv3ConfidentialityImpact - exploitability
Score Double - impact
Score Double - integrity
Impact CVSSv3IntegrityImpact - privileges
Required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user
Interaction CVSSv3UserInteraction
- attack
Complexity CVSSv3AttackComplexity - attack
Vector CVSSv3AttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact CVSSv3AvailabilityImpact - base
Score number The base score is a function of the base metric scores.
- confidentiality
Impact CVSSv3ConfidentialityImpact - exploitability
Score number - impact
Score number - integrity
Impact CVSSv3IntegrityImpact - privileges
Required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user
Interaction CVSSv3UserInteraction
- attack_
complexity CVSSv3AttackComplexity - attack_
vector CVSSv3AttackVector Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability_
impact CVSSv3AvailabilityImpact - base_
score float The base score is a function of the base metric scores.
- confidentiality_
impact CVSSv3ConfidentialityImpact - exploitability_
score float - impact_
score float - integrity_
impact CVSSv3IntegrityImpact - privileges_
required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user_
interaction CVSSv3UserInteraction
- attack
Complexity "ATTACK_COMPLEXITY_UNSPECIFIED" | "ATTACK_COMPLEXITY_LOW" | "ATTACK_COMPLEXITY_HIGH" - attack
Vector "ATTACK_VECTOR_UNSPECIFIED" | "ATTACK_VECTOR_NETWORK" | "ATTACK_VECTOR_ADJACENT" | "ATTACK_VECTOR_LOCAL" | "ATTACK_VECTOR_PHYSICAL" Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - base
Score Number The base score is a function of the base metric scores.
- confidentiality
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - exploitability
Score Number - impact
Score Number - integrity
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - privileges
Required "PRIVILEGES_REQUIRED_UNSPECIFIED" | "PRIVILEGES_REQUIRED_NONE" | "PRIVILEGES_REQUIRED_LOW" | "PRIVILEGES_REQUIRED_HIGH" - scope "SCOPE_UNSPECIFIED" | "SCOPE_UNCHANGED" | "SCOPE_CHANGED"
- user
Interaction "USER_INTERACTION_UNSPECIFIED" | "USER_INTERACTION_NONE" | "USER_INTERACTION_REQUIRED"
CVSSv3AttackComplexity
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- CVSSv3Attack
Complexity Attack Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- CVSSv3Attack
Complexity Attack Complexity Low - ATTACK_COMPLEXITY_LOW
- CVSSv3Attack
Complexity Attack Complexity High - ATTACK_COMPLEXITY_HIGH
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_HIGH
- "ATTACK_COMPLEXITY_UNSPECIFIED"
- ATTACK_COMPLEXITY_UNSPECIFIED
- "ATTACK_COMPLEXITY_LOW"
- ATTACK_COMPLEXITY_LOW
- "ATTACK_COMPLEXITY_HIGH"
- ATTACK_COMPLEXITY_HIGH
CVSSv3AttackVector
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- CVSSv3Attack
Vector Attack Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- CVSSv3Attack
Vector Attack Vector Network - ATTACK_VECTOR_NETWORK
- CVSSv3Attack
Vector Attack Vector Adjacent - ATTACK_VECTOR_ADJACENT
- CVSSv3Attack
Vector Attack Vector Local - ATTACK_VECTOR_LOCAL
- CVSSv3Attack
Vector Attack Vector Physical - ATTACK_VECTOR_PHYSICAL
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_PHYSICAL
- "ATTACK_VECTOR_UNSPECIFIED"
- ATTACK_VECTOR_UNSPECIFIED
- "ATTACK_VECTOR_NETWORK"
- ATTACK_VECTOR_NETWORK
- "ATTACK_VECTOR_ADJACENT"
- ATTACK_VECTOR_ADJACENT
- "ATTACK_VECTOR_LOCAL"
- ATTACK_VECTOR_LOCAL
- "ATTACK_VECTOR_PHYSICAL"
- ATTACK_VECTOR_PHYSICAL
CVSSv3AvailabilityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Availability
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Availability
Impact Impact High - IMPACT_HIGH
- CVSSv3Availability
Impact Impact Low - IMPACT_LOW
- CVSSv3Availability
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3ConfidentialityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Confidentiality
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Confidentiality
Impact Impact High - IMPACT_HIGH
- CVSSv3Confidentiality
Impact Impact Low - IMPACT_LOW
- CVSSv3Confidentiality
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3IntegrityImpact
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Integrity
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Integrity
Impact Impact High - IMPACT_HIGH
- CVSSv3Integrity
Impact Impact Low - IMPACT_LOW
- CVSSv3Integrity
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3PrivilegesRequired
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- CVSSv3Privileges
Required Privileges Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- CVSSv3Privileges
Required Privileges Required None - PRIVILEGES_REQUIRED_NONE
- CVSSv3Privileges
Required Privileges Required Low - PRIVILEGES_REQUIRED_LOW
- CVSSv3Privileges
Required Privileges Required High - PRIVILEGES_REQUIRED_HIGH
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_HIGH
- "PRIVILEGES_REQUIRED_UNSPECIFIED"
- PRIVILEGES_REQUIRED_UNSPECIFIED
- "PRIVILEGES_REQUIRED_NONE"
- PRIVILEGES_REQUIRED_NONE
- "PRIVILEGES_REQUIRED_LOW"
- PRIVILEGES_REQUIRED_LOW
- "PRIVILEGES_REQUIRED_HIGH"
- PRIVILEGES_REQUIRED_HIGH
CVSSv3Response
- Attack
Complexity string - Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact string - Base
Score double The base score is a function of the base metric scores.
- Confidentiality
Impact string - Exploitability
Score double - Impact
Score double - Integrity
Impact string - Privileges
Required string - Scope string
- User
Interaction string
- Attack
Complexity string - Attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact string - Base
Score float64 The base score is a function of the base metric scores.
- Confidentiality
Impact string - Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact string - Privileges
Required string - Scope string
- User
Interaction string
- attack
Complexity String - attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact String - base
Score Double The base score is a function of the base metric scores.
- confidentiality
Impact String - exploitability
Score Double - impact
Score Double - integrity
Impact String - privileges
Required String - scope String
- user
Interaction String
- attack
Complexity string - attack
Vector string Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact string - base
Score number The base score is a function of the base metric scores.
- confidentiality
Impact string - exploitability
Score number - impact
Score number - integrity
Impact string - privileges
Required string - scope string
- user
Interaction string
- attack_
complexity str - attack_
vector str Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability_
impact str - base_
score float The base score is a function of the base metric scores.
- confidentiality_
impact str - exploitability_
score float - impact_
score float - integrity_
impact str - privileges_
required str - scope str
- user_
interaction str
- attack
Complexity String - attack
Vector String Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact String - base
Score Number The base score is a function of the base metric scores.
- confidentiality
Impact String - exploitability
Score Number - impact
Score Number - integrity
Impact String - privileges
Required String - scope String
- user
Interaction String
CVSSv3Scope
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- CVSSv3Scope
Scope Unspecified - SCOPE_UNSPECIFIED
- CVSSv3Scope
Scope Unchanged - SCOPE_UNCHANGED
- CVSSv3Scope
Scope Changed - SCOPE_CHANGED
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- SCOPE_UNSPECIFIED
- SCOPE_UNSPECIFIED
- SCOPE_UNCHANGED
- SCOPE_UNCHANGED
- SCOPE_CHANGED
- SCOPE_CHANGED
- "SCOPE_UNSPECIFIED"
- SCOPE_UNSPECIFIED
- "SCOPE_UNCHANGED"
- SCOPE_UNCHANGED
- "SCOPE_CHANGED"
- SCOPE_CHANGED
CVSSv3UserInteraction
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- CVSSv3User
Interaction User Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- CVSSv3User
Interaction User Interaction None - USER_INTERACTION_NONE
- CVSSv3User
Interaction User Interaction Required - USER_INTERACTION_REQUIRED
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_NONE
- USER_INTERACTION_NONE
- USER_INTERACTION_REQUIRED
- USER_INTERACTION_REQUIRED
- "USER_INTERACTION_UNSPECIFIED"
- USER_INTERACTION_UNSPECIFIED
- "USER_INTERACTION_NONE"
- USER_INTERACTION_NONE
- "USER_INTERACTION_REQUIRED"
- USER_INTERACTION_REQUIRED
Deployable
- Resource
Uri List<string> Resource URI for the artifact being deployed.
- Resource
Uri []string Resource URI for the artifact being deployed.
- resource
Uri List<String> Resource URI for the artifact being deployed.
- resource
Uri string[] Resource URI for the artifact being deployed.
- resource_
uri Sequence[str] Resource URI for the artifact being deployed.
- resource
Uri List<String> Resource URI for the artifact being deployed.
DeployableResponse
- Resource
Uri List<string> Resource URI for the artifact being deployed.
- Resource
Uri []string Resource URI for the artifact being deployed.
- resource
Uri List<String> Resource URI for the artifact being deployed.
- resource
Uri string[] Resource URI for the artifact being deployed.
- resource_
uri Sequence[str] Resource URI for the artifact being deployed.
- resource
Uri List<String> Resource URI for the artifact being deployed.
Detail
- Cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Package string
The name of the package where the vulnerability was found.
- Description string
A vendor-specific description of this note.
- Fixed
Location Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Location The fix for this specific package version.
- Is
Obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version The max version of the package in which the vulnerability exists.
- Min
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version The min version of the package in which the vulnerability exists.
- Package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- Source string
The source from which the information in this Detail was obtained.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
The name of the vendor of the product.
- Cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Package string
The name of the package where the vulnerability was found.
- Description string
A vendor-specific description of this note.
- Fixed
Location VulnerabilityLocation The fix for this specific package version.
- Is
Obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected VersionVersion The max version of the package in which the vulnerability exists.
- Min
Affected VersionVersion The min version of the package in which the vulnerability exists.
- Package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- Source string
The source from which the information in this Detail was obtained.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
The name of the vendor of the product.
- cpe
Uri String The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package_ String
The name of the package where the vulnerability was found.
- description String
A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation The fix for this specific package version.
- is
Obsolete Boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion The min version of the package in which the vulnerability exists.
- package
Type String The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String The severity (eg: distro assigned severity) for this vulnerability.
- source String
The source from which the information in this Detail was obtained.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
The name of the vendor of the product.
- cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package string
The name of the package where the vulnerability was found.
- description string
A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation The fix for this specific package version.
- is
Obsolete boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion The min version of the package in which the vulnerability exists.
- package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- source string
The source from which the information in this Detail was obtained.
- source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor string
The name of the vendor of the product.
- cpe_
uri str The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package str
The name of the package where the vulnerability was found.
- description str
A vendor-specific description of this note.
- fixed_
location VulnerabilityLocation The fix for this specific package version.
- is_
obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max_
affected_ Versionversion The max version of the package in which the vulnerability exists.
- min_
affected_ Versionversion The min version of the package in which the vulnerability exists.
- package_
type str The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity_
name str The severity (eg: distro assigned severity) for this vulnerability.
- source str
The source from which the information in this Detail was obtained.
- source_
update_ strtime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor str
The name of the vendor of the product.
- cpe
Uri String The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package String
The name of the package where the vulnerability was found.
- description String
A vendor-specific description of this note.
- fixed
Location Property Map The fix for this specific package version.
- is
Obsolete Boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected Property MapVersion The max version of the package in which the vulnerability exists.
- min
Affected Property MapVersion The min version of the package in which the vulnerability exists.
- package
Type String The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String The severity (eg: distro assigned severity) for this vulnerability.
- source String
The source from which the information in this Detail was obtained.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
The name of the vendor of the product.
DetailResponse
- Cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
A vendor-specific description of this note.
- Fixed
Location Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Location Response The fix for this specific package version.
- Is
Obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version Response The max version of the package in which the vulnerability exists.
- Min
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version Response The min version of the package in which the vulnerability exists.
- Package string
The name of the package where the vulnerability was found.
- Package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- Source string
The source from which the information in this Detail was obtained.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
The name of the vendor of the product.
- Cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
A vendor-specific description of this note.
- Fixed
Location VulnerabilityLocation Response The fix for this specific package version.
- Is
Obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected VersionVersion Response The max version of the package in which the vulnerability exists.
- Min
Affected VersionVersion Response The min version of the package in which the vulnerability exists.
- Package string
The name of the package where the vulnerability was found.
- Package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- Source string
The source from which the information in this Detail was obtained.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
The name of the vendor of the product.
- cpe
Uri String The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation Response The fix for this specific package version.
- is
Obsolete Boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion Response The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion Response The min version of the package in which the vulnerability exists.
- package
Type String The type of package; whether native or non native(ruby gems, node.js packages etc).
- package_ String
The name of the package where the vulnerability was found.
- severity
Name String The severity (eg: distro assigned severity) for this vulnerability.
- source String
The source from which the information in this Detail was obtained.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
The name of the vendor of the product.
- cpe
Uri string The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description string
A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation Response The fix for this specific package version.
- is
Obsolete boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion Response The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion Response The min version of the package in which the vulnerability exists.
- package string
The name of the package where the vulnerability was found.
- package
Type string The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name string The severity (eg: distro assigned severity) for this vulnerability.
- source string
The source from which the information in this Detail was obtained.
- source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor string
The name of the vendor of the product.
- cpe_
uri str The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description str
A vendor-specific description of this note.
- fixed_
location VulnerabilityLocation Response The fix for this specific package version.
- is_
obsolete bool Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max_
affected_ Versionversion Response The max version of the package in which the vulnerability exists.
- min_
affected_ Versionversion Response The min version of the package in which the vulnerability exists.
- package str
The name of the package where the vulnerability was found.
- package_
type str The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity_
name str The severity (eg: distro assigned severity) for this vulnerability.
- source str
The source from which the information in this Detail was obtained.
- source_
update_ strtime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor str
The name of the vendor of the product.
- cpe
Uri String The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
A vendor-specific description of this note.
- fixed
Location Property Map The fix for this specific package version.
- is
Obsolete Boolean Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected Property MapVersion The max version of the package in which the vulnerability exists.
- min
Affected Property MapVersion The min version of the package in which the vulnerability exists.
- package String
The name of the package where the vulnerability was found.
- package
Type String The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String The severity (eg: distro assigned severity) for this vulnerability.
- source String
The source from which the information in this Detail was obtained.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
The name of the vendor of the product.
Digest
- Algo string
SHA1,SHA512etc.- Digest
Bytes string Value of the digest.
- Algo string
SHA1,SHA512etc.- Digest
Bytes string Value of the digest.
- algo String
SHA1,SHA512etc.- digest
Bytes String Value of the digest.
- algo string
SHA1,SHA512etc.- digest
Bytes string Value of the digest.
- algo str
SHA1,SHA512etc.- digest_
bytes str Value of the digest.
- algo String
SHA1,SHA512etc.- digest
Bytes String Value of the digest.
DigestResponse
- Algo string
SHA1,SHA512etc.- Digest
Bytes string Value of the digest.
- Algo string
SHA1,SHA512etc.- Digest
Bytes string Value of the digest.
- algo String
SHA1,SHA512etc.- digest
Bytes String Value of the digest.
- algo string
SHA1,SHA512etc.- digest
Bytes string Value of the digest.
- algo str
SHA1,SHA512etc.- digest_
bytes str Value of the digest.
- algo String
SHA1,SHA512etc.- digest
Bytes String Value of the digest.
Discovery
- Analysis
Kind Pulumi.Google Native. Container Analysis. V1Beta1. Discovery Analysis Kind Immutable. The kind of analysis that is handled by this discovery.
- Analysis
Kind DiscoveryAnalysis Kind Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind DiscoveryAnalysis Kind Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind DiscoveryAnalysis Kind Immutable. The kind of analysis that is handled by this discovery.
- analysis_
kind DiscoveryAnalysis Kind Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind "NOTE_KIND_UNSPECIFIED" | "VULNERABILITY" | "BUILD" | "IMAGE" | "PACKAGE" | "DEPLOYMENT" | "DISCOVERY" | "ATTESTATION" | "INTOTO" | "SBOM" | "SPDX_PACKAGE" | "SPDX_FILE" | "SPDX_RELATIONSHIP" | "VULNERABILITY_ASSESSMENT" | "SBOM_REFERENCE" Immutable. The kind of analysis that is handled by this discovery.
DiscoveryAnalysisKind
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- Vulnerability
- VULNERABILITY
The note and occurrence represent a package vulnerability.
- Build
- BUILD
The note and occurrence assert build provenance.
- Image
- IMAGE
This represents an image basis relationship.
- Package
- PACKAGE
This represents a package installed via a package manager.
- Deployment
- DEPLOYMENT
The note and occurrence track deployment events.
- Discovery
- DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATION
This represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTO
This represents an in-toto link.
- Sbom
- SBOM
This represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGE
This represents an SPDX Package.
- Spdx
File - SPDX_FILE
This represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCE
This represents an SBOM Reference.
- Discovery
Analysis Kind Note Kind Unspecified - NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- Discovery
Analysis Kind Vulnerability - VULNERABILITY
The note and occurrence represent a package vulnerability.
- Discovery
Analysis Kind Build - BUILD
The note and occurrence assert build provenance.
- Discovery
Analysis Kind Image - IMAGE
This represents an image basis relationship.
- Discovery
Analysis Kind Package - PACKAGE
This represents a package installed via a package manager.
- Discovery
Analysis Kind Deployment - DEPLOYMENT
The note and occurrence track deployment events.
- Discovery
Analysis Kind Discovery - DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- Discovery
Analysis Kind Attestation - ATTESTATION
This represents a logical "role" that can attest to artifacts.
- Discovery
Analysis Kind Intoto - INTOTO
This represents an in-toto link.
- Discovery
Analysis Kind Sbom - SBOM
This represents a software bill of materials.
- Discovery
Analysis Kind Spdx Package - SPDX_PACKAGE
This represents an SPDX Package.
- Discovery
Analysis Kind Spdx File - SPDX_FILE
This represents an SPDX File.
- Discovery
Analysis Kind Spdx Relationship - SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- Discovery
Analysis Kind Vulnerability Assessment - VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- Discovery
Analysis Kind Sbom Reference - SBOM_REFERENCE
This represents an SBOM Reference.
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- Vulnerability
- VULNERABILITY
The note and occurrence represent a package vulnerability.
- Build
- BUILD
The note and occurrence assert build provenance.
- Image
- IMAGE
This represents an image basis relationship.
- Package
- PACKAGE
This represents a package installed via a package manager.
- Deployment
- DEPLOYMENT
The note and occurrence track deployment events.
- Discovery
- DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATION
This represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTO
This represents an in-toto link.
- Sbom
- SBOM
This represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGE
This represents an SPDX Package.
- Spdx
File - SPDX_FILE
This represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCE
This represents an SBOM Reference.
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- Vulnerability
- VULNERABILITY
The note and occurrence represent a package vulnerability.
- Build
- BUILD
The note and occurrence assert build provenance.
- Image
- IMAGE
This represents an image basis relationship.
- Package
- PACKAGE
This represents a package installed via a package manager.
- Deployment
- DEPLOYMENT
The note and occurrence track deployment events.
- Discovery
- DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATION
This represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTO
This represents an in-toto link.
- Sbom
- SBOM
This represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGE
This represents an SPDX Package.
- Spdx
File - SPDX_FILE
This represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCE
This represents an SBOM Reference.
- NOTE_KIND_UNSPECIFIED
- NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- VULNERABILITY
- VULNERABILITY
The note and occurrence represent a package vulnerability.
- BUILD
- BUILD
The note and occurrence assert build provenance.
- IMAGE
- IMAGE
This represents an image basis relationship.
- PACKAGE
- PACKAGE
This represents a package installed via a package manager.
- DEPLOYMENT
- DEPLOYMENT
The note and occurrence track deployment events.
- DISCOVERY
- DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- ATTESTATION
- ATTESTATION
This represents a logical "role" that can attest to artifacts.
- INTOTO
- INTOTO
This represents an in-toto link.
- SBOM
- SBOM
This represents a software bill of materials.
- SPDX_PACKAGE
- SPDX_PACKAGE
This represents an SPDX Package.
- SPDX_FILE
- SPDX_FILE
This represents an SPDX File.
- SPDX_RELATIONSHIP
- SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- VULNERABILITY_ASSESSMENT
- VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- SBOM_REFERENCE
- SBOM_REFERENCE
This represents an SBOM Reference.
