1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="containeranalysis_v1beta1.html">Container Analysis API</a> . <a href="containeranalysis_v1beta1.projects.html">projects</a> . <a href="containeranalysis_v1beta1.projects.notes.html">notes</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="containeranalysis_v1beta1.projects.notes.occurrences.html">occurrences()</a></code> 79</p> 80<p class="firstline">Returns the occurrences Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#batchCreate">batchCreate(parent, body, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates new notes in batch.</p> 85<p class="toc_element"> 86 <code><a href="#create">create(parent, body, noteId=None, x__xgafv=None)</a></code></p> 87<p class="firstline">Creates a new note.</p> 88<p class="toc_element"> 89 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 90<p class="firstline">Deletes the specified note.</p> 91<p class="toc_element"> 92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 93<p class="firstline">Gets the specified note.</p> 94<p class="toc_element"> 95 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 96<p class="firstline">Gets the access control policy for a note or an occurrence resource.</p> 97<p class="toc_element"> 98 <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 99<p class="firstline">Lists notes for the specified project.</p> 100<p class="toc_element"> 101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 102<p class="firstline">Retrieves the next page of results.</p> 103<p class="toc_element"> 104 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 105<p class="firstline">Updates the specified note.</p> 106<p class="toc_element"> 107 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 108<p class="firstline">Sets the access control policy on the specified note or occurrence.</p> 109<p class="toc_element"> 110 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 111<p class="firstline">Returns the permissions that a caller has on the specified note or</p> 112<h3>Method Details</h3> 113<div class="method"> 114 <code class="details" id="batchCreate">batchCreate(parent, body, x__xgafv=None)</code> 115 <pre>Creates new notes in batch. 116 117Args: 118 parent: string, The name of the project in the form of `projects/[PROJECT_ID]`, under which 119the notes are to be created. (required) 120 body: object, The request body. (required) 121 The object takes the form of: 122 123{ # Request to create notes in batch. 124 "notes": { # The notes to create. Max allowed length is 1000. 125 "a_key": { # A type of analysis that can be done for a resource. 126 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 127 # a filter in list requests. 128 "relatedNoteNames": [ # Other notes related to this note. 129 "A String", 130 ], 131 "name": "A String", # Output only. The name of the note in the form of 132 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 133 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 134 # channels. E.g., glibc (aka libc6) is distributed by many, at various 135 # versions. 136 "distribution": [ # The various channels by which a package is distributed. 137 { # This represents a particular channel of distribution for a given package. 138 # E.g., Debian's jessie-backports dpkg mirror. 139 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 140 # denoting the package manager version distributing a package. 141 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 142 "description": "A String", # The distribution channel-specific description of this package. 143 "url": "A String", # The distribution channel-specific homepage for this package. 144 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 145 # built. 146 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 147 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 148 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 149 # versions. 150 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 151 # name. 152 "revision": "A String", # The iteration of the package build from the above version. 153 }, 154 }, 155 ], 156 "name": "A String", # Required. Immutable. The name of the package. 157 }, 158 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 159 "windowsDetails": [ # Windows details get their own format because the information format and 160 # model don't match a normal detail. Specifically Windows updates are done as 161 # patches, thus Windows vulnerabilities really are a missing package, rather 162 # than a package being at an incorrect version. 163 { 164 "cpeUri": "A String", # Required. The CPE URI in 165 # [cpe format](https://cpe.mitre.org/specification/) in which the 166 # vulnerability manifests. Examples include distro or storage location for 167 # vulnerable jar. 168 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 169 # vulnerability. Note that there may be multiple hotfixes (and thus 170 # multiple KBs) that mitigate a given vulnerability. Currently any listed 171 # kb's presence is considered a fix. 172 { 173 "url": "A String", # A link to the KB in the Windows update catalog - 174 # https://www.catalog.update.microsoft.com/ 175 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 176 }, 177 ], 178 "name": "A String", # Required. The name of the vulnerability. 179 "description": "A String", # The description of the vulnerability. 180 }, 181 ], 182 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 183 # For details, see https://www.first.org/cvss/specification-document 184 "attackComplexity": "A String", 185 "attackVector": "A String", # Base Metrics 186 # Represents the intrinsic characteristics of a vulnerability that are 187 # constant over time and across user environments. 188 "availabilityImpact": "A String", 189 "userInteraction": "A String", 190 "baseScore": 3.14, # The base score is a function of the base metric scores. 191 "privilegesRequired": "A String", 192 "impactScore": 3.14, 193 "exploitabilityScore": 3.14, 194 "confidentialityImpact": "A String", 195 "integrityImpact": "A String", 196 "scope": "A String", 197 }, 198 "cvssScore": 3.14, # The CVSS score for this vulnerability. 199 "severity": "A String", # Note provider assigned impact of the vulnerability. 