ondemandscanning/v1 library

On-Demand Scanning API - v1

A service to scan container images for vulnerabilities.

For more information, see cloud.google.com/container-analysis/docs/on-demand-scanning/

Create an instance of OnDemandScanningApi to access these resources:

Classes

AnalyzePackagesRequestV1
AnalyzePackagesRequest is the request to analyze a list of packages and create Vulnerability Occurrences for it.
AttestationOccurrence
Occurrence that represents a single "attestation".
BinarySourceInfo
BuildDefinition
BuildOccurrence
Details of a build occurrence.
BuildProvenance
Provenance of a build.
CloudRepoSourceContext
A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.
ComplianceOccurrence
An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
DiscoveryOccurrence
Provides information about the analysis status of a discovered resource.
DSSEAttestationOccurrence
Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
Envelope
MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto.
FileHashes
Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
GerritSourceContext
A SourceContext referring to a Gerrit project.
GrafeasV1SlsaProvenanceZeroTwoSlsaInvocation
Identifies the event that kicked off the build.
GrafeasV1SlsaProvenanceZeroTwoSlsaMetadata
Other properties of the build.
ImageOccurrence
Details of the derived image portion of the DockerImage relationship.
InTotoProvenance
InTotoSlsaProvenanceV1
InTotoStatement
Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload.
LanguagePackageDependency
Indicates a language package available between this package and the customer's resource artifact.
ListOperationsResponse
The response message for Operations.ListOperations.
ListVulnerabilitiesResponseV1
ListVulnerabilitiesResponse contains a single page of vulnerabilities resulting from a scan.
Location
An occurrence of a particular package installation found within a system's filesystem.
Maintainer
Metadata
Other properties of the build.
Occurrence
An instance of an analysis type that has been found on a resource.
OnDemandScanningApi
A service to scan container images for vulnerabilities.
Operation
This resource represents a long-running operation that is the result of a network API call.
PackageData
PackageIssue
A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
PackageOccurrence
Details on how a particular software package was installed on a system.
PackageVersion
ProjectsLocationsOperationsResource
ProjectsLocationsResource
ProjectsLocationsScansResource
ProjectsLocationsScansVulnerabilitiesResource
ProjectsResource
ProvenanceBuilder
Remediation
Specifies details on how to handle (and presumably, fix) a vulnerability.
RepoId
A unique identifier for a Cloud Repo.
RunDetails
SbomReferenceIntotoPayload
The actual payload that contains the SBOM Reference data.
SBOMReferenceOccurrence
The occurrence representing an SBOM reference as applied to a specific resource.
SlsaMetadata
Other properties of the build.
SlsaProvenance
SlsaProvenanceV1
Keep in sync with schema at https://github.com/slsa-framework/slsa/blob/main/docs/provenance/schema/v1/provenance.proto Builder renamed to ProvenanceBuilder because of Java conflicts.
SlsaProvenanceZeroTwo
See full explanation of fields at slsa.dev/provenance/v0.2.
Source
Source describes the location of the source used for the build.
SourceContext
A SourceContext is a reference to a tree of files.
UpgradeOccurrence
An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade.
VexAssessment
VexAssessment provides all publisher provided Vex information that is related to this vulnerability.
VulnerabilityOccurrence
An occurrence of a severity vulnerability on a resource.
WindowsUpdate
Windows Update represents the metadata about the update for the Windows operating system.

Typedefs

AliasContext = $AliasContext
An alias to a repo revision.
AnalysisCompleted = $AnalysisCompleted
Indicates which analysis completed successfully.
Artifact = $Artifact
Artifact describes a build product.
BuilderConfig = $Shared00
BuildMetadata = $BuildMetadata
Category = $Category
The category to which the update belongs.
Command = $Command
Command describes a step performed as part of the build pipeline.
Completeness = $Completeness
Indicates that the builder claims certain fields in this message to be complete.
CVSS = $CVSS
Common Vulnerability Scoring System.
DeploymentOccurrence = $DeploymentOccurrence
The period during which some deployable was active in a runtime.
Empty = $Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
EnvelopeSignature = $EnvelopeSignature
FileLocation = $FileLocation
Indicates the location at which a package was found.
Fingerprint = $Fingerprint
A set of properties that uniquely identify a given Docker image.
GitSourceContext = $GitSourceContext
A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).
GrafeasV1FileLocation = $FileLocation
Indicates the location at which a package was found.
GrafeasV1SlsaProvenanceZeroTwoSlsaBuilder = $Shared00
Identifies the entity that executed the recipe, which is trusted to have correctly performed the operation and populated this provenance.
GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness = $GrafeasV1SlsaProvenanceZeroTwoSlsaCompleteness
Indicates that the builder claims certain fields in this message to be complete.
GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource = $GrafeasV1SlsaProvenanceZeroTwoSlsaConfigSource
Describes where the config file that kicked off the build came from.
GrafeasV1SlsaProvenanceZeroTwoSlsaMaterial = $Material
The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on.
Hash = $Hash
Container message for hash values.
Identity = $Identity
The unique identifier of the update.
Justification = $Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
Jwt = $Jwt
Layer = $Layer
Layer holds metadata specific to a layer of a Docker image.
License = $License
License information.
Material = $Material
NonCompliantFile = $NonCompliantFile
Details about files that caused a compliance check to fail.
ProjectRepoId = $ProjectRepoId
Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.
Recipe = $Recipe
Steps taken to build the artifact.
RelatedUrl = $RelatedUrl
Metadata for any related URL information.
ResourceDescriptor = $ResourceDescriptor
SbomReferenceIntotoPredicate = $SbomReferenceIntotoPredicate
A predicate which describes the SBOM being referenced.
SBOMStatus = $SBOMStatus
The status of an SBOM generation.
Signature = $Signature
Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
SlsaBuilder = $Shared00
SlsaCompleteness = $Completeness
Indicates that the builder claims certain fields in this message to be complete.
SlsaRecipe = $SlsaRecipe
Steps taken to build the artifact.
Status = $Status
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.
Subject = $Subject
UpgradeDistribution = $UpgradeDistribution
The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE).
Version = $Version
Version contains structured information about the version of a package.

Exceptions / Errors

ApiRequestError
Represents a general error reported by the API endpoint.
DetailedApiRequestError
Represents a specific error reported by the API endpoint.