- "NOTE_KIND_UNSPECIFIED"
- NOTE_KIND_UNSPECIFIED
Default value. This value is unused.
- "VULNERABILITY"
- VULNERABILITY
The note and occurrence represent a package vulnerability.
- "BUILD"
- BUILD
The note and occurrence assert build provenance.
- "IMAGE"
- IMAGE
This represents an image basis relationship.
- "PACKAGE"
- PACKAGE
This represents a package installed via a package manager.
- "DEPLOYMENT"
- DEPLOYMENT
The note and occurrence track deployment events.
- "DISCOVERY"
- DISCOVERY
The note and occurrence track the initial discovery status of a resource.
- "ATTESTATION"
- ATTESTATION
This represents a logical "role" that can attest to artifacts.
- "INTOTO"
- INTOTO
This represents an in-toto link.
- "SBOM"
- SBOM
This represents a software bill of materials.
- "SPDX_PACKAGE"
- SPDX_PACKAGE
This represents an SPDX Package.
- "SPDX_FILE"
- SPDX_FILE
This represents an SPDX File.
- "SPDX_RELATIONSHIP"
- SPDX_RELATIONSHIP
This represents an SPDX Relationship.
- "VULNERABILITY_ASSESSMENT"
- VULNERABILITY_ASSESSMENT
This represents a Vulnerability Assessment.
- "SBOM_REFERENCE"
- SBOM_REFERENCE
This represents an SBOM Reference.
DiscoveryResponse
- Analysis
Kind string Immutable. The kind of analysis that is handled by this discovery.
- Analysis
Kind string Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind String Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind string Immutable. The kind of analysis that is handled by this discovery.
- analysis_
kind str Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind String Immutable. The kind of analysis that is handled by this discovery.
Distribution
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- Architecture
Pulumi.
Google Native. Container Analysis. V1Beta1. Distribution Architecture The CPU architecture for which packages in this distribution channel were built.
- Description string
The distribution channel-specific description of this package.
- Latest
Version Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Version The latest available version of this package in this distribution channel.
- Maintainer string
A freeform string denoting the maintainer of this package.
- Url string
The distribution channel-specific homepage for this package.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- Architecture
Distribution
Architecture The CPU architecture for which packages in this distribution channel were built.
- Description string
The distribution channel-specific description of this package.
- Latest
Version Version The latest available version of this package in this distribution channel.
- Maintainer string
A freeform string denoting the maintainer of this package.
- Url string
The distribution channel-specific homepage for this package.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture The CPU architecture for which packages in this distribution channel were built.
- description String
The distribution channel-specific description of this package.
- latest
Version Version The latest available version of this package in this distribution channel.
- maintainer String
A freeform string denoting the maintainer of this package.
- url String
The distribution channel-specific homepage for this package.
- cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture The CPU architecture for which packages in this distribution channel were built.
- description string
The distribution channel-specific description of this package.
- latest
Version Version The latest available version of this package in this distribution channel.
- maintainer string
A freeform string denoting the maintainer of this package.
- url string
The distribution channel-specific homepage for this package.
- cpe_
uri str The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture The CPU architecture for which packages in this distribution channel were built.
- description str
The distribution channel-specific description of this package.
- latest_
version Version The latest available version of this package in this distribution channel.
- maintainer str
A freeform string denoting the maintainer of this package.
- url str
The distribution channel-specific homepage for this package.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture "ARCHITECTURE_UNSPECIFIED" | "X86" | "X64"
The CPU architecture for which packages in this distribution channel were built.
- description String
The distribution channel-specific description of this package.
- latest
Version Property Map The latest available version of this package in this distribution channel.
- maintainer String
A freeform string denoting the maintainer of this package.
- url String
The distribution channel-specific homepage for this package.
DistributionArchitecture
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- Distribution
Architecture Architecture Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- Distribution
Architecture X86 - X86
X86 architecture.
- Distribution
Architecture X64 - X64
X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- ARCHITECTURE_UNSPECIFIED
- ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- "ARCHITECTURE_UNSPECIFIED"
- ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- "X86"
- X86
X86 architecture.
- "X64"
- X64
X64 architecture.
DistributionResponse
- Architecture string
The CPU architecture for which packages in this distribution channel were built.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- Description string
The distribution channel-specific description of this package.
- Latest
Version Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Version Response The latest available version of this package in this distribution channel.
- Maintainer string
A freeform string denoting the maintainer of this package.
- Url string
The distribution channel-specific homepage for this package.
- Architecture string
The CPU architecture for which packages in this distribution channel were built.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- Description string
The distribution channel-specific description of this package.
- Latest
Version VersionResponse The latest available version of this package in this distribution channel.
- Maintainer string
A freeform string denoting the maintainer of this package.
- Url string
The distribution channel-specific homepage for this package.
- architecture String
The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package.
- description String
The distribution channel-specific description of this package.
- latest
Version VersionResponse The latest available version of this package in this distribution channel.
- maintainer String
A freeform string denoting the maintainer of this package.
- url String
The distribution channel-specific homepage for this package.
- architecture string
The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package.
- description string
The distribution channel-specific description of this package.
- latest
Version VersionResponse The latest available version of this package in this distribution channel.
- maintainer string
A freeform string denoting the maintainer of this package.
- url string
The distribution channel-specific homepage for this package.
- architecture str
The CPU architecture for which packages in this distribution channel were built.
- cpe_
uri str The cpe_uri in CPE format denoting the package manager version distributing a package.
- description str
The distribution channel-specific description of this package.
- latest_
version VersionResponse The latest available version of this package in this distribution channel.
- maintainer str
A freeform string denoting the maintainer of this package.
- url str
The distribution channel-specific homepage for this package.
- architecture String
The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package.
- description String
The distribution channel-specific description of this package.
- latest
Version Property Map The latest available version of this package in this distribution channel.
- maintainer String
A freeform string denoting the maintainer of this package.
- url String
The distribution channel-specific homepage for this package.
DocumentNote
- Data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- Data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data_
licence str Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx_
version str Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String Provide a reference number that can be used to understand how to parse and interpret the rest of the file
DocumentNoteResponse
- Data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- Data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence string Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version string Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data_
licence str Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx_
version str Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String Provide a reference number that can be used to understand how to parse and interpret the rest of the file
ExternalRef
- Category
Pulumi.
Google Native. Container Analysis. V1Beta1. External Ref Category An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
Human-readable information about the purpose and target of the reference
- Locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- Category
External
Ref Category An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
Human-readable information about the purpose and target of the reference
- Locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
Human-readable information about the purpose and target of the reference
- locator String
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment string
Human-readable information about the purpose and target of the reference
- locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment str
Human-readable information about the purpose and target of the reference
- locator str
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type str
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category "CATEGORY_UNSPECIFIED" | "SECURITY" | "PACKAGE_MANAGER" | "PERSISTENT_ID" | "OTHER"
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
Human-readable information about the purpose and target of the reference
- locator String
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
ExternalRefCategory
- Category
Unspecified - CATEGORY_UNSPECIFIED
Unspecified
- Security
- SECURITY
Security (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_ID
Persistent-Id (e.g. swh)
- Other
- OTHER
Other
- External
Ref Category Category Unspecified - CATEGORY_UNSPECIFIED
Unspecified
- External
Ref Category Security - SECURITY
Security (e.g. cpe22Type, cpe23Type)
- External
Ref Category Package Manager - PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- External
Ref Category Persistent Id - PERSISTENT_ID
Persistent-Id (e.g. swh)
- External
Ref Category Other - OTHER
Other
- Category
Unspecified - CATEGORY_UNSPECIFIED
Unspecified
- Security
- SECURITY
Security (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_ID
Persistent-Id (e.g. swh)
- Other
- OTHER
Other
- Category
Unspecified - CATEGORY_UNSPECIFIED
Unspecified
- Security
- SECURITY
Security (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_ID
Persistent-Id (e.g. swh)
- Other
- OTHER
Other
- CATEGORY_UNSPECIFIED
- CATEGORY_UNSPECIFIED
Unspecified
- SECURITY
- SECURITY
Security (e.g. cpe22Type, cpe23Type)
- PACKAGE_MANAGER
- PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- PERSISTENT_ID
- PERSISTENT_ID
Persistent-Id (e.g. swh)
- OTHER
- OTHER
Other
- "CATEGORY_UNSPECIFIED"
- CATEGORY_UNSPECIFIED
Unspecified
- "SECURITY"
- SECURITY
Security (e.g. cpe22Type, cpe23Type)
- "PACKAGE_MANAGER"
- PACKAGE_MANAGER
Package Manager (e.g. maven-central, npm, nuget, bower, purl)
- "PERSISTENT_ID"
- PERSISTENT_ID
Persistent-Id (e.g. swh)
- "OTHER"
- OTHER
Other
ExternalRefResponse
- Category string
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
Human-readable information about the purpose and target of the reference
- Locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- Category string
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
Human-readable information about the purpose and target of the reference
- Locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category String
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
Human-readable information about the purpose and target of the reference
- locator String
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category string
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment string
Human-readable information about the purpose and target of the reference
- locator string
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type string
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category str
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment str
Human-readable information about the purpose and target of the reference
- locator str
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type str
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category String
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
Human-readable information about the purpose and target of the reference
- locator String
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
FileNote
- Checksum List<string>
Provide a unique identifier to match analysis information on each specific file in a package
- File
Type Pulumi.Google Native. Container Analysis. V1Beta1. File Note File Type This field provides information about the type of file identified
- Title string
Identify the full path and filename that corresponds to the file information in this section
- Checksum []string
Provide a unique identifier to match analysis information on each specific file in a package
- File
Type FileNote File Type This field provides information about the type of file identified
- Title string
Identify the full path and filename that corresponds to the file information in this section
- checksum List<String>
Provide a unique identifier to match analysis information on each specific file in a package
- file
Type FileNote File Type This field provides information about the type of file identified
- title String
Identify the full path and filename that corresponds to the file information in this section
- checksum string[]
Provide a unique identifier to match analysis information on each specific file in a package
- file
Type FileNote File Type This field provides information about the type of file identified
- title string
Identify the full path and filename that corresponds to the file information in this section
- checksum Sequence[str]
Provide a unique identifier to match analysis information on each specific file in a package
- file_
type FileNote File Type This field provides information about the type of file identified
- title str
Identify the full path and filename that corresponds to the file information in this section
- checksum List<String>
Provide a unique identifier to match analysis information on each specific file in a package
- file
Type "FILE_TYPE_UNSPECIFIED" | "SOURCE" | "BINARY" | "ARCHIVE" | "APPLICATION" | "AUDIO" | "IMAGE" | "TEXT" | "VIDEO" | "DOCUMENTATION" | "SPDX" | "OTHER" This field provides information about the type of file identified
- title String
Identify the full path and filename that corresponds to the file information in this section
FileNoteFileType
- File
Type Unspecified - FILE_TYPE_UNSPECIFIED
Unspecified
- Source
- SOURCE
The file is human readable source code (.c, .html, etc.)
