You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
+94
Original file line number
Diff line number
Diff line change
@@ -124,6 +124,36 @@ <h3>Method Details</h3>
124
124
],
125
125
},
126
126
"build": { # Details of a build occurrence. # Describes a verifiable build.
127
+
"intotoProvenance": { # In-toto Provenance representation as defined in spec.
128
+
"builderConfig": { # required
129
+
"id": "A String",
130
+
},
131
+
"materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
132
+
"A String",
133
+
],
134
+
"metadata": { # Other properties of the build.
135
+
"buildFinishedOn": "A String", # The timestamp of when the build completed.
136
+
"buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
137
+
"buildStartedOn": "A String", # The timestamp of when the build started.
138
+
"completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
139
+
"arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
140
+
"environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
141
+
"materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
142
+
},
143
+
"reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
144
+
},
145
+
"recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
146
+
"arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
147
+
"A String",
148
+
],
149
+
"definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
150
+
"entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
151
+
"environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
152
+
"a_key": "A String",
153
+
},
154
+
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
155
+
},
156
+
},
127
157
"provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
128
158
"buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
129
159
"a_key": "A String",
@@ -281,6 +311,70 @@ <h3>Method Details</h3>
281
311
"cpe": "A String", # The CPE of the resource being scanned.
282
312
"lastScanTime": "A String", # The last time this resource was scanned.
283
313
},
314
+
"dsseAttestation": { # Describes an attestation of an artifact using dsse.
315
+
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
316
+
"payload": "A String",
317
+
"payloadType": "A String",
318
+
"signatures": [
319
+
{
320
+
"keyid": "A String",
321
+
"sig": "A String",
322
+
},
323
+
],
324
+
},
325
+
"statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
326
+
"predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
327
+
"provenance": {
328
+
"builderConfig": { # required
329
+
"id": "A String",
330
+
},
331
+
"materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
332
+
"A String",
333
+
],
334
+
"metadata": { # Other properties of the build.
335
+
"buildFinishedOn": "A String", # The timestamp of when the build completed.
336
+
"buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
337
+
"buildStartedOn": "A String", # The timestamp of when the build started.
338
+
"completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
339
+
"arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
340
+
"environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
341
+
"materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
342
+
},
343
+
"reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
344
+
},
345
+
"recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
346
+
"arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
347
+
"A String",
348
+
],
349
+
"definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
350
+
"entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
351
+
"environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
352
+
"a_key": "A String",
353
+
},
354
+
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
369
+
"payload": "A String",
370
+
"payloadType": "A String",
371
+
"signatures": [
372
+
{
373
+
"keyid": "A String",
374
+
"sig": "A String",
375
+
},
376
+
],
377
+
},
284
378
"image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
285
379
"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
286
380
"distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
0 commit comments