Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.containeranalysis/v1beta1.Note
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new note. Auto-naming is currently not supported for this resource.
Create Note Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Note(name: string, args: NoteArgs, opts?: CustomResourceOptions);
@overload
def Note(resource_name: str,
args: NoteArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Note(resource_name: str,
opts: Optional[ResourceOptions] = None,
note_id: Optional[str] = None,
project: Optional[str] = None,
spdx_relationship: Optional[RelationshipNoteArgs] = None,
deployable: Optional[DeployableArgs] = None,
discovery: Optional[DiscoveryArgs] = None,
expiration_time: Optional[str] = None,
intoto: Optional[InTotoArgs] = None,
long_description: Optional[str] = None,
related_note_names: Optional[Sequence[str]] = None,
vulnerability_assessment: Optional[VulnerabilityAssessmentNoteArgs] = None,
build: Optional[BuildArgs] = None,
base_image: Optional[BasisArgs] = None,
related_url: Optional[Sequence[RelatedUrlArgs]] = None,
sbom: Optional[DocumentNoteArgs] = None,
sbom_reference: Optional[SBOMReferenceNoteArgs] = None,
short_description: Optional[str] = None,
spdx_file: Optional[FileNoteArgs] = None,
spdx_package: Optional[PackageInfoNoteArgs] = None,
attestation_authority: Optional[AuthorityArgs] = None,
vulnerability: Optional[VulnerabilityArgs] = None,
package: Optional[PackageArgs] = None)
func NewNote(ctx *Context, name string, args NoteArgs, opts ...ResourceOption) (*Note, error)
public Note(string name, NoteArgs args, CustomResourceOptions? opts = null)
type: google-native:containeranalysis/v1beta1:Note
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NoteArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplenoteResourceResourceFromContaineranalysisv1beta1 = new GoogleNative.ContainerAnalysis.V1Beta1.Note("examplenoteResourceResourceFromContaineranalysisv1beta1", new()
{
NoteId = "string",
Project = "string",
SpdxRelationship = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.RelationshipNoteArgs
{
Type = GoogleNative.ContainerAnalysis.V1Beta1.RelationshipNoteType.RelationshipTypeUnspecified,
},
Deployable = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DeployableArgs
{
ResourceUri = new[]
{
"string",
},
},
Discovery = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DiscoveryArgs
{
AnalysisKind = GoogleNative.ContainerAnalysis.V1Beta1.DiscoveryAnalysisKind.NoteKindUnspecified,
},
ExpirationTime = "string",
Intoto = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.InTotoArgs
{
ExpectedCommand = new[]
{
"string",
},
ExpectedMaterials = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ArtifactRuleArgs
{
ArtifactRule = new[]
{
"string",
},
},
},
ExpectedProducts = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ArtifactRuleArgs
{
ArtifactRule = new[]
{
"string",
},
},
},
SigningKeys = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.SigningKeyArgs
{
KeyId = "string",
KeyScheme = "string",
KeyType = "string",
PublicKeyValue = "string",
},
},
StepName = "string",
Threshold = "string",
},
LongDescription = "string",
RelatedNoteNames = new[]
{
"string",
},
VulnerabilityAssessment = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VulnerabilityAssessmentNoteArgs
{
Assessment = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.AssessmentArgs
{
Impacts = new[]
{
"string",
},
Justification = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.JustificationArgs
{
Details = "string",
JustificationType = GoogleNative.ContainerAnalysis.V1Beta1.JustificationJustificationType.JustificationTypeUnspecified,
},
LongDescription = "string",
RelatedUris = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.RelatedUrlArgs
{
Label = "string",
Url = "string",
},
},
Remediations = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.RemediationArgs
{
Details = "string",
RemediationType = GoogleNative.ContainerAnalysis.V1Beta1.RemediationRemediationType.RemediationTypeUnspecified,
RemediationUri = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.RelatedUrlArgs
{
Label = "string",
Url = "string",
},
},
},
ShortDescription = "string",
State = GoogleNative.ContainerAnalysis.V1Beta1.AssessmentState.StateUnspecified,
VulnerabilityId = "string",
},
LanguageCode = "string",
LongDescription = "string",
Product = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ProductArgs
{
GenericUri = "string",
Id = "string",
Name = "string",
},
Publisher = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.PublisherArgs
{
IssuingAuthority = "string",
Name = "string",
PublisherNamespace = "string",
},
ShortDescription = "string",
Title = "string",
},
Build = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.BuildArgs
{
BuilderVersion = "string",
Signature = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.BuildSignatureArgs
{
Signature = "string",
KeyId = "string",
KeyType = GoogleNative.ContainerAnalysis.V1Beta1.BuildSignatureKeyType.KeyTypeUnspecified,
PublicKey = "string",
},
},
BaseImage = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.BasisArgs
{
Fingerprint = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.FingerprintArgs
{
V1Name = "string",
V2Blob = new[]
{
"string",
},
},
ResourceUrl = "string",
},
RelatedUrl = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.RelatedUrlArgs
{
Label = "string",
Url = "string",
},
},
Sbom = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DocumentNoteArgs
{
DataLicence = "string",
SpdxVersion = "string",
},
SbomReference = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.SBOMReferenceNoteArgs
{
Format = "string",
Version = "string",
},
ShortDescription = "string",
SpdxFile = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.FileNoteArgs
{
Checksum = new[]
{
"string",
},
FileType = GoogleNative.ContainerAnalysis.V1Beta1.FileNoteFileType.FileTypeUnspecified,
Title = "string",
},
SpdxPackage = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.PackageInfoNoteArgs
{
Analyzed = false,
Attribution = "string",
Checksum = "string",
Copyright = "string",
DetailedDescription = "string",
DownloadLocation = "string",
ExternalRefs = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.ExternalRefArgs
{
Category = GoogleNative.ContainerAnalysis.V1Beta1.ExternalRefCategory.CategoryUnspecified,
Comment = "string",
Locator = "string",
Type = "string",
},
},
FilesLicenseInfo = new[]
{
"string",
},
HomePage = "string",
LicenseDeclared = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.LicenseArgs
{
Comments = "string",
Expression = "string",
},
Originator = "string",
PackageType = "string",
SummaryDescription = "string",
Supplier = "string",
Title = "string",
VerificationCode = "string",
Version = "string",
},
AttestationAuthority = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.AuthorityArgs
{
Hint = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.HintArgs
{
HumanReadableName = "string",
},
},
Vulnerability = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VulnerabilityArgs
{
CvssScore = 0,
CvssV2 = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.CVSSArgs
{
AttackComplexity = GoogleNative.ContainerAnalysis.V1Beta1.CVSSAttackComplexity.AttackComplexityUnspecified,
AttackVector = GoogleNative.ContainerAnalysis.V1Beta1.CVSSAttackVector.AttackVectorUnspecified,
Authentication = GoogleNative.ContainerAnalysis.V1Beta1.CVSSAuthentication.AuthenticationUnspecified,
AvailabilityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSAvailabilityImpact.ImpactUnspecified,
BaseScore = 0,
ConfidentialityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSConfidentialityImpact.ImpactUnspecified,
ExploitabilityScore = 0,
ImpactScore = 0,
IntegrityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSIntegrityImpact.ImpactUnspecified,
PrivilegesRequired = GoogleNative.ContainerAnalysis.V1Beta1.CVSSPrivilegesRequired.PrivilegesRequiredUnspecified,
Scope = GoogleNative.ContainerAnalysis.V1Beta1.CVSSScope.ScopeUnspecified,
UserInteraction = GoogleNative.ContainerAnalysis.V1Beta1.CVSSUserInteraction.UserInteractionUnspecified,
},
CvssV3 = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.CVSSv3Args
{
AttackComplexity = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3AttackComplexity.AttackComplexityUnspecified,
AttackVector = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3AttackVector.AttackVectorUnspecified,
AvailabilityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3AvailabilityImpact.ImpactUnspecified,
BaseScore = 0,
ConfidentialityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3ConfidentialityImpact.ImpactUnspecified,
ExploitabilityScore = 0,
ImpactScore = 0,
IntegrityImpact = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3IntegrityImpact.ImpactUnspecified,
PrivilegesRequired = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3PrivilegesRequired.PrivilegesRequiredUnspecified,
Scope = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3Scope.ScopeUnspecified,
UserInteraction = GoogleNative.ContainerAnalysis.V1Beta1.CVSSv3UserInteraction.UserInteractionUnspecified,
},
CvssVersion = GoogleNative.ContainerAnalysis.V1Beta1.VulnerabilityCvssVersion.CvssVersionUnspecified,
Cwe = new[]
{
"string",
},
Details = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DetailArgs
{
CpeUri = "string",
Package = "string",
Description = "string",
FixedLocation = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VulnerabilityLocationArgs
{
CpeUri = "string",
Package = "string",
Version = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionArgs
{
Kind = GoogleNative.ContainerAnalysis.V1Beta1.VersionKind.VersionKindUnspecified,
Epoch = 0,
Inclusive = false,
Name = "string",
Revision = "string",
},
},
IsObsolete = false,
MaxAffectedVersion = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionArgs
{
Kind = GoogleNative.ContainerAnalysis.V1Beta1.VersionKind.VersionKindUnspecified,
Epoch = 0,
Inclusive = false,
Name = "string",
Revision = "string",
},
MinAffectedVersion = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionArgs
{
Kind = GoogleNative.ContainerAnalysis.V1Beta1.VersionKind.VersionKindUnspecified,
Epoch = 0,
Inclusive = false,
Name = "string",
Revision = "string",
},
PackageType = "string",
SeverityName = "string",
Source = "string",
SourceUpdateTime = "string",
Vendor = "string",
},
},
Severity = GoogleNative.ContainerAnalysis.V1Beta1.VulnerabilitySeverity.SeverityUnspecified,
SourceUpdateTime = "string",
WindowsDetails = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.WindowsDetailArgs
{
CpeUri = "string",
FixingKbs = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.KnowledgeBaseArgs
{
Name = "string",
Url = "string",
},
},
Name = "string",
Description = "string",
},
},
},
Package = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.PackageArgs
{
Name = "string",
Architecture = GoogleNative.ContainerAnalysis.V1Beta1.PackageArchitecture.ArchitectureUnspecified,
CpeUri = "string",
Description = "string",
Digest = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DigestArgs
{
Algo = "string",
DigestBytes = "string",
},
},
Distribution = new[]
{
new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.DistributionArgs
{
CpeUri = "string",
Architecture = GoogleNative.ContainerAnalysis.V1Beta1.DistributionArchitecture.ArchitectureUnspecified,
Description = "string",
LatestVersion = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionArgs
{
Kind = GoogleNative.ContainerAnalysis.V1Beta1.VersionKind.VersionKindUnspecified,
Epoch = 0,
Inclusive = false,
Name = "string",
Revision = "string",
},
Maintainer = "string",
Url = "string",
},
},
License = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.LicenseArgs
{
Comments = "string",
Expression = "string",
},
Maintainer = "string",
PackageType = "string",
Url = "string",
Version = new GoogleNative.ContainerAnalysis.V1Beta1.Inputs.VersionArgs
{
Kind = GoogleNative.ContainerAnalysis.V1Beta1.VersionKind.VersionKindUnspecified,
Epoch = 0,
Inclusive = false,
Name = "string",
Revision = "string",
},
},
});
example, err := containeranalysisv1beta1.NewNote(ctx, "examplenoteResourceResourceFromContaineranalysisv1beta1", &containeranalysisv1beta1.NoteArgs{
NoteId: pulumi.String("string"),
Project: pulumi.String("string"),
SpdxRelationship: &containeranalysis.RelationshipNoteArgs{
Type: containeranalysisv1beta1.RelationshipNoteTypeRelationshipTypeUnspecified,
},
Deployable: &containeranalysis.DeployableArgs{
ResourceUri: pulumi.StringArray{
pulumi.String("string"),
},
},
Discovery: &containeranalysis.DiscoveryArgs{
AnalysisKind: containeranalysisv1beta1.DiscoveryAnalysisKindNoteKindUnspecified,
},
ExpirationTime: pulumi.String("string"),
Intoto: &containeranalysis.InTotoArgs{
ExpectedCommand: pulumi.StringArray{
pulumi.String("string"),
},
ExpectedMaterials: containeranalysis.ArtifactRuleArray{
&containeranalysis.ArtifactRuleArgs{
ArtifactRule: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ExpectedProducts: containeranalysis.ArtifactRuleArray{
&containeranalysis.ArtifactRuleArgs{
ArtifactRule: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SigningKeys: containeranalysis.SigningKeyArray{
&containeranalysis.SigningKeyArgs{
KeyId: pulumi.String("string"),
KeyScheme: pulumi.String("string"),
KeyType: pulumi.String("string"),
PublicKeyValue: pulumi.String("string"),
},
},
StepName: pulumi.String("string"),
Threshold: pulumi.String("string"),
},
LongDescription: pulumi.String("string"),
RelatedNoteNames: pulumi.StringArray{
pulumi.String("string"),
},
VulnerabilityAssessment: &containeranalysis.VulnerabilityAssessmentNoteArgs{
Assessment: &containeranalysis.AssessmentArgs{
Impacts: pulumi.StringArray{
pulumi.String("string"),
},
Justification: &containeranalysis.JustificationArgs{
Details: pulumi.String("string"),
JustificationType: containeranalysisv1beta1.JustificationJustificationTypeJustificationTypeUnspecified,
},
LongDescription: pulumi.String("string"),
RelatedUris: containeranalysis.RelatedUrlArray{
&containeranalysis.RelatedUrlArgs{
Label: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
Remediations: containeranalysis.RemediationArray{
&containeranalysis.RemediationArgs{
Details: pulumi.String("string"),
RemediationType: containeranalysisv1beta1.RemediationRemediationTypeRemediationTypeUnspecified,
RemediationUri: &containeranalysis.RelatedUrlArgs{
Label: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
},
ShortDescription: pulumi.String("string"),
State: containeranalysisv1beta1.AssessmentStateStateUnspecified,
VulnerabilityId: pulumi.String("string"),
},
LanguageCode: pulumi.String("string"),
LongDescription: pulumi.String("string"),
Product: &containeranalysis.ProductArgs{
GenericUri: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
Publisher: &containeranalysis.PublisherArgs{
IssuingAuthority: pulumi.String("string"),
Name: pulumi.String("string"),
PublisherNamespace: pulumi.String("string"),
},
ShortDescription: pulumi.String("string"),
Title: pulumi.String("string"),
},
Build: &containeranalysis.BuildArgs{
BuilderVersion: pulumi.String("string"),
Signature: &containeranalysis.BuildSignatureArgs{
Signature: pulumi.String("string"),
KeyId: pulumi.String("string"),
KeyType: containeranalysisv1beta1.BuildSignatureKeyTypeKeyTypeUnspecified,
PublicKey: pulumi.String("string"),
},
},
BaseImage: &containeranalysis.BasisArgs{
Fingerprint: &containeranalysis.FingerprintArgs{
V1Name: pulumi.String("string"),
V2Blob: pulumi.StringArray{
pulumi.String("string"),
},
},
ResourceUrl: pulumi.String("string"),
},
RelatedUrl: containeranalysis.RelatedUrlArray{
&containeranalysis.RelatedUrlArgs{
Label: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
Sbom: &containeranalysis.DocumentNoteArgs{
DataLicence: pulumi.String("string"),
SpdxVersion: pulumi.String("string"),
},
SbomReference: &containeranalysis.SBOMReferenceNoteArgs{
Format: pulumi.String("string"),
Version: pulumi.String("string"),
},
ShortDescription: pulumi.String("string"),
SpdxFile: &containeranalysis.FileNoteArgs{
Checksum: pulumi.StringArray{
pulumi.String("string"),
},
FileType: containeranalysisv1beta1.FileNoteFileTypeFileTypeUnspecified,
Title: pulumi.String("string"),
},
SpdxPackage: &containeranalysis.PackageInfoNoteArgs{
Analyzed: pulumi.Bool(false),
Attribution: pulumi.String("string"),
Checksum: pulumi.String("string"),
Copyright: pulumi.String("string"),
DetailedDescription: pulumi.String("string"),
DownloadLocation: pulumi.String("string"),
ExternalRefs: containeranalysis.ExternalRefArray{
&containeranalysis.ExternalRefArgs{
Category: containeranalysisv1beta1.ExternalRefCategoryCategoryUnspecified,
Comment: pulumi.String("string"),
Locator: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
FilesLicenseInfo: pulumi.StringArray{
pulumi.String("string"),
},
HomePage: pulumi.String("string"),
LicenseDeclared: &containeranalysis.LicenseArgs{
Comments: pulumi.String("string"),
Expression: pulumi.String("string"),
},
Originator: pulumi.String("string"),
PackageType: pulumi.String("string"),
SummaryDescription: pulumi.String("string"),
Supplier: pulumi.String("string"),
Title: pulumi.String("string"),
VerificationCode: pulumi.String("string"),
Version: pulumi.String("string"),
},
AttestationAuthority: &containeranalysis.AuthorityArgs{
Hint: &containeranalysis.HintArgs{
HumanReadableName: pulumi.String("string"),
},
},
Vulnerability: &containeranalysis.VulnerabilityArgs{
CvssScore: pulumi.Float64(0),
CvssV2: &containeranalysis.CVSSArgs{
AttackComplexity: containeranalysisv1beta1.CVSSAttackComplexityAttackComplexityUnspecified,
AttackVector: containeranalysisv1beta1.CVSSAttackVectorAttackVectorUnspecified,
Authentication: containeranalysisv1beta1.CVSSAuthenticationAuthenticationUnspecified,
AvailabilityImpact: containeranalysisv1beta1.CVSSAvailabilityImpactImpactUnspecified,
BaseScore: pulumi.Float64(0),
ConfidentialityImpact: containeranalysisv1beta1.CVSSConfidentialityImpactImpactUnspecified,
ExploitabilityScore: pulumi.Float64(0),
ImpactScore: pulumi.Float64(0),
IntegrityImpact: containeranalysisv1beta1.CVSSIntegrityImpactImpactUnspecified,
PrivilegesRequired: containeranalysisv1beta1.CVSSPrivilegesRequiredPrivilegesRequiredUnspecified,
Scope: containeranalysisv1beta1.CVSSScopeScopeUnspecified,
UserInteraction: containeranalysisv1beta1.CVSSUserInteractionUserInteractionUnspecified,
},
CvssV3: &containeranalysis.CVSSv3Args{
AttackComplexity: containeranalysisv1beta1.CVSSv3AttackComplexityAttackComplexityUnspecified,
AttackVector: containeranalysisv1beta1.CVSSv3AttackVectorAttackVectorUnspecified,
AvailabilityImpact: containeranalysisv1beta1.CVSSv3AvailabilityImpactImpactUnspecified,
BaseScore: pulumi.Float64(0),
ConfidentialityImpact: containeranalysisv1beta1.CVSSv3ConfidentialityImpactImpactUnspecified,
ExploitabilityScore: pulumi.Float64(0),
ImpactScore: pulumi.Float64(0),
IntegrityImpact: containeranalysisv1beta1.CVSSv3IntegrityImpactImpactUnspecified,
PrivilegesRequired: containeranalysisv1beta1.CVSSv3PrivilegesRequiredPrivilegesRequiredUnspecified,
Scope: containeranalysisv1beta1.CVSSv3ScopeScopeUnspecified,
UserInteraction: containeranalysisv1beta1.CVSSv3UserInteractionUserInteractionUnspecified,
},
CvssVersion: containeranalysisv1beta1.VulnerabilityCvssVersionCvssVersionUnspecified,
Cwe: pulumi.StringArray{
pulumi.String("string"),
},
Details: containeranalysis.DetailArray{
&containeranalysis.DetailArgs{
CpeUri: pulumi.String("string"),
Package: pulumi.String("string"),
Description: pulumi.String("string"),
FixedLocation: &containeranalysis.VulnerabilityLocationArgs{
CpeUri: pulumi.String("string"),
Package: pulumi.String("string"),
Version: &containeranalysis.VersionArgs{
Kind: containeranalysisv1beta1.VersionKindVersionKindUnspecified,
Epoch: pulumi.Int(0),
Inclusive: pulumi.Bool(false),
Name: pulumi.String("string"),
Revision: pulumi.String("string"),
},
},
IsObsolete: pulumi.Bool(false),
MaxAffectedVersion: &containeranalysis.VersionArgs{
Kind: containeranalysisv1beta1.VersionKindVersionKindUnspecified,
Epoch: pulumi.Int(0),
Inclusive: pulumi.Bool(false),
Name: pulumi.String("string"),
Revision: pulumi.String("string"),
},
MinAffectedVersion: &containeranalysis.VersionArgs{
Kind: containeranalysisv1beta1.VersionKindVersionKindUnspecified,
Epoch: pulumi.Int(0),
Inclusive: pulumi.Bool(false),
Name: pulumi.String("string"),
Revision: pulumi.String("string"),
},
PackageType: pulumi.String("string"),
SeverityName: pulumi.String("string"),
Source: pulumi.String("string"),
SourceUpdateTime: pulumi.String("string"),
Vendor: pulumi.String("string"),
},
},
Severity: containeranalysisv1beta1.VulnerabilitySeveritySeverityUnspecified,
SourceUpdateTime: pulumi.String("string"),
WindowsDetails: containeranalysis.WindowsDetailArray{
&containeranalysis.WindowsDetailArgs{
CpeUri: pulumi.String("string"),
FixingKbs: containeranalysis.KnowledgeBaseArray{
&containeranalysis.KnowledgeBaseArgs{
Name: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Description: pulumi.String("string"),
},
},
},
Package: &containeranalysis.PackageArgs{
Name: pulumi.String("string"),
Architecture: containeranalysisv1beta1.PackageArchitectureArchitectureUnspecified,
CpeUri: pulumi.String("string"),
Description: pulumi.String("string"),
Digest: containeranalysis.DigestArray{
&containeranalysis.DigestArgs{
Algo: pulumi.String("string"),
DigestBytes: pulumi.String("string"),
},
},
Distribution: containeranalysis.DistributionArray{
&containeranalysis.DistributionArgs{
CpeUri: pulumi.String("string"),
Architecture: containeranalysisv1beta1.DistributionArchitectureArchitectureUnspecified,
Description: pulumi.String("string"),
LatestVersion: &containeranalysis.VersionArgs{
Kind: containeranalysisv1beta1.VersionKindVersionKindUnspecified,
Epoch: pulumi.Int(0),
Inclusive: pulumi.Bool(false),
Name: pulumi.String("string"),
Revision: pulumi.String("string"),
},
Maintainer: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
License: &containeranalysis.LicenseArgs{
Comments: pulumi.String("string"),
Expression: pulumi.String("string"),
},
Maintainer: pulumi.String("string"),
PackageType: pulumi.String("string"),
Url: pulumi.String("string"),
Version: &containeranalysis.VersionArgs{
Kind: containeranalysisv1beta1.VersionKindVersionKindUnspecified,
Epoch: pulumi.Int(0),
Inclusive: pulumi.Bool(false),
Name: pulumi.String("string"),
Revision: pulumi.String("string"),
},
},
})
var examplenoteResourceResourceFromContaineranalysisv1beta1 = new Note("examplenoteResourceResourceFromContaineranalysisv1beta1", NoteArgs.builder()
.noteId("string")
.project("string")
.spdxRelationship(RelationshipNoteArgs.builder()
.type("RELATIONSHIP_TYPE_UNSPECIFIED")
.build())
.deployable(DeployableArgs.builder()
.resourceUri("string")
.build())
.discovery(DiscoveryArgs.builder()
.analysisKind("NOTE_KIND_UNSPECIFIED")
.build())
.expirationTime("string")
.intoto(InTotoArgs.builder()
.expectedCommand("string")
.expectedMaterials(ArtifactRuleArgs.builder()
.artifactRule("string")
.build())
.expectedProducts(ArtifactRuleArgs.builder()
.artifactRule("string")
.build())
.signingKeys(SigningKeyArgs.builder()
.keyId("string")
.keyScheme("string")
.keyType("string")
.publicKeyValue("string")
.build())
.stepName("string")
.threshold("string")
.build())
.longDescription("string")
.relatedNoteNames("string")
.vulnerabilityAssessment(VulnerabilityAssessmentNoteArgs.builder()
.assessment(AssessmentArgs.builder()
.impacts("string")
.justification(JustificationArgs.builder()
.details("string")
.justificationType("JUSTIFICATION_TYPE_UNSPECIFIED")
.build())
.longDescription("string")
.relatedUris(RelatedUrlArgs.builder()
.label("string")
.url("string")
.build())
.remediations(RemediationArgs.builder()
.details("string")
.remediationType("REMEDIATION_TYPE_UNSPECIFIED")