- Binary
- BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXT
The file is human readable text file (MIME type of text/*)
- Video
- VIDEO
The file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATION
The file serves as documentation
- Spdx
- SPDX
The file is an SPDX document
- Other
- OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Note File Type File Type Unspecified - FILE_TYPE_UNSPECIFIED
Unspecified
- File
Note File Type Source - SOURCE
The file is human readable source code (.c, .html, etc.)
- File
Note File Type Binary - BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- File
Note File Type Archive - ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- File
Note File Type Application - APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- File
Note File Type Audio - AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- File
Note File Type Image - IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- File
Note File Type Text - TEXT
The file is human readable text file (MIME type of text/*)
- File
Note File Type Video - VIDEO
The file is associated with a video file type (MIME type of video/*)
- File
Note File Type Documentation - DOCUMENTATION
The file serves as documentation
- File
Note File Type Spdx - SPDX
The file is an SPDX document
- File
Note File Type Other - OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Type Unspecified - FILE_TYPE_UNSPECIFIED
Unspecified
- Source
- SOURCE
The file is human readable source code (.c, .html, etc.)
- Binary
- BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXT
The file is human readable text file (MIME type of text/*)
- Video
- VIDEO
The file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATION
The file serves as documentation
- Spdx
- SPDX
The file is an SPDX document
- Other
- OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Type Unspecified - FILE_TYPE_UNSPECIFIED
Unspecified
- Source
- SOURCE
The file is human readable source code (.c, .html, etc.)
- Binary
- BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXT
The file is human readable text file (MIME type of text/*)
- Video
- VIDEO
The file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATION
The file serves as documentation
- Spdx
- SPDX
The file is an SPDX document
- Other
- OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
- FILE_TYPE_UNSPECIFIED
- FILE_TYPE_UNSPECIFIED
Unspecified
- SOURCE
- SOURCE
The file is human readable source code (.c, .html, etc.)
- BINARY
- BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- ARCHIVE
- ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- APPLICATION
- APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- AUDIO
- AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- IMAGE
- IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- TEXT
- TEXT
The file is human readable text file (MIME type of text/*)
- VIDEO
- VIDEO
The file is associated with a video file type (MIME type of video/*)
- DOCUMENTATION
- DOCUMENTATION
The file serves as documentation
- SPDX
- SPDX
The file is an SPDX document
- OTHER
- OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
- "FILE_TYPE_UNSPECIFIED"
- FILE_TYPE_UNSPECIFIED
Unspecified
- "SOURCE"
- SOURCE
The file is human readable source code (.c, .html, etc.)
- "BINARY"
- BINARY
The file is a compiled object, target image or binary executable (.o, .a, etc.)
- "ARCHIVE"
- ARCHIVE
The file represents an archive (.tar, .jar, etc.)
- "APPLICATION"
- APPLICATION
The file is associated with a specific application type (MIME type of application/*)
- "AUDIO"
- AUDIO
The file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- "IMAGE"
- IMAGE
The file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- "TEXT"
- TEXT
The file is human readable text file (MIME type of text/*)
- "VIDEO"
- VIDEO
The file is associated with a video file type (MIME type of video/*)
- "DOCUMENTATION"
- DOCUMENTATION
The file serves as documentation
- "SPDX"
- SPDX
The file is an SPDX document
- "OTHER"
- OTHER
The file doesn't fit into the above categories (generated artifacts, data files, etc.)
FileNoteResponse
Fingerprint
FingerprintResponse
- V1Name string
The layer ID of the final layer in the Docker image's v1 representation.
- V2Blob List<string>
The ordered list of v2 blobs that represent a given image.
- V2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- V1Name string
The layer ID of the final layer in the Docker image's v1 representation.
- V2Blob []string
The ordered list of v2 blobs that represent a given image.
- V2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name String
The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob List<String>
The ordered list of v2 blobs that represent a given image.
- v2Name String
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name string
The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob string[]
The ordered list of v2 blobs that represent a given image.
- v2Name string
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1_
name str The layer ID of the final layer in the Docker image's v1 representation.
- v2_
blob Sequence[str] The ordered list of v2 blobs that represent a given image.
- v2_
name str The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name String
The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob List<String>
The ordered list of v2 blobs that represent a given image.
- v2Name String
The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
Hint
- Human
Readable stringName The human readable name of this attestation authority, for example "qa".
- Human
Readable stringName The human readable name of this attestation authority, for example "qa".
- human
Readable StringName The human readable name of this attestation authority, for example "qa".
- human
Readable stringName The human readable name of this attestation authority, for example "qa".
- human_
readable_ strname The human readable name of this attestation authority, for example "qa".
- human
Readable StringName The human readable name of this attestation authority, for example "qa".
HintResponse
- Human
Readable stringName The human readable name of this attestation authority, for example "qa".
- Human
Readable stringName The human readable name of this attestation authority, for example "qa".
- human
Readable StringName The human readable name of this attestation authority, for example "qa".
- human
Readable stringName The human readable name of this attestation authority, for example "qa".
- human_
readable_ strname The human readable name of this attestation authority, for example "qa".
- human
Readable StringName The human readable name of this attestation authority, for example "qa".
InToto
- Expected
Command List<string> This field contains the expected command used to perform the step.
- Expected
Materials List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule> - Signing
Keys List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Signing Key> This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string This field identifies the name of the step in the supply chain.
- Threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- Expected
Command []string This field contains the expected command used to perform the step.
- Expected
Materials []ArtifactRule The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products []ArtifactRule - Signing
Keys []SigningKey This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string This field identifies the name of the step in the supply chain.
- Threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> This field contains the expected command used to perform the step.
- expected
Materials List<ArtifactRule> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<ArtifactRule> - signing
Keys List<SigningKey> This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String This field identifies the name of the step in the supply chain.
- threshold String
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command string[] This field contains the expected command used to perform the step.
- expected
Materials ArtifactRule[] The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products ArtifactRule[] - signing
Keys SigningKey[] This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name string This field identifies the name of the step in the supply chain.
- threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected_
command Sequence[str] This field contains the expected command used to perform the step.
- expected_
materials Sequence[ArtifactRule] The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected_
products Sequence[ArtifactRule] - signing_
keys Sequence[SigningKey] This field contains the public keys that can be used to verify the signatures on the step metadata.
- step_
name str This field identifies the name of the step in the supply chain.
- threshold str
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> This field contains the expected command used to perform the step.
- expected
Materials List<Property Map> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<Property Map> - signing
Keys List<Property Map> This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String This field identifies the name of the step in the supply chain.
- threshold String
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
InTotoResponse
- Expected
Command List<string> This field contains the expected command used to perform the step.
- Expected
Materials List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule Response> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule Response> - Signing
Keys List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Signing Key Response> This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string This field identifies the name of the step in the supply chain.
- Threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- Expected
Command []string This field contains the expected command used to perform the step.
- Expected
Materials []ArtifactRule Response The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products []ArtifactRule Response - Signing
Keys []SigningKey Response This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string This field identifies the name of the step in the supply chain.
- Threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> This field contains the expected command used to perform the step.
- expected
Materials List<ArtifactRule Response> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<ArtifactRule Response> - signing
Keys List<SigningKey Response> This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String This field identifies the name of the step in the supply chain.
- threshold String
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command string[] This field contains the expected command used to perform the step.
- expected
Materials ArtifactRule Response[] The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products ArtifactRule Response[] - signing
Keys SigningKey Response[] This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name string This field identifies the name of the step in the supply chain.
- threshold string
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected_
command Sequence[str] This field contains the expected command used to perform the step.
- expected_
materials Sequence[ArtifactRule Response] The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected_
products Sequence[ArtifactRule Response] - signing_
keys Sequence[SigningKey Response] This field contains the public keys that can be used to verify the signatures on the step metadata.
- step_
name str This field identifies the name of the step in the supply chain.
- threshold str
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> This field contains the expected command used to perform the step.
- expected
Materials List<Property Map> The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<Property Map> - signing
Keys List<Property Map> This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String This field identifies the name of the step in the supply chain.
- threshold String
This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
Justification
- Details string
Additional details on why this justification was chosen.
- Justification
Type Pulumi.Google Native. Container Analysis. V1Beta1. Justification Justification Type The justification type for this vulnerability.
- Details string
Additional details on why this justification was chosen.
- Justification
Type JustificationJustification Type The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type JustificationJustification Type The justification type for this vulnerability.
- details string
Additional details on why this justification was chosen.
- justification
Type JustificationJustification Type The justification type for this vulnerability.
- details str
Additional details on why this justification was chosen.
- justification_
type JustificationJustification Type The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type "JUSTIFICATION_TYPE_UNSPECIFIED" | "COMPONENT_NOT_PRESENT" | "VULNERABLE_CODE_NOT_PRESENT" | "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH" | "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY" | "INLINE_MITIGATIONS_ALREADY_EXIST" The justification type for this vulnerability.
JustificationJustificationType
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Justification Type Justification Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- Justification
Justification Type Component Not Present - COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- Justification
Justification Type Vulnerable Code Not Present - VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Justification
Justification Type Vulnerable Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Justification
Justification Type Vulnerable Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Justification
Justification Type Inline Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- JUSTIFICATION_TYPE_UNSPECIFIED
- JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- COMPONENT_NOT_PRESENT
- COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- VULNERABLE_CODE_NOT_PRESENT
- VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- INLINE_MITIGATIONS_ALREADY_EXIST
- INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- "JUSTIFICATION_TYPE_UNSPECIFIED"
- JUSTIFICATION_TYPE_UNSPECIFIED
JUSTIFICATION_TYPE_UNSPECIFIED.
