1// Copyright 2018 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/devtools/containeranalysis/v1beta1/attestation/attestation.proto"; 22import "google/devtools/containeranalysis/v1beta1/build/build.proto"; 23import "google/devtools/containeranalysis/v1beta1/common/common.proto"; 24import "google/devtools/containeranalysis/v1beta1/deployment/deployment.proto"; 25import "google/devtools/containeranalysis/v1beta1/discovery/discovery.proto"; 26import "google/devtools/containeranalysis/v1beta1/image/image.proto"; 27import "google/devtools/containeranalysis/v1beta1/package/package.proto"; 28import "google/devtools/containeranalysis/v1beta1/provenance/provenance.proto"; 29import "google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto"; 30import "google/protobuf/empty.proto"; 31import "google/protobuf/field_mask.proto"; 32import "google/protobuf/timestamp.proto"; 33 34option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/grafeas;grafeas"; 35option java_multiple_files = true; 36option java_package = "io.grafeas.v1beta1"; 37option objc_class_prefix = "GRA"; 38 39// [Grafeas](grafeas.io) API. 40// 41// Retrieves analysis results of Cloud components such as Docker container 42// images. 43// 44// Analysis results are stored as a series of occurrences. An `Occurrence` 45// contains information about a specific analysis instance on a resource. An 46// occurrence refers to a `Note`. A note contains details describing the 47// analysis and is generally stored in a separate project, called a `Provider`. 48// Multiple occurrences can refer to the same note. 49// 50// For example, an SSL vulnerability could affect multiple images. In this case, 51// there would be one note for the vulnerability and an occurrence for each 52// image with the vulnerability referring to that note. 53service GrafeasV1Beta1 { 54 option (google.api.default_host) = "containeranalysis.googleapis.com"; 55 option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 56 57 // Gets the specified occurrence. 58 rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) { 59 option (google.api.http) = { 60 get: "/v1beta1/{name=projects/*/occurrences/*}" 61 }; 62 } 63 64 // Lists occurrences for the specified project. 65 rpc ListOccurrences(ListOccurrencesRequest) 66 returns (ListOccurrencesResponse) { 67 option (google.api.http) = { 68 get: "/v1beta1/{parent=projects/*}/occurrences" 69 }; 70 } 71 72 // Deletes the specified occurrence. For example, use this method to delete an 73 // occurrence when the occurrence is no longer applicable for the given 74 // resource. 75 rpc DeleteOccurrence(DeleteOccurrenceRequest) 76 returns (google.protobuf.Empty) { 77 option (google.api.http) = { 78 delete: "/v1beta1/{name=projects/*/occurrences/*}" 79 }; 80 } 81 82 // Creates a new occurrence. 83 rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) { 84 option (google.api.http) = { 85 post: "/v1beta1/{parent=projects/*}/occurrences" 86 body: "occurrence" 87 }; 88 } 89 90 // Creates new occurrences in batch. 91 rpc BatchCreateOccurrences(BatchCreateOccurrencesRequest) 92 returns (BatchCreateOccurrencesResponse) { 93 option (google.api.http) = { 94 post: "/v1beta1/{parent=projects/*}/occurrences:batchCreate" 95 body: "*" 96 }; 97 } 98 99 // Updates the specified occurrence. 100 rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) { 101 option (google.api.http) = { 102 patch: "/v1beta1/{name=projects/*/occurrences/*}" 103 body: "occurrence" 104 }; 105 } 106 107 // Gets the note attached to the specified occurrence. Consumer projects can 108 // use this method to get a note that belongs to a provider project. 109 rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) { 110 option (google.api.http) = { 111 get: "/v1beta1/{name=projects/*/occurrences/*}/notes" 112 }; 113 } 114 115 // Gets the specified note. 116 rpc GetNote(GetNoteRequest) returns (Note) { 117 option (google.api.http) = { 118 get: "/v1beta1/{name=projects/*/notes/*}" 119 }; 120 } 121 122 // Lists notes for the specified project. 