.remediationUri(RelatedUrlArgs.builder()
.label("string")
.url("string")
.build())
.build())
.shortDescription("string")
.state("STATE_UNSPECIFIED")
.vulnerabilityId("string")
.build())
.languageCode("string")
.longDescription("string")
.product(ProductArgs.builder()
.genericUri("string")
.id("string")
.name("string")
.build())
.publisher(PublisherArgs.builder()
.issuingAuthority("string")
.name("string")
.publisherNamespace("string")
.build())
.shortDescription("string")
.title("string")
.build())
.build(BuildArgs.builder()
.builderVersion("string")
.signature(BuildSignatureArgs.builder()
.signature("string")
.keyId("string")
.keyType("KEY_TYPE_UNSPECIFIED")
.publicKey("string")
.build())
.build())
.baseImage(BasisArgs.builder()
.fingerprint(FingerprintArgs.builder()
.v1Name("string")
.v2Blob("string")
.build())
.resourceUrl("string")
.build())
.relatedUrl(RelatedUrlArgs.builder()
.label("string")
.url("string")
.build())
.sbom(DocumentNoteArgs.builder()
.dataLicence("string")
.spdxVersion("string")
.build())
.sbomReference(SBOMReferenceNoteArgs.builder()
.format("string")
.version("string")
.build())
.shortDescription("string")
.spdxFile(FileNoteArgs.builder()
.checksum("string")
.fileType("FILE_TYPE_UNSPECIFIED")
.title("string")
.build())
.spdxPackage(PackageInfoNoteArgs.builder()
.analyzed(false)
.attribution("string")
.checksum("string")
.copyright("string")
.detailedDescription("string")
.downloadLocation("string")
.externalRefs(ExternalRefArgs.builder()
.category("CATEGORY_UNSPECIFIED")
.comment("string")
.locator("string")
.type("string")
.build())
.filesLicenseInfo("string")
.homePage("string")
.licenseDeclared(LicenseArgs.builder()
.comments("string")
.expression("string")
.build())
.originator("string")
.packageType("string")
.summaryDescription("string")
.supplier("string")
.title("string")
.verificationCode("string")
.version("string")
.build())
.attestationAuthority(AuthorityArgs.builder()
.hint(HintArgs.builder()
.humanReadableName("string")
.build())
.build())
.vulnerability(VulnerabilityArgs.builder()
.cvssScore(0)
.cvssV2(CVSSArgs.builder()
.attackComplexity("ATTACK_COMPLEXITY_UNSPECIFIED")
.attackVector("ATTACK_VECTOR_UNSPECIFIED")
.authentication("AUTHENTICATION_UNSPECIFIED")
.availabilityImpact("IMPACT_UNSPECIFIED")
.baseScore(0)
.confidentialityImpact("IMPACT_UNSPECIFIED")
.exploitabilityScore(0)
.impactScore(0)
.integrityImpact("IMPACT_UNSPECIFIED")
.privilegesRequired("PRIVILEGES_REQUIRED_UNSPECIFIED")
.scope("SCOPE_UNSPECIFIED")
.userInteraction("USER_INTERACTION_UNSPECIFIED")
.build())
.cvssV3(CVSSv3Args.builder()
.attackComplexity("ATTACK_COMPLEXITY_UNSPECIFIED")
.attackVector("ATTACK_VECTOR_UNSPECIFIED")
.availabilityImpact("IMPACT_UNSPECIFIED")
.baseScore(0)
.confidentialityImpact("IMPACT_UNSPECIFIED")
.exploitabilityScore(0)
.impactScore(0)
.integrityImpact("IMPACT_UNSPECIFIED")
.privilegesRequired("PRIVILEGES_REQUIRED_UNSPECIFIED")
.scope("SCOPE_UNSPECIFIED")
.userInteraction("USER_INTERACTION_UNSPECIFIED")
.build())
.cvssVersion("CVSS_VERSION_UNSPECIFIED")
.cwe("string")
.details(DetailArgs.builder()
.cpeUri("string")
.package_("string")
.description("string")
.fixedLocation(VulnerabilityLocationArgs.builder()
.cpeUri("string")
.package_("string")
.version(VersionArgs.builder()
.kind("VERSION_KIND_UNSPECIFIED")
.epoch(0)
.inclusive(false)
.name("string")
.revision("string")
.build())
.build())
.isObsolete(false)
.maxAffectedVersion(VersionArgs.builder()
.kind("VERSION_KIND_UNSPECIFIED")
.epoch(0)
.inclusive(false)
.name("string")
.revision("string")
.build())
.minAffectedVersion(VersionArgs.builder()
.kind("VERSION_KIND_UNSPECIFIED")
.epoch(0)
.inclusive(false)
.name("string")
.revision("string")
.build())
.packageType("string")
.severityName("string")
.source("string")
.sourceUpdateTime("string")
.vendor("string")
.build())
.severity("SEVERITY_UNSPECIFIED")
.sourceUpdateTime("string")
.windowsDetails(WindowsDetailArgs.builder()
.cpeUri("string")
.fixingKbs(KnowledgeBaseArgs.builder()
.name("string")
.url("string")
.build())
.name("string")
.description("string")
.build())
.build())
.package_(PackageArgs.builder()
.name("string")
.architecture("ARCHITECTURE_UNSPECIFIED")
.cpeUri("string")
.description("string")
.digest(DigestArgs.builder()
.algo("string")
.digestBytes("string")
.build())
.distribution(DistributionArgs.builder()
.cpeUri("string")
.architecture("ARCHITECTURE_UNSPECIFIED")
.description("string")
.latestVersion(VersionArgs.builder()
.kind("VERSION_KIND_UNSPECIFIED")
.epoch(0)
.inclusive(false)
.name("string")
.revision("string")
.build())
.maintainer("string")
.url("string")
.build())
.license(LicenseArgs.builder()
.comments("string")
.expression("string")
.build())
.maintainer("string")
.packageType("string")
.url("string")
.version(VersionArgs.builder()
.kind("VERSION_KIND_UNSPECIFIED")
.epoch(0)
.inclusive(false)
.name("string")
.revision("string")
.build())
.build())
.build());
examplenote_resource_resource_from_containeranalysisv1beta1 = google_native.containeranalysis.v1beta1.Note("examplenoteResourceResourceFromContaineranalysisv1beta1",
note_id="string",
project="string",
spdx_relationship={
"type": google_native.containeranalysis.v1beta1.RelationshipNoteType.RELATIONSHIP_TYPE_UNSPECIFIED,
},
deployable={
"resource_uri": ["string"],
},
discovery={
"analysis_kind": google_native.containeranalysis.v1beta1.DiscoveryAnalysisKind.NOTE_KIND_UNSPECIFIED,
},
expiration_time="string",
intoto={
"expected_command": ["string"],
"expected_materials": [{
"artifact_rule": ["string"],
}],
"expected_products": [{
"artifact_rule": ["string"],
}],
"signing_keys": [{
"key_id": "string",
"key_scheme": "string",
"key_type": "string",
"public_key_value": "string",
}],
"step_name": "string",
"threshold": "string",
},
long_description="string",
related_note_names=["string"],
vulnerability_assessment={
"assessment": {
"impacts": ["string"],
"justification": {
"details": "string",
"justification_type": google_native.containeranalysis.v1beta1.JustificationJustificationType.JUSTIFICATION_TYPE_UNSPECIFIED,
},
"long_description": "string",
"related_uris": [{
"label": "string",
"url": "string",
}],
"remediations": [{
"details": "string",
"remediation_type": google_native.containeranalysis.v1beta1.RemediationRemediationType.REMEDIATION_TYPE_UNSPECIFIED,
"remediation_uri": {
"label": "string",
"url": "string",
},
}],
"short_description": "string",
"state": google_native.containeranalysis.v1beta1.AssessmentState.STATE_UNSPECIFIED,
"vulnerability_id": "string",
},
"language_code": "string",
"long_description": "string",
"product": {
"generic_uri": "string",
"id": "string",
"name": "string",
},
"publisher": {
"issuing_authority": "string",
"name": "string",
"publisher_namespace": "string",
},
"short_description": "string",
"title": "string",
},
build={
"builder_version": "string",
"signature": {
"signature": "string",
"key_id": "string",
"key_type": google_native.containeranalysis.v1beta1.BuildSignatureKeyType.KEY_TYPE_UNSPECIFIED,
"public_key": "string",
},
},
base_image={
"fingerprint": {
"v1_name": "string",
"v2_blob": ["string"],
},
"resource_url": "string",
},
related_url=[{
"label": "string",
"url": "string",
}],
sbom={
"data_licence": "string",
"spdx_version": "string",
},
sbom_reference={
"format": "string",
"version": "string",
},
short_description="string",
spdx_file={
"checksum": ["string"],
"file_type": google_native.containeranalysis.v1beta1.FileNoteFileType.FILE_TYPE_UNSPECIFIED,
"title": "string",
},
spdx_package={
"analyzed": False,
"attribution": "string",
"checksum": "string",
"copyright": "string",
"detailed_description": "string",
"download_location": "string",
"external_refs": [{
"category": google_native.containeranalysis.v1beta1.ExternalRefCategory.CATEGORY_UNSPECIFIED,
"comment": "string",
"locator": "string",
"type": "string",
}],
"files_license_info": ["string"],
"home_page": "string",
"license_declared": {
"comments": "string",
"expression": "string",
},
"originator": "string",
"package_type": "string",
"summary_description": "string",
"supplier": "string",
"title": "string",
"verification_code": "string",
"version": "string",
},
attestation_authority={
"hint": {
"human_readable_name": "string",
},
},
vulnerability={
"cvss_score": 0,
"cvss_v2": {
"attack_complexity": google_native.containeranalysis.v1beta1.CVSSAttackComplexity.ATTACK_COMPLEXITY_UNSPECIFIED,
"attack_vector": google_native.containeranalysis.v1beta1.CVSSAttackVector.ATTACK_VECTOR_UNSPECIFIED,
"authentication": google_native.containeranalysis.v1beta1.CVSSAuthentication.AUTHENTICATION_UNSPECIFIED,
"availability_impact": google_native.containeranalysis.v1beta1.CVSSAvailabilityImpact.IMPACT_UNSPECIFIED,
"base_score": 0,
"confidentiality_impact": google_native.containeranalysis.v1beta1.CVSSConfidentialityImpact.IMPACT_UNSPECIFIED,
"exploitability_score": 0,
"impact_score": 0,
"integrity_impact": google_native.containeranalysis.v1beta1.CVSSIntegrityImpact.IMPACT_UNSPECIFIED,
"privileges_required": google_native.containeranalysis.v1beta1.CVSSPrivilegesRequired.PRIVILEGES_REQUIRED_UNSPECIFIED,
"scope": google_native.containeranalysis.v1beta1.CVSSScope.SCOPE_UNSPECIFIED,
"user_interaction": google_native.containeranalysis.v1beta1.CVSSUserInteraction.USER_INTERACTION_UNSPECIFIED,
},
"cvss_v3": {
"attack_complexity": google_native.containeranalysis.v1beta1.CVSSv3AttackComplexity.ATTACK_COMPLEXITY_UNSPECIFIED,
"attack_vector": google_native.containeranalysis.v1beta1.CVSSv3AttackVector.ATTACK_VECTOR_UNSPECIFIED,
"availability_impact": google_native.containeranalysis.v1beta1.CVSSv3AvailabilityImpact.IMPACT_UNSPECIFIED,
"base_score": 0,
"confidentiality_impact": google_native.containeranalysis.v1beta1.CVSSv3ConfidentialityImpact.IMPACT_UNSPECIFIED,
"exploitability_score": 0,
"impact_score": 0,
"integrity_impact": google_native.containeranalysis.v1beta1.CVSSv3IntegrityImpact.IMPACT_UNSPECIFIED,
"privileges_required": google_native.containeranalysis.v1beta1.CVSSv3PrivilegesRequired.PRIVILEGES_REQUIRED_UNSPECIFIED,
"scope": google_native.containeranalysis.v1beta1.CVSSv3Scope.SCOPE_UNSPECIFIED,
"user_interaction": google_native.containeranalysis.v1beta1.CVSSv3UserInteraction.USER_INTERACTION_UNSPECIFIED,
},
"cvss_version": google_native.containeranalysis.v1beta1.VulnerabilityCvssVersion.CVSS_VERSION_UNSPECIFIED,
"cwe": ["string"],
"details": [{
"cpe_uri": "string",
"package": "string",
"description": "string",
"fixed_location": {
"cpe_uri": "string",
"package": "string",
"version": {
"kind": google_native.containeranalysis.v1beta1.VersionKind.VERSION_KIND_UNSPECIFIED,
"epoch": 0,
"inclusive": False,
"name": "string",
"revision": "string",
},
},
"is_obsolete": False,
"max_affected_version": {
"kind": google_native.containeranalysis.v1beta1.VersionKind.VERSION_KIND_UNSPECIFIED,
"epoch": 0,
"inclusive": False,
"name": "string",
"revision": "string",
},
"min_affected_version": {
"kind": google_native.containeranalysis.v1beta1.VersionKind.VERSION_KIND_UNSPECIFIED,
"epoch": 0,
"inclusive": False,
"name": "string",
"revision": "string",
},
"package_type": "string",
"severity_name": "string",
"source": "string",
"source_update_time": "string",
"vendor": "string",
}],
"severity": google_native.containeranalysis.v1beta1.VulnerabilitySeverity.SEVERITY_UNSPECIFIED,
"source_update_time": "string",
"windows_details": [{
"cpe_uri": "string",
"fixing_kbs": [{
"name": "string",
"url": "string",
}],
"name": "string",
"description": "string",
}],
},
package={
"name": "string",
"architecture": google_native.containeranalysis.v1beta1.PackageArchitecture.ARCHITECTURE_UNSPECIFIED,
"cpe_uri": "string",
"description": "string",
"digest": [{
"algo": "string",
"digest_bytes": "string",
}],
"distribution": [{
"cpe_uri": "string",
"architecture": google_native.containeranalysis.v1beta1.DistributionArchitecture.ARCHITECTURE_UNSPECIFIED,
"description": "string",
"latest_version": {
"kind": google_native.containeranalysis.v1beta1.VersionKind.VERSION_KIND_UNSPECIFIED,
"epoch": 0,
"inclusive": False,
"name": "string",
"revision": "string",
},
"maintainer": "string",
"url": "string",
}],
"license": {
"comments": "string",
"expression": "string",
},
"maintainer": "string",
"package_type": "string",
"url": "string",
"version": {
"kind": google_native.containeranalysis.v1beta1.VersionKind.VERSION_KIND_UNSPECIFIED,
"epoch": 0,
"inclusive": False,
"name": "string",
"revision": "string",
},
})
const examplenoteResourceResourceFromContaineranalysisv1beta1 = new google_native.containeranalysis.v1beta1.Note("examplenoteResourceResourceFromContaineranalysisv1beta1", {
noteId: "string",
project: "string",
spdxRelationship: {
type: google_native.containeranalysis.v1beta1.RelationshipNoteType.RelationshipTypeUnspecified,
},
deployable: {
resourceUri: ["string"],
},
discovery: {
analysisKind: google_native.containeranalysis.v1beta1.DiscoveryAnalysisKind.NoteKindUnspecified,
},
expirationTime: "string",
intoto: {
expectedCommand: ["string"],
expectedMaterials: [{
artifactRule: ["string"],
}],
expectedProducts: [{
artifactRule: ["string"],
}],
signingKeys: [{
keyId: "string",
keyScheme: "string",
keyType: "string",
publicKeyValue: "string",
}],
stepName: "string",
threshold: "string",
},
longDescription: "string",
relatedNoteNames: ["string"],
vulnerabilityAssessment: {
assessment: {
impacts: ["string"],
justification: {
details: "string",
justificationType: google_native.containeranalysis.v1beta1.JustificationJustificationType.JustificationTypeUnspecified,
},
longDescription: "string",
relatedUris: [{
label: "string",
url: "string",
}],
remediations: [{
details: "string",
remediationType: google_native.containeranalysis.v1beta1.RemediationRemediationType.RemediationTypeUnspecified,
remediationUri: {
label: "string",
url: "string",
},
}],
shortDescription: "string",
state: google_native.containeranalysis.v1beta1.AssessmentState.StateUnspecified,
vulnerabilityId: "string",
},
languageCode: "string",
longDescription: "string",
product: {
genericUri: "string",
id: "string",
name: "string",
},
publisher: {
issuingAuthority: "string",
name: "string",
publisherNamespace: "string",
},
shortDescription: "string",
title: "string",
},
build: {
builderVersion: "string",
signature: {
signature: "string",
keyId: "string",
keyType: google_native.containeranalysis.v1beta1.BuildSignatureKeyType.KeyTypeUnspecified,
publicKey: "string",
},
},
baseImage: {
fingerprint: {
v1Name: "string",
v2Blob: ["string"],
},
resourceUrl: "string",
},
relatedUrl: [{
label: "string",
url: "string",
}],
sbom: {
dataLicence: "string",
spdxVersion: "string",
},
sbomReference: {
format: "string",
version: "string",
},
shortDescription: "string",
spdxFile: {
checksum: ["string"],
fileType: google_native.containeranalysis.v1beta1.FileNoteFileType.FileTypeUnspecified,
title: "string",
},
spdxPackage: {
analyzed: false,
attribution: "string",
checksum: "string",
copyright: "string",
detailedDescription: "string",
downloadLocation: "string",
externalRefs: [{
category: google_native.containeranalysis.v1beta1.ExternalRefCategory.CategoryUnspecified,
comment: "string",
locator: "string",
type: "string",
}],
filesLicenseInfo: ["string"],
homePage: "string",
licenseDeclared: {
comments: "string",
expression: "string",
},
originator: "string",
packageType: "string",
summaryDescription: "string",
supplier: "string",
title: "string",
verificationCode: "string",
version: "string",
},
attestationAuthority: {
hint: {
humanReadableName: "string",
},
},
vulnerability: {
cvssScore: 0,
cvssV2: {
attackComplexity: google_native.containeranalysis.v1beta1.CVSSAttackComplexity.AttackComplexityUnspecified,
attackVector: google_native.containeranalysis.v1beta1.CVSSAttackVector.AttackVectorUnspecified,
authentication: google_native.containeranalysis.v1beta1.CVSSAuthentication.AuthenticationUnspecified,
availabilityImpact: google_native.containeranalysis.v1beta1.CVSSAvailabilityImpact.ImpactUnspecified,
baseScore: 0,
confidentialityImpact: google_native.containeranalysis.v1beta1.CVSSConfidentialityImpact.ImpactUnspecified,
exploitabilityScore: 0,
impactScore: 0,
integrityImpact: google_native.containeranalysis.v1beta1.CVSSIntegrityImpact.ImpactUnspecified,
privilegesRequired: google_native.containeranalysis.v1beta1.CVSSPrivilegesRequired.PrivilegesRequiredUnspecified,
scope: google_native.containeranalysis.v1beta1.CVSSScope.ScopeUnspecified,
userInteraction: google_native.containeranalysis.v1beta1.CVSSUserInteraction.UserInteractionUnspecified,
},
cvssV3: {
attackComplexity: google_native.containeranalysis.v1beta1.CVSSv3AttackComplexity.AttackComplexityUnspecified,
attackVector: google_native.containeranalysis.v1beta1.CVSSv3AttackVector.AttackVectorUnspecified,
availabilityImpact: google_native.containeranalysis.v1beta1.CVSSv3AvailabilityImpact.ImpactUnspecified,
baseScore: 0,
confidentialityImpact: google_native.containeranalysis.v1beta1.CVSSv3ConfidentialityImpact.ImpactUnspecified,
exploitabilityScore: 0,
impactScore: 0,
integrityImpact: google_native.containeranalysis.v1beta1.CVSSv3IntegrityImpact.ImpactUnspecified,
privilegesRequired: google_native.containeranalysis.v1beta1.CVSSv3PrivilegesRequired.PrivilegesRequiredUnspecified,
scope: google_native.containeranalysis.v1beta1.CVSSv3Scope.ScopeUnspecified,
userInteraction: google_native.containeranalysis.v1beta1.CVSSv3UserInteraction.UserInteractionUnspecified,
},
cvssVersion: google_native.containeranalysis.v1beta1.VulnerabilityCvssVersion.CvssVersionUnspecified,
cwe: ["string"],
details: [{
cpeUri: "string",
"package": "string",
description: "string",
fixedLocation: {
cpeUri: "string",
"package": "string",
version: {
kind: google_native.containeranalysis.v1beta1.VersionKind.VersionKindUnspecified,
epoch: 0,
inclusive: false,
name: "string",
revision: "string",
},
},
isObsolete: false,
maxAffectedVersion: {
kind: google_native.containeranalysis.v1beta1.VersionKind.VersionKindUnspecified,
epoch: 0,
inclusive: false,
name: "string",
revision: "string",
},
minAffectedVersion: {
kind: google_native.containeranalysis.v1beta1.VersionKind.VersionKindUnspecified,
epoch: 0,
inclusive: false,
name: "string",
revision: "string",
},
packageType: "string",
severityName: "string",
source: "string",
sourceUpdateTime: "string",
vendor: "string",
}],
severity: google_native.containeranalysis.v1beta1.VulnerabilitySeverity.SeverityUnspecified,
sourceUpdateTime: "string",
windowsDetails: [{
cpeUri: "string",
fixingKbs: [{
name: "string",
url: "string",
}],
name: "string",
description: "string",
}],
},
"package": {
name: "string",
architecture: google_native.containeranalysis.v1beta1.PackageArchitecture.ArchitectureUnspecified,
cpeUri: "string",
description: "string",
digest: [{
algo: "string",
digestBytes: "string",
}],
distribution: [{
cpeUri: "string",
architecture: google_native.containeranalysis.v1beta1.DistributionArchitecture.ArchitectureUnspecified,
description: "string",
latestVersion: {
kind: google_native.containeranalysis.v1beta1.VersionKind.VersionKindUnspecified,
epoch: 0,
inclusive: false,
name: "string",
revision: "string",
},
maintainer: "string",
url: "string",
}],
license: {
comments: "string",
expression: "string",
},
maintainer: "string",
packageType: "string",
url: "string",
version: {
kind: google_native.containeranalysis.v1beta1.VersionKind.VersionKindUnspecified,
epoch: 0,
inclusive: false,
name: "string",
revision: "string",
},
},
});
type: google-native:containeranalysis/v1beta1:Note
properties:
attestationAuthority:
hint:
humanReadableName: string
baseImage:
fingerprint:
v1Name: string
v2Blob:
- string
resourceUrl: string
build:
builderVersion: string
signature:
keyId: string
keyType: KEY_TYPE_UNSPECIFIED
publicKey: string
signature: string
deployable:
resourceUri:
- string
discovery:
analysisKind: NOTE_KIND_UNSPECIFIED
expirationTime: string
intoto:
expectedCommand:
- string
expectedMaterials:
- artifactRule:
- string
expectedProducts:
- artifactRule:
- string
signingKeys:
- keyId: string
keyScheme: string
keyType: string
publicKeyValue: string
stepName: string
threshold: string
longDescription: string
noteId: string
package:
architecture: ARCHITECTURE_UNSPECIFIED
cpeUri: string
description: string
digest:
- algo: string
digestBytes: string
distribution:
- architecture: ARCHITECTURE_UNSPECIFIED
cpeUri: string
description: string
latestVersion:
epoch: 0
inclusive: false
kind: VERSION_KIND_UNSPECIFIED
name: string
revision: string
maintainer: string
url: string
license:
comments: string
expression: string
maintainer: string
name: string
packageType: string
url: string
version:
epoch: 0
inclusive: false
kind: VERSION_KIND_UNSPECIFIED
name: string
revision: string
project: string
relatedNoteNames:
- string
relatedUrl:
- label: string
url: string
sbom:
dataLicence: string
spdxVersion: string
sbomReference:
format: string
version: string
shortDescription: string
spdxFile:
checksum:
- string
fileType: FILE_TYPE_UNSPECIFIED
title: string
spdxPackage:
analyzed: false
attribution: string
checksum: string
copyright: string
detailedDescription: string
downloadLocation: string
externalRefs:
- category: CATEGORY_UNSPECIFIED
comment: string
locator: string
type: string
filesLicenseInfo:
- string
homePage: string
licenseDeclared:
comments: string
expression: string
originator: string
packageType: string
summaryDescription: string
supplier: string
title: string
verificationCode: string
version: string
spdxRelationship:
type: RELATIONSHIP_TYPE_UNSPECIFIED
vulnerability:
cvssScore: 0
cvssV2:
attackComplexity: ATTACK_COMPLEXITY_UNSPECIFIED
attackVector: ATTACK_VECTOR_UNSPECIFIED
authentication: AUTHENTICATION_UNSPECIFIED
availabilityImpact: IMPACT_UNSPECIFIED
baseScore: 0
confidentialityImpact: IMPACT_UNSPECIFIED
exploitabilityScore: 0
impactScore: 0
integrityImpact: IMPACT_UNSPECIFIED
privilegesRequired: PRIVILEGES_REQUIRED_UNSPECIFIED
scope: SCOPE_UNSPECIFIED
userInteraction: USER_INTERACTION_UNSPECIFIED
cvssV3:
attackComplexity: ATTACK_COMPLEXITY_UNSPECIFIED
attackVector: ATTACK_VECTOR_UNSPECIFIED
availabilityImpact: IMPACT_UNSPECIFIED
baseScore: 0
confidentialityImpact: IMPACT_UNSPECIFIED
exploitabilityScore: 0
impactScore: 0
integrityImpact: IMPACT_UNSPECIFIED
privilegesRequired: PRIVILEGES_REQUIRED_UNSPECIFIED
scope: SCOPE_UNSPECIFIED
userInteraction: USER_INTERACTION_UNSPECIFIED
cvssVersion: CVSS_VERSION_UNSPECIFIED
cwe:
- string
details:
- cpeUri: string
description: string
fixedLocation:
cpeUri: string
package: string
version:
epoch: 0
inclusive: false
kind: VERSION_KIND_UNSPECIFIED
name: string
revision: string
isObsolete: false
maxAffectedVersion:
epoch: 0
inclusive: false
kind: VERSION_KIND_UNSPECIFIED
name: string
revision: string
minAffectedVersion:
epoch: 0
inclusive: false
kind: VERSION_KIND_UNSPECIFIED
name: string
revision: string
package: string
packageType: string
severityName: string
source: string
sourceUpdateTime: string
vendor: string
severity: SEVERITY_UNSPECIFIED
sourceUpdateTime: string
windowsDetails:
- cpeUri: string
description: string
fixingKbs:
- name: string
url: string
name: string
vulnerabilityAssessment:
assessment:
impacts:
- string
justification:
details: string
justificationType: JUSTIFICATION_TYPE_UNSPECIFIED
longDescription: string
relatedUris:
- label: string
url: string
remediations:
- details: string
remediationType: REMEDIATION_TYPE_UNSPECIFIED
remediationUri:
label: string
url: string
shortDescription: string
state: STATE_UNSPECIFIED
vulnerabilityId: string
languageCode: string
longDescription: string
product:
genericUri: string
id: string
name: string
publisher:
issuingAuthority: string
name: string
publisherNamespace: string
shortDescription: string
title: string
Note Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Note resource accepts the following input properties:
- Note
Id string - Required. The ID to use for this note.
- Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Authority - A note describing an attestation role.
- Base
Image Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Basis - A note describing a base image.
- Build
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build - A note describing build provenance for a verifiable build.
- Deployable
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Deployable - A note describing something that can be deployed.
- Discovery
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Discovery - A note describing the initial analysis of a resource.
- Expiration
Time string - Time of expiration for this note. Empty if note does not expire.
- Intoto
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. In Toto - A note describing an in-toto link.
- Long
Description string - A detailed description of this note.
- Package
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Package - A note describing a package hosted by various package managers.
- Project string
- List<string>
- Other notes related to this note.
- List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url> - URLs associated with this note.
- Sbom
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Document Note - A note describing a software bill of materials.
- Sbom
Reference Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. SBOMReference Note - A note describing an SBOM reference.
- Short
Description string - A one sentence description of this note.
- Spdx
File Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. File Note - A note describing an SPDX File.
- Spdx
Package Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Package Info Note - A note describing an SPDX Package.
- Spdx
Relationship Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Relationship Note - A note describing an SPDX File.
- Vulnerability
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability - A note describing a package vulnerability.
- Vulnerability
Assessment Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Assessment Note - A note describing a vulnerability assessment.
- Note
Id string - Required. The ID to use for this note.
- Authority
Args - A note describing an attestation role.
- Base
Image BasisArgs - A note describing a base image.
- Build
Build
Args - A note describing build provenance for a verifiable build.
- Deployable
Deployable
Args - A note describing something that can be deployed.
- Discovery
Discovery
Args - A note describing the initial analysis of a resource.
- Expiration
Time string - Time of expiration for this note. Empty if note does not expire.
- Intoto
In
Toto Args - A note describing an in-toto link.
- Long
Description string - A detailed description of this note.
- Package
Package
Args - A note describing a package hosted by various package managers.
- Project string
- []string
- Other notes related to this note.
- []Related
Url Args - URLs associated with this note.
- Sbom
Document
Note Args - A note describing a software bill of materials.
- Sbom
Reference SBOMReferenceNote Args - A note describing an SBOM reference.
- Short
Description string - A one sentence description of this note.
- Spdx
File FileNote Args - A note describing an SPDX File.
- Spdx
Package PackageInfo Note Args - A note describing an SPDX Package.
- Spdx
Relationship RelationshipNote Args - A note describing an SPDX File.
- Vulnerability
Vulnerability
Args - A note describing a package vulnerability.
- Vulnerability
Assessment VulnerabilityAssessment Note Args - A note describing a vulnerability assessment.
- note
Id String - Required. The ID to use for this note.
- Authority
- A note describing an attestation role.
- base
Image Basis - A note describing a base image.
- build Build
- A note describing build provenance for a verifiable build.
- deployable Deployable
- A note describing something that can be deployed.
- discovery Discovery
- A note describing the initial analysis of a resource.
- expiration
Time String - Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto - A note describing an in-toto link.
- long
Description String - A detailed description of this note.
- package_ Package
- A note describing a package hosted by various package managers.
- project String
- List<String>
- Other notes related to this note.
- List<Related
Url> - URLs associated with this note.
- sbom
Document
Note - A note describing a software bill of materials.
- sbom
Reference SBOMReferenceNote - A note describing an SBOM reference.
- short
Description String - A one sentence description of this note.
- spdx
File FileNote - A note describing an SPDX File.
- spdx
Package PackageInfo Note - A note describing an SPDX Package.
- spdx
Relationship RelationshipNote - A note describing an SPDX File.
- vulnerability Vulnerability
- A note describing a package vulnerability.
- vulnerability
Assessment VulnerabilityAssessment Note - A note describing a vulnerability assessment.
- note
Id string - Required. The ID to use for this note.
- Authority
- A note describing an attestation role.
- base
Image Basis - A note describing a base image.
- build Build
- A note describing build provenance for a verifiable build.
- deployable Deployable
- A note describing something that can be deployed.
- discovery Discovery
- A note describing the initial analysis of a resource.
- expiration
Time string - Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto - A note describing an in-toto link.
- long
Description string - A detailed description of this note.
- package Package
- A note describing a package hosted by various package managers.
- project string
- string[]
- Other notes related to this note.
- Related
Url[] - URLs associated with this note.
- sbom
Document
Note - A note describing a software bill of materials.
- sbom
Reference SBOMReferenceNote - A note describing an SBOM reference.
- short
Description string - A one sentence description of this note.
- spdx
File FileNote - A note describing an SPDX File.
- spdx
Package PackageInfo Note - A note describing an SPDX Package.
- spdx
Relationship RelationshipNote - A note describing an SPDX File.
- vulnerability Vulnerability
- A note describing a package vulnerability.
- vulnerability
Assessment VulnerabilityAssessment Note - A note describing a vulnerability assessment.
- note_
id str - Required. The ID to use for this note.
- Authority
Args - A note describing an attestation role.
- base_
image BasisArgs - A note describing a base image.
- build
Build
Args - A note describing build provenance for a verifiable build.
- deployable
Deployable
Args - A note describing something that can be deployed.
- discovery
Discovery
Args - A note describing the initial analysis of a resource.
- expiration_
time str - Time of expiration for this note. Empty if note does not expire.
- intoto
In
Toto Args - A note describing an in-toto link.
- long_
description str - A detailed description of this note.
- package
Package
Args - A note describing a package hosted by various package managers.
- project str
- Sequence[str]
- Other notes related to this note.
- Sequence[Related
Url Args] - URLs associated with this note.
- sbom
Document
Note Args - A note describing a software bill of materials.
- sbom_
reference SBOMReferenceNote Args - A note describing an SBOM reference.
- short_
description str - A one sentence description of this note.
- spdx_
file FileNote Args - A note describing an SPDX File.
- spdx_
package PackageInfo Note Args - A note describing an SPDX Package.
- spdx_
relationship RelationshipNote Args - A note describing an SPDX File.
- vulnerability
Vulnerability
Args - A note describing a package vulnerability.
- vulnerability_
assessment VulnerabilityAssessment Note Args - A note describing a vulnerability assessment.
- note
Id String - Required. The ID to use for this note.
- Property Map
- A note describing an attestation role.
- base
Image Property Map - A note describing a base image.
- build Property Map
- A note describing build provenance for a verifiable build.
- deployable Property Map
- A note describing something that can be deployed.
- discovery Property Map
- A note describing the initial analysis of a resource.
- expiration
Time String - Time of expiration for this note. Empty if note does not expire.
- intoto Property Map
- A note describing an in-toto link.
- long
Description String - A detailed description of this note.
- package Property Map
- A note describing a package hosted by various package managers.
- project String
- List<String>
- Other notes related to this note.
- List<Property Map>
- URLs associated with this note.
- sbom Property Map
- A note describing a software bill of materials.
- sbom
Reference Property Map - A note describing an SBOM reference.
- short
Description String - A one sentence description of this note.
- spdx
File Property Map - A note describing an SPDX File.
- spdx
Package Property Map - A note describing an SPDX Package.
- spdx
Relationship Property Map - A note describing an SPDX File.
- vulnerability Property Map
- A note describing a package vulnerability.
- vulnerability
Assessment Property Map - A note describing a vulnerability assessment.
Outputs
All input properties are implicitly available as output properties. Additionally, the Note resource produces the following output properties:
- Create
Time string - The time this note was created. This field can be used as a filter in list requests.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- The type of analysis. This field can be used as a filter in list requests.
- Name string
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - Update
Time string - The time this note was last updated. This field can be used as a filter in list requests.
- Create
Time string - The time this note was created. This field can be used as a filter in list requests.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- The type of analysis. This field can be used as a filter in list requests.
- Name string
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - Update
Time string - The time this note was last updated. This field can be used as a filter in list requests.
- create
Time String - The time this note was created. This field can be used as a filter in list requests.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- The type of analysis. This field can be used as a filter in list requests.
- name String
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - update
Time String - The time this note was last updated. This field can be used as a filter in list requests.
- create
Time string - The time this note was created. This field can be used as a filter in list requests.
- id string
- The provider-assigned unique ID for this managed resource.
- kind string
- The type of analysis. This field can be used as a filter in list requests.
- name string
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - update
Time string - The time this note was last updated. This field can be used as a filter in list requests.
- create_
time str - The time this note was created. This field can be used as a filter in list requests.
- id str
- The provider-assigned unique ID for this managed resource.
- kind str
- The type of analysis. This field can be used as a filter in list requests.
- name str
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - update_
time str - The time this note was last updated. This field can be used as a filter in list requests.
- create
Time String - The time this note was created. This field can be used as a filter in list requests.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- The type of analysis. This field can be used as a filter in list requests.
- name String
- The name of the note in the form of
projects/[PROVIDER_ID]/notes/[NOTE_ID]
. - update
Time String - The time this note was last updated. This field can be used as a filter in list requests.
Supporting Types
ArtifactRule, ArtifactRuleArgs
- Artifact
Rule List<string>
- Artifact
Rule []string
- artifact
Rule List<String>
- artifact
Rule string[]
- artifact_
rule Sequence[str]
- artifact
Rule List<String>
ArtifactRuleResponse, ArtifactRuleResponseArgs
- Artifact
Rule List<string>
- Artifact
Rule []string
- artifact
Rule List<String>
- artifact
Rule string[]
- artifact_
rule Sequence[str]
- artifact
Rule List<String>
Assessment, AssessmentArgs
- Cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- Impacts List<string>
- Contains information about the impact of this vulnerability, this will change with time.
- Justification
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Justification - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string - A detailed description of this Vex.
- List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url> - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Remediation> - Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string - A one sentence description of this Vex.
- State
Pulumi.
Google Native. Container Analysis. V1Beta1. Assessment State - Provides the state of this Vulnerability assessment.
- Vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- Cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- Impacts []string
- Contains information about the impact of this vulnerability, this will change with time.
- Justification Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string - A detailed description of this Vex.
- []Related
Url - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations []Remediation
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string - A one sentence description of this Vex.
- State
Assessment
State - Provides the state of this Vulnerability assessment.
- Vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve String
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts List<String>
- Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String - A detailed description of this Vex.
- List<Related
Url> - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Remediation>
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String - A one sentence description of this Vex.
- state
Assessment
State - Provides the state of this Vulnerability assessment.
- vulnerability
Id String - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts string[]
- Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description string - A detailed description of this Vex.
- Related
Url[] - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations Remediation[]
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description string - A one sentence description of this Vex.
- state
Assessment
State - Provides the state of this Vulnerability assessment.
- vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve str
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts Sequence[str]
- Contains information about the impact of this vulnerability, this will change with time.
- justification Justification
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long_
description str - A detailed description of this Vex.
- Sequence[Related
Url] - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations Sequence[Remediation]
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- short_
description str - A one sentence description of this Vex.
- state
Assessment
State - Provides the state of this Vulnerability assessment.
- vulnerability_
id str - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve String
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts List<String>
- Contains information about the impact of this vulnerability, this will change with time.
- justification Property Map
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String - A detailed description of this Vex.
- List<Property Map>
- Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Property Map>
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String - A one sentence description of this Vex.
- state "STATE_UNSPECIFIED" | "AFFECTED" | "NOT_AFFECTED" | "FIXED" | "UNDER_INVESTIGATION"
- Provides the state of this Vulnerability assessment.
- vulnerability
Id String - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
AssessmentResponse, AssessmentResponseArgs
- Cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- Impacts List<string>
- Contains information about the impact of this vulnerability, this will change with time.
- Justification
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Justification Response - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string - A detailed description of this Vex.
- List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Related Url Response> - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Remediation Response> - Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string - A one sentence description of this Vex.
- State string
- Provides the state of this Vulnerability assessment.
- Vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- Cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- Impacts []string
- Contains information about the impact of this vulnerability, this will change with time.
- Justification
Justification
Response - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- Long
Description string - A detailed description of this Vex.
- []Related
Url Response - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- Remediations
[]Remediation
Response - Specifies details on how to handle (and presumably, fix) a vulnerability.
- Short
Description string - A one sentence description of this Vex.
- State string
- Provides the state of this Vulnerability assessment.
- Vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve String
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts List<String>
- Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String - A detailed description of this Vex.
- List<Related
Url Response> - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
List<Remediation
Response> - Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String - A one sentence description of this Vex.
- state String
- Provides the state of this Vulnerability assessment.
- vulnerability
Id String - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve string
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts string[]
- Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description string - A detailed description of this Vex.
- Related
Url Response[] - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Remediation
Response[] - Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description string - A one sentence description of this Vex.
- state string
- Provides the state of this Vulnerability assessment.
- vulnerability
Id string - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve str
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts Sequence[str]
- Contains information about the impact of this vulnerability, this will change with time.
- justification
Justification
Response - Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long_
description str - A detailed description of this Vex.
- Sequence[Related
Url Response] - Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations
Sequence[Remediation
Response] - Specifies details on how to handle (and presumably, fix) a vulnerability.
- short_
description str - A one sentence description of this Vex.
- state str
- Provides the state of this Vulnerability assessment.
- vulnerability_
id str - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
- cve String
- Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.
- impacts List<String>
- Contains information about the impact of this vulnerability, this will change with time.
- justification Property Map
- Justification provides the justification when the state of the assessment if NOT_AFFECTED.
- long
Description String - A detailed description of this Vex.
- List<Property Map>
- Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
- remediations List<Property Map>
- Specifies details on how to handle (and presumably, fix) a vulnerability.
- short
Description String - A one sentence description of this Vex.
- state String
- Provides the state of this Vulnerability assessment.
- vulnerability
Id String - The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.
AssessmentState, AssessmentStateArgs
- State
Unspecified - STATE_UNSPECIFIEDNo state is specified.
- Affected
- AFFECTEDThis product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- Fixed
- FIXEDThis product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- Assessment
State State Unspecified - STATE_UNSPECIFIEDNo state is specified.
- Assessment
State Affected - AFFECTEDThis product is known to be affected by this vulnerability.
- Assessment
State Not Affected - NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- Assessment
State Fixed - FIXEDThis product contains a fix for this vulnerability.
- Assessment
State Under Investigation - UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- State
Unspecified - STATE_UNSPECIFIEDNo state is specified.
- Affected
- AFFECTEDThis product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- Fixed
- FIXEDThis product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- State
Unspecified - STATE_UNSPECIFIEDNo state is specified.
- Affected
- AFFECTEDThis product is known to be affected by this vulnerability.
- Not
Affected - NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- Fixed
- FIXEDThis product contains a fix for this vulnerability.
- Under
Investigation - UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- STATE_UNSPECIFIED
- STATE_UNSPECIFIEDNo state is specified.
- AFFECTED
- AFFECTEDThis product is known to be affected by this vulnerability.
- NOT_AFFECTED
- NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- FIXED
- FIXEDThis product contains a fix for this vulnerability.
- UNDER_INVESTIGATION
- UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
- "STATE_UNSPECIFIED"
- STATE_UNSPECIFIEDNo state is specified.
- "AFFECTED"
- AFFECTEDThis product is known to be affected by this vulnerability.
- "NOT_AFFECTED"
- NOT_AFFECTEDThis product is known to be not affected by this vulnerability.
- "FIXED"
- FIXEDThis product contains a fix for this vulnerability.
- "UNDER_INVESTIGATION"
- UNDER_INVESTIGATIONIt is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation.
Authority, AuthorityArgs
- Hint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Hint - Hint hints at the purpose of the attestation authority.
- hint Property Map
- Hint hints at the purpose of the attestation authority.
AuthorityResponse, AuthorityResponseArgs
- Hint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Hint Response - Hint hints at the purpose of the attestation authority.
- Hint
Hint
Response - Hint hints at the purpose of the attestation authority.
- hint
Hint
Response - Hint hints at the purpose of the attestation authority.
- hint
Hint
Response - Hint hints at the purpose of the attestation authority.
- hint
Hint
Response - Hint hints at the purpose of the attestation authority.
- hint Property Map
- Hint hints at the purpose of the attestation authority.
Basis, BasisArgs
- Fingerprint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Fingerprint - Immutable. The fingerprint of the base image.
- Resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- Fingerprint Fingerprint
- Immutable. The fingerprint of the base image.
- Resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
- Immutable. The fingerprint of the base image.
- resource
Url String - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
- Immutable. The fingerprint of the base image.
- resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Fingerprint
- Immutable. The fingerprint of the base image.
- resource_
url str - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Property Map
- Immutable. The fingerprint of the base image.
- resource
Url String - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
BasisResponse, BasisResponseArgs
- Fingerprint
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Fingerprint Response - Immutable. The fingerprint of the base image.
- Resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- Fingerprint
Fingerprint
Response - Immutable. The fingerprint of the base image.
- Resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response - Immutable. The fingerprint of the base image.
- resource
Url String - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response - Immutable. The fingerprint of the base image.
- resource
Url string - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint
Fingerprint
Response - Immutable. The fingerprint of the base image.
- resource_
url str - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
- fingerprint Property Map
- Immutable. The fingerprint of the base image.
- resource
Url String - Immutable. The resource_url for the resource representing the basis of associated occurrence images.
Build, BuildArgs
- Builder
Version string - Immutable. Version of the builder which produced this build.
- Signature
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build Signature - Signature of the build in occurrences pointing to this build note containing build details.
- Builder
Version string - Immutable. Version of the builder which produced this build.
- Signature
Build
Signature - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String - Immutable. Version of the builder which produced this build.
- signature
Build
Signature - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version string - Immutable. Version of the builder which produced this build.
- signature
Build
Signature - Signature of the build in occurrences pointing to this build note containing build details.
- builder_
version str - Immutable. Version of the builder which produced this build.
- signature
Build
Signature - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String - Immutable. Version of the builder which produced this build.
- signature Property Map
- Signature of the build in occurrences pointing to this build note containing build details.
BuildResponse, BuildResponseArgs
- Builder
Version string - Immutable. Version of the builder which produced this build.
- Signature
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Build Signature Response - Signature of the build in occurrences pointing to this build note containing build details.
- Builder
Version string - Immutable. Version of the builder which produced this build.
- Signature
Build
Signature Response - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String - Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version string - Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response - Signature of the build in occurrences pointing to this build note containing build details.
- builder_
version str - Immutable. Version of the builder which produced this build.
- signature
Build
Signature Response - Signature of the build in occurrences pointing to this build note containing build details.
- builder
Version String - Immutable. Version of the builder which produced this build.
- signature Property Map
- Signature of the build in occurrences pointing to this build note containing build details.
BuildSignature, BuildSignatureArgs
- Signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - Key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - Key
Type Pulumi.Google Native. Container Analysis. V1Beta1. Build Signature Key Type - The type of the key, either stored in
public_key
or referenced inkey_id
. - Public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- Signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - Key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - Key
Type BuildSignature Key Type - The type of the key, either stored in
public_key
or referenced inkey_id
. - Public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - key
Id String - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type BuildSignature Key Type - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key String - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type BuildSignature Key Type - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature str
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - key_
id str - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key_
type BuildSignature Key Type - The type of the key, either stored in
public_key
or referenced inkey_id
. - public_
key str - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded. - key
Id String - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type "KEY_TYPE_UNSPECIFIED" | "PGP_ASCII_ARMORED" | "PKIX_PEM" - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key String - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
BuildSignatureKeyType, BuildSignatureKeyTypeArgs
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyType
is not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - Pkix
Pem - PKIX_PEM
PKIX PEM
public key.
- Build
Signature Key Type Key Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyType
is not set. - Build
Signature Key Type Pgp Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - Build
Signature Key Type Pkix Pem - PKIX_PEM
PKIX PEM
public key.
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyType
is not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - Pkix
Pem - PKIX_PEM
PKIX PEM
public key.
- Key
Type Unspecified - KEY_TYPE_UNSPECIFIED
KeyType
is not set. - Pgp
Ascii Armored - PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - Pkix
Pem - PKIX_PEM
PKIX PEM
public key.
- KEY_TYPE_UNSPECIFIED
- KEY_TYPE_UNSPECIFIED
KeyType
is not set. - PGP_ASCII_ARMORED
- PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - PKIX_PEM
- PKIX_PEM
PKIX PEM
public key.
- "KEY_TYPE_UNSPECIFIED"
- KEY_TYPE_UNSPECIFIED
KeyType
is not set. - "PGP_ASCII_ARMORED"
- PGP_ASCII_ARMORED
PGP ASCII Armored
public key. - "PKIX_PEM"
- PKIX_PEM
PKIX PEM
public key.
BuildSignatureResponse, BuildSignatureResponseArgs
- Key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - Key
Type string - The type of the key, either stored in
public_key
or referenced inkey_id
. - Public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- Signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
- Key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - Key
Type string - The type of the key, either stored in
public_key
or referenced inkey_id
. - Public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- Signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
- key
Id String - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type String - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key String - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
- key
Id string - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type string - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key string - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature string
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
- key_
id str - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key_
type str - The type of the key, either stored in
public_key
or referenced inkey_id
. - public_
key str - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature str
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
- key
Id String - An ID for the key used to sign. This could be either an ID for the key stored in
public_key
(such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). - key
Type String - The type of the key, either stored in
public_key
or referenced inkey_id
. - public
Key String - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If
key_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
- signature String
- Signature of the related
BuildProvenance
. In JSON, this is base-64 encoded.