- "COMPONENT_NOT_PRESENT"
- COMPONENT_NOT_PRESENT
The vulnerable component is not present in the product.
- "VULNERABLE_CODE_NOT_PRESENT"
- VULNERABLE_CODE_NOT_PRESENT
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH"
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY"
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- "INLINE_MITIGATIONS_ALREADY_EXIST"
- INLINE_MITIGATIONS_ALREADY_EXIST
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
JustificationResponse
- Details string
Additional details on why this justification was chosen.
- Justification
Type string The justification type for this vulnerability.
- Details string
Additional details on why this justification was chosen.
- Justification
Type string The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type String The justification type for this vulnerability.
- details string
Additional details on why this justification was chosen.
- justification
Type string The justification type for this vulnerability.
- details str
Additional details on why this justification was chosen.
- justification_
type str The justification type for this vulnerability.
- details String
Additional details on why this justification was chosen.
- justification
Type String The justification type for this vulnerability.
KnowledgeBase
KnowledgeBaseResponse
License
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments string
Comments
- expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments str
Comments
- expression str
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
LicenseResponse
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- Comments string
Comments
- Expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments string
Comments
- expression string
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments str
Comments
- expression str
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
Comments
- expression String
Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
Package
- Name string
Immutable. The name of the package.
- Architecture
Pulumi.
Google Native. Container Analysis. V1Beta1. Package Architecture The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
The description of this package.
- Digest
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Digest> Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Distribution> The various channels by which a package is distributed.
- License
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. License Licenses that have been declared by the authors of the package.
- Maintainer string
A freeform text denoting the maintainer of this package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
The homepage for this package.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version The version of the package.
- Name string
Immutable. The name of the package.
- Architecture
Package
Architecture The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
The description of this package.
- Digest []Digest
Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution []Distribution
The various channels by which a package is distributed.
- License License
Licenses that have been declared by the authors of the package.
- Maintainer string
A freeform text denoting the maintainer of this package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
The homepage for this package.
- Version Version
The version of the package.
- name String
Immutable. The name of the package.
- architecture
Package
Architecture The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
The description of this package.
- digest List<Digest>
Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Distribution>
The various channels by which a package is distributed.
- license License
Licenses that have been declared by the authors of the package.
- maintainer String
A freeform text denoting the maintainer of this package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
The homepage for this package.
- version Version
The version of the package.
- name string
Immutable. The name of the package.
- architecture
Package
Architecture The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description string
The description of this package.
- digest Digest[]
Hash value, typically a file digest, that allows unique identification a specific package.
- distribution Distribution[]
The various channels by which a package is distributed.
- license License
Licenses that have been declared by the authors of the package.
- maintainer string
A freeform text denoting the maintainer of this package.
- package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url string
The homepage for this package.
- version Version
The version of the package.
- name str
Immutable. The name of the package.
- architecture
Package
Architecture The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe_
uri str The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description str
The description of this package.
- digest Sequence[Digest]
Hash value, typically a file digest, that allows unique identification a specific package.
- distribution Sequence[Distribution]
The various channels by which a package is distributed.
- license License
Licenses that have been declared by the authors of the package.
- maintainer str
A freeform text denoting the maintainer of this package.
- package_
type str The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url str
The homepage for this package.
- version Version
The version of the package.
- name String
Immutable. The name of the package.
- architecture "ARCHITECTURE_UNSPECIFIED" | "X86" | "X64"
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
The description of this package.
- digest List<Property Map>
Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Property Map>
The various channels by which a package is distributed.
- license Property Map
Licenses that have been declared by the authors of the package.
- maintainer String
A freeform text denoting the maintainer of this package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
The homepage for this package.
- version Property Map
The version of the package.
PackageArchitecture
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- Package
Architecture Architecture Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- Package
Architecture X86 - X86
X86 architecture.
- Package
Architecture X64 - X64
X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- ARCHITECTURE_UNSPECIFIED
- ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- X86
- X86
X86 architecture.
- X64
- X64
X64 architecture.
- "ARCHITECTURE_UNSPECIFIED"
- ARCHITECTURE_UNSPECIFIED
Unknown architecture.
- "X86"
- X86
X86 architecture.
- "X64"
- X64
X64 architecture.
PackageInfoNote
- Analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string A more detailed description of the package
- Download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. External Ref> ExternalRef
- Files
License List<string>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. License List the licenses that have been declared by the authors of the package
- Originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string A short description of the package
- Supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
Identify the full name of the package as given by the Package Originator
- Verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
Identify the version of the package
- Analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string A more detailed description of the package
- Download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs []ExternalRef ExternalRef
- Files
License []stringInfo Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared License List the licenses that have been declared by the authors of the package
- Originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string A short description of the package
- Supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
Identify the full name of the package as given by the Package Originator
- Verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
Identify the version of the package
- analyzed Boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
Identify the copyright holders of the package, as well as any dates present
- detailed
Description String A more detailed description of the package
- download
Location String This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<ExternalRef> ExternalRef
- files
License List<String>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared License List the licenses that have been declared by the authors of the package
- originator String
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String A short description of the package
- supplier String
Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
Identify the full name of the package as given by the Package Originator
- verification
Code String This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
Identify the version of the package
- analyzed boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright string
Identify the copyright holders of the package, as well as any dates present
- detailed
Description string A more detailed description of the package
- download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs ExternalRef[] ExternalRef
- files
License string[]Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared License List the licenses that have been declared by the authors of the package
- originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description string A short description of the package
- supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- title string
Identify the full name of the package as given by the Package Originator
- verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version string
Identify the version of the package
- analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution str
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum str
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright str
Identify the copyright holders of the package, as well as any dates present
- detailed_
description str A more detailed description of the package
- download_
location str This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external_
refs Sequence[ExternalRef] ExternalRef
- files_
license_ Sequence[str]info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home_
page str Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license_
declared License List the licenses that have been declared by the authors of the package
- originator str
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package_
type str The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary_
description str A short description of the package
- supplier str
Identify the actual distribution source for the package/directory identified in the SPDX file
- title str
Identify the full name of the package as given by the Package Originator
- verification_
code str This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version str
Identify the version of the package
- analyzed Boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
Identify the copyright holders of the package, as well as any dates present
- detailed
Description String A more detailed description of the package
- download
Location String This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<Property Map> ExternalRef
- files
License List<String>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared Property Map List the licenses that have been declared by the authors of the package
- originator String
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String A short description of the package
- supplier String
Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
Identify the full name of the package as given by the Package Originator
- verification
Code String This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
Identify the version of the package
PackageInfoNoteResponse
- Analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string A more detailed description of the package
- Download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. External Ref Response> ExternalRef
- Files
License List<string>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. License Response List the licenses that have been declared by the authors of the package
- Originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string A short description of the package
- Supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
Identify the full name of the package as given by the Package Originator
- Verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
Identify the version of the package
- Analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string A more detailed description of the package
- Download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs []ExternalRef Response ExternalRef
- Files
License []stringInfo Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared LicenseResponse List the licenses that have been declared by the authors of the package
- Originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string A short description of the package
- Supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
Identify the full name of the package as given by the Package Originator
- Verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
Identify the version of the package
- analyzed Boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
Identify the copyright holders of the package, as well as any dates present
- detailed
Description String A more detailed description of the package
- download
Location String This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<ExternalRef Response> ExternalRef
- files
License List<String>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared LicenseResponse List the licenses that have been declared by the authors of the package
- originator String
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String A short description of the package
- supplier String
Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
Identify the full name of the package as given by the Package Originator
- verification
Code String This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
Identify the version of the package
- analyzed boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution string
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum string
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright string
Identify the copyright holders of the package, as well as any dates present
- detailed
Description string A more detailed description of the package
- download
Location string This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs ExternalRef Response[] ExternalRef
- files
License string[]Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page string Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared LicenseResponse List the licenses that have been declared by the authors of the package
- originator string
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type string The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description string A short description of the package
- supplier string
Identify the actual distribution source for the package/directory identified in the SPDX file
- title string
Identify the full name of the package as given by the Package Originator
- verification
Code string This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version string
Identify the version of the package
- analyzed bool
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution str
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum str
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright str
Identify the copyright holders of the package, as well as any dates present
- detailed_
description str A more detailed description of the package
- download_
location str This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external_
refs Sequence[ExternalRef Response] ExternalRef
- files_
license_ Sequence[str]info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home_
page str Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license_
declared LicenseResponse List the licenses that have been declared by the authors of the package
- originator str
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package_
type str The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary_
description str A short description of the package
- supplier str
Identify the actual distribution source for the package/directory identified in the SPDX file
- title str
Identify the full name of the package as given by the Package Originator
- verification_
code str This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version str
Identify the version of the package
- analyzed Boolean
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
Identify the copyright holders of the package, as well as any dates present
- detailed
Description String A more detailed description of the package
- download
Location String This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<Property Map> ExternalRef
- files
License List<String>Info Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared Property Map List the licenses that have been declared by the authors of the package
- originator String
If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String A short description of the package
- supplier String
Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
Identify the full name of the package as given by the Package Originator
- verification
Code String This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
Identify the version of the package
PackageResponse
- Architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
The description of this package.
- Digest
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Digest Response> Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Distribution Response> The various channels by which a package is distributed.
- License
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. License Response Licenses that have been declared by the authors of the package.
- Maintainer string
A freeform text denoting the maintainer of this package.
- Name string
Immutable. The name of the package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
The homepage for this package.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version Response The version of the package.
- Architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
The description of this package.
- Digest
[]Digest
Response Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
[]Distribution
Response The various channels by which a package is distributed.
- License
License
Response Licenses that have been declared by the authors of the package.
- Maintainer string
A freeform text denoting the maintainer of this package.
- Name string
Immutable. The name of the package.
- Package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
The homepage for this package.
- Version
Version
Response The version of the package.
- architecture String
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
The description of this package.
- digest
List<Digest
Response> Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
List<Distribution
Response> The various channels by which a package is distributed.
- license
License
Response Licenses that have been declared by the authors of the package.
- maintainer String
A freeform text denoting the maintainer of this package.
- name String
Immutable. The name of the package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
The homepage for this package.
- version
Version
Response The version of the package.
- architecture string
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri string The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description string
The description of this package.