123 rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) { 124 option (google.api.http) = { 125 get: "/v1beta1/{parent=projects/*}/notes" 126 }; 127 } 128 129 // Deletes the specified note. 130 rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) { 131 option (google.api.http) = { 132 delete: "/v1beta1/{name=projects/*/notes/*}" 133 }; 134 } 135 136 // Creates a new note. 137 rpc CreateNote(CreateNoteRequest) returns (Note) { 138 option (google.api.http) = { 139 post: "/v1beta1/{parent=projects/*}/notes" 140 body: "note" 141 }; 142 } 143 144 // Creates new notes in batch. 145 rpc BatchCreateNotes(BatchCreateNotesRequest) 146 returns (BatchCreateNotesResponse) { 147 option (google.api.http) = { 148 post: "/v1beta1/{parent=projects/*}/notes:batchCreate" 149 body: "*" 150 }; 151 } 152 153 // Updates the specified note. 154 rpc UpdateNote(UpdateNoteRequest) returns (Note) { 155 option (google.api.http) = { 156 patch: "/v1beta1/{name=projects/*/notes/*}" 157 body: "note" 158 }; 159 } 160 161 // Lists occurrences referencing the specified note. Provider projects can use 162 // this method to get all occurrences across consumer projects referencing the 163 // specified note. 164 rpc ListNoteOccurrences(ListNoteOccurrencesRequest) 165 returns (ListNoteOccurrencesResponse) { 166 option (google.api.http) = { 167 get: "/v1beta1/{name=projects/*/notes/*}/occurrences" 168 }; 169 } 170 171 // Gets a summary of the number and severity of occurrences. 172 rpc GetVulnerabilityOccurrencesSummary( 173 GetVulnerabilityOccurrencesSummaryRequest) 174 returns (VulnerabilityOccurrencesSummary) { 175 option (google.api.http) = { 176 get: "/v1beta1/{parent=projects/*}/occurrences:vulnerabilitySummary" 177 }; 178 } 179} 180 181// An instance of an analysis type that has been found on a resource. 182message Occurrence { 183 // Output only. The name of the occurrence in the form of 184 // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. 185 string name = 1; 186 187 // Required. Immutable. The resource for which the occurrence applies. 188 Resource resource = 2; 189 190 // Required. Immutable. The analysis note associated with this occurrence, in 191 // the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be 192 // used as a filter in list requests. 193 string note_name = 3; 194 195 // Output only. This explicitly denotes which of the occurrence details are 196 // specified. This field can be used as a filter in list requests. 197 grafeas.v1beta1.NoteKind kind = 4; 198 199 // A description of actions that can be taken to remedy the note. 200 string remediation = 5; 201 202 // Output only. The time this occurrence was created. 203 google.protobuf.Timestamp create_time = 6; 204 205 // Output only. The time this occurrence was last updated. 206 google.protobuf.Timestamp update_time = 7; 207 208 // Required. Immutable. Describes the details of the note kind found on this 209 // resource. 210 oneof details { 211 // Describes a security vulnerability. 212 grafeas.v1beta1.vulnerability.Details vulnerability = 8; 213 // Describes a verifiable build. 214 grafeas.v1beta1.build.Details build = 9; 215 // Describes how this resource derives from the basis in the associated 216 // note. 217 grafeas.v1beta1.image.Details derived_image = 10; 218 // Describes the installation of a package on the linked resource. 219 grafeas.v1beta1.package.Details installation = 11; 220 // Describes the deployment of an artifact on a runtime. 221 grafeas.v1beta1.deployment.Details deployment = 12; 222 // Describes when a resource was discovered. 223 grafeas.v1beta1.discovery.Details discovered = 13; 224 // Describes an attestation of an artifact. 225 grafeas.v1beta1.attestation.Details attestation = 14; 226 } 227 228 // next_id = 15; 229} 230 231// An entity that can have metadata. For example, a Docker image. 232message Resource { 233 // The name of the resource. For example, the name of a Docker image - 234 // "Debian". 235 string name = 1; 236 // Required. The unique URI of the resource. For example, 237 // `https://gcr.io/project/image@sha256:foo` for a Docker image. 238 string uri = 2; 239 // The hash of the resource content. For example, the Docker digest. 240 grafeas.v1beta1.provenance.Hash content_hash = 3; 241 242 // next_id = 4; 243} 244 245// A type of analysis that can be done for a resource. 246message Note { 247 // Output only. The name of the note in the form of 248 // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 249 string name = 1; 250 251 // A one sentence description of this note. 252 string short_description = 2; 253 254 // A detailed description of this note. 255 string long_description = 3; 256 257 // Output only. The type of analysis. This field can be used as a filter in 258 // list requests. 