200 "details": [ # All information about the package to specifically identify this 201 # vulnerability. One entry per (version range and cpe_uri) the package 202 # vulnerability has manifested in. 203 { # Identifies all appearances of this vulnerability in the package for a 204 # specific distro/location. For example: glibc in 205 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 206 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 207 "cpeUri": "A String", # Required. The CPE URI in 208 # [cpe format](https://cpe.mitre.org/specification/) in which the 209 # vulnerability manifests. Examples include distro or storage location for 210 # vulnerable jar. 211 "description": "A String", # A vendor-specific description of this note. 212 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 213 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 214 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 215 # versions. 216 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 217 # name. 218 "revision": "A String", # The iteration of the package build from the above version. 219 }, 220 "package": "A String", # Required. The name of the package where the vulnerability was found. 221 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 222 # packages etc). 223 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 224 # obsolete details. 225 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 226 # 227 # The max version of the package in which the vulnerability exists. 228 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 229 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 230 # versions. 231 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 232 # name. 233 "revision": "A String", # The iteration of the package build from the above version. 234 }, 235 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 236 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 237 # format. Examples include distro or storage location for vulnerable jar. 238 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 239 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 240 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 241 # versions. 242 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 243 # name. 244 "revision": "A String", # The iteration of the package build from the above version. 245 }, 246 "package": "A String", # Required. The package being described. 247 }, 248 }, 249 ], 250 }, 251 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 252 # list requests. 253 "relatedUrl": [ # URLs associated with this note. 254 { # Metadata for any related URL information. 255 "url": "A String", # Specific URL associated with the resource. 256 "label": "A String", # Label to describe usage of the URL. 257 }, 258 ], 259 "longDescription": "A String", # A detailed description of this note. 260 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 261 # example, an organization might have one `Authority` for "QA" and one for 262 # "build". This note is intended to act strictly as a grouping mechanism for 263 # the attached occurrences (Attestations). This grouping mechanism also 264 # provides a security boundary, since IAM ACLs gate the ability for a principle 265 # to attach an occurrence to a given note. It also provides a single point of 266 # lookup to find all attached attestation occurrences, even if they don't all 267 # live in the same project. 268 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 269 # authority. Because the name of a note acts as its resource reference, it is 270 # important to disambiguate the canonical name of the Note (which might be a 271 # UUID for security purposes) from "readable" names more suitable for debug 272 # output. Note that these hints should not be used to look up authorities in 273 # security sensitive contexts, such as when looking up attestations to 274 # verify. 275 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 276 # example "qa". 277 }, 278 }, 279 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 280 # provenance message in the build details occurrence. 281 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 282 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 283 # containing build details. 284 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 285 # findings are valid and unchanged. If `key_type` is empty, this defaults 286 # to PEM encoded public keys. 287 # 288 # This field may be empty if `key_id` references an external key. 289 # 290 # For Cloud Build based signatures, this is a PEM encoded public 291 # key. To verify the Cloud Build signature, place the contents of 292 # this field into a file (public.pem). The signature field is base64-decoded 293 # into its binary representation in signature.bin, and the provenance bytes 294 # from `BuildDetails` are base64-decoded into a binary representation in 295 # signed.bin. OpenSSL can then verify the signature: 296 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 297 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 298 # `key_id`. 299 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 300 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 301 # CN for a cert), or a reference to an external key (such as a reference to a 302 # key in Cloud Key Management Service). 303 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 304 # base-64 encoded. 305 }, 306 }, 307 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 308 # relationship. Linked occurrences are derived from this or an 309 # equivalent image via: 310 # FROM <Basis.resource_url> 311 # Or an equivalent reference, e.g. a tag of the resource_url. 312 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 313 # basis of associated occurrence images. 314 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 315 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 316 # representation. 317 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 318 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 319 # Only the name of the final blob is kept. 320 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 321 "A String", 322 ], 323 }, 324 }, 325 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 326 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 327 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 328 "A String", 329 ], 330 }, 331 "shortDescription": "A String", # A one sentence description of this note. 332 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 333 # filter in list requests. 334 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 335 # exists in a provider's project. A `Discovery` occurrence is created in a 336 # consumer's project at the start of analysis. 337 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 338 # discovery. 