- digest
Digest
Response[] Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
Distribution
Response[] The various channels by which a package is distributed.
- license
License
Response Licenses that have been declared by the authors of the package.
- maintainer string
A freeform text denoting the maintainer of this package.
- name string
Immutable. The name of the package.
- package
Type string The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url string
The homepage for this package.
- version
Version
Response The version of the package.
- architecture str
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe_
uri str The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description str
The description of this package.
- digest
Sequence[Digest
Response] Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
Sequence[Distribution
Response] The various channels by which a package is distributed.
- license
License
Response Licenses that have been declared by the authors of the package.
- maintainer str
A freeform text denoting the maintainer of this package.
- name str
Immutable. The name of the package.
- package_
type str The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url str
The homepage for this package.
- version
Version
Response The version of the package.
- architecture String
The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
The description of this package.
- digest List<Property Map>
Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Property Map>
The various channels by which a package is distributed.
- license Property Map
Licenses that have been declared by the authors of the package.
- maintainer String
A freeform text denoting the maintainer of this package.
- name String
Immutable. The name of the package.
- package
Type String The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
The homepage for this package.
- version Property Map
The version of the package.
Product
- Generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Id string
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- Name string
Name of the product.
- Generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Id string
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- Name string
Name of the product.
- generic
Uri String Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id String
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name String
Name of the product.
- generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id string
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name string
Name of the product.
- generic_
uri str Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id str
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name str
Name of the product.
- generic
Uri String Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id String
Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name String
Name of the product.
ProductResponse
- Generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Name string
Name of the product.
- Generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Name string
Name of the product.
- generic
Uri String Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name String
Name of the product.
- generic
Uri string Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name string
Name of the product.
- generic_
uri str Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name str
Name of the product.
- generic
Uri String Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name String
Name of the product.
Publisher
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- str
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name str
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher_
namespace str The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
PublisherResponse
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name string
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace string The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- str
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name str
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher_
namespace str The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
RelatedUrl
RelatedUrlResponse
RelationshipNote
- Type
Pulumi.
Google Native. Container Analysis. V1Beta1. Relationship Note Type The type of relationship between the source and target SPDX elements
- Type
Relationship
Note Type The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type The type of relationship between the source and target SPDX elements
- type "RELATIONSHIP_TYPE_UNSPECIFIED" | "DESCRIBES" | "DESCRIBED_BY" | "CONTAINS" | "CONTAINED_BY" | "DEPENDS_ON" | "DEPENDENCY_OF" | "DEPENDENCY_MANIFEST_OF" | "BUILD_DEPENDENCY_OF" | "DEV_DEPENDENCY_OF" | "OPTIONAL_DEPENDENCY_OF" | "PROVIDED_DEPENDENCY_OF" | "TEST_DEPENDENCY_OF" | "RUNTIME_DEPENDENCY_OF" | "EXAMPLE_OF" | "GENERATES" | "GENERATED_FROM" | "ANCESTOR_OF" | "DESCENDANT_OF" | "VARIANT_OF" | "DISTRIBUTION_ARTIFACT" | "PATCH_FOR" | "PATCH_APPLIED" | "COPY_OF" | "FILE_ADDED" | "FILE_DELETED" | "FILE_MODIFIED" | "EXPANDED_FROM_ARCHIVE" | "DYNAMIC_LINK" | "STATIC_LINK" | "DATA_FILE_OF" | "TEST_CASE_OF" | "BUILD_TOOL_OF" | "DEV_TOOL_OF" | "TEST_OF" | "TEST_TOOL_OF" | "DOCUMENTATION_OF" | "OPTIONAL_COMPONENT_OF" | "METAFILE_OF" | "PACKAGE_OF" | "AMENDS" | "PREREQUISITE_FOR" | "HAS_PREREQUISITE" | "OTHER"
The type of relationship between the source and target SPDX elements
RelationshipNoteResponse
- Type string
The type of relationship between the source and target SPDX elements
- Type string
The type of relationship between the source and target SPDX elements
- type String
The type of relationship between the source and target SPDX elements
- type string
The type of relationship between the source and target SPDX elements
- type str
The type of relationship between the source and target SPDX elements
- type String
The type of relationship between the source and target SPDX elements
RelationshipNoteType
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- Describes
- DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Note Type Relationship Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- Relationship
Note Type Describes - DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Relationship
Note Type Described By - DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- Relationship
Note Type Contains - CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- Relationship
Note Type Contained By - CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- Relationship
Note Type Depends On - DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- Relationship
Note Type Dependency Of - DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- Relationship
Note Type Dependency Manifest Of - DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Relationship
Note Type Build Dependency Of - BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Relationship
Note Type Dev Dependency Of - DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Relationship
Note Type Optional Dependency Of - OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Relationship
Note Type Provided Dependency Of - PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Relationship
Note Type Test Dependency Of - TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Relationship
Note Type Runtime Dependency Of - RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Relationship
Note Type Example Of - EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- Relationship
Note Type Generates - GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- Relationship
Note Type Generated From - GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- Relationship
Note Type Ancestor Of - ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Relationship
Note Type Descendant Of - DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Relationship
Note Type Variant Of - VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Relationship
Note Type Distribution Artifact - DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Relationship
Note Type Patch For - PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Relationship
Note Type Patch Applied - PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Relationship
Note Type Copy Of - COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- Relationship
Note Type File Added - FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- Relationship
Note Type File Deleted - FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- Relationship
Note Type File Modified - FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Relationship
Note Type Expanded From Archive - EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Relationship
Note Type Dynamic Link - DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- Relationship
Note Type Static Link - STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- Relationship
Note Type Data File Of - DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- Relationship
Note Type Test Case Of - TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Relationship
Note Type Build Tool Of - BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- Relationship
Note Type Dev Tool Of - DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Relationship
Note Type Test Of - TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- Relationship
Note Type Test Tool Of - TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Relationship
Note Type Documentation Of - DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- Relationship
Note Type Optional Component Of - OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- Relationship
Note Type Metafile Of - METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- Relationship
Note Type Package Of - PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Relationship
Note Type Amends - AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Relationship
Note Type Prerequisite For - PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Relationship
Note Type Has Prerequisite - HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Relationship
Note Type Other - OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- Describes
- DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- Describes
- DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- RELATIONSHIP_TYPE_UNSPECIFIED
- RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- DESCRIBES
- DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- DESCRIBED_BY
- DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- CONTAINS
- CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- CONTAINED_BY
- CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- DEPENDS_ON
- DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- DEPENDENCY_OF
- DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- DEPENDENCY_MANIFEST_OF
- DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- BUILD_DEPENDENCY_OF
- BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- DEV_DEPENDENCY_OF
- DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- OPTIONAL_DEPENDENCY_OF
- OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- PROVIDED_DEPENDENCY_OF
- PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- TEST_DEPENDENCY_OF
- TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- RUNTIME_DEPENDENCY_OF
- RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- EXAMPLE_OF
- EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- GENERATES
- GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- GENERATED_FROM
- GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- ANCESTOR_OF
- ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- DESCENDANT_OF
- DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- VARIANT_OF
- VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- DISTRIBUTION_ARTIFACT
- DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- PATCH_FOR
- PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- PATCH_APPLIED
- PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- COPY_OF
- COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- FILE_ADDED
- FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- FILE_DELETED
- FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- FILE_MODIFIED
- FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- EXPANDED_FROM_ARCHIVE
- EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- DYNAMIC_LINK
- DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- STATIC_LINK
- STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- DATA_FILE_OF
- DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- TEST_CASE_OF
- TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- BUILD_TOOL_OF
- BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- DEV_TOOL_OF
- DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- TEST_OF
- TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- TEST_TOOL_OF
- TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- DOCUMENTATION_OF
- DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- OPTIONAL_COMPONENT_OF
- OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- METAFILE_OF
- METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- PACKAGE_OF
- PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- AMENDS
- AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- PREREQUISITE_FOR
- PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- HAS_PREREQUISITE
- HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- OTHER
- OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- "RELATIONSHIP_TYPE_UNSPECIFIED"
- RELATIONSHIP_TYPE_UNSPECIFIED
Unspecified
- "DESCRIBES"
- DESCRIBES
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- "DESCRIBED_BY"
- DESCRIBED_BY
Is to be used when SPDXRef-A is described by SPDXREF-Document
- "CONTAINS"
- CONTAINS
Is to be used when SPDXRef-A contains SPDXRef-B
- "CONTAINED_BY"
- CONTAINED_BY
Is to be used when SPDXRef-A is contained by SPDXRef-B
- "DEPENDS_ON"
- DEPENDS_ON
Is to be used when SPDXRef-A depends on SPDXRef-B
- "DEPENDENCY_OF"
- DEPENDENCY_OF
Is to be used when SPDXRef-A is dependency of SPDXRef-B
- "DEPENDENCY_MANIFEST_OF"
- DEPENDENCY_MANIFEST_OF
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- "BUILD_DEPENDENCY_OF"
- BUILD_DEPENDENCY_OF
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B
- "DEV_DEPENDENCY_OF"
- DEV_DEPENDENCY_OF
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B
- "OPTIONAL_DEPENDENCY_OF"
- OPTIONAL_DEPENDENCY_OF
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- "PROVIDED_DEPENDENCY_OF"
- PROVIDED_DEPENDENCY_OF
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- "TEST_DEPENDENCY_OF"
- TEST_DEPENDENCY_OF
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B
- "RUNTIME_DEPENDENCY_OF"
- RUNTIME_DEPENDENCY_OF
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- "EXAMPLE_OF"
- EXAMPLE_OF
Is to be used when SPDXRef-A is an example of SPDXRef-B
- "GENERATES"
- GENERATES
Is to be used when SPDXRef-A generates SPDXRef-B
- "GENERATED_FROM"
- GENERATED_FROM
Is to be used when SPDXRef-A was generated from SPDXRef-B
- "ANCESTOR_OF"
- ANCESTOR_OF
Is to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- "DESCENDANT_OF"
- DESCENDANT_OF
Is to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- "VARIANT_OF"
- VARIANT_OF
Is to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- "DISTRIBUTION_ARTIFACT"
- DISTRIBUTION_ARTIFACT
Is to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- "PATCH_FOR"
- PATCH_FOR
Is to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- "PATCH_APPLIED"
- PATCH_APPLIED
Is to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- "COPY_OF"
- COPY_OF
Is to be used when SPDXRef-A is an exact copy of SPDXRef-B
- "FILE_ADDED"
- FILE_ADDED
Is to be used when SPDXRef-A is a file that was added to SPDXRef-B
- "FILE_DELETED"
- FILE_DELETED
Is to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- "FILE_MODIFIED"
- FILE_MODIFIED
Is to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- "EXPANDED_FROM_ARCHIVE"
- EXPANDED_FROM_ARCHIVE
Is to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- "DYNAMIC_LINK"
- DYNAMIC_LINK
Is to be used when SPDXRef-A dynamically links to SPDXRef-B
- "STATIC_LINK"
- STATIC_LINK
Is to be used when SPDXRef-A statically links to SPDXRef-B
- "DATA_FILE_OF"
- DATA_FILE_OF
Is to be used when SPDXRef-A is a data file used in SPDXRef-B
- "TEST_CASE_OF"
- TEST_CASE_OF
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- "BUILD_TOOL_OF"
- BUILD_TOOL_OF
Is to be used when SPDXRef-A is used to build SPDXRef-B
- "DEV_TOOL_OF"
- DEV_TOOL_OF
Is to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- "TEST_OF"
- TEST_OF
Is to be used when SPDXRef-A is used for testing SPDXRef-B
- "TEST_TOOL_OF"
- TEST_TOOL_OF
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- "DOCUMENTATION_OF"
- DOCUMENTATION_OF
Is to be used when SPDXRef-A provides documentation of SPDXRef-B
- "OPTIONAL_COMPONENT_OF"
- OPTIONAL_COMPONENT_OF
Is to be used when SPDXRef-A is an optional component of SPDXRef-B
- "METAFILE_OF"
- METAFILE_OF
Is to be used when SPDXRef-A is a metafile of SPDXRef-B
- "PACKAGE_OF"
- PACKAGE_OF
Is to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- "AMENDS"
- AMENDS
Is to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- "PREREQUISITE_FOR"
- PREREQUISITE_FOR
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- "HAS_PREREQUISITE"
- HAS_PREREQUISITE
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- "OTHER"
- OTHER
Is to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
Remediation
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type Pulumi.Google Native. Container Analysis. V1Beta1. Remediation Remediation Type The type of remediation that can be applied.