259 grafeas.v1beta1.NoteKind kind = 4; 260 261 // URLs associated with this note. 262 repeated grafeas.v1beta1.RelatedUrl related_url = 5; 263 264 // Time of expiration for this note. Empty if note does not expire. 265 google.protobuf.Timestamp expiration_time = 6; 266 267 // Output only. The time this note was created. This field can be used as a 268 // filter in list requests. 269 google.protobuf.Timestamp create_time = 7; 270 271 // Output only. The time this note was last updated. This field can be used as 272 // a filter in list requests. 273 google.protobuf.Timestamp update_time = 8; 274 275 // Other notes related to this note. 276 repeated string related_note_names = 9; 277 278 // Required. Immutable. The type of analysis this note represents. 279 oneof type { 280 // A note describing a package vulnerability. 281 grafeas.v1beta1.vulnerability.Vulnerability vulnerability = 10; 282 // A note describing build provenance for a verifiable build. 283 grafeas.v1beta1.build.Build build = 11; 284 // A note describing a base image. 285 grafeas.v1beta1.image.Basis base_image = 12; 286 // A note describing a package hosted by various package managers. 287 grafeas.v1beta1.package.Package package = 13; 288 // A note describing something that can be deployed. 289 grafeas.v1beta1.deployment.Deployable deployable = 14; 290 // A note describing the initial analysis of a resource. 291 grafeas.v1beta1.discovery.Discovery discovery = 15; 292 // A note describing an attestation role. 293 grafeas.v1beta1.attestation.Authority attestation_authority = 16; 294 } 295 296 // next_id = 17; 297} 298 299// Request to get an occurrence. 300message GetOccurrenceRequest { 301 // The name of the occurrence in the form of 302 // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. 303 string name = 1; 304} 305 306// Request to list occurrences. 307message ListOccurrencesRequest { 308 // The name of the project to list occurrences for in the form of 309 // `projects/[PROJECT_ID]`. 310 string parent = 1; 311 312 // The filter expression. 313 string filter = 2; 314 315 // Number of occurrences to return in the list. 316 int32 page_size = 3; 317 318 // Token to provide to skip to a particular spot in the list. 319 string page_token = 4; 320 321 // next_id = 7; 322} 323 324// Response for listing occurrences. 325message ListOccurrencesResponse { 326 // The occurrences requested. 327 repeated Occurrence occurrences = 1; 328 // The next pagination token in the list response. It should be used as 329 // `page_token` for the following request. An empty value means no more 330 // results. 331 string next_page_token = 2; 332} 333 334// Request to delete a occurrence. 335message DeleteOccurrenceRequest { 336 // The name of the occurrence in the form of 337 // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. 338 string name = 1; 339} 340 341// Request to create a new occurrence. 342message CreateOccurrenceRequest { 343 // The name of the project in the form of `projects/[PROJECT_ID]`, under which 344 // the occurrence is to be created. 345 string parent = 1; 346 // The occurrence to create. 347 Occurrence occurrence = 2; 348} 349 350// Request to update an occurrence. 351message UpdateOccurrenceRequest { 352 // The name of the occurrence in the form of 353 // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. 354 string name = 1; 355 // The updated occurrence. 356 Occurrence occurrence = 2; 357 // The fields to update. 358 google.protobuf.FieldMask update_mask = 3; 359} 360 361// Request to get a note. 362message GetNoteRequest { 363 // The name of the note in the form of 364 // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 365 string name = 1; 366} 367 368// Request to get the note to which the specified occurrence is attached. 369message GetOccurrenceNoteRequest { 370 // The name of the occurrence in the form of 371 // `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. 372 string name = 1; 373} 374 375// Request to list notes. 376message ListNotesRequest { 377 // The name of the project to list notes for in the form of 378 // `projects/[PROJECT_ID]`. 