CVSS, CVSSArgs
- Attack
Complexity Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAttack Complexity - Defined in CVSS v3, CVSS v2
- Attack
Vector Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAttack Vector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSAuthentication - Defined in CVSS v2
- Availability
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSAvailability Impact - Defined in CVSS v3, CVSS v2
- Base
Score double - The base score is a function of the base metric scores.
- Confidentiality
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSConfidentiality Impact - Defined in CVSS v3, CVSS v2
- Exploitability
Score double - Impact
Score double - Integrity
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSIntegrity Impact - Defined in CVSS v3, CVSS v2
- Privileges
Required Pulumi.Google Native. Container Analysis. V1Beta1. CVSSPrivileges Required - Defined in CVSS v3
- Scope
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSScope - Defined in CVSS v3
- User
Interaction Pulumi.Google Native. Container Analysis. V1Beta1. CVSSUser Interaction - Defined in CVSS v3
- Attack
Complexity CVSSAttackComplexity - Defined in CVSS v3, CVSS v2
- Attack
Vector CVSSAttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication CVSSAuthentication
- Defined in CVSS v2
- Availability
Impact CVSSAvailabilityImpact - Defined in CVSS v3, CVSS v2
- Base
Score float64 - The base score is a function of the base metric scores.
- Confidentiality
Impact CVSSConfidentialityImpact - Defined in CVSS v3, CVSS v2
- Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact CVSSIntegrityImpact - Defined in CVSS v3, CVSS v2
- Privileges
Required CVSSPrivilegesRequired - Defined in CVSS v3
- Scope CVSSScope
- Defined in CVSS v3
- User
Interaction CVSSUserInteraction - Defined in CVSS v3
- attack
Complexity CVSSAttackComplexity - Defined in CVSS v3, CVSS v2
- attack
Vector CVSSAttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
- Defined in CVSS v2
- availability
Impact CVSSAvailabilityImpact - Defined in CVSS v3, CVSS v2
- base
Score Double - The base score is a function of the base metric scores.
- confidentiality
Impact CVSSConfidentialityImpact - Defined in CVSS v3, CVSS v2
- exploitability
Score Double - impact
Score Double - integrity
Impact CVSSIntegrityImpact - Defined in CVSS v3, CVSS v2
- privileges
Required CVSSPrivilegesRequired - Defined in CVSS v3
- scope CVSSScope
- Defined in CVSS v3
- user
Interaction CVSSUserInteraction - Defined in CVSS v3
- attack
Complexity CVSSAttackComplexity - Defined in CVSS v3, CVSS v2
- attack
Vector CVSSAttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
- Defined in CVSS v2
- availability
Impact CVSSAvailabilityImpact - Defined in CVSS v3, CVSS v2
- base
Score number - The base score is a function of the base metric scores.
- confidentiality
Impact CVSSConfidentialityImpact - Defined in CVSS v3, CVSS v2
- exploitability
Score number - impact
Score number - integrity
Impact CVSSIntegrityImpact - Defined in CVSS v3, CVSS v2
- privileges
Required CVSSPrivilegesRequired - Defined in CVSS v3
- scope CVSSScope
- Defined in CVSS v3
- user
Interaction CVSSUserInteraction - Defined in CVSS v3
- attack_
complexity CVSSAttackComplexity - Defined in CVSS v3, CVSS v2
- attack_
vector CVSSAttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication CVSSAuthentication
- Defined in CVSS v2
- availability_
impact CVSSAvailabilityImpact - Defined in CVSS v3, CVSS v2
- base_
score float - The base score is a function of the base metric scores.
- confidentiality_
impact CVSSConfidentialityImpact - Defined in CVSS v3, CVSS v2
- exploitability_
score float - impact_
score float - integrity_
impact CVSSIntegrityImpact - Defined in CVSS v3, CVSS v2
- privileges_
required CVSSPrivilegesRequired - Defined in CVSS v3
- scope CVSSScope
- Defined in CVSS v3
- user_
interaction CVSSUserInteraction - Defined in CVSS v3
- attack
Complexity "ATTACK_COMPLEXITY_UNSPECIFIED" | "ATTACK_COMPLEXITY_LOW" | "ATTACK_COMPLEXITY_HIGH" | "ATTACK_COMPLEXITY_MEDIUM" - Defined in CVSS v3, CVSS v2
- attack
Vector "ATTACK_VECTOR_UNSPECIFIED" | "ATTACK_VECTOR_NETWORK" | "ATTACK_VECTOR_ADJACENT" | "ATTACK_VECTOR_LOCAL" | "ATTACK_VECTOR_PHYSICAL" - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication "AUTHENTICATION_UNSPECIFIED" | "AUTHENTICATION_MULTIPLE" | "AUTHENTICATION_SINGLE" | "AUTHENTICATION_NONE"
- Defined in CVSS v2
- availability
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" - Defined in CVSS v3, CVSS v2
- base
Score Number - The base score is a function of the base metric scores.
- confidentiality
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" - Defined in CVSS v3, CVSS v2
- exploitability
Score Number - impact
Score Number - integrity
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" | "IMPACT_PARTIAL" | "IMPACT_COMPLETE" - Defined in CVSS v3, CVSS v2
- privileges
Required "PRIVILEGES_REQUIRED_UNSPECIFIED" | "PRIVILEGES_REQUIRED_NONE" | "PRIVILEGES_REQUIRED_LOW" | "PRIVILEGES_REQUIRED_HIGH" - Defined in CVSS v3
- scope "SCOPE_UNSPECIFIED" | "SCOPE_UNCHANGED" | "SCOPE_CHANGED"
- Defined in CVSS v3
- user
Interaction "USER_INTERACTION_UNSPECIFIED" | "USER_INTERACTION_NONE" | "USER_INTERACTION_REQUIRED" - Defined in CVSS v3
CVSSAttackComplexity, CVSSAttackComplexityArgs
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
- CVSSAttack
Complexity Attack Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity Low - ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity High - ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- CVSSAttack
Complexity Attack Complexity Medium - ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- Attack
Complexity Medium - ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- ATTACK_COMPLEXITY_MEDIUM
- ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
- "ATTACK_COMPLEXITY_UNSPECIFIED"
- ATTACK_COMPLEXITY_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_LOW"
- ATTACK_COMPLEXITY_LOWDefined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_HIGH"
- ATTACK_COMPLEXITY_HIGHDefined in CVSS v3, CVSS v2
- "ATTACK_COMPLEXITY_MEDIUM"
- ATTACK_COMPLEXITY_MEDIUMDefined in CVSS v2
CVSSAttackVector, CVSSAttackVectorArgs
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICALDefined in CVSS v3
- CVSSAttack
Vector Attack Vector Unspecified - ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Network - ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Adjacent - ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Local - ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- CVSSAttack
Vector Attack Vector Physical - ATTACK_VECTOR_PHYSICALDefined in CVSS v3
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICALDefined in CVSS v3
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Attack
Vector Network - ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- Attack
Vector Local - ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICALDefined in CVSS v3
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_PHYSICALDefined in CVSS v3
- "ATTACK_VECTOR_UNSPECIFIED"
- ATTACK_VECTOR_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_NETWORK"
- ATTACK_VECTOR_NETWORKDefined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_ADJACENT"
- ATTACK_VECTOR_ADJACENTDefined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_LOCAL"
- ATTACK_VECTOR_LOCALDefined in CVSS v3, CVSS v2
- "ATTACK_VECTOR_PHYSICAL"
- ATTACK_VECTOR_PHYSICALDefined in CVSS v3
CVSSAuthentication, CVSSAuthenticationArgs
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLEDefined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLEDefined in CVSS v2
- Authentication
None - AUTHENTICATION_NONEDefined in CVSS v2
- CVSSAuthentication
Authentication Unspecified - AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- CVSSAuthentication
Authentication Multiple - AUTHENTICATION_MULTIPLEDefined in CVSS v2
- CVSSAuthentication
Authentication Single - AUTHENTICATION_SINGLEDefined in CVSS v2
- CVSSAuthentication
Authentication None - AUTHENTICATION_NONEDefined in CVSS v2
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLEDefined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLEDefined in CVSS v2
- Authentication
None - AUTHENTICATION_NONEDefined in CVSS v2
- Authentication
Unspecified - AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- Authentication
Multiple - AUTHENTICATION_MULTIPLEDefined in CVSS v2
- Authentication
Single - AUTHENTICATION_SINGLEDefined in CVSS v2
- Authentication
None - AUTHENTICATION_NONEDefined in CVSS v2
- AUTHENTICATION_UNSPECIFIED
- AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- AUTHENTICATION_MULTIPLE
- AUTHENTICATION_MULTIPLEDefined in CVSS v2
- AUTHENTICATION_SINGLE
- AUTHENTICATION_SINGLEDefined in CVSS v2
- AUTHENTICATION_NONE
- AUTHENTICATION_NONEDefined in CVSS v2
- "AUTHENTICATION_UNSPECIFIED"
- AUTHENTICATION_UNSPECIFIEDDefined in CVSS v2
- "AUTHENTICATION_MULTIPLE"
- AUTHENTICATION_MULTIPLEDefined in CVSS v2
- "AUTHENTICATION_SINGLE"
- AUTHENTICATION_SINGLEDefined in CVSS v2
- "AUTHENTICATION_NONE"
- AUTHENTICATION_NONEDefined in CVSS v2
CVSSAvailabilityImpact, CVSSAvailabilityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- CVSSAvailability
Impact Impact Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- CVSSAvailability
Impact Impact High - IMPACT_HIGHDefined in CVSS v3
- CVSSAvailability
Impact Impact Low - IMPACT_LOWDefined in CVSS v3
- CVSSAvailability
Impact Impact None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- CVSSAvailability
Impact Impact Partial - IMPACT_PARTIALDefined in CVSS v2
- CVSSAvailability
Impact Impact Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGHDefined in CVSS v3
- IMPACT_LOW
- IMPACT_LOWDefined in CVSS v3
- IMPACT_NONE
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIALDefined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETEDefined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGHDefined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOWDefined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIALDefined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETEDefined in CVSS v2
CVSSConfidentialityImpact, CVSSConfidentialityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- CVSSConfidentiality
Impact Impact Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- CVSSConfidentiality
Impact Impact High - IMPACT_HIGHDefined in CVSS v3
- CVSSConfidentiality
Impact Impact Low - IMPACT_LOWDefined in CVSS v3
- CVSSConfidentiality
Impact Impact None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- CVSSConfidentiality
Impact Impact Partial - IMPACT_PARTIALDefined in CVSS v2
- CVSSConfidentiality
Impact Impact Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGHDefined in CVSS v3
- IMPACT_LOW
- IMPACT_LOWDefined in CVSS v3
- IMPACT_NONE
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIALDefined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETEDefined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGHDefined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOWDefined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIALDefined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETEDefined in CVSS v2
CVSSIntegrityImpact, CVSSIntegrityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- CVSSIntegrity
Impact Impact Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- CVSSIntegrity
Impact Impact High - IMPACT_HIGHDefined in CVSS v3
- CVSSIntegrity
Impact Impact Low - IMPACT_LOWDefined in CVSS v3
- CVSSIntegrity
Impact Impact None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- CVSSIntegrity
Impact Impact Partial - IMPACT_PARTIALDefined in CVSS v2
- CVSSIntegrity
Impact Impact Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- Impact
Unspecified - IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- Impact
High - IMPACT_HIGHDefined in CVSS v3
- Impact
Low - IMPACT_LOWDefined in CVSS v3
- Impact
None - IMPACT_NONEDefined in CVSS v3, CVSS v2
- Impact
Partial - IMPACT_PARTIALDefined in CVSS v2
- Impact
Complete - IMPACT_COMPLETEDefined in CVSS v2
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- IMPACT_HIGH
- IMPACT_HIGHDefined in CVSS v3
- IMPACT_LOW
- IMPACT_LOWDefined in CVSS v3
- IMPACT_NONE
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- IMPACT_PARTIAL
- IMPACT_PARTIALDefined in CVSS v2
- IMPACT_COMPLETE
- IMPACT_COMPLETEDefined in CVSS v2
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIEDDefined in CVSS v3, CVSS v2
- "IMPACT_HIGH"
- IMPACT_HIGHDefined in CVSS v3
- "IMPACT_LOW"
- IMPACT_LOWDefined in CVSS v3
- "IMPACT_NONE"
- IMPACT_NONEDefined in CVSS v3, CVSS v2
- "IMPACT_PARTIAL"
- IMPACT_PARTIALDefined in CVSS v2
- "IMPACT_COMPLETE"
- IMPACT_COMPLETEDefined in CVSS v2
CVSSPrivilegesRequired, CVSSPrivilegesRequiredArgs
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
- CVSSPrivileges
Required Privileges Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- CVSSPrivileges
Required Privileges Required None - PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- CVSSPrivileges
Required Privileges Required Low - PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- CVSSPrivileges
Required Privileges Required High - PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- Privileges
Required None - PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
- "PRIVILEGES_REQUIRED_UNSPECIFIED"
- PRIVILEGES_REQUIRED_UNSPECIFIEDDefined in CVSS v3
- "PRIVILEGES_REQUIRED_NONE"
- PRIVILEGES_REQUIRED_NONEDefined in CVSS v3
- "PRIVILEGES_REQUIRED_LOW"
- PRIVILEGES_REQUIRED_LOWDefined in CVSS v3
- "PRIVILEGES_REQUIRED_HIGH"
- PRIVILEGES_REQUIRED_HIGHDefined in CVSS v3
CVSSResponse, CVSSResponseArgs
- Attack
Complexity string - Defined in CVSS v3, CVSS v2
- Attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
- Defined in CVSS v2
- Availability
Impact string - Defined in CVSS v3, CVSS v2
- Base
Score double - The base score is a function of the base metric scores.
- Confidentiality
Impact string - Defined in CVSS v3, CVSS v2
- Exploitability
Score double - Impact
Score double - Integrity
Impact string - Defined in CVSS v3, CVSS v2
- Privileges
Required string - Defined in CVSS v3
- Scope string
- Defined in CVSS v3
- User
Interaction string - Defined in CVSS v3
- Attack
Complexity string - Defined in CVSS v3, CVSS v2
- Attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- Authentication string
- Defined in CVSS v2
- Availability
Impact string - Defined in CVSS v3, CVSS v2
- Base
Score float64 - The base score is a function of the base metric scores.
- Confidentiality
Impact string - Defined in CVSS v3, CVSS v2
- Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact string - Defined in CVSS v3, CVSS v2
- Privileges
Required string - Defined in CVSS v3
- Scope string
- Defined in CVSS v3
- User
Interaction string - Defined in CVSS v3
- attack
Complexity String - Defined in CVSS v3, CVSS v2
- attack
Vector String - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
- Defined in CVSS v2
- availability
Impact String - Defined in CVSS v3, CVSS v2
- base
Score Double - The base score is a function of the base metric scores.
- confidentiality
Impact String - Defined in CVSS v3, CVSS v2
- exploitability
Score Double - impact
Score Double - integrity
Impact String - Defined in CVSS v3, CVSS v2
- privileges
Required String - Defined in CVSS v3
- scope String
- Defined in CVSS v3
- user
Interaction String - Defined in CVSS v3
- attack
Complexity string - Defined in CVSS v3, CVSS v2
- attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication string
- Defined in CVSS v2
- availability
Impact string - Defined in CVSS v3, CVSS v2
- base
Score number - The base score is a function of the base metric scores.
- confidentiality
Impact string - Defined in CVSS v3, CVSS v2
- exploitability
Score number - impact
Score number - integrity
Impact string - Defined in CVSS v3, CVSS v2
- privileges
Required string - Defined in CVSS v3
- scope string
- Defined in CVSS v3
- user
Interaction string - Defined in CVSS v3
- attack_
complexity str - Defined in CVSS v3, CVSS v2
- attack_
vector str - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication str
- Defined in CVSS v2
- availability_
impact str - Defined in CVSS v3, CVSS v2
- base_
score float - The base score is a function of the base metric scores.
- confidentiality_
impact str - Defined in CVSS v3, CVSS v2
- exploitability_
score float - impact_
score float - integrity_
impact str - Defined in CVSS v3, CVSS v2
- privileges_
required str - Defined in CVSS v3
- scope str
- Defined in CVSS v3
- user_
interaction str - Defined in CVSS v3
- attack
Complexity String - Defined in CVSS v3, CVSS v2
- attack
Vector String - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
- authentication String
- Defined in CVSS v2
- availability
Impact String - Defined in CVSS v3, CVSS v2
- base
Score Number - The base score is a function of the base metric scores.
- confidentiality
Impact String - Defined in CVSS v3, CVSS v2
- exploitability
Score Number - impact
Score Number - integrity
Impact String - Defined in CVSS v3, CVSS v2
- privileges
Required String - Defined in CVSS v3
- scope String
- Defined in CVSS v3
- user
Interaction String - Defined in CVSS v3
CVSSScope, CVSSScopeArgs
- Scope
Unspecified - SCOPE_UNSPECIFIEDDefined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGEDDefined in CVSS v3
- Scope
Changed - SCOPE_CHANGEDDefined in CVSS v3
- CVSSScope
Scope Unspecified - SCOPE_UNSPECIFIEDDefined in CVSS v3
- CVSSScope
Scope Unchanged - SCOPE_UNCHANGEDDefined in CVSS v3
- CVSSScope
Scope Changed - SCOPE_CHANGEDDefined in CVSS v3
- Scope
Unspecified - SCOPE_UNSPECIFIEDDefined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGEDDefined in CVSS v3
- Scope
Changed - SCOPE_CHANGEDDefined in CVSS v3
- Scope
Unspecified - SCOPE_UNSPECIFIEDDefined in CVSS v3
- Scope
Unchanged - SCOPE_UNCHANGEDDefined in CVSS v3
- Scope
Changed - SCOPE_CHANGEDDefined in CVSS v3
- SCOPE_UNSPECIFIED
- SCOPE_UNSPECIFIEDDefined in CVSS v3
- SCOPE_UNCHANGED
- SCOPE_UNCHANGEDDefined in CVSS v3
- SCOPE_CHANGED
- SCOPE_CHANGEDDefined in CVSS v3
- "SCOPE_UNSPECIFIED"
- SCOPE_UNSPECIFIEDDefined in CVSS v3
- "SCOPE_UNCHANGED"
- SCOPE_UNCHANGEDDefined in CVSS v3
- "SCOPE_CHANGED"
- SCOPE_CHANGEDDefined in CVSS v3
CVSSUserInteraction, CVSSUserInteractionArgs
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONEDefined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIREDDefined in CVSS v3
- CVSSUser
Interaction User Interaction Unspecified - USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- CVSSUser
Interaction User Interaction None - USER_INTERACTION_NONEDefined in CVSS v3
- CVSSUser
Interaction User Interaction Required - USER_INTERACTION_REQUIREDDefined in CVSS v3
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONEDefined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIREDDefined in CVSS v3
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- User
Interaction None - USER_INTERACTION_NONEDefined in CVSS v3
- User
Interaction Required - USER_INTERACTION_REQUIREDDefined in CVSS v3
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- USER_INTERACTION_NONE
- USER_INTERACTION_NONEDefined in CVSS v3
- USER_INTERACTION_REQUIRED
- USER_INTERACTION_REQUIREDDefined in CVSS v3
- "USER_INTERACTION_UNSPECIFIED"
- USER_INTERACTION_UNSPECIFIEDDefined in CVSS v3
- "USER_INTERACTION_NONE"
- USER_INTERACTION_NONEDefined in CVSS v3
- "USER_INTERACTION_REQUIRED"
- USER_INTERACTION_REQUIREDDefined in CVSS v3
CVSSv3, CVSSv3Args
- Attack
Complexity Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Attack Complexity - Attack
Vector Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Attack Vector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Availability Impact - Base
Score double - The base score is a function of the base metric scores.
- Confidentiality
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Confidentiality Impact - Exploitability
Score double - Impact
Score double - Integrity
Impact Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Integrity Impact - Privileges
Required Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3Privileges Required - Scope
Pulumi.
Google Native. Container Analysis. V1Beta1. CVSSv3Scope - User
Interaction Pulumi.Google Native. Container Analysis. V1Beta1. CVSSv3User Interaction
- Attack
Complexity CVSSv3AttackComplexity - Attack
Vector CVSSv3AttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact CVSSv3AvailabilityImpact - Base
Score float64 - The base score is a function of the base metric scores.
- Confidentiality
Impact CVSSv3ConfidentialityImpact - Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact CVSSv3IntegrityImpact - Privileges
Required CVSSv3PrivilegesRequired - Scope CVSSv3Scope
- User
Interaction CVSSv3UserInteraction
- attack
Complexity CVSSv3AttackComplexity - attack
Vector CVSSv3AttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact CVSSv3AvailabilityImpact - base
Score Double - The base score is a function of the base metric scores.
- confidentiality
Impact CVSSv3ConfidentialityImpact - exploitability
Score Double - impact
Score Double - integrity
Impact CVSSv3IntegrityImpact - privileges
Required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user
Interaction CVSSv3UserInteraction
- attack
Complexity CVSSv3AttackComplexity - attack
Vector CVSSv3AttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact CVSSv3AvailabilityImpact - base
Score number - The base score is a function of the base metric scores.
- confidentiality
Impact CVSSv3ConfidentialityImpact - exploitability
Score number - impact
Score number - integrity
Impact CVSSv3IntegrityImpact - privileges
Required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user
Interaction CVSSv3UserInteraction
- attack_
complexity CVSSv3AttackComplexity - attack_
vector CVSSv3AttackVector - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability_
impact CVSSv3AvailabilityImpact - base_
score float - The base score is a function of the base metric scores.
- confidentiality_
impact CVSSv3ConfidentialityImpact - exploitability_
score float - impact_
score float - integrity_
impact CVSSv3IntegrityImpact - privileges_
required CVSSv3PrivilegesRequired - scope CVSSv3Scope
- user_
interaction CVSSv3UserInteraction
- attack
Complexity "ATTACK_COMPLEXITY_UNSPECIFIED" | "ATTACK_COMPLEXITY_LOW" | "ATTACK_COMPLEXITY_HIGH" - attack
Vector "ATTACK_VECTOR_UNSPECIFIED" | "ATTACK_VECTOR_NETWORK" | "ATTACK_VECTOR_ADJACENT" | "ATTACK_VECTOR_LOCAL" | "ATTACK_VECTOR_PHYSICAL" - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - base
Score Number - The base score is a function of the base metric scores.