- Remediation
Uri Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Related Url Contains the URL where to obtain the remediation.
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type RemediationRemediation Type The type of remediation that can be applied.
- Remediation
Uri RelatedUrl Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type RemediationRemediation Type The type of remediation that can be applied.
- remediation
Uri RelatedUrl Contains the URL where to obtain the remediation.
- details string
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type RemediationRemediation Type The type of remediation that can be applied.
- remediation
Uri RelatedUrl Contains the URL where to obtain the remediation.
- details str
Contains a comprehensive human-readable discussion of the remediation.
- remediation_
type RemediationRemediation Type The type of remediation that can be applied.
- remediation_
uri RelatedUrl Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type "REMEDIATION_TYPE_UNSPECIFIED" | "MITIGATION" | "NO_FIX_PLANNED" | "NONE_AVAILABLE" | "VENDOR_FIX" | "WORKAROUND" The type of remediation that can be applied.
- remediation
Uri Property Map Contains the URL where to obtain the remediation.
RemediationRemediationType
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- Mitigation
- MITIGATION
A MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNED
No fix is planned.
- None
Available - NONE_AVAILABLE
Not available.
- Vendor
Fix - VENDOR_FIX
A vendor fix is available.
- Workaround
- WORKAROUND
A workaround is available.
- Remediation
Remediation Type Remediation Type Unspecified - REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- Remediation
Remediation Type Mitigation - MITIGATION
A MITIGATION is available.
- Remediation
Remediation Type No Fix Planned - NO_FIX_PLANNED
No fix is planned.
- Remediation
Remediation Type None Available - NONE_AVAILABLE
Not available.
- Remediation
Remediation Type Vendor Fix - VENDOR_FIX
A vendor fix is available.
- Remediation
Remediation Type Workaround - WORKAROUND
A workaround is available.
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- Mitigation
- MITIGATION
A MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNED
No fix is planned.
- None
Available - NONE_AVAILABLE
Not available.
- Vendor
Fix - VENDOR_FIX
A vendor fix is available.
- Workaround
- WORKAROUND
A workaround is available.
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- Mitigation
- MITIGATION
A MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNED
No fix is planned.
- None
Available - NONE_AVAILABLE
Not available.
- Vendor
Fix - VENDOR_FIX
A vendor fix is available.
- Workaround
- WORKAROUND
A workaround is available.
- REMEDIATION_TYPE_UNSPECIFIED
- REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- MITIGATION
- MITIGATION
A MITIGATION is available.
- NO_FIX_PLANNED
- NO_FIX_PLANNED
No fix is planned.
- NONE_AVAILABLE
- NONE_AVAILABLE
Not available.
- VENDOR_FIX
- VENDOR_FIX
A vendor fix is available.
- WORKAROUND
- WORKAROUND
A workaround is available.
- "REMEDIATION_TYPE_UNSPECIFIED"
- REMEDIATION_TYPE_UNSPECIFIED
No remediation type specified.
- "MITIGATION"
- MITIGATION
A MITIGATION is available.
- "NO_FIX_PLANNED"
- NO_FIX_PLANNED
No fix is planned.
- "NONE_AVAILABLE"
- NONE_AVAILABLE
Not available.
- "VENDOR_FIX"
- VENDOR_FIX
A vendor fix is available.
- "WORKAROUND"
- WORKAROUND
A workaround is available.
RemediationResponse
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string The type of remediation that can be applied.
- Remediation
Uri Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Related Url Response Contains the URL where to obtain the remediation.
- Details string
Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string The type of remediation that can be applied.
- Remediation
Uri RelatedUrl Response Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String The type of remediation that can be applied.
- remediation
Uri RelatedUrl Response Contains the URL where to obtain the remediation.
- details string
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type string The type of remediation that can be applied.
- remediation
Uri RelatedUrl Response Contains the URL where to obtain the remediation.
- details str
Contains a comprehensive human-readable discussion of the remediation.
- remediation_
type str The type of remediation that can be applied.
- remediation_
uri RelatedUrl Response Contains the URL where to obtain the remediation.
- details String
Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String The type of remediation that can be applied.
- remediation
Uri Property Map Contains the URL where to obtain the remediation.
SBOMReferenceNote
SBOMReferenceNoteResponse
SigningKey
- Key
Id string key_id is an identifier for the signing key.
- Key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue This field contains the actual public key.
- Key
Id string key_id is an identifier for the signing key.
- Key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue This field contains the actual public key.
- key
Id String key_id is an identifier for the signing key.
- key
Scheme String This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue This field contains the actual public key.
- key
Id string key_id is an identifier for the signing key.
- key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key stringValue This field contains the actual public key.
- key_
id str key_id is an identifier for the signing key.
- key_
scheme str This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key_
type str This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public_
key_ strvalue This field contains the actual public key.
- key
Id String key_id is an identifier for the signing key.
- key
Scheme String This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue This field contains the actual public key.
SigningKeyResponse
- Key
Id string key_id is an identifier for the signing key.
- Key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue This field contains the actual public key.
- Key
Id string key_id is an identifier for the signing key.
- Key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue This field contains the actual public key.
- key
Id String key_id is an identifier for the signing key.
- key
Scheme String This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue This field contains the actual public key.
- key
Id string key_id is an identifier for the signing key.
- key
Scheme string This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type string This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key stringValue This field contains the actual public key.
- key_
id str key_id is an identifier for the signing key.
- key_
scheme str This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key_
type str This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public_
key_ strvalue This field contains the actual public key.
- key
Id String key_id is an identifier for the signing key.
- key
Scheme String This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue This field contains the actual public key.
Version
- Kind
Pulumi.
Google Native. Container Analysis. V1Beta1. Version Kind Distinguishes between sentinel MIN/MAX versions and normal versions.
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Name string
Required only when version kind is NORMAL. The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- Kind
Version
Kind Distinguishes between sentinel MIN/MAX versions and normal versions.
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Name string
Required only when version kind is NORMAL. The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- kind
Version
Kind Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch Integer
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name String
Required only when version kind is NORMAL. The main part of the version name.
- revision String
The iteration of the package build from the above version.
- kind
Version
Kind Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch number
Used to correct mistakes in the version numbering scheme.
- inclusive boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name string
Required only when version kind is NORMAL. The main part of the version name.
- revision string
The iteration of the package build from the above version.
- kind
Version
Kind Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch int
Used to correct mistakes in the version numbering scheme.
- inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name str
Required only when version kind is NORMAL. The main part of the version name.
- revision str
The iteration of the package build from the above version.
- kind "VERSION_KIND_UNSPECIFIED" | "NORMAL" | "MINIMUM" | "MAXIMUM"
Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch Number
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name String
Required only when version kind is NORMAL. The main part of the version name.
- revision String
The iteration of the package build from the above version.
VersionKind
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIED
Unknown.
- Normal
- NORMAL
A standard package version.
- Minimum
- MINIMUM
A special version representing negative infinity.
- Maximum
- MAXIMUM
A special version representing positive infinity.
- Version
Kind Version Kind Unspecified - VERSION_KIND_UNSPECIFIED
Unknown.
- Version
Kind Normal - NORMAL
A standard package version.
- Version
Kind Minimum - MINIMUM
A special version representing negative infinity.
- Version
Kind Maximum - MAXIMUM
A special version representing positive infinity.
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIED
Unknown.
- Normal
- NORMAL
A standard package version.
- Minimum
- MINIMUM
A special version representing negative infinity.
- Maximum
- MAXIMUM
A special version representing positive infinity.
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIED
Unknown.
- Normal
- NORMAL
A standard package version.
- Minimum
- MINIMUM
A special version representing negative infinity.
- Maximum
- MAXIMUM
A special version representing positive infinity.
- VERSION_KIND_UNSPECIFIED
- VERSION_KIND_UNSPECIFIED
Unknown.
- NORMAL
- NORMAL
A standard package version.
- MINIMUM
- MINIMUM
A special version representing negative infinity.
- MAXIMUM
- MAXIMUM
A special version representing positive infinity.
- "VERSION_KIND_UNSPECIFIED"
- VERSION_KIND_UNSPECIFIED
Unknown.