379 string parent = 1; 380 // The filter expression. 381 string filter = 2; 382 // Number of notes to return in the list. 383 int32 page_size = 3; 384 // Token to provide to skip to a particular spot in the list. 385 string page_token = 4; 386} 387 388// Response for listing notes. 389message ListNotesResponse { 390 // The notes requested. 391 repeated Note notes = 1; 392 // The next pagination token in the list response. It should be used as 393 // `page_token` for the following request. An empty value means no more 394 // results. 395 string next_page_token = 2; 396} 397 398// Request to delete a note. 399message DeleteNoteRequest { 400 // The name of the note in the form of 401 // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 402 string name = 1; 403} 404 405// Request to create a new note. 406message CreateNoteRequest { 407 // The name of the project in the form of `projects/[PROJECT_ID]`, under which 408 // the note is to be created. 409 string parent = 1; 410 // The ID to use for this note. 411 string note_id = 2; 412 // The note to create. 413 Note note = 3; 414} 415 416// Request to update a note. 417message UpdateNoteRequest { 418 // The name of the note in the form of 419 // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 420 string name = 1; 421 // The updated note. 422 Note note = 2; 423 // The fields to update. 424 google.protobuf.FieldMask update_mask = 3; 425} 426 427// Request to list occurrences for a note. 428message ListNoteOccurrencesRequest { 429 // The name of the note to list occurrences for in the form of 430 // `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 431 string name = 1; 432 // The filter expression. 433 string filter = 2; 434 // Number of occurrences to return in the list. 435 int32 page_size = 3; 436 // Token to provide to skip to a particular spot in the list. 437 string page_token = 4; 438} 439 440// Response for listing occurrences for a note. 441message ListNoteOccurrencesResponse { 442 // The occurrences attached to the specified note. 443 repeated Occurrence occurrences = 1; 444 // Token to provide to skip to a particular spot in the list. 445 string next_page_token = 2; 446} 447 448// Request to create notes in batch. 449message BatchCreateNotesRequest { 450 // The name of the project in the form of `projects/[PROJECT_ID]`, under which 451 // the notes are to be created. 452 string parent = 1; 453 454 // The notes to create. 455 map<string, Note> notes = 2; 456} 457 458// Response for creating notes in batch. 459message BatchCreateNotesResponse { 460 // The notes that were created. 461 repeated Note notes = 1; 462} 463 464// Request to create occurrences in batch. 465message BatchCreateOccurrencesRequest { 466 // The name of the project in the form of `projects/[PROJECT_ID]`, under which 467 // the occurrences are to be created. 468 string parent = 1; 469 // The occurrences to create. 470 repeated Occurrence occurrences = 2; 471} 472 473// Response for creating occurrences in batch. 474message BatchCreateOccurrencesResponse { 475 // The occurrences that were created. 476 repeated Occurrence occurrences = 1; 477} 478 479// Request to get a vulnerability summary for some set of occurrences. 480message GetVulnerabilityOccurrencesSummaryRequest { 481 // The name of the project to get a vulnerability summary for in the form of 482 // `projects/[PROJECT_ID]`. 483 string parent = 1; 484 // The filter expression. 485 string filter = 2; 486} 487 488// A summary of how many vulnerability occurrences there are per resource and 489// severity type. 490message VulnerabilityOccurrencesSummary { 491 // A listing by resource of the number of fixable and total vulnerabilities. 492 repeated FixableTotalByDigest counts = 1; 493 494 // Per resource and severity counts of fixable and total vulnerabilities. 495 message FixableTotalByDigest { 496 // The affected resource. 497 Resource resource = 1; 498 // The severity for this count. SEVERITY_UNSPECIFIED indicates total across 499 // all severities. 500 grafeas.v1beta1.vulnerability.Severity severity = 2; 501 // The number of fixable vulnerabilities associated with this resource. 502 int64 fixable_count = 3; 503 // The total number of vulnerabilities associated with this resource. 504 int64 total_count = 4; 505 } 506} 507