- confidentiality
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - exploitability
Score Number - impact
Score Number - integrity
Impact "IMPACT_UNSPECIFIED" | "IMPACT_HIGH" | "IMPACT_LOW" | "IMPACT_NONE" - privileges
Required "PRIVILEGES_REQUIRED_UNSPECIFIED" | "PRIVILEGES_REQUIRED_NONE" | "PRIVILEGES_REQUIRED_LOW" | "PRIVILEGES_REQUIRED_HIGH" - scope "SCOPE_UNSPECIFIED" | "SCOPE_UNCHANGED" | "SCOPE_CHANGED"
- user
Interaction "USER_INTERACTION_UNSPECIFIED" | "USER_INTERACTION_NONE" | "USER_INTERACTION_REQUIRED"
CVSSv3AttackComplexity, CVSSv3AttackComplexityArgs
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- CVSSv3Attack
Complexity Attack Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- CVSSv3Attack
Complexity Attack Complexity Low - ATTACK_COMPLEXITY_LOW
- CVSSv3Attack
Complexity Attack Complexity High - ATTACK_COMPLEXITY_HIGH
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- Attack
Complexity Unspecified - ATTACK_COMPLEXITY_UNSPECIFIED
- Attack
Complexity Low - ATTACK_COMPLEXITY_LOW
- Attack
Complexity High - ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_UNSPECIFIED
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_LOW
- ATTACK_COMPLEXITY_HIGH
- ATTACK_COMPLEXITY_HIGH
- "ATTACK_COMPLEXITY_UNSPECIFIED"
- ATTACK_COMPLEXITY_UNSPECIFIED
- "ATTACK_COMPLEXITY_LOW"
- ATTACK_COMPLEXITY_LOW
- "ATTACK_COMPLEXITY_HIGH"
- ATTACK_COMPLEXITY_HIGH
CVSSv3AttackVector, CVSSv3AttackVectorArgs
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- CVSSv3Attack
Vector Attack Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- CVSSv3Attack
Vector Attack Vector Network - ATTACK_VECTOR_NETWORK
- CVSSv3Attack
Vector Attack Vector Adjacent - ATTACK_VECTOR_ADJACENT
- CVSSv3Attack
Vector Attack Vector Local - ATTACK_VECTOR_LOCAL
- CVSSv3Attack
Vector Attack Vector Physical - ATTACK_VECTOR_PHYSICAL
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- Attack
Vector Unspecified - ATTACK_VECTOR_UNSPECIFIED
- Attack
Vector Network - ATTACK_VECTOR_NETWORK
- Attack
Vector Adjacent - ATTACK_VECTOR_ADJACENT
- Attack
Vector Local - ATTACK_VECTOR_LOCAL
- Attack
Vector Physical - ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_UNSPECIFIED
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_NETWORK
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_ADJACENT
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_LOCAL
- ATTACK_VECTOR_PHYSICAL
- ATTACK_VECTOR_PHYSICAL
- "ATTACK_VECTOR_UNSPECIFIED"
- ATTACK_VECTOR_UNSPECIFIED
- "ATTACK_VECTOR_NETWORK"
- ATTACK_VECTOR_NETWORK
- "ATTACK_VECTOR_ADJACENT"
- ATTACK_VECTOR_ADJACENT
- "ATTACK_VECTOR_LOCAL"
- ATTACK_VECTOR_LOCAL
- "ATTACK_VECTOR_PHYSICAL"
- ATTACK_VECTOR_PHYSICAL
CVSSv3AvailabilityImpact, CVSSv3AvailabilityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Availability
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Availability
Impact Impact High - IMPACT_HIGH
- CVSSv3Availability
Impact Impact Low - IMPACT_LOW
- CVSSv3Availability
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3ConfidentialityImpact, CVSSv3ConfidentialityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Confidentiality
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Confidentiality
Impact Impact High - IMPACT_HIGH
- CVSSv3Confidentiality
Impact Impact Low - IMPACT_LOW
- CVSSv3Confidentiality
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3IntegrityImpact, CVSSv3IntegrityImpactArgs
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- CVSSv3Integrity
Impact Impact Unspecified - IMPACT_UNSPECIFIED
- CVSSv3Integrity
Impact Impact High - IMPACT_HIGH
- CVSSv3Integrity
Impact Impact Low - IMPACT_LOW
- CVSSv3Integrity
Impact Impact None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- Impact
Unspecified - IMPACT_UNSPECIFIED
- Impact
High - IMPACT_HIGH
- Impact
Low - IMPACT_LOW
- Impact
None - IMPACT_NONE
- IMPACT_UNSPECIFIED
- IMPACT_UNSPECIFIED
- IMPACT_HIGH
- IMPACT_HIGH
- IMPACT_LOW
- IMPACT_LOW
- IMPACT_NONE
- IMPACT_NONE
- "IMPACT_UNSPECIFIED"
- IMPACT_UNSPECIFIED
- "IMPACT_HIGH"
- IMPACT_HIGH
- "IMPACT_LOW"
- IMPACT_LOW
- "IMPACT_NONE"
- IMPACT_NONE
CVSSv3PrivilegesRequired, CVSSv3PrivilegesRequiredArgs
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- CVSSv3Privileges
Required Privileges Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- CVSSv3Privileges
Required Privileges Required None - PRIVILEGES_REQUIRED_NONE
- CVSSv3Privileges
Required Privileges Required Low - PRIVILEGES_REQUIRED_LOW
- CVSSv3Privileges
Required Privileges Required High - PRIVILEGES_REQUIRED_HIGH
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- Privileges
Required Unspecified - PRIVILEGES_REQUIRED_UNSPECIFIED
- Privileges
Required None - PRIVILEGES_REQUIRED_NONE
- Privileges
Required Low - PRIVILEGES_REQUIRED_LOW
- Privileges
Required High - PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_UNSPECIFIED
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_NONE
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_LOW
- PRIVILEGES_REQUIRED_HIGH
- PRIVILEGES_REQUIRED_HIGH
- "PRIVILEGES_REQUIRED_UNSPECIFIED"
- PRIVILEGES_REQUIRED_UNSPECIFIED
- "PRIVILEGES_REQUIRED_NONE"
- PRIVILEGES_REQUIRED_NONE
- "PRIVILEGES_REQUIRED_LOW"
- PRIVILEGES_REQUIRED_LOW
- "PRIVILEGES_REQUIRED_HIGH"
- PRIVILEGES_REQUIRED_HIGH
CVSSv3Response, CVSSv3ResponseArgs
- Attack
Complexity string - Attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact string - Base
Score double - The base score is a function of the base metric scores.
- Confidentiality
Impact string - Exploitability
Score double - Impact
Score double - Integrity
Impact string - Privileges
Required string - Scope string
- User
Interaction string
- Attack
Complexity string - Attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- Availability
Impact string - Base
Score float64 - The base score is a function of the base metric scores.
- Confidentiality
Impact string - Exploitability
Score float64 - Impact
Score float64 - Integrity
Impact string - Privileges
Required string - Scope string
- User
Interaction string
- attack
Complexity String - attack
Vector String - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact String - base
Score Double - The base score is a function of the base metric scores.
- confidentiality
Impact String - exploitability
Score Double - impact
Score Double - integrity
Impact String - privileges
Required String - scope String
- user
Interaction String
- attack
Complexity string - attack
Vector string - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact string - base
Score number - The base score is a function of the base metric scores.
- confidentiality
Impact string - exploitability
Score number - impact
Score number - integrity
Impact string - privileges
Required string - scope string
- user
Interaction string
- attack_
complexity str - attack_
vector str - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability_
impact str - base_
score float - The base score is a function of the base metric scores.
- confidentiality_
impact str - exploitability_
score float - impact_
score float - integrity_
impact str - privileges_
required str - scope str
- user_
interaction str
- attack
Complexity String - attack
Vector String - Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
- availability
Impact String - base
Score Number - The base score is a function of the base metric scores.
- confidentiality
Impact String - exploitability
Score Number - impact
Score Number - integrity
Impact String - privileges
Required String - scope String
- user
Interaction String
CVSSv3Scope, CVSSv3ScopeArgs
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- CVSSv3Scope
Scope Unspecified - SCOPE_UNSPECIFIED
- CVSSv3Scope
Scope Unchanged - SCOPE_UNCHANGED
- CVSSv3Scope
Scope Changed - SCOPE_CHANGED
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- Scope
Unspecified - SCOPE_UNSPECIFIED
- Scope
Unchanged - SCOPE_UNCHANGED
- Scope
Changed - SCOPE_CHANGED
- SCOPE_UNSPECIFIED
- SCOPE_UNSPECIFIED
- SCOPE_UNCHANGED
- SCOPE_UNCHANGED
- SCOPE_CHANGED
- SCOPE_CHANGED
- "SCOPE_UNSPECIFIED"
- SCOPE_UNSPECIFIED
- "SCOPE_UNCHANGED"
- SCOPE_UNCHANGED
- "SCOPE_CHANGED"
- SCOPE_CHANGED
CVSSv3UserInteraction, CVSSv3UserInteractionArgs
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- CVSSv3User
Interaction User Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- CVSSv3User
Interaction User Interaction None - USER_INTERACTION_NONE
- CVSSv3User
Interaction User Interaction Required - USER_INTERACTION_REQUIRED
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- User
Interaction Unspecified - USER_INTERACTION_UNSPECIFIED
- User
Interaction None - USER_INTERACTION_NONE
- User
Interaction Required - USER_INTERACTION_REQUIRED
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_UNSPECIFIED
- USER_INTERACTION_NONE
- USER_INTERACTION_NONE
- USER_INTERACTION_REQUIRED
- USER_INTERACTION_REQUIRED
- "USER_INTERACTION_UNSPECIFIED"
- USER_INTERACTION_UNSPECIFIED
- "USER_INTERACTION_NONE"
- USER_INTERACTION_NONE
- "USER_INTERACTION_REQUIRED"
- USER_INTERACTION_REQUIRED
Deployable, DeployableArgs
- Resource
Uri List<string> - Resource URI for the artifact being deployed.
- Resource
Uri []string - Resource URI for the artifact being deployed.
- resource
Uri List<String> - Resource URI for the artifact being deployed.
- resource
Uri string[] - Resource URI for the artifact being deployed.
- resource_
uri Sequence[str] - Resource URI for the artifact being deployed.
- resource
Uri List<String> - Resource URI for the artifact being deployed.
DeployableResponse, DeployableResponseArgs
- Resource
Uri List<string> - Resource URI for the artifact being deployed.
- Resource
Uri []string - Resource URI for the artifact being deployed.
- resource
Uri List<String> - Resource URI for the artifact being deployed.
- resource
Uri string[] - Resource URI for the artifact being deployed.
- resource_
uri Sequence[str] - Resource URI for the artifact being deployed.
- resource
Uri List<String> - Resource URI for the artifact being deployed.
Detail, DetailArgs
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Package string
- The name of the package where the vulnerability was found.
- Description string
- A vendor-specific description of this note.
- Fixed
Location Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Location - The fix for this specific package version.
- Is
Obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version - The max version of the package in which the vulnerability exists.
- Min
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version - The min version of the package in which the vulnerability exists.
- Package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- Source string
- The source from which the information in this Detail was obtained.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
- The name of the vendor of the product.
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Package string
- The name of the package where the vulnerability was found.
- Description string
- A vendor-specific description of this note.
- Fixed
Location VulnerabilityLocation - The fix for this specific package version.
- Is
Obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected VersionVersion - The max version of the package in which the vulnerability exists.
- Min
Affected VersionVersion - The min version of the package in which the vulnerability exists.
- Package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- Source string
- The source from which the information in this Detail was obtained.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
- The name of the vendor of the product.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package_ String
- The name of the package where the vulnerability was found.
- description String
- A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation - The fix for this specific package version.
- is
Obsolete Boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion - The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion - The min version of the package in which the vulnerability exists.
- package
Type String - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String - The severity (eg: distro assigned severity) for this vulnerability.
- source String
- The source from which the information in this Detail was obtained.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
- The name of the vendor of the product.
- cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package string
- The name of the package where the vulnerability was found.
- description string
- A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation - The fix for this specific package version.
- is
Obsolete boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion - The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion - The min version of the package in which the vulnerability exists.
- package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- source string
- The source from which the information in this Detail was obtained.
- source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor string
- The name of the vendor of the product.
- cpe_
uri str - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package str
- The name of the package where the vulnerability was found.
- description str
- A vendor-specific description of this note.
- fixed_
location VulnerabilityLocation - The fix for this specific package version.
- is_
obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max_
affected_ Versionversion - The max version of the package in which the vulnerability exists.
- min_
affected_ Versionversion - The min version of the package in which the vulnerability exists.
- package_
type str - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity_
name str - The severity (eg: distro assigned severity) for this vulnerability.
- source str
- The source from which the information in this Detail was obtained.
- source_
update_ strtime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor str
- The name of the vendor of the product.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- package String
- The name of the package where the vulnerability was found.
- description String
- A vendor-specific description of this note.
- fixed
Location Property Map - The fix for this specific package version.
- is
Obsolete Boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected Property MapVersion - The max version of the package in which the vulnerability exists.
- min
Affected Property MapVersion - The min version of the package in which the vulnerability exists.
- package
Type String - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String - The severity (eg: distro assigned severity) for this vulnerability.
- source String
- The source from which the information in this Detail was obtained.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
- The name of the vendor of the product.
DetailResponse, DetailResponseArgs
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
- A vendor-specific description of this note.
- Fixed
Location Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Vulnerability Location Response - The fix for this specific package version.
- Is
Obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version Response - The max version of the package in which the vulnerability exists.
- Min
Affected Pulumi.Version Google Native. Container Analysis. V1Beta1. Inputs. Version Response - The min version of the package in which the vulnerability exists.
- Package string
- The name of the package where the vulnerability was found.
- Package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- Source string
- The source from which the information in this Detail was obtained.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
- The name of the vendor of the product.
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
- A vendor-specific description of this note.
- Fixed
Location VulnerabilityLocation Response - The fix for this specific package version.
- Is
Obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- Max
Affected VersionVersion Response - The max version of the package in which the vulnerability exists.
- Min
Affected VersionVersion Response - The min version of the package in which the vulnerability exists.
- Package string
- The name of the package where the vulnerability was found.
- Package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- Severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- Source string
- The source from which the information in this Detail was obtained.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Vendor string
- The name of the vendor of the product.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
- A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation Response - The fix for this specific package version.
- is
Obsolete Boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion Response - The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion Response - The min version of the package in which the vulnerability exists.
- package
Type String - The type of package; whether native or non native(ruby gems, node.js packages etc).
- package_ String
- The name of the package where the vulnerability was found.
- severity
Name String - The severity (eg: distro assigned severity) for this vulnerability.
- source String
- The source from which the information in this Detail was obtained.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
- The name of the vendor of the product.
- cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description string
- A vendor-specific description of this note.
- fixed
Location VulnerabilityLocation Response - The fix for this specific package version.
- is
Obsolete boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected VersionVersion Response - The max version of the package in which the vulnerability exists.
- min
Affected VersionVersion Response - The min version of the package in which the vulnerability exists.
- package string
- The name of the package where the vulnerability was found.
- package
Type string - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name string - The severity (eg: distro assigned severity) for this vulnerability.
- source string
- The source from which the information in this Detail was obtained.
- source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor string
- The name of the vendor of the product.
- cpe_
uri str - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description str
- A vendor-specific description of this note.
- fixed_
location VulnerabilityLocation Response - The fix for this specific package version.
- is_
obsolete bool - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max_
affected_ Versionversion Response - The max version of the package in which the vulnerability exists.
- min_
affected_ Versionversion Response - The min version of the package in which the vulnerability exists.
- package str
- The name of the package where the vulnerability was found.
- package_
type str - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity_
name str - The severity (eg: distro assigned severity) for this vulnerability.
- source str
- The source from which the information in this Detail was obtained.
- source_
update_ strtime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor str
- The name of the vendor of the product.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
- A vendor-specific description of this note.
- fixed
Location Property Map - The fix for this specific package version.
- is
Obsolete Boolean - Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
- max
Affected Property MapVersion - The max version of the package in which the vulnerability exists.
- min
Affected Property MapVersion - The min version of the package in which the vulnerability exists.
- package String
- The name of the package where the vulnerability was found.
- package
Type String - The type of package; whether native or non native(ruby gems, node.js packages etc).
- severity
Name String - The severity (eg: distro assigned severity) for this vulnerability.
- source String
- The source from which the information in this Detail was obtained.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- vendor String
- The name of the vendor of the product.
Digest, DigestArgs
- Algo string
SHA1
,SHA512
etc.- Digest
Bytes string - Value of the digest.
- Algo string
SHA1
,SHA512
etc.- Digest
Bytes string - Value of the digest.
- algo String
SHA1
,SHA512
etc.- digest
Bytes String - Value of the digest.
- algo string
SHA1
,SHA512
etc.- digest
Bytes string - Value of the digest.
- algo str
SHA1
,SHA512
etc.- digest_
bytes str - Value of the digest.
- algo String
SHA1
,SHA512
etc.- digest
Bytes String - Value of the digest.
DigestResponse, DigestResponseArgs
- Algo string
SHA1
,SHA512
etc.- Digest
Bytes string - Value of the digest.
- Algo string
SHA1
,SHA512
etc.- Digest
Bytes string - Value of the digest.
- algo String
SHA1
,SHA512
etc.- digest
Bytes String - Value of the digest.
- algo string
SHA1
,SHA512
etc.- digest
Bytes string - Value of the digest.
- algo str
SHA1
,SHA512
etc.- digest_
bytes str - Value of the digest.
- algo String
SHA1
,SHA512
etc.- digest
Bytes String - Value of the digest.
Discovery, DiscoveryArgs
- Analysis
Kind Pulumi.Google Native. Container Analysis. V1Beta1. Discovery Analysis Kind - Immutable. The kind of analysis that is handled by this discovery.
- Analysis
Kind DiscoveryAnalysis Kind - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind DiscoveryAnalysis Kind - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind DiscoveryAnalysis Kind - Immutable. The kind of analysis that is handled by this discovery.
- analysis_
kind DiscoveryAnalysis Kind - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind "NOTE_KIND_UNSPECIFIED" | "VULNERABILITY" | "BUILD" | "IMAGE" | "PACKAGE" | "DEPLOYMENT" | "DISCOVERY" | "ATTESTATION" | "INTOTO" | "SBOM" | "SPDX_PACKAGE" | "SPDX_FILE" | "SPDX_RELATIONSHIP" | "VULNERABILITY_ASSESSMENT" | "SBOM_REFERENCE" - Immutable. The kind of analysis that is handled by this discovery.
DiscoveryAnalysisKind, DiscoveryAnalysisKindArgs
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- Vulnerability
- VULNERABILITYThe note and occurrence represent a package vulnerability.
- Build
- BUILDThe note and occurrence assert build provenance.
- Image
- IMAGEThis represents an image basis relationship.
- Package
- PACKAGEThis represents a package installed via a package manager.
- Deployment
- DEPLOYMENTThe note and occurrence track deployment events.
- Discovery
- DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTOThis represents an in-toto link.
- Sbom
- SBOMThis represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGEThis represents an SPDX Package.
- Spdx
File - SPDX_FILEThis represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCEThis represents an SBOM Reference.
- Discovery
Analysis Kind Note Kind Unspecified - NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- Discovery
Analysis Kind Vulnerability - VULNERABILITYThe note and occurrence represent a package vulnerability.
- Discovery
Analysis Kind Build - BUILDThe note and occurrence assert build provenance.
- Discovery
Analysis Kind Image - IMAGEThis represents an image basis relationship.
- Discovery
Analysis Kind Package - PACKAGEThis represents a package installed via a package manager.
- Discovery
Analysis Kind Deployment - DEPLOYMENTThe note and occurrence track deployment events.
- Discovery
Analysis Kind Discovery - DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- Discovery
Analysis Kind Attestation - ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- Discovery
Analysis Kind Intoto - INTOTOThis represents an in-toto link.
- Discovery
Analysis Kind Sbom - SBOMThis represents a software bill of materials.
- Discovery
Analysis Kind Spdx Package - SPDX_PACKAGEThis represents an SPDX Package.
- Discovery
Analysis Kind Spdx File - SPDX_FILEThis represents an SPDX File.
- Discovery
Analysis Kind Spdx Relationship - SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- Discovery
Analysis Kind Vulnerability Assessment - VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- Discovery
Analysis Kind Sbom Reference - SBOM_REFERENCEThis represents an SBOM Reference.
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- Vulnerability
- VULNERABILITYThe note and occurrence represent a package vulnerability.
- Build
- BUILDThe note and occurrence assert build provenance.
- Image
- IMAGEThis represents an image basis relationship.
- Package
- PACKAGEThis represents a package installed via a package manager.
- Deployment
- DEPLOYMENTThe note and occurrence track deployment events.
- Discovery
- DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTOThis represents an in-toto link.
- Sbom
- SBOMThis represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGEThis represents an SPDX Package.
- Spdx
File - SPDX_FILEThis represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCEThis represents an SBOM Reference.
- Note
Kind Unspecified - NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- Vulnerability
- VULNERABILITYThe note and occurrence represent a package vulnerability.
- Build
- BUILDThe note and occurrence assert build provenance.
- Image
- IMAGEThis represents an image basis relationship.
- Package
- PACKAGEThis represents a package installed via a package manager.
- Deployment
- DEPLOYMENTThe note and occurrence track deployment events.
- Discovery
- DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- Attestation
- ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- Intoto
- INTOTOThis represents an in-toto link.
- Sbom
- SBOMThis represents a software bill of materials.
- Spdx
Package - SPDX_PACKAGEThis represents an SPDX Package.
- Spdx
File - SPDX_FILEThis represents an SPDX File.
- Spdx
Relationship - SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- Vulnerability
Assessment - VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- Sbom
Reference - SBOM_REFERENCEThis represents an SBOM Reference.
- NOTE_KIND_UNSPECIFIED
- NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- VULNERABILITY
- VULNERABILITYThe note and occurrence represent a package vulnerability.
- BUILD
- BUILDThe note and occurrence assert build provenance.
- IMAGE
- IMAGEThis represents an image basis relationship.
- PACKAGE
- PACKAGEThis represents a package installed via a package manager.
- DEPLOYMENT
- DEPLOYMENTThe note and occurrence track deployment events.
- DISCOVERY
- DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- ATTESTATION
- ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- INTOTO
- INTOTOThis represents an in-toto link.
- SBOM
- SBOMThis represents a software bill of materials.
- SPDX_PACKAGE
- SPDX_PACKAGEThis represents an SPDX Package.
- SPDX_FILE
- SPDX_FILEThis represents an SPDX File.
- SPDX_RELATIONSHIP
- SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- VULNERABILITY_ASSESSMENT
- VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- SBOM_REFERENCE
- SBOM_REFERENCEThis represents an SBOM Reference.
- "NOTE_KIND_UNSPECIFIED"
- NOTE_KIND_UNSPECIFIEDDefault value. This value is unused.
- "VULNERABILITY"
- VULNERABILITYThe note and occurrence represent a package vulnerability.
- "BUILD"
- BUILDThe note and occurrence assert build provenance.
- "IMAGE"
- IMAGEThis represents an image basis relationship.
- "PACKAGE"
- PACKAGEThis represents a package installed via a package manager.
- "DEPLOYMENT"
- DEPLOYMENTThe note and occurrence track deployment events.
- "DISCOVERY"
- DISCOVERYThe note and occurrence track the initial discovery status of a resource.
- "ATTESTATION"
- ATTESTATIONThis represents a logical "role" that can attest to artifacts.
- "INTOTO"
- INTOTOThis represents an in-toto link.
- "SBOM"
- SBOMThis represents a software bill of materials.
- "SPDX_PACKAGE"
- SPDX_PACKAGEThis represents an SPDX Package.
- "SPDX_FILE"
- SPDX_FILEThis represents an SPDX File.
- "SPDX_RELATIONSHIP"
- SPDX_RELATIONSHIPThis represents an SPDX Relationship.
- "VULNERABILITY_ASSESSMENT"
- VULNERABILITY_ASSESSMENTThis represents a Vulnerability Assessment.
- "SBOM_REFERENCE"
- SBOM_REFERENCEThis represents an SBOM Reference.
DiscoveryResponse, DiscoveryResponseArgs
- Analysis
Kind string - Immutable. The kind of analysis that is handled by this discovery.
- Analysis
Kind string - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind String - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind string - Immutable. The kind of analysis that is handled by this discovery.
- analysis_
kind str - Immutable. The kind of analysis that is handled by this discovery.
- analysis
Kind String - Immutable. The kind of analysis that is handled by this discovery.
Distribution, DistributionArgs
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- Architecture
Pulumi.
Google Native. Container Analysis. V1Beta1. Distribution Architecture - The CPU architecture for which packages in this distribution channel were built.
- Description string
- The distribution channel-specific description of this package.
- Latest
Version Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Version - The latest available version of this package in this distribution channel.
- Maintainer string
- A freeform string denoting the maintainer of this package.
- Url string
- The distribution channel-specific homepage for this package.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- Architecture
Distribution
Architecture - The CPU architecture for which packages in this distribution channel were built.
- Description string
- The distribution channel-specific description of this package.
- Latest
Version Version - The latest available version of this package in this distribution channel.
- Maintainer string
- A freeform string denoting the maintainer of this package.
- Url string
- The distribution channel-specific homepage for this package.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture - The CPU architecture for which packages in this distribution channel were built.
- description String
- The distribution channel-specific description of this package.
- latest
Version Version - The latest available version of this package in this distribution channel.
- maintainer String
- A freeform string denoting the maintainer of this package.
- url String
- The distribution channel-specific homepage for this package.
- cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture - The CPU architecture for which packages in this distribution channel were built.
- description string
- The distribution channel-specific description of this package.
- latest
Version Version - The latest available version of this package in this distribution channel.
- maintainer string
- A freeform string denoting the maintainer of this package.
- url string
- The distribution channel-specific homepage for this package.
- cpe_
uri str - The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture
Distribution
Architecture - The CPU architecture for which packages in this distribution channel were built.
- description str
- The distribution channel-specific description of this package.
- latest_
version Version - The latest available version of this package in this distribution channel.
- maintainer str
- A freeform string denoting the maintainer of this package.
- url str
- The distribution channel-specific homepage for this package.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package.