- "NORMAL"
- NORMAL
A standard package version.
- "MINIMUM"
- MINIMUM
A special version representing negative infinity.
- "MAXIMUM"
- MAXIMUM
A special version representing positive infinity.
VersionResponse
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Kind string
Distinguishes between sentinel MIN/MAX versions and normal versions.
- Name string
Required only when version kind is NORMAL. The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- Epoch int
Used to correct mistakes in the version numbering scheme.
- Inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Kind string
Distinguishes between sentinel MIN/MAX versions and normal versions.
- Name string
Required only when version kind is NORMAL. The main part of the version name.
- Revision string
The iteration of the package build from the above version.
- epoch Integer
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind String
Distinguishes between sentinel MIN/MAX versions and normal versions.
- name String
Required only when version kind is NORMAL. The main part of the version name.
- revision String
The iteration of the package build from the above version.
- epoch number
Used to correct mistakes in the version numbering scheme.
- inclusive boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind string
Distinguishes between sentinel MIN/MAX versions and normal versions.
- name string
Required only when version kind is NORMAL. The main part of the version name.
- revision string
The iteration of the package build from the above version.
- epoch int
Used to correct mistakes in the version numbering scheme.
- inclusive bool
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind str
Distinguishes between sentinel MIN/MAX versions and normal versions.
- name str
Required only when version kind is NORMAL. The main part of the version name.
- revision str
The iteration of the package build from the above version.
- epoch Number
Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind String
Distinguishes between sentinel MIN/MAX versions and normal versions.
- name String
Required only when version kind is NORMAL. The main part of the version name.
- revision String
The iteration of the package build from the above version.
Vulnerability
- Cvss
Score double The CVSS score for this vulnerability.
- Cvss
V2 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSS The full description of the CVSS for version 2.
- Cvss
V3 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSv3 The full description of the CVSS for version 3.
- Cvss
Version Pulumi.Google Native. Container Analysis. V1Beta1. Vulnerability Cvss Version CVSS version used to populate cvss_score and severity.
- Cwe List<string>
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Detail> All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity
Pulumi.
Google Native. Container Analysis. V1Beta1. Vulnerability Severity Note provider assigned impact of the vulnerability.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Windows Detail> Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- Cvss
Score float64 The CVSS score for this vulnerability.
- Cvss
V2 CVSS The full description of the CVSS for version 2.
- Cvss
V3 CVSSv3 The full description of the CVSS for version 3.
- Cvss
Version VulnerabilityCvss Version CVSS version used to populate cvss_score and severity.
- Cwe []string
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details []Detail
All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity
Vulnerability
Severity Note provider assigned impact of the vulnerability.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details []WindowsDetail Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Double The CVSS score for this vulnerability.
- cvss
V2 CVSS The full description of the CVSS for version 2.
- cvss
V3 CVSSv3 The full description of the CVSS for version 3.
- cvss
Version VulnerabilityCvss Version CVSS version used to populate cvss_score and severity.
- cwe List<String>
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details List<Detail>
All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity Note provider assigned impact of the vulnerability.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<WindowsDetail> Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score number The CVSS score for this vulnerability.
- cvss
V2 CVSS The full description of the CVSS for version 2.
- cvss
V3 CVSSv3 The full description of the CVSS for version 3.
- cvss
Version VulnerabilityCvss Version CVSS version used to populate cvss_score and severity.
- cwe string[]
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details Detail[]
All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity Note provider assigned impact of the vulnerability.
- source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details WindowsDetail[] Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss_
score float The CVSS score for this vulnerability.
- cvss_
v2 CVSS The full description of the CVSS for version 2.
- cvss_
v3 CVSSv3 The full description of the CVSS for version 3.
- cvss_
version VulnerabilityCvss Version CVSS version used to populate cvss_score and severity.
- cwe Sequence[str]
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details Sequence[Detail]
All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity Note provider assigned impact of the vulnerability.
- source_
update_ strtime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows_
details Sequence[WindowsDetail] Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Number The CVSS score for this vulnerability.
- cvss
V2 Property Map The full description of the CVSS for version 2.
- cvss
V3 Property Map The full description of the CVSS for version 3.
- cvss
Version "CVSS_VERSION_UNSPECIFIED" | "CVSS_VERSION_2" | "CVSS_VERSION_3" CVSS version used to populate cvss_score and severity.
- cwe List<String>
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details List<Property Map>
All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity "SEVERITY_UNSPECIFIED" | "MINIMAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
Note provider assigned impact of the vulnerability.
- source
Update StringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<Property Map> Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
VulnerabilityAssessmentNote
- Assessment
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Assessment Represents a vulnerability assessment for the product.
- Language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string A detailed description of this Vex.
- Product
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Product The product affected by this vex.
- Publisher
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Publisher Publisher details of this Note.
- Short
Description string A one sentence description of this Vex.
- Title string
The title of the note. E.g.
Vex-Debian-11.4
- Assessment Assessment
Represents a vulnerability assessment for the product.
- Language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string A detailed description of this Vex.
- Product Product
The product affected by this vex.
- Publisher Publisher
Publisher details of this Note.
- Short
Description string A one sentence description of this Vex.
- Title string
The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
Represents a vulnerability assessment for the product.
- language
Code String Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String A detailed description of this Vex.
- product Product
The product affected by this vex.
- publisher Publisher
Publisher details of this Note.
- short
Description String A one sentence description of this Vex.
- title String
The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
Represents a vulnerability assessment for the product.
- language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description string A detailed description of this Vex.
- product Product
The product affected by this vex.
- publisher Publisher
Publisher details of this Note.
- short
Description string A one sentence description of this Vex.
- title string
The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
Represents a vulnerability assessment for the product.
- language_
code str Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long_
description str A detailed description of this Vex.
- product Product
The product affected by this vex.
- publisher Publisher
Publisher details of this Note.
- short_
description str A one sentence description of this Vex.
- title str
The title of the note. E.g.
Vex-Debian-11.4
- assessment Property Map
Represents a vulnerability assessment for the product.
- language
Code String Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String A detailed description of this Vex.
- product Property Map
The product affected by this vex.
- publisher Property Map
Publisher details of this Note.
- short
Description String A one sentence description of this Vex.
- title String
The title of the note. E.g.
Vex-Debian-11.4
VulnerabilityAssessmentNoteResponse
- Assessment
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Assessment Response Represents a vulnerability assessment for the product.
- Language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string A detailed description of this Vex.
- Product
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Product Response The product affected by this vex.
- Publisher
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Publisher Response Publisher details of this Note.
- Short
Description string A one sentence description of this Vex.
- Title string
The title of the note. E.g.
Vex-Debian-11.4
- Assessment
Assessment
Response Represents a vulnerability assessment for the product.
- Language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string A detailed description of this Vex.
- Product
Product
Response The product affected by this vex.
- Publisher
Publisher
Response Publisher details of this Note.
- Short
Description string A one sentence description of this Vex.
- Title string
The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response Represents a vulnerability assessment for the product.
- language
Code String Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String A detailed description of this Vex.
- product
Product
Response The product affected by this vex.
- publisher
Publisher
Response Publisher details of this Note.
- short
Description String A one sentence description of this Vex.
- title String
The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response Represents a vulnerability assessment for the product.
- language
Code string Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description string A detailed description of this Vex.
- product
Product
Response The product affected by this vex.
- publisher
Publisher
Response Publisher details of this Note.
- short
Description string A one sentence description of this Vex.
- title string
The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response Represents a vulnerability assessment for the product.
- language_
code str Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long_
description str A detailed description of this Vex.
- product
Product
Response The product affected by this vex.
- publisher
Publisher
Response Publisher details of this Note.
- short_
description str A one sentence description of this Vex.
- title str
The title of the note. E.g.
Vex-Debian-11.4
- assessment Property Map
Represents a vulnerability assessment for the product.
- language
Code String Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String A detailed description of this Vex.
- product Property Map
The product affected by this vex.
- publisher Property Map
Publisher details of this Note.
- short
Description String A one sentence description of this Vex.
- title String
The title of the note. E.g.
Vex-Debian-11.4
VulnerabilityCvssVersion
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- Vulnerability
Cvss Version Cvss Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Vulnerability
Cvss Version Cvss Version2 - CVSS_VERSION_2
- Vulnerability
Cvss Version Cvss Version3 - CVSS_VERSION_3
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- CVSS_VERSION_UNSPECIFIED
- CVSS_VERSION_UNSPECIFIED
- CVSS_VERSION2
- CVSS_VERSION_2
- CVSS_VERSION3
- CVSS_VERSION_3
- "CVSS_VERSION_UNSPECIFIED"
- CVSS_VERSION_UNSPECIFIED
- "CVSS_VERSION_2"
- CVSS_VERSION_2
- "CVSS_VERSION_3"
- CVSS_VERSION_3
VulnerabilityLocation
- Cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
The package being described.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version The version of the package being described.
- Cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
The package being described.
- Version Version
The version of the package being described.
- cpe
Uri String The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package_ String
The package being described.
- version Version
The version of the package being described.
- cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package string
The package being described.
- version Version
The version of the package being described.
- cpe_
uri str The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package str
The package being described.
- version Version
The version of the package being described.
- cpe
Uri String The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package String
The package being described.
- version Property Map
The version of the package being described.
VulnerabilityLocationResponse
- Cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
The package being described.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version Response The version of the package being described.
- Cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
The package being described.
- Version
Version
Response The version of the package being described.
- cpe
Uri String The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package_ String
The package being described.
- version
Version
Response The version of the package being described.
- cpe
Uri string The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package string
The package being described.
- version
Version
Response The version of the package being described.
- cpe_
uri str The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package str
The package being described.
- version
Version
Response The version of the package being described.
- cpe
Uri String The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package String
The package being described.
- version Property Map
The version of the package being described.
VulnerabilityResponse
- Cvss
Score double The CVSS score for this vulnerability.
- Cvss
V2 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSResponse The full description of the CVSS for version 2.
- Cvss
V3 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSv3Response The full description of the CVSS for version 3.
- Cvss
Version string CVSS version used to populate cvss_score and severity.
- Cwe List<string>
A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Detail Response> All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity string
Note provider assigned impact of the vulnerability.
- Source
Update stringTime The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Windows Detail Response> Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- Cvss
Score float64 The CVSS score for this vulnerability.