1// Copyright 2019 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1; 18 19import "google/api/field_behavior.proto"; 20import "grafeas/v1/common.proto"; 21 22option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 23option java_multiple_files = true; 24option java_package = "io.grafeas.v1"; 25option objc_class_prefix = "GRA"; 26 27// Instruction set architectures supported by various package managers. 28enum Architecture { 29 // Unknown architecture. 30 ARCHITECTURE_UNSPECIFIED = 0; 31 // X86 architecture. 32 X86 = 1; 33 // X64 architecture. 34 X64 = 2; 35} 36 37// This represents a particular channel of distribution for a given package. 38// E.g., Debian's jessie-backports dpkg mirror. 39message Distribution { 40 // The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 41 // denoting the package manager version distributing a package. 42 string cpe_uri = 1 [(google.api.field_behavior) = REQUIRED]; 43 44 // The CPU architecture for which packages in this distribution channel were 45 // built. 46 Architecture architecture = 2; 47 48 // The latest available version of this package in this distribution channel. 49 Version latest_version = 3; 50 51 // A freeform string denoting the maintainer of this package. 52 string maintainer = 4; 53 54 // The distribution channel-specific homepage for this package. 55 string url = 5; 56 57 // The distribution channel-specific description of this package. 58 string description = 6; 59} 60 61// An occurrence of a particular package installation found within a system's 62// filesystem. E.g., glibc was found in `/var/lib/dpkg/status`. 63message Location { 64 // Deprecated. 65 // The CPE URI in [CPE format](https://cpe.mitre.org/specification/) 66 string cpe_uri = 1; 67 68 // Deprecated. 69 // The version installed at this location. 70 Version version = 2; 71 72 // The path from which we gathered that this package/version is installed. 73 string path = 3; 74} 75 76// PackageNote represents a particular package version. 77message PackageNote { 78 // The name of the package. 79 string name = 1 [ 80 (google.api.field_behavior) = REQUIRED, 81 (google.api.field_behavior) = IMMUTABLE 82 ]; 83 84 // Deprecated. 85 // The various channels by which a package is distributed. 86 repeated Distribution distribution = 10; 87 88 // The type of package; whether native or non native (e.g., ruby gems, 89 // node.js packages, etc.). 90 string package_type = 11; 91 92 // The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 93 // denoting the package manager version distributing a package. 94 // The cpe_uri will be blank for language packages. 95 string cpe_uri = 12; 96 97 // The CPU architecture for which packages in this distribution channel were 98 // built. Architecture will be blank for language packages. 99 Architecture architecture = 13; 100 101 // The version of the package. 102 Version version = 14; 103 104 // A freeform text denoting the maintainer of this package. 105 string maintainer = 15; 106 107 // The homepage for this package. 108 string url = 16; 109 110 // The description of this package. 111 string description = 17; 112 113 // Licenses that have been declared by the authors of the package. 114 License license = 18; 115 116 // Hash value, typically a file digest, that allows unique 117 // identification a specific package. 118 repeated Digest digest = 19; 119} 120 121// Details on how a particular software package was installed on a system. 122message PackageOccurrence { 123 // The name of the installed package. 124 string name = 1 [ 125 (google.api.field_behavior) = REQUIRED, 126 (google.api.field_behavior) = OUTPUT_ONLY 127 ]; 128 129 // All of the places within the filesystem versions of this package 130 // have been found. 131 repeated Location location = 2; 132 133 // The type of package; whether native or non native (e.g., ruby gems, 134 // node.js packages, etc.). 135 string package_type = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 136 137 // The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 138 // denoting the package manager version distributing a package. 139 // The cpe_uri will be blank for language packages. 140 string cpe_uri = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 141 142 // The CPU architecture for which packages in this distribution channel were 143 // built. Architecture will be blank for language packages. 144 Architecture architecture = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 145 146 // Licenses that have been declared by the authors of the package. 147 License license = 6; 148 149 // The version of the package. 150 Version version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 151} 152 153// Version contains structured information about the version of a package. 154message Version { 155 // Used to correct mistakes in the version numbering scheme. 156 int32 epoch = 1; 157 158 // Required only when version kind is NORMAL. The main part of the version 159 // name. 160 string name = 2; 161 162 // The iteration of the package build from the above version. 163 string revision = 3; 164 165 // Whether this version is specifying part of an inclusive range. Grafeas 166 // does not have the capability to specify version ranges; instead we have 167 // fields that specify start version and end versions. At times this is 168 // insufficient - we also need to specify whether the version is included in 169 // the range or is excluded from the range. This boolean is expected to be set 170 // to true when the version is included in a range. 171 bool inclusive = 6; 172 173 // Whether this is an ordinary package version or a sentinel MIN/MAX version. 174 enum VersionKind { 175 // Unknown. 176 VERSION_KIND_UNSPECIFIED = 0; 177 // A standard package version. 178 NORMAL = 1; 179 // A special version representing negative infinity. 180 MINIMUM = 2; 181 // A special version representing positive infinity. 182 MAXIMUM = 3; 183 } 184 185 // Required. Distinguishes between sentinel MIN/MAX versions and normal 186 // versions. 187 VersionKind kind = 4; 188 189 // Human readable version string. This string is of the form 190 // <epoch>:<name>-<revision> and is only set when kind is NORMAL. 191 string full_name = 5; 192} 193