- architecture "ARCHITECTURE_UNSPECIFIED" | "X86" | "X64"
- The CPU architecture for which packages in this distribution channel were built.
- description String
- The distribution channel-specific description of this package.
- latest
Version Property Map - The latest available version of this package in this distribution channel.
- maintainer String
- A freeform string denoting the maintainer of this package.
- url String
- The distribution channel-specific homepage for this package.
DistributionArchitecture, DistributionArchitectureArgs
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- Distribution
Architecture Architecture Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- Distribution
Architecture X86 - X86X86 architecture.
- Distribution
Architecture X64 - X64X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- ARCHITECTURE_UNSPECIFIED
- ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- "ARCHITECTURE_UNSPECIFIED"
- ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- "X86"
- X86X86 architecture.
- "X64"
- X64X64 architecture.
DistributionResponse, DistributionResponseArgs
- Architecture string
- The CPU architecture for which packages in this distribution channel were built.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- Description string
- The distribution channel-specific description of this package.
- Latest
Version Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Version Response - The latest available version of this package in this distribution channel.
- Maintainer string
- A freeform string denoting the maintainer of this package.
- Url string
- The distribution channel-specific homepage for this package.
- Architecture string
- The CPU architecture for which packages in this distribution channel were built.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- Description string
- The distribution channel-specific description of this package.
- Latest
Version VersionResponse - The latest available version of this package in this distribution channel.
- Maintainer string
- A freeform string denoting the maintainer of this package.
- Url string
- The distribution channel-specific homepage for this package.
- architecture String
- The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package.
- description String
- The distribution channel-specific description of this package.
- latest
Version VersionResponse - The latest available version of this package in this distribution channel.
- maintainer String
- A freeform string denoting the maintainer of this package.
- url String
- The distribution channel-specific homepage for this package.
- architecture string
- The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package.
- description string
- The distribution channel-specific description of this package.
- latest
Version VersionResponse - The latest available version of this package in this distribution channel.
- maintainer string
- A freeform string denoting the maintainer of this package.
- url string
- The distribution channel-specific homepage for this package.
- architecture str
- The CPU architecture for which packages in this distribution channel were built.
- cpe_
uri str - The cpe_uri in CPE format denoting the package manager version distributing a package.
- description str
- The distribution channel-specific description of this package.
- latest_
version VersionResponse - The latest available version of this package in this distribution channel.
- maintainer str
- A freeform string denoting the maintainer of this package.
- url str
- The distribution channel-specific homepage for this package.
- architecture String
- The CPU architecture for which packages in this distribution channel were built.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package.
- description String
- The distribution channel-specific description of this package.
- latest
Version Property Map - The latest available version of this package in this distribution channel.
- maintainer String
- A freeform string denoting the maintainer of this package.
- url String
- The distribution channel-specific homepage for this package.
DocumentNote, DocumentNoteArgs
- Data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- Data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data_
licence str - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx_
version str - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
DocumentNoteResponse, DocumentNoteResponseArgs
- Data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- Data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- Spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence string - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version string - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data_
licence str - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx_
version str - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
- data
Licence String - Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata")
- spdx
Version String - Provide a reference number that can be used to understand how to parse and interpret the rest of the file
ExternalRef, ExternalRefArgs
- Category
Pulumi.
Google Native. Container Analysis. V1Beta1. External Ref Category - An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
- Human-readable information about the purpose and target of the reference
- Locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- Category
External
Ref Category - An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
- Human-readable information about the purpose and target of the reference
- Locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category - An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
- Human-readable information about the purpose and target of the reference
- locator String
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category - An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment string
- Human-readable information about the purpose and target of the reference
- locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category
External
Ref Category - An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment str
- Human-readable information about the purpose and target of the reference
- locator str
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type str
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category "CATEGORY_UNSPECIFIED" | "SECURITY" | "PACKAGE_MANAGER" | "PERSISTENT_ID" | "OTHER"
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
- Human-readable information about the purpose and target of the reference
- locator String
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
ExternalRefCategory, ExternalRefCategoryArgs
- Category
Unspecified - CATEGORY_UNSPECIFIEDUnspecified
- Security
- SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_IDPersistent-Id (e.g. swh)
- Other
- OTHEROther
- External
Ref Category Category Unspecified - CATEGORY_UNSPECIFIEDUnspecified
- External
Ref Category Security - SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- External
Ref Category Package Manager - PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- External
Ref Category Persistent Id - PERSISTENT_IDPersistent-Id (e.g. swh)
- External
Ref Category Other - OTHEROther
- Category
Unspecified - CATEGORY_UNSPECIFIEDUnspecified
- Security
- SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_IDPersistent-Id (e.g. swh)
- Other
- OTHEROther
- Category
Unspecified - CATEGORY_UNSPECIFIEDUnspecified
- Security
- SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- Package
Manager - PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- Persistent
Id - PERSISTENT_IDPersistent-Id (e.g. swh)
- Other
- OTHEROther
- CATEGORY_UNSPECIFIED
- CATEGORY_UNSPECIFIEDUnspecified
- SECURITY
- SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- PACKAGE_MANAGER
- PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- PERSISTENT_ID
- PERSISTENT_IDPersistent-Id (e.g. swh)
- OTHER
- OTHEROther
- "CATEGORY_UNSPECIFIED"
- CATEGORY_UNSPECIFIEDUnspecified
- "SECURITY"
- SECURITYSecurity (e.g. cpe22Type, cpe23Type)
- "PACKAGE_MANAGER"
- PACKAGE_MANAGERPackage Manager (e.g. maven-central, npm, nuget, bower, purl)
- "PERSISTENT_ID"
- PERSISTENT_IDPersistent-Id (e.g. swh)
- "OTHER"
- OTHEROther
ExternalRefResponse, ExternalRefResponseArgs
- Category string
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
- Human-readable information about the purpose and target of the reference
- Locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- Category string
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- Comment string
- Human-readable information about the purpose and target of the reference
- Locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- Type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category String
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
- Human-readable information about the purpose and target of the reference
- locator String
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category string
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment string
- Human-readable information about the purpose and target of the reference
- locator string
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type string
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category str
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment str
- Human-readable information about the purpose and target of the reference
- locator str
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type str
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
- category String
- An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package
- comment String
- Human-readable information about the purpose and target of the reference
- locator String
- The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location
- type String
- Type of category (e.g. 'npm' for the PACKAGE_MANAGER category)
FileNote, FileNoteArgs
- Checksum List<string>
- Provide a unique identifier to match analysis information on each specific file in a package
- File
Type Pulumi.Google Native. Container Analysis. V1Beta1. File Note File Type - This field provides information about the type of file identified
- Title string
- Identify the full path and filename that corresponds to the file information in this section
- Checksum []string
- Provide a unique identifier to match analysis information on each specific file in a package
- File
Type FileNote File Type - This field provides information about the type of file identified
- Title string
- Identify the full path and filename that corresponds to the file information in this section
- checksum List<String>
- Provide a unique identifier to match analysis information on each specific file in a package
- file
Type FileNote File Type - This field provides information about the type of file identified
- title String
- Identify the full path and filename that corresponds to the file information in this section
- checksum string[]
- Provide a unique identifier to match analysis information on each specific file in a package
- file
Type FileNote File Type - This field provides information about the type of file identified
- title string
- Identify the full path and filename that corresponds to the file information in this section
- checksum Sequence[str]
- Provide a unique identifier to match analysis information on each specific file in a package
- file_
type FileNote File Type - This field provides information about the type of file identified
- title str
- Identify the full path and filename that corresponds to the file information in this section
- checksum List<String>
- Provide a unique identifier to match analysis information on each specific file in a package
- file
Type "FILE_TYPE_UNSPECIFIED" | "SOURCE" | "BINARY" | "ARCHIVE" | "APPLICATION" | "AUDIO" | "IMAGE" | "TEXT" | "VIDEO" | "DOCUMENTATION" | "SPDX" | "OTHER" - This field provides information about the type of file identified
- title String
- Identify the full path and filename that corresponds to the file information in this section
FileNoteFileType, FileNoteFileTypeArgs
- File
Type Unspecified - FILE_TYPE_UNSPECIFIEDUnspecified
- Source
- SOURCEThe file is human readable source code (.c, .html, etc.)
- Binary
- BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXTThe file is human readable text file (MIME type of text/*)
- Video
- VIDEOThe file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATIONThe file serves as documentation
- Spdx
- SPDXThe file is an SPDX document
- Other
- OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Note File Type File Type Unspecified - FILE_TYPE_UNSPECIFIEDUnspecified
- File
Note File Type Source - SOURCEThe file is human readable source code (.c, .html, etc.)
- File
Note File Type Binary - BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- File
Note File Type Archive - ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- File
Note File Type Application - APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- File
Note File Type Audio - AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- File
Note File Type Image - IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- File
Note File Type Text - TEXTThe file is human readable text file (MIME type of text/*)
- File
Note File Type Video - VIDEOThe file is associated with a video file type (MIME type of video/*)
- File
Note File Type Documentation - DOCUMENTATIONThe file serves as documentation
- File
Note File Type Spdx - SPDXThe file is an SPDX document
- File
Note File Type Other - OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Type Unspecified - FILE_TYPE_UNSPECIFIEDUnspecified
- Source
- SOURCEThe file is human readable source code (.c, .html, etc.)
- Binary
- BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXTThe file is human readable text file (MIME type of text/*)
- Video
- VIDEOThe file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATIONThe file serves as documentation
- Spdx
- SPDXThe file is an SPDX document
- Other
- OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
- File
Type Unspecified - FILE_TYPE_UNSPECIFIEDUnspecified
- Source
- SOURCEThe file is human readable source code (.c, .html, etc.)
- Binary
- BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- Archive
- ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- Application
- APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- Audio
- AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- Image
- IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- Text
- TEXTThe file is human readable text file (MIME type of text/*)
- Video
- VIDEOThe file is associated with a video file type (MIME type of video/*)
- Documentation
- DOCUMENTATIONThe file serves as documentation
- Spdx
- SPDXThe file is an SPDX document
- Other
- OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
- FILE_TYPE_UNSPECIFIED
- FILE_TYPE_UNSPECIFIEDUnspecified
- SOURCE
- SOURCEThe file is human readable source code (.c, .html, etc.)
- BINARY
- BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- ARCHIVE
- ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- APPLICATION
- APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- AUDIO
- AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- IMAGE
- IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- TEXT
- TEXTThe file is human readable text file (MIME type of text/*)
- VIDEO
- VIDEOThe file is associated with a video file type (MIME type of video/*)
- DOCUMENTATION
- DOCUMENTATIONThe file serves as documentation
- SPDX
- SPDXThe file is an SPDX document
- OTHER
- OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
- "FILE_TYPE_UNSPECIFIED"
- FILE_TYPE_UNSPECIFIEDUnspecified
- "SOURCE"
- SOURCEThe file is human readable source code (.c, .html, etc.)
- "BINARY"
- BINARYThe file is a compiled object, target image or binary executable (.o, .a, etc.)
- "ARCHIVE"
- ARCHIVEThe file represents an archive (.tar, .jar, etc.)
- "APPLICATION"
- APPLICATIONThe file is associated with a specific application type (MIME type of application/*)
- "AUDIO"
- AUDIOThe file is associated with an audio file (MIME type of audio/* , e.g. .mp3)
- "IMAGE"
- IMAGEThe file is associated with an picture image file (MIME type of image/*, e.g., .jpg, .gif)
- "TEXT"
- TEXTThe file is human readable text file (MIME type of text/*)
- "VIDEO"
- VIDEOThe file is associated with a video file type (MIME type of video/*)
- "DOCUMENTATION"
- DOCUMENTATIONThe file serves as documentation
- "SPDX"
- SPDXThe file is an SPDX document
- "OTHER"
- OTHERThe file doesn't fit into the above categories (generated artifacts, data files, etc.)
FileNoteResponse, FileNoteResponseArgs
Fingerprint, FingerprintArgs
FingerprintResponse, FingerprintResponseArgs
- V1Name string
- The layer ID of the final layer in the Docker image's v1 representation.
- V2Blob List<string>
- The ordered list of v2 blobs that represent a given image.
- V2Name string
- The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- V1Name string
- The layer ID of the final layer in the Docker image's v1 representation.
- V2Blob []string
- The ordered list of v2 blobs that represent a given image.
- V2Name string
- The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name String
- The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob List<String>
- The ordered list of v2 blobs that represent a given image.
- v2Name String
- The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name string
- The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob string[]
- The ordered list of v2 blobs that represent a given image.
- v2Name string
- The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1_
name str - The layer ID of the final layer in the Docker image's v1 representation.
- v2_
blob Sequence[str] - The ordered list of v2 blobs that represent a given image.
- v2_
name str - The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
- v1Name String
- The layer ID of the final layer in the Docker image's v1 representation.
- v2Blob List<String>
- The ordered list of v2 blobs that represent a given image.
- v2Name String
- The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
Hint, HintArgs
- Human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- Human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- human
Readable StringName - The human readable name of this attestation authority, for example "qa".
- human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- human_
readable_ strname - The human readable name of this attestation authority, for example "qa".
- human
Readable StringName - The human readable name of this attestation authority, for example "qa".
HintResponse, HintResponseArgs
- Human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- Human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- human
Readable StringName - The human readable name of this attestation authority, for example "qa".
- human
Readable stringName - The human readable name of this attestation authority, for example "qa".
- human_
readable_ strname - The human readable name of this attestation authority, for example "qa".
- human
Readable StringName - The human readable name of this attestation authority, for example "qa".
InToto, InTotoArgs
- Expected
Command List<string> - This field contains the expected command used to perform the step.
- Expected
Materials List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule> - Signing
Keys List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Signing Key> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string - This field identifies the name of the step in the supply chain.
- Threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- Expected
Command []string - This field contains the expected command used to perform the step.
- Expected
Materials []ArtifactRule - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products []ArtifactRule - Signing
Keys []SigningKey - This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string - This field identifies the name of the step in the supply chain.
- Threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> - This field contains the expected command used to perform the step.
- expected
Materials List<ArtifactRule> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<ArtifactRule> - signing
Keys List<SigningKey> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String - This field identifies the name of the step in the supply chain.
- threshold String
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command string[] - This field contains the expected command used to perform the step.
- expected
Materials ArtifactRule[] - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products ArtifactRule[] - signing
Keys SigningKey[] - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name string - This field identifies the name of the step in the supply chain.
- threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected_
command Sequence[str] - This field contains the expected command used to perform the step.
- expected_
materials Sequence[ArtifactRule] - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected_
products Sequence[ArtifactRule] - signing_
keys Sequence[SigningKey] - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step_
name str - This field identifies the name of the step in the supply chain.
- threshold str
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> - This field contains the expected command used to perform the step.
- expected
Materials List<Property Map> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<Property Map> - signing
Keys List<Property Map> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String - This field identifies the name of the step in the supply chain.
- threshold String
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
InTotoResponse, InTotoResponseArgs
- Expected
Command List<string> - This field contains the expected command used to perform the step.
- Expected
Materials List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule Response> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Artifact Rule Response> - Signing
Keys List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Signing Key Response> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string - This field identifies the name of the step in the supply chain.
- Threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- Expected
Command []string - This field contains the expected command used to perform the step.
- Expected
Materials []ArtifactRule Response - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- Expected
Products []ArtifactRule Response - Signing
Keys []SigningKey Response - This field contains the public keys that can be used to verify the signatures on the step metadata.
- Step
Name string - This field identifies the name of the step in the supply chain.
- Threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> - This field contains the expected command used to perform the step.
- expected
Materials List<ArtifactRule Response> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<ArtifactRule Response> - signing
Keys List<SigningKey Response> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String - This field identifies the name of the step in the supply chain.
- threshold String
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command string[] - This field contains the expected command used to perform the step.
- expected
Materials ArtifactRule Response[] - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products ArtifactRule Response[] - signing
Keys SigningKey Response[] - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name string - This field identifies the name of the step in the supply chain.
- threshold string
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected_
command Sequence[str] - This field contains the expected command used to perform the step.
- expected_
materials Sequence[ArtifactRule Response] - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected_
products Sequence[ArtifactRule Response] - signing_
keys Sequence[SigningKey Response] - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step_
name str - This field identifies the name of the step in the supply chain.
- threshold str
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
- expected
Command List<String> - This field contains the expected command used to perform the step.
- expected
Materials List<Property Map> - The following fields contain in-toto artifact rules identifying the artifacts that enter this supply chain step, and exit the supply chain step, i.e. materials and products of the step.
- expected
Products List<Property Map> - signing
Keys List<Property Map> - This field contains the public keys that can be used to verify the signatures on the step metadata.
- step
Name String - This field identifies the name of the step in the supply chain.
- threshold String
- This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link.
Justification, JustificationArgs
- Details string
- Additional details on why this justification was chosen.
- Justification
Type Pulumi.Google Native. Container Analysis. V1Beta1. Justification Justification Type - The justification type for this vulnerability.
- Details string
- Additional details on why this justification was chosen.
- Justification
Type JustificationJustification Type - The justification type for this vulnerability.
- details String
- Additional details on why this justification was chosen.
- justification
Type JustificationJustification Type - The justification type for this vulnerability.
- details string
- Additional details on why this justification was chosen.
- justification
Type JustificationJustification Type - The justification type for this vulnerability.
- details str
- Additional details on why this justification was chosen.
- justification_
type JustificationJustification Type - The justification type for this vulnerability.
- details String
- Additional details on why this justification was chosen.
- justification
Type "JUSTIFICATION_TYPE_UNSPECIFIED" | "COMPONENT_NOT_PRESENT" | "VULNERABLE_CODE_NOT_PRESENT" | "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH" | "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY" | "INLINE_MITIGATIONS_ALREADY_EXIST" - The justification type for this vulnerability.
JustificationJustificationType, JustificationJustificationTypeArgs
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Justification Type Justification Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- Justification
Justification Type Component Not Present - COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- Justification
Justification Type Vulnerable Code Not Present - VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Justification
Justification Type Vulnerable Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Justification
Justification Type Vulnerable Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Justification
Justification Type Inline Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- Justification
Type Unspecified - JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- Component
Not Present - COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- Vulnerable
Code Not Present - VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- Vulnerable
Code Not In Execute Path - VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- Vulnerable
Code Cannot Be Controlled By Adversary - VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- Inline
Mitigations Already Exist - INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- JUSTIFICATION_TYPE_UNSPECIFIED
- JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- COMPONENT_NOT_PRESENT
- COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- VULNERABLE_CODE_NOT_PRESENT
- VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATH
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- INLINE_MITIGATIONS_ALREADY_EXIST
- INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
- "JUSTIFICATION_TYPE_UNSPECIFIED"
- JUSTIFICATION_TYPE_UNSPECIFIEDJUSTIFICATION_TYPE_UNSPECIFIED.
- "COMPONENT_NOT_PRESENT"
- COMPONENT_NOT_PRESENTThe vulnerable component is not present in the product.
- "VULNERABLE_CODE_NOT_PRESENT"
- VULNERABLE_CODE_NOT_PRESENTThe vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
- "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH"
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATHThe vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
- "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY"
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARYThe vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
- "INLINE_MITIGATIONS_ALREADY_EXIST"
- INLINE_MITIGATIONS_ALREADY_EXISTThe product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
JustificationResponse, JustificationResponseArgs
- Details string
- Additional details on why this justification was chosen.
- Justification
Type string - The justification type for this vulnerability.
- Details string
- Additional details on why this justification was chosen.
- Justification
Type string - The justification type for this vulnerability.
- details String
- Additional details on why this justification was chosen.
- justification
Type String - The justification type for this vulnerability.
- details string
- Additional details on why this justification was chosen.
- justification
Type string - The justification type for this vulnerability.
- details str
- Additional details on why this justification was chosen.
- justification_
type str - The justification type for this vulnerability.
- details String
- Additional details on why this justification was chosen.
- justification
Type String - The justification type for this vulnerability.
KnowledgeBase, KnowledgeBaseArgs
KnowledgeBaseResponse, KnowledgeBaseResponseArgs
License, LicenseArgs
- Comments string
- Comments
- Expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- Comments string
- Comments
- Expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
- Comments
- expression String
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments string
- Comments
- expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments str
- Comments
- expression str
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
- Comments
- expression String
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
LicenseResponse, LicenseResponseArgs
- Comments string
- Comments
- Expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- Comments string
- Comments
- Expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
- Comments
- expression String
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments string
- Comments
- expression string
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments str
- Comments
- expression str
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
- comments String
- Comments
- expression String
- Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only AND MIT", "GPL-2.0-or-later WITH Bison-exception-2.2".
Package, PackageArgs
- Name string
- Immutable. The name of the package.
- Architecture
Pulumi.
Google Native. Container Analysis. V1Beta1. Package Architecture - The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
- The description of this package.
- Digest
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Digest> - Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Distribution> - The various channels by which a package is distributed.
- License
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. License - Licenses that have been declared by the authors of the package.
- Maintainer string
- A freeform text denoting the maintainer of this package.
- Package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
- The homepage for this package.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version - The version of the package.
- Name string
- Immutable. The name of the package.
- Architecture
Package
Architecture - The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
- The description of this package.
- Digest []Digest
- Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution []Distribution
- The various channels by which a package is distributed.
- License License
- Licenses that have been declared by the authors of the package.
- Maintainer string
- A freeform text denoting the maintainer of this package.
- Package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
- The homepage for this package.
- Version Version
- The version of the package.
- name String
- Immutable. The name of the package.
- architecture
Package
Architecture - The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
- The description of this package.
- digest List<Digest>
- Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Distribution>
- The various channels by which a package is distributed.
- license License
- Licenses that have been declared by the authors of the package.
- maintainer String
- A freeform text denoting the maintainer of this package.
- package
Type String - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
- The homepage for this package.
- version Version
- The version of the package.
- name string
- Immutable. The name of the package.
- architecture
Package
Architecture - The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description string
- The description of this package.
- digest Digest[]
- Hash value, typically a file digest, that allows unique identification a specific package.
- distribution Distribution[]
- The various channels by which a package is distributed.
- license License
- Licenses that have been declared by the authors of the package.
- maintainer string
- A freeform text denoting the maintainer of this package.
- package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url string
- The homepage for this package.
- version Version
- The version of the package.
- name str
- Immutable. The name of the package.
- architecture
Package
Architecture - The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe_
uri str - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description str
- The description of this package.
- digest Sequence[Digest]
- Hash value, typically a file digest, that allows unique identification a specific package.
- distribution Sequence[Distribution]
- The various channels by which a package is distributed.
- license License
- Licenses that have been declared by the authors of the package.
- maintainer str
- A freeform text denoting the maintainer of this package.
- package_
type str - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url str
- The homepage for this package.
- version Version
- The version of the package.
- name String
- Immutable. The name of the package.
- architecture "ARCHITECTURE_UNSPECIFIED" | "X86" | "X64"
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
- The description of this package.
- digest List<Property Map>
- Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Property Map>
- The various channels by which a package is distributed.
- license Property Map
- Licenses that have been declared by the authors of the package.
- maintainer String
- A freeform text denoting the maintainer of this package.
- package
Type String - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
- The homepage for this package.
- version Property Map
- The version of the package.
PackageArchitecture, PackageArchitectureArgs
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- Package
Architecture Architecture Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- Package
Architecture X86 - X86X86 architecture.
- Package
Architecture X64 - X64X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- Architecture
Unspecified - ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- ARCHITECTURE_UNSPECIFIED
- ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- X86
- X86X86 architecture.
- X64
- X64X64 architecture.
- "ARCHITECTURE_UNSPECIFIED"
- ARCHITECTURE_UNSPECIFIEDUnknown architecture.
- "X86"
- X86X86 architecture.
- "X64"
- X64X64 architecture.
PackageInfoNote, PackageInfoNoteArgs
- Analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
- Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string - A more detailed description of the package
- Download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. External Ref> - ExternalRef
- Files
License List<string>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. License - List the licenses that have been declared by the authors of the package
- Originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string - A short description of the package
- Supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
- Identify the full name of the package as given by the Package Originator
- Verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
- Identify the version of the package
- Analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
- Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string - A more detailed description of the package
- Download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs []ExternalRef - ExternalRef
- Files
License []stringInfo - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared License - List the licenses that have been declared by the authors of the package
- Originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string - A short description of the package
- Supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
- Identify the full name of the package as given by the Package Originator
- Verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
- Identify the version of the package
- analyzed Boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description String - A more detailed description of the package
- download
Location String - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<ExternalRef> - ExternalRef
- files
License List<String>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared License - List the licenses that have been declared by the authors of the package
- originator String
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String - A short description of the package
- supplier String
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
- Identify the full name of the package as given by the Package Originator
- verification
Code String - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
- Identify the version of the package
- analyzed boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright string
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description string - A more detailed description of the package
- download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs ExternalRef[] - ExternalRef
- files
License string[]Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared License - List the licenses that have been declared by the authors of the package
- originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description string - A short description of the package
- supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title string
- Identify the full name of the package as given by the Package Originator
- verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version string
- Identify the version of the package
- analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution str
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum str
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright str
- Identify the copyright holders of the package, as well as any dates present
- detailed_
description str - A more detailed description of the package
- download_
location str - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external_
refs Sequence[ExternalRef] - ExternalRef
- files_
license_ Sequence[str]info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home_
page str - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license_
declared License - List the licenses that have been declared by the authors of the package
- originator str
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package_
type str - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary_
description str - A short description of the package
- supplier str
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title str
- Identify the full name of the package as given by the Package Originator
- verification_
code str - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version str
- Identify the version of the package
- analyzed Boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description String - A more detailed description of the package
- download
Location String - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<Property Map> - ExternalRef
- files
License List<String>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared Property Map - List the licenses that have been declared by the authors of the package
- originator String
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String - A short description of the package
- supplier String
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
- Identify the full name of the package as given by the Package Originator
- verification
Code String - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
- Identify the version of the package
PackageInfoNoteResponse, PackageInfoNoteResponseArgs
- Analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
- Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string - A more detailed description of the package
- Download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. External Ref Response> - ExternalRef
- Files
License List<string>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. License Response - List the licenses that have been declared by the authors of the package
- Originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string - A short description of the package
- Supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
- Identify the full name of the package as given by the Package Originator
- Verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
- Identify the version of the package
- Analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- Attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- Checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- Copyright string
- Identify the copyright holders of the package, as well as any dates present
- Detailed
Description string - A more detailed description of the package
- Download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- External
Refs []ExternalRef Response - ExternalRef
- Files
License []stringInfo - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- Home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- License
Declared LicenseResponse - List the licenses that have been declared by the authors of the package
- Originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- Package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- Summary
Description string - A short description of the package
- Supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- Title string
- Identify the full name of the package as given by the Package Originator
- Verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- Version string
- Identify the version of the package
- analyzed Boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description String - A more detailed description of the package
- download
Location String - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<ExternalRef Response> - ExternalRef
- files
License List<String>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared LicenseResponse - List the licenses that have been declared by the authors of the package
- originator String
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String - A short description of the package
- supplier String
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
- Identify the full name of the package as given by the Package Originator
- verification
Code String - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
- Identify the version of the package
- analyzed boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution string
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum string
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright string
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description string - A more detailed description of the package
- download
Location string - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs ExternalRef Response[] - ExternalRef
- files
License string[]Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page string - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared LicenseResponse - List the licenses that have been declared by the authors of the package
- originator string
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type string - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description string - A short description of the package
- supplier string
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title string
- Identify the full name of the package as given by the Package Originator
- verification
Code string - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version string
- Identify the version of the package
- analyzed bool
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution str
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum str
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright str
- Identify the copyright holders of the package, as well as any dates present
- detailed_
description str - A more detailed description of the package
- download_
location str - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external_
refs Sequence[ExternalRef Response] - ExternalRef
- files_
license_ Sequence[str]info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home_
page str - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license_
declared LicenseResponse - List the licenses that have been declared by the authors of the package
- originator str
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package_
type str - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary_
description str - A short description of the package
- supplier str
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title str
- Identify the full name of the package as given by the Package Originator
- verification_
code str - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version str
- Identify the version of the package
- analyzed Boolean
- Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document
- attribution String
- A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts
- checksum String
- Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file
- copyright String
- Identify the copyright holders of the package, as well as any dates present
- detailed
Description String - A more detailed description of the package
- download
Location String - This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created
- external
Refs List<Property Map> - ExternalRef
- files
License List<String>Info - Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field – it is simply a listing of all licenses found
- home
Page String - Provide a place for the SPDX file creator to record a web site that serves as the package's home page
- license
Declared Property Map - List the licenses that have been declared by the authors of the package
- originator String
- If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came
- package
Type String - The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
- summary
Description String - A short description of the package
- supplier String
- Identify the actual distribution source for the package/directory identified in the SPDX file
- title String
- Identify the full name of the package as given by the Package Originator
- verification
Code String - This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file
- version String
- Identify the version of the package
PackageResponse, PackageResponseArgs
- Architecture string
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
- The description of this package.
- Digest
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Digest Response> - Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Distribution Response> - The various channels by which a package is distributed.
- License
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. License Response - Licenses that have been declared by the authors of the package.
- Maintainer string
- A freeform text denoting the maintainer of this package.
- Name string
- Immutable. The name of the package.
- Package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
- The homepage for this package.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version Response - The version of the package.
- Architecture string
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- Cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- Description string
- The description of this package.
- Digest
[]Digest
Response - Hash value, typically a file digest, that allows unique identification a specific package.
- Distribution
[]Distribution
Response - The various channels by which a package is distributed.
- License
License
Response - Licenses that have been declared by the authors of the package.
- Maintainer string
- A freeform text denoting the maintainer of this package.
- Name string
- Immutable. The name of the package.
- Package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- Url string
- The homepage for this package.
- Version
Version
Response - The version of the package.
- architecture String
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
- The description of this package.
- digest
List<Digest
Response> - Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
List<Distribution
Response> - The various channels by which a package is distributed.
- license
License
Response - Licenses that have been declared by the authors of the package.
- maintainer String
- A freeform text denoting the maintainer of this package.
- name String
- Immutable. The name of the package.
- package
Type String - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
- The homepage for this package.
- version
Version
Response - The version of the package.
- architecture string
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri string - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description string
- The description of this package.
- digest
Digest
Response[] - Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
Distribution
Response[] - The various channels by which a package is distributed.
- license
License
Response - Licenses that have been declared by the authors of the package.
- maintainer string
- A freeform text denoting the maintainer of this package.
- name string
- Immutable. The name of the package.
- package
Type string - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url string
- The homepage for this package.
- version
Version
Response - The version of the package.
- architecture str
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe_
uri str - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description str
- The description of this package.
- digest
Sequence[Digest
Response] - Hash value, typically a file digest, that allows unique identification a specific package.
- distribution
Sequence[Distribution
Response] - The various channels by which a package is distributed.
- license
License
Response - Licenses that have been declared by the authors of the package.
- maintainer str
- A freeform text denoting the maintainer of this package.
- name str
- Immutable. The name of the package.
- package_
type str - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url str
- The homepage for this package.
- version
Version
Response - The version of the package.
- architecture String
- The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages.
- cpe
Uri String - The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages.
- description String
- The description of this package.
- digest List<Property Map>
- Hash value, typically a file digest, that allows unique identification a specific package.
- distribution List<Property Map>
- The various channels by which a package is distributed.
- license Property Map
- Licenses that have been declared by the authors of the package.
- maintainer String
- A freeform text denoting the maintainer of this package.
- name String
- Immutable. The name of the package.
- package
Type String - The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
- url String
- The homepage for this package.
- version Property Map
- The version of the package.
Product, ProductArgs
- Generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Id string
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- Name string
- Name of the product.
- Generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Id string
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- Name string
- Name of the product.
- generic
Uri String - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id String
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name String
- Name of the product.
- generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id string
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name string
- Name of the product.
- generic_
uri str - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id str
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name str
- Name of the product.
- generic
Uri String - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- id String
- Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document.
- name String
- Name of the product.
ProductResponse, ProductResponseArgs
- Generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Name string
- Name of the product.
- Generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- Name string
- Name of the product.
- generic
Uri String - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name String
- Name of the product.
- generic
Uri string - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name string
- Name of the product.
- generic_
uri str - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name str
- Name of the product.
- generic
Uri String - Contains a URI which is vendor-specific. Example: The artifact repository URL of an image.
- name String
- Name of the product.
Publisher, PublisherArgs
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- str
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name str
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher_
namespace str - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
PublisherResponse, PublisherResponseArgs
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- Name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- Publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- string
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name string
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace string - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- str
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name str
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher_
namespace str - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
- String
- Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
- name String
- Name of the publisher. Examples: 'Google', 'Google Cloud Platform'.
- publisher
Namespace String - The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io
RelatedUrl, RelatedUrlArgs
RelatedUrlResponse, RelatedUrlResponseArgs
RelationshipNote, RelationshipNoteArgs
- Type
Pulumi.
Google Native. Container Analysis. V1Beta1. Relationship Note Type - The type of relationship between the source and target SPDX elements
- Type
Relationship
Note Type - The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type - The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type - The type of relationship between the source and target SPDX elements
- type
Relationship
Note Type - The type of relationship between the source and target SPDX elements
- type "RELATIONSHIP_TYPE_UNSPECIFIED" | "DESCRIBES" | "DESCRIBED_BY" | "CONTAINS" | "CONTAINED_BY" | "DEPENDS_ON" | "DEPENDENCY_OF" | "DEPENDENCY_MANIFEST_OF" | "BUILD_DEPENDENCY_OF" | "DEV_DEPENDENCY_OF" | "OPTIONAL_DEPENDENCY_OF" | "PROVIDED_DEPENDENCY_OF" | "TEST_DEPENDENCY_OF" | "RUNTIME_DEPENDENCY_OF" | "EXAMPLE_OF" | "GENERATES" | "GENERATED_FROM" | "ANCESTOR_OF" | "DESCENDANT_OF" | "VARIANT_OF" | "DISTRIBUTION_ARTIFACT" | "PATCH_FOR" | "PATCH_APPLIED" | "COPY_OF" | "FILE_ADDED" | "FILE_DELETED" | "FILE_MODIFIED" | "EXPANDED_FROM_ARCHIVE" | "DYNAMIC_LINK" | "STATIC_LINK" | "DATA_FILE_OF" | "TEST_CASE_OF" | "BUILD_TOOL_OF" | "DEV_TOOL_OF" | "TEST_OF" | "TEST_TOOL_OF" | "DOCUMENTATION_OF" | "OPTIONAL_COMPONENT_OF" | "METAFILE_OF" | "PACKAGE_OF" | "AMENDS" | "PREREQUISITE_FOR" | "HAS_PREREQUISITE" | "OTHER"
- The type of relationship between the source and target SPDX elements
RelationshipNoteResponse, RelationshipNoteResponseArgs
- Type string
- The type of relationship between the source and target SPDX elements
- Type string
- The type of relationship between the source and target SPDX elements
- type String
- The type of relationship between the source and target SPDX elements
- type string
- The type of relationship between the source and target SPDX elements
- type str
- The type of relationship between the source and target SPDX elements
- type String
- The type of relationship between the source and target SPDX elements
RelationshipNoteType, RelationshipNoteTypeArgs
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- Describes
- DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Note Type Relationship Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- Relationship
Note Type Describes - DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Relationship
Note Type Described By - DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- Relationship
Note Type Contains - CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- Relationship
Note Type Contained By - CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- Relationship
Note Type Depends On - DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- Relationship
Note Type Dependency Of - DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- Relationship
Note Type Dependency Manifest Of - DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Relationship
Note Type Build Dependency Of - BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Relationship
Note Type Dev Dependency Of - DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Relationship
Note Type Optional Dependency Of - OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Relationship
Note Type Provided Dependency Of - PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Relationship
Note Type Test Dependency Of - TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Relationship
Note Type Runtime Dependency Of - RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Relationship
Note Type Example Of - EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- Relationship
Note Type Generates - GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- Relationship
Note Type Generated From - GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- Relationship
Note Type Ancestor Of - ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Relationship
Note Type Descendant Of - DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Relationship
Note Type Variant Of - VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Relationship
Note Type Distribution Artifact - DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Relationship
Note Type Patch For - PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Relationship
Note Type Patch Applied - PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Relationship
Note Type Copy Of - COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- Relationship
Note Type File Added - FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- Relationship
Note Type File Deleted - FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- Relationship
Note Type File Modified - FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Relationship
Note Type Expanded From Archive - EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Relationship
Note Type Dynamic Link - DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- Relationship
Note Type Static Link - STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- Relationship
Note Type Data File Of - DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- Relationship
Note Type Test Case Of - TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Relationship
Note Type Build Tool Of - BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- Relationship
Note Type Dev Tool Of - DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Relationship
Note Type Test Of - TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- Relationship
Note Type Test Tool Of - TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Relationship
Note Type Documentation Of - DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- Relationship
Note Type Optional Component Of - OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- Relationship
Note Type Metafile Of - METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- Relationship
Note Type Package Of - PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Relationship
Note Type Amends - AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Relationship
Note Type Prerequisite For - PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Relationship
Note Type Has Prerequisite - HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Relationship
Note Type Other - OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- Describes
- DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- Relationship
Type Unspecified - RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- Describes
- DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- Described
By - DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- Contains
- CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- Contained
By - CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- Depends
On - DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- Dependency
Of - DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- Dependency
Manifest Of - DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- Build
Dependency Of - BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- Dev
Dependency Of - DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- Optional
Dependency Of - OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- Provided
Dependency Of - PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- Test
Dependency Of - TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- Runtime
Dependency Of - RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- Example
Of - EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- Generates
- GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- Generated
From - GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- Ancestor
Of - ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- Descendant
Of - DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- Variant
Of - VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- Distribution
Artifact - DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- Patch
For - PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- Patch
Applied - PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- Copy
Of - COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- File
Added - FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- File
Deleted - FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- File
Modified - FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- Expanded
From Archive - EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- Dynamic
Link - DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- Static
Link - STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- Data
File Of - DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- Test
Case Of - TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- Build
Tool Of - BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- Dev
Tool Of - DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- Test
Of - TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- Test
Tool Of - TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- Documentation
Of - DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- Optional
Component Of - OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- Metafile
Of - METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- Package
Of - PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- Amends
- AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- Prerequisite
For - PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- Has
Prerequisite - HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- Other
- OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- RELATIONSHIP_TYPE_UNSPECIFIED
- RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- DESCRIBES
- DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- DESCRIBED_BY
- DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- CONTAINS
- CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- CONTAINED_BY
- CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- DEPENDS_ON
- DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- DEPENDENCY_OF
- DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- DEPENDENCY_MANIFEST_OF
- DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- BUILD_DEPENDENCY_OF
- BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- DEV_DEPENDENCY_OF
- DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- OPTIONAL_DEPENDENCY_OF
- OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- PROVIDED_DEPENDENCY_OF
- PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- TEST_DEPENDENCY_OF
- TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- RUNTIME_DEPENDENCY_OF
- RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- EXAMPLE_OF
- EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- GENERATES
- GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- GENERATED_FROM
- GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- ANCESTOR_OF
- ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- DESCENDANT_OF
- DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- VARIANT_OF
- VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- DISTRIBUTION_ARTIFACT
- DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- PATCH_FOR
- PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- PATCH_APPLIED
- PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- COPY_OF
- COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- FILE_ADDED
- FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- FILE_DELETED
- FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- FILE_MODIFIED
- FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- EXPANDED_FROM_ARCHIVE
- EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- DYNAMIC_LINK
- DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- STATIC_LINK
- STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- DATA_FILE_OF
- DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- TEST_CASE_OF
- TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- BUILD_TOOL_OF
- BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- DEV_TOOL_OF
- DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- TEST_OF
- TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- TEST_TOOL_OF
- TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- DOCUMENTATION_OF
- DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- OPTIONAL_COMPONENT_OF
- OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- METAFILE_OF
- METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- PACKAGE_OF
- PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- AMENDS
- AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- PREREQUISITE_FOR
- PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- HAS_PREREQUISITE
- HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- OTHER
- OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
- "RELATIONSHIP_TYPE_UNSPECIFIED"
- RELATIONSHIP_TYPE_UNSPECIFIEDUnspecified
- "DESCRIBES"
- DESCRIBESIs to be used when SPDXRef-DOCUMENT describes SPDXRef-A
- "DESCRIBED_BY"
- DESCRIBED_BYIs to be used when SPDXRef-A is described by SPDXREF-Document
- "CONTAINS"
- CONTAINSIs to be used when SPDXRef-A contains SPDXRef-B
- "CONTAINED_BY"
- CONTAINED_BYIs to be used when SPDXRef-A is contained by SPDXRef-B
- "DEPENDS_ON"
- DEPENDS_ONIs to be used when SPDXRef-A depends on SPDXRef-B
- "DEPENDENCY_OF"
- DEPENDENCY_OFIs to be used when SPDXRef-A is dependency of SPDXRef-B
- "DEPENDENCY_MANIFEST_OF"
- DEPENDENCY_MANIFEST_OFIs to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B
- "BUILD_DEPENDENCY_OF"
- BUILD_DEPENDENCY_OFIs to be used when SPDXRef-A is a build dependency of SPDXRef-B
- "DEV_DEPENDENCY_OF"
- DEV_DEPENDENCY_OFIs to be used when SPDXRef-A is a development dependency of SPDXRef-B
- "OPTIONAL_DEPENDENCY_OF"
- OPTIONAL_DEPENDENCY_OFIs to be used when SPDXRef-A is an optional dependency of SPDXRef-B
- "PROVIDED_DEPENDENCY_OF"
- PROVIDED_DEPENDENCY_OFIs to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B
- "TEST_DEPENDENCY_OF"
- TEST_DEPENDENCY_OFIs to be used when SPDXRef-A is a test dependency of SPDXRef-B
- "RUNTIME_DEPENDENCY_OF"
- RUNTIME_DEPENDENCY_OFIs to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B
- "EXAMPLE_OF"
- EXAMPLE_OFIs to be used when SPDXRef-A is an example of SPDXRef-B
- "GENERATES"
- GENERATESIs to be used when SPDXRef-A generates SPDXRef-B
- "GENERATED_FROM"
- GENERATED_FROMIs to be used when SPDXRef-A was generated from SPDXRef-B
- "ANCESTOR_OF"
- ANCESTOR_OFIs to be used when SPDXRef-A is an ancestor (same lineage but pre-dates) SPDXRef-B
- "DESCENDANT_OF"
- DESCENDANT_OFIs to be used when SPDXRef-A is a descendant of (same lineage but postdates) SPDXRef-B
- "VARIANT_OF"
- VARIANT_OFIs to be used when SPDXRef-A is a variant of (same lineage but not clear which came first) SPDXRef-B
- "DISTRIBUTION_ARTIFACT"
- DISTRIBUTION_ARTIFACTIs to be used when distributing SPDXRef-A requires that SPDXRef-B also be distributed
- "PATCH_FOR"
- PATCH_FORIs to be used when SPDXRef-A is a patch file for (to be applied to) SPDXRef-B
- "PATCH_APPLIED"
- PATCH_APPLIEDIs to be used when SPDXRef-A is a patch file that has been applied to SPDXRef-B
- "COPY_OF"
- COPY_OFIs to be used when SPDXRef-A is an exact copy of SPDXRef-B
- "FILE_ADDED"
- FILE_ADDEDIs to be used when SPDXRef-A is a file that was added to SPDXRef-B
- "FILE_DELETED"
- FILE_DELETEDIs to be used when SPDXRef-A is a file that was deleted from SPDXRef-B
- "FILE_MODIFIED"
- FILE_MODIFIEDIs to be used when SPDXRef-A is a file that was modified from SPDXRef-B
- "EXPANDED_FROM_ARCHIVE"
- EXPANDED_FROM_ARCHIVEIs to be used when SPDXRef-A is expanded from the archive SPDXRef-B
- "DYNAMIC_LINK"
- DYNAMIC_LINKIs to be used when SPDXRef-A dynamically links to SPDXRef-B
- "STATIC_LINK"
- STATIC_LINKIs to be used when SPDXRef-A statically links to SPDXRef-B
- "DATA_FILE_OF"
- DATA_FILE_OFIs to be used when SPDXRef-A is a data file used in SPDXRef-B
- "TEST_CASE_OF"
- TEST_CASE_OFIs to be used when SPDXRef-A is a test case used in testing SPDXRef-B
- "BUILD_TOOL_OF"
- BUILD_TOOL_OFIs to be used when SPDXRef-A is used to build SPDXRef-B
- "DEV_TOOL_OF"
- DEV_TOOL_OFIs to be used when SPDXRef-A is used as a development tool for SPDXRef-B
- "TEST_OF"
- TEST_OFIs to be used when SPDXRef-A is used for testing SPDXRef-B
- "TEST_TOOL_OF"
- TEST_TOOL_OFIs to be used when SPDXRef-A is used as a test tool for SPDXRef-B
- "DOCUMENTATION_OF"
- DOCUMENTATION_OFIs to be used when SPDXRef-A provides documentation of SPDXRef-B
- "OPTIONAL_COMPONENT_OF"
- OPTIONAL_COMPONENT_OFIs to be used when SPDXRef-A is an optional component of SPDXRef-B
- "METAFILE_OF"
- METAFILE_OFIs to be used when SPDXRef-A is a metafile of SPDXRef-B
- "PACKAGE_OF"
- PACKAGE_OFIs to be used when SPDXRef-A is used as a package as part of SPDXRef-B
- "AMENDS"
- AMENDSIs to be used when (current) SPDXRef-DOCUMENT amends the SPDX information in SPDXRef-B
- "PREREQUISITE_FOR"
- PREREQUISITE_FORIs to be used when SPDXRef-A is a prerequisite for SPDXRef-B
- "HAS_PREREQUISITE"
- HAS_PREREQUISITEIs to be used when SPDXRef-A has as a prerequisite SPDXRef-B
- "OTHER"
- OTHERIs to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field
Remediation, RemediationArgs
- Details string
- Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type Pulumi.Google Native. Container Analysis. V1Beta1. Remediation Remediation Type - The type of remediation that can be applied.
- Remediation
Uri Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Related Url - Contains the URL where to obtain the remediation.
- Details string
- Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type RemediationRemediation Type - The type of remediation that can be applied.
- Remediation
Uri RelatedUrl - Contains the URL where to obtain the remediation.
- details String
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type RemediationRemediation Type - The type of remediation that can be applied.
- remediation
Uri RelatedUrl - Contains the URL where to obtain the remediation.
- details string
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type RemediationRemediation Type - The type of remediation that can be applied.
- remediation
Uri RelatedUrl - Contains the URL where to obtain the remediation.
- details str
- Contains a comprehensive human-readable discussion of the remediation.
- remediation_
type RemediationRemediation Type - The type of remediation that can be applied.
- remediation_
uri RelatedUrl - Contains the URL where to obtain the remediation.
- details String
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type "REMEDIATION_TYPE_UNSPECIFIED" | "MITIGATION" | "NO_FIX_PLANNED" | "NONE_AVAILABLE" | "VENDOR_FIX" | "WORKAROUND" - The type of remediation that can be applied.
- remediation
Uri Property Map - Contains the URL where to obtain the remediation.
RemediationRemediationType, RemediationRemediationTypeArgs
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- Mitigation
- MITIGATIONA MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNEDNo fix is planned.
- None
Available - NONE_AVAILABLENot available.
- Vendor
Fix - VENDOR_FIXA vendor fix is available.
- Workaround
- WORKAROUNDA workaround is available.
- Remediation
Remediation Type Remediation Type Unspecified - REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- Remediation
Remediation Type Mitigation - MITIGATIONA MITIGATION is available.
- Remediation
Remediation Type No Fix Planned - NO_FIX_PLANNEDNo fix is planned.
- Remediation
Remediation Type None Available - NONE_AVAILABLENot available.
- Remediation
Remediation Type Vendor Fix - VENDOR_FIXA vendor fix is available.
- Remediation
Remediation Type Workaround - WORKAROUNDA workaround is available.
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- Mitigation
- MITIGATIONA MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNEDNo fix is planned.
- None
Available - NONE_AVAILABLENot available.
- Vendor
Fix - VENDOR_FIXA vendor fix is available.
- Workaround
- WORKAROUNDA workaround is available.
- Remediation
Type Unspecified - REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- Mitigation
- MITIGATIONA MITIGATION is available.
- No
Fix Planned - NO_FIX_PLANNEDNo fix is planned.
- None
Available - NONE_AVAILABLENot available.
- Vendor
Fix - VENDOR_FIXA vendor fix is available.
- Workaround
- WORKAROUNDA workaround is available.
- REMEDIATION_TYPE_UNSPECIFIED
- REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- MITIGATION
- MITIGATIONA MITIGATION is available.
- NO_FIX_PLANNED
- NO_FIX_PLANNEDNo fix is planned.
- NONE_AVAILABLE
- NONE_AVAILABLENot available.
- VENDOR_FIX
- VENDOR_FIXA vendor fix is available.
- WORKAROUND
- WORKAROUNDA workaround is available.
- "REMEDIATION_TYPE_UNSPECIFIED"
- REMEDIATION_TYPE_UNSPECIFIEDNo remediation type specified.
- "MITIGATION"
- MITIGATIONA MITIGATION is available.
- "NO_FIX_PLANNED"
- NO_FIX_PLANNEDNo fix is planned.
- "NONE_AVAILABLE"
- NONE_AVAILABLENot available.
- "VENDOR_FIX"
- VENDOR_FIXA vendor fix is available.
- "WORKAROUND"
- WORKAROUNDA workaround is available.
RemediationResponse, RemediationResponseArgs
- Details string
- Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string - The type of remediation that can be applied.
- Remediation
Uri Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Related Url Response - Contains the URL where to obtain the remediation.
- Details string
- Contains a comprehensive human-readable discussion of the remediation.
- Remediation
Type string - The type of remediation that can be applied.
- Remediation
Uri RelatedUrl Response - Contains the URL where to obtain the remediation.
- details String
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String - The type of remediation that can be applied.
- remediation
Uri RelatedUrl Response - Contains the URL where to obtain the remediation.
- details string
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type string - The type of remediation that can be applied.
- remediation
Uri RelatedUrl Response - Contains the URL where to obtain the remediation.
- details str
- Contains a comprehensive human-readable discussion of the remediation.
- remediation_
type str - The type of remediation that can be applied.
- remediation_
uri RelatedUrl Response - Contains the URL where to obtain the remediation.
- details String
- Contains a comprehensive human-readable discussion of the remediation.
- remediation
Type String - The type of remediation that can be applied.
- remediation
Uri Property Map - Contains the URL where to obtain the remediation.
SBOMReferenceNote, SBOMReferenceNoteArgs
SBOMReferenceNoteResponse, SBOMReferenceNoteResponseArgs
SigningKey, SigningKeyArgs
- Key
Id string - key_id is an identifier for the signing key.
- Key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue - This field contains the actual public key.
- Key
Id string - key_id is an identifier for the signing key.
- Key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue - This field contains the actual public key.
- key
Id String - key_id is an identifier for the signing key.
- key
Scheme String - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue - This field contains the actual public key.
- key
Id string - key_id is an identifier for the signing key.
- key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key stringValue - This field contains the actual public key.
- key_
id str - key_id is an identifier for the signing key.
- key_
scheme str - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key_
type str - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public_
key_ strvalue - This field contains the actual public key.
- key
Id String - key_id is an identifier for the signing key.
- key
Scheme String - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue - This field contains the actual public key.
SigningKeyResponse, SigningKeyResponseArgs
- Key
Id string - key_id is an identifier for the signing key.
- Key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue - This field contains the actual public key.
- Key
Id string - key_id is an identifier for the signing key.
- Key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- Key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- Public
Key stringValue - This field contains the actual public key.
- key
Id String - key_id is an identifier for the signing key.
- key
Scheme String - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue - This field contains the actual public key.
- key
Id string - key_id is an identifier for the signing key.
- key
Scheme string - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type string - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key stringValue - This field contains the actual public key.
- key_
id str - key_id is an identifier for the signing key.
- key_
scheme str - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key_
type str - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public_
key_ strvalue - This field contains the actual public key.
- key
Id String - key_id is an identifier for the signing key.
- key
Scheme String - This field contains the corresponding signature scheme. Eg: "rsassa-pss-sha256".
- key
Type String - This field identifies the specific signing method. Eg: "rsa", "ed25519", and "ecdsa".
- public
Key StringValue - This field contains the actual public key.
Version, VersionArgs
- Kind
Pulumi.
Google Native. Container Analysis. V1Beta1. Version Kind - Distinguishes between sentinel MIN/MAX versions and normal versions.
- Epoch int
- Used to correct mistakes in the version numbering scheme.
- Inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Name string
- Required only when version kind is NORMAL. The main part of the version name.
- Revision string
- The iteration of the package build from the above version.
- Kind
Version
Kind - Distinguishes between sentinel MIN/MAX versions and normal versions.
- Epoch int
- Used to correct mistakes in the version numbering scheme.
- Inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Name string
- Required only when version kind is NORMAL. The main part of the version name.
- Revision string
- The iteration of the package build from the above version.
- kind
Version
Kind - Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch Integer
- Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name String
- Required only when version kind is NORMAL. The main part of the version name.
- revision String
- The iteration of the package build from the above version.
- kind
Version
Kind - Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch number
- Used to correct mistakes in the version numbering scheme.
- inclusive boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name string
- Required only when version kind is NORMAL. The main part of the version name.
- revision string
- The iteration of the package build from the above version.
- kind
Version
Kind - Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch int
- Used to correct mistakes in the version numbering scheme.
- inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name str
- Required only when version kind is NORMAL. The main part of the version name.
- revision str
- The iteration of the package build from the above version.
- kind "VERSION_KIND_UNSPECIFIED" | "NORMAL" | "MINIMUM" | "MAXIMUM"
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- epoch Number
- Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- name String
- Required only when version kind is NORMAL. The main part of the version name.
- revision String
- The iteration of the package build from the above version.
VersionKind, VersionKindArgs
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIEDUnknown.
- Normal
- NORMALA standard package version.
- Minimum
- MINIMUMA special version representing negative infinity.
- Maximum
- MAXIMUMA special version representing positive infinity.
- Version
Kind Version Kind Unspecified - VERSION_KIND_UNSPECIFIEDUnknown.
- Version
Kind Normal - NORMALA standard package version.
- Version
Kind Minimum - MINIMUMA special version representing negative infinity.
- Version
Kind Maximum - MAXIMUMA special version representing positive infinity.
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIEDUnknown.
- Normal
- NORMALA standard package version.
- Minimum
- MINIMUMA special version representing negative infinity.
- Maximum
- MAXIMUMA special version representing positive infinity.
- Version
Kind Unspecified - VERSION_KIND_UNSPECIFIEDUnknown.
- Normal
- NORMALA standard package version.
- Minimum
- MINIMUMA special version representing negative infinity.
- Maximum
- MAXIMUMA special version representing positive infinity.
- VERSION_KIND_UNSPECIFIED
- VERSION_KIND_UNSPECIFIEDUnknown.
- NORMAL
- NORMALA standard package version.
- MINIMUM
- MINIMUMA special version representing negative infinity.
- MAXIMUM
- MAXIMUMA special version representing positive infinity.
- "VERSION_KIND_UNSPECIFIED"
- VERSION_KIND_UNSPECIFIEDUnknown.
- "NORMAL"
- NORMALA standard package version.
- "MINIMUM"
- MINIMUMA special version representing negative infinity.
- "MAXIMUM"
- MAXIMUMA special version representing positive infinity.
VersionResponse, VersionResponseArgs
- Epoch int
- Used to correct mistakes in the version numbering scheme.
- Inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Kind string
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- Name string
- Required only when version kind is NORMAL. The main part of the version name.
- Revision string
- The iteration of the package build from the above version.
- Epoch int
- Used to correct mistakes in the version numbering scheme.
- Inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- Kind string
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- Name string
- Required only when version kind is NORMAL. The main part of the version name.
- Revision string
- The iteration of the package build from the above version.
- epoch Integer
- Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind String
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- name String
- Required only when version kind is NORMAL. The main part of the version name.
- revision String
- The iteration of the package build from the above version.
- epoch number
- Used to correct mistakes in the version numbering scheme.
- inclusive boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind string
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- name string
- Required only when version kind is NORMAL. The main part of the version name.
- revision string
- The iteration of the package build from the above version.
- epoch int
- Used to correct mistakes in the version numbering scheme.
- inclusive bool
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind str
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- name str
- Required only when version kind is NORMAL. The main part of the version name.
- revision str
- The iteration of the package build from the above version.
- epoch Number
- Used to correct mistakes in the version numbering scheme.
- inclusive Boolean
- Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
- kind String
- Distinguishes between sentinel MIN/MAX versions and normal versions.
- name String
- Required only when version kind is NORMAL. The main part of the version name.
- revision String
- The iteration of the package build from the above version.
Vulnerability, VulnerabilityArgs
- Cvss
Score double - The CVSS score for this vulnerability.
- Cvss
V2 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSS - The full description of the CVSS for version 2.
- Cvss
V3 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSv3 - The full description of the CVSS for version 3.
- Cvss
Version Pulumi.Google Native. Container Analysis. V1Beta1. Vulnerability Cvss Version - CVSS version used to populate cvss_score and severity.
- Cwe List<string>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Detail> - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity
Pulumi.
Google Native. Container Analysis. V1Beta1. Vulnerability Severity - Note provider assigned impact of the vulnerability.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Windows Detail> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- Cvss
Score float64 - The CVSS score for this vulnerability.
- Cvss
V2 CVSS - The full description of the CVSS for version 2.
- Cvss
V3 CVSSv3 - The full description of the CVSS for version 3.
- Cvss
Version VulnerabilityCvss Version - CVSS version used to populate cvss_score and severity.
- Cwe []string
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details []Detail
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity
Vulnerability
Severity - Note provider assigned impact of the vulnerability.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details []WindowsDetail - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Double - The CVSS score for this vulnerability.
- cvss
V2 CVSS - The full description of the CVSS for version 2.
- cvss
V3 CVSSv3 - The full description of the CVSS for version 3.
- cvss
Version VulnerabilityCvss Version - CVSS version used to populate cvss_score and severity.
- cwe List<String>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details List<Detail>
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity - Note provider assigned impact of the vulnerability.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<WindowsDetail> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score number - The CVSS score for this vulnerability.
- cvss
V2 CVSS - The full description of the CVSS for version 2.
- cvss
V3 CVSSv3 - The full description of the CVSS for version 3.
- cvss
Version VulnerabilityCvss Version - CVSS version used to populate cvss_score and severity.
- cwe string[]
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details Detail[]
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity - Note provider assigned impact of the vulnerability.
- source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details WindowsDetail[] - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss_
score float - The CVSS score for this vulnerability.
- cvss_
v2 CVSS - The full description of the CVSS for version 2.
- cvss_
v3 CVSSv3 - The full description of the CVSS for version 3.
- cvss_
version VulnerabilityCvss Version - CVSS version used to populate cvss_score and severity.
- cwe Sequence[str]
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details Sequence[Detail]
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity
Vulnerability
Severity - Note provider assigned impact of the vulnerability.
- source_
update_ strtime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows_
details Sequence[WindowsDetail] - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Number - The CVSS score for this vulnerability.
- cvss
V2 Property Map - The full description of the CVSS for version 2.
- cvss
V3 Property Map - The full description of the CVSS for version 3.
- cvss
Version "CVSS_VERSION_UNSPECIFIED" | "CVSS_VERSION_2" | "CVSS_VERSION_3" - CVSS version used to populate cvss_score and severity.
- cwe List<String>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details List<Property Map>
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity "SEVERITY_UNSPECIFIED" | "MINIMAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
- Note provider assigned impact of the vulnerability.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<Property Map> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
VulnerabilityAssessmentNote, VulnerabilityAssessmentNoteArgs
- Assessment
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Assessment - Represents a vulnerability assessment for the product.
- Language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string - A detailed description of this Vex.
- Product
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Product - The product affected by this vex.
- Publisher
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Publisher - Publisher details of this Note.
- Short
Description string - A one sentence description of this Vex.
- Title string
- The title of the note. E.g.
Vex-Debian-11.4
- Assessment Assessment
- Represents a vulnerability assessment for the product.
- Language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string - A detailed description of this Vex.
- Product Product
- The product affected by this vex.
- Publisher Publisher
- Publisher details of this Note.
- Short
Description string - A one sentence description of this Vex.
- Title string
- The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
- Represents a vulnerability assessment for the product.
- language
Code String - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String - A detailed description of this Vex.
- product Product
- The product affected by this vex.
- publisher Publisher
- Publisher details of this Note.
- short
Description String - A one sentence description of this Vex.
- title String
- The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
- Represents a vulnerability assessment for the product.
- language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description string - A detailed description of this Vex.
- product Product
- The product affected by this vex.
- publisher Publisher
- Publisher details of this Note.
- short
Description string - A one sentence description of this Vex.
- title string
- The title of the note. E.g.
Vex-Debian-11.4
- assessment Assessment
- Represents a vulnerability assessment for the product.
- language_
code str - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long_
description str - A detailed description of this Vex.
- product Product
- The product affected by this vex.
- publisher Publisher
- Publisher details of this Note.
- short_
description str - A one sentence description of this Vex.
- title str
- The title of the note. E.g.
Vex-Debian-11.4
- assessment Property Map
- Represents a vulnerability assessment for the product.
- language
Code String - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String - A detailed description of this Vex.
- product Property Map
- The product affected by this vex.
- publisher Property Map
- Publisher details of this Note.
- short
Description String - A one sentence description of this Vex.
- title String
- The title of the note. E.g.
Vex-Debian-11.4
VulnerabilityAssessmentNoteResponse, VulnerabilityAssessmentNoteResponseArgs
- Assessment
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Assessment Response - Represents a vulnerability assessment for the product.
- Language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string - A detailed description of this Vex.
- Product
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Product Response - The product affected by this vex.
- Publisher
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Publisher Response - Publisher details of this Note.
- Short
Description string - A one sentence description of this Vex.
- Title string
- The title of the note. E.g.
Vex-Debian-11.4
- Assessment
Assessment
Response - Represents a vulnerability assessment for the product.
- Language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- Long
Description string - A detailed description of this Vex.
- Product
Product
Response - The product affected by this vex.
- Publisher
Publisher
Response - Publisher details of this Note.
- Short
Description string - A one sentence description of this Vex.
- Title string
- The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response - Represents a vulnerability assessment for the product.
- language
Code String - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String - A detailed description of this Vex.
- product
Product
Response - The product affected by this vex.
- publisher
Publisher
Response - Publisher details of this Note.
- short
Description String - A one sentence description of this Vex.
- title String
- The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response - Represents a vulnerability assessment for the product.
- language
Code string - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description string - A detailed description of this Vex.
- product
Product
Response - The product affected by this vex.
- publisher
Publisher
Response - Publisher details of this Note.
- short
Description string - A one sentence description of this Vex.
- title string
- The title of the note. E.g.
Vex-Debian-11.4
- assessment
Assessment
Response - Represents a vulnerability assessment for the product.
- language_
code str - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long_
description str - A detailed description of this Vex.
- product
Product
Response - The product affected by this vex.
- publisher
Publisher
Response - Publisher details of this Note.
- short_
description str - A one sentence description of this Vex.
- title str
- The title of the note. E.g.
Vex-Debian-11.4
- assessment Property Map
- Represents a vulnerability assessment for the product.
- language
Code String - Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.
- long
Description String - A detailed description of this Vex.
- product Property Map
- The product affected by this vex.
- publisher Property Map
- Publisher details of this Note.
- short
Description String - A one sentence description of this Vex.
- title String
- The title of the note. E.g.
Vex-Debian-11.4
VulnerabilityCvssVersion, VulnerabilityCvssVersionArgs
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- Vulnerability
Cvss Version Cvss Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Vulnerability
Cvss Version Cvss Version2 - CVSS_VERSION_2
- Vulnerability
Cvss Version Cvss Version3 - CVSS_VERSION_3
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- Cvss
Version Unspecified - CVSS_VERSION_UNSPECIFIED
- Cvss
Version2 - CVSS_VERSION_2
- Cvss
Version3 - CVSS_VERSION_3
- CVSS_VERSION_UNSPECIFIED
- CVSS_VERSION_UNSPECIFIED
- CVSS_VERSION2
- CVSS_VERSION_2
- CVSS_VERSION3
- CVSS_VERSION_3
- "CVSS_VERSION_UNSPECIFIED"
- CVSS_VERSION_UNSPECIFIED
- "CVSS_VERSION_2"
- CVSS_VERSION_2
- "CVSS_VERSION_3"
- CVSS_VERSION_3
VulnerabilityLocation, VulnerabilityLocationArgs
- Cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
- The package being described.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version - The version of the package being described.
- Cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
- The package being described.
- Version Version
- The version of the package being described.
- cpe
Uri String - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package_ String
- The package being described.
- version Version
- The version of the package being described.
- cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package string
- The package being described.
- version Version
- The version of the package being described.
- cpe_
uri str - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package str
- The package being described.
- version Version
- The version of the package being described.
- cpe
Uri String - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package String
- The package being described.
- version Property Map
- The version of the package being described.
VulnerabilityLocationResponse, VulnerabilityLocationResponseArgs
- Cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
- The package being described.
- Version
Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Version Response - The version of the package being described.
- Cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- Package string
- The package being described.
- Version
Version
Response - The version of the package being described.
- cpe
Uri String - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package_ String
- The package being described.
- version
Version
Response - The version of the package being described.
- cpe
Uri string - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package string
- The package being described.
- version
Version
Response - The version of the package being described.
- cpe_
uri str - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package str
- The package being described.
- version
Version
Response - The version of the package being described.
- cpe
Uri String - The CPE URI in cpe format format. Examples include distro or storage location for vulnerable jar.
- package String
- The package being described.
- version Property Map
- The version of the package being described.
VulnerabilityResponse, VulnerabilityResponseArgs
- Cvss
Score double - The CVSS score for this vulnerability.
- Cvss
V2 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSResponse - The full description of the CVSS for version 2.
- Cvss
V3 Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. CVSSv3Response - The full description of the CVSS for version 3.
- Cvss
Version string - CVSS version used to populate cvss_score and severity.
- Cwe List<string>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details
List<Pulumi.
Google Native. Container Analysis. V1Beta1. Inputs. Detail Response> - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity string
- Note provider assigned impact of the vulnerability.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Windows Detail Response> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- Cvss
Score float64 - The CVSS score for this vulnerability.
- Cvss
V2 CVSSResponse - The full description of the CVSS for version 2.
- Cvss
V3 CVSSv3Response - The full description of the CVSS for version 3.
- Cvss
Version string - CVSS version used to populate cvss_score and severity.
- Cwe []string
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- Details
[]Detail
Response - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- Severity string
- Note provider assigned impact of the vulnerability.
- Source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- Windows
Details []WindowsDetail Response - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Double - The CVSS score for this vulnerability.
- cvss
V2 CVSSResponse - The full description of the CVSS for version 2.
- cvss
V3 CVSSv3Response - The full description of the CVSS for version 3.
- cvss
Version String - CVSS version used to populate cvss_score and severity.
- cwe List<String>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details
List<Detail
Response> - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity String
- Note provider assigned impact of the vulnerability.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<WindowsDetail Response> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score number - The CVSS score for this vulnerability.
- cvss
V2 CVSSResponse - The full description of the CVSS for version 2.
- cvss
V3 CVSSv3Response - The full description of the CVSS for version 3.
- cvss
Version string - CVSS version used to populate cvss_score and severity.
- cwe string[]
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details
Detail
Response[] - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity string
- Note provider assigned impact of the vulnerability.
- source
Update stringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details WindowsDetail Response[] - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss_
score float - The CVSS score for this vulnerability.
- cvss_
v2 CVSSResponse - The full description of the CVSS for version 2.
- cvss_
v3 CVSSv3Response - The full description of the CVSS for version 3.
- cvss_
version str - CVSS version used to populate cvss_score and severity.
- cwe Sequence[str]
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details
Sequence[Detail
Response] - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity str
- Note provider assigned impact of the vulnerability.
- source_
update_ strtime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows_
details Sequence[WindowsDetail Response] - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
- cvss
Score Number - The CVSS score for this vulnerability.
- cvss
V2 Property Map - The full description of the CVSS for version 2.
- cvss
V3 Property Map - The full description of the CVSS for version 3.
- cvss
Version String - CVSS version used to populate cvss_score and severity.
- cwe List<String>
- A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
- details List<Property Map>
- All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
- severity String
- Note provider assigned impact of the vulnerability.
- source
Update StringTime - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
- windows
Details List<Property Map> - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
VulnerabilitySeverity, VulnerabilitySeverityArgs
- Severity
Unspecified - SEVERITY_UNSPECIFIEDUnknown.
- Minimal
- MINIMALMinimal severity.
- Low
- LOWLow severity.
- Medium
- MEDIUMMedium severity.
- High
- HIGHHigh severity.
- Critical
- CRITICALCritical severity.
- Vulnerability
Severity Severity Unspecified - SEVERITY_UNSPECIFIEDUnknown.
- Vulnerability
Severity Minimal - MINIMALMinimal severity.
- Vulnerability
Severity Low - LOWLow severity.
- Vulnerability
Severity Medium - MEDIUMMedium severity.
- Vulnerability
Severity High - HIGHHigh severity.
- Vulnerability
Severity Critical - CRITICALCritical severity.
- Severity
Unspecified - SEVERITY_UNSPECIFIEDUnknown.
- Minimal
- MINIMALMinimal severity.
- Low
- LOWLow severity.
- Medium
- MEDIUMMedium severity.
- High
- HIGHHigh severity.
- Critical
- CRITICALCritical severity.
- Severity
Unspecified - SEVERITY_UNSPECIFIEDUnknown.
- Minimal
- MINIMALMinimal severity.
- Low
- LOWLow severity.
- Medium
- MEDIUMMedium severity.
- High
- HIGHHigh severity.
- Critical
- CRITICALCritical severity.
- SEVERITY_UNSPECIFIED
- SEVERITY_UNSPECIFIEDUnknown.
- MINIMAL
- MINIMALMinimal severity.
- LOW
- LOWLow severity.
- MEDIUM
- MEDIUMMedium severity.
- HIGH
- HIGHHigh severity.
- CRITICAL
- CRITICALCritical severity.
- "SEVERITY_UNSPECIFIED"
- SEVERITY_UNSPECIFIEDUnknown.
- "MINIMAL"
- MINIMALMinimal severity.
- "LOW"
- LOWLow severity.
- "MEDIUM"
- MEDIUMMedium severity.
- "HIGH"
- HIGHHigh severity.
- "CRITICAL"
- CRITICALCritical severity.
WindowsDetail, WindowsDetailArgs
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Fixing
Kbs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Knowledge Base> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- Name string
- The name of the vulnerability.
- Description string
- The description of the vulnerability.
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Fixing
Kbs []KnowledgeBase - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- Name string
- The name of the vulnerability.
- Description string
- The description of the vulnerability.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- fixing
Kbs List<KnowledgeBase> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name String
- The name of the vulnerability.
- description String
- The description of the vulnerability.
- cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- fixing
Kbs KnowledgeBase[] - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name string
- The name of the vulnerability.
- description string
- The description of the vulnerability.
- cpe_
uri str - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- fixing_
kbs Sequence[KnowledgeBase] - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name str
- The name of the vulnerability.
- description str
- The description of the vulnerability.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- fixing
Kbs List<Property Map> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name String
- The name of the vulnerability.
- description String
- The description of the vulnerability.
WindowsDetailResponse, WindowsDetailResponseArgs
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
- The description of the vulnerability.
- Fixing
Kbs List<Pulumi.Google Native. Container Analysis. V1Beta1. Inputs. Knowledge Base Response> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- Name string
- The name of the vulnerability.
- Cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- Description string
- The description of the vulnerability.
- Fixing
Kbs []KnowledgeBase Response - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- Name string
- The name of the vulnerability.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
- The description of the vulnerability.
- fixing
Kbs List<KnowledgeBase Response> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name String
- The name of the vulnerability.
- cpe
Uri string - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description string
- The description of the vulnerability.
- fixing
Kbs KnowledgeBase Response[] - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name string
- The name of the vulnerability.
- cpe_
uri str - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description str
- The description of the vulnerability.
- fixing_
kbs Sequence[KnowledgeBase Response] - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name str
- The name of the vulnerability.
- cpe
Uri String - The CPE URI in cpe format in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
- description String
- The description of the vulnerability.
- fixing
Kbs List<Property Map> - The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed kb's presence is considered a fix.
- name String
- The name of the vulnerability.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.