339 }, 340 }, 341 }, 342 } 343 344 x__xgafv: string, V1 error format. 345 Allowed values 346 1 - v1 error format 347 2 - v2 error format 348 349Returns: 350 An object of the form: 351 352 { # Response for creating notes in batch. 353 "notes": [ # The notes that were created. 354 { # A type of analysis that can be done for a resource. 355 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 356 # a filter in list requests. 357 "relatedNoteNames": [ # Other notes related to this note. 358 "A String", 359 ], 360 "name": "A String", # Output only. The name of the note in the form of 361 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 362 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 363 # channels. E.g., glibc (aka libc6) is distributed by many, at various 364 # versions. 365 "distribution": [ # The various channels by which a package is distributed. 366 { # This represents a particular channel of distribution for a given package. 367 # E.g., Debian's jessie-backports dpkg mirror. 368 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 369 # denoting the package manager version distributing a package. 370 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 371 "description": "A String", # The distribution channel-specific description of this package. 372 "url": "A String", # The distribution channel-specific homepage for this package. 373 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 374 # built. 375 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 376 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 377 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 378 # versions. 379 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 380 # name. 381 "revision": "A String", # The iteration of the package build from the above version. 382 }, 383 }, 384 ], 385 "name": "A String", # Required. Immutable. The name of the package. 386 }, 387 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 388 "windowsDetails": [ # Windows details get their own format because the information format and 389 # model don't match a normal detail. Specifically Windows updates are done as 390 # patches, thus Windows vulnerabilities really are a missing package, rather 391 # than a package being at an incorrect version. 392 { 393 "cpeUri": "A String", # Required. The CPE URI in 394 # [cpe format](https://cpe.mitre.org/specification/) in which the 395 # vulnerability manifests. Examples include distro or storage location for 396 # vulnerable jar. 397 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 398 # vulnerability. Note that there may be multiple hotfixes (and thus 399 # multiple KBs) that mitigate a given vulnerability. Currently any listed 400 # kb's presence is considered a fix. 401 { 402 "url": "A String", # A link to the KB in the Windows update catalog - 403 # https://www.catalog.update.microsoft.com/ 404 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 405 }, 406 ], 407 "name": "A String", # Required. The name of the vulnerability. 408 "description": "A String", # The description of the vulnerability. 409 }, 410 ], 411 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 412 # For details, see https://www.first.org/cvss/specification-document 413 "attackComplexity": "A String", 414 "attackVector": "A String", # Base Metrics 415 # Represents the intrinsic characteristics of a vulnerability that are 416 # constant over time and across user environments. 417 "availabilityImpact": "A String", 418 "userInteraction": "A String", 419 "baseScore": 3.14, # The base score is a function of the base metric scores. 420 "privilegesRequired": "A String", 421 "impactScore": 3.14, 422 "exploitabilityScore": 3.14, 423 "confidentialityImpact": "A String", 424 "integrityImpact": "A String", 425 "scope": "A String", 426 }, 427 "cvssScore": 3.14, # The CVSS score for this vulnerability. 428 "severity": "A String", # Note provider assigned impact of the vulnerability. 429 "details": [ # All information about the package to specifically identify this 430 # vulnerability. One entry per (version range and cpe_uri) the package 431 # vulnerability has manifested in. 432 { # Identifies all appearances of this vulnerability in the package for a 433 # specific distro/location. For example: glibc in 434 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 435 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 436 "cpeUri": "A String", # Required. The CPE URI in 437 # [cpe format](https://cpe.mitre.org/specification/) in which the 438 # vulnerability manifests. Examples include distro or storage location for 439 # vulnerable jar. 440 "description": "A String", # A vendor-specific description of this note. 441 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 442 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 443 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 444 # versions. 445 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 446 # name. 447 "revision": "A String", # The iteration of the package build from the above version. 448 }, 449 "package": "A String", # Required. The name of the package where the vulnerability was found. 450 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 451 # packages etc). 452 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 453 # obsolete details. 454 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 455 # 456 # The max version of the package in which the vulnerability exists. 457 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 458 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 459 # versions. 460 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 461 # name. 462 "revision": "A String", # The iteration of the package build from the above version. 463 }, 464 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 465 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 466 # format. Examples include distro or storage location for vulnerable jar. 467 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 468 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 469 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 470 # versions. 471 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 472 # name. 473 "revision": "A String", # The iteration of the package build from the above version. 474 }, 475 "package": "A String", # Required. The package being described. 476 }, 477 }, 478 ], 479 }, 480 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 481 # list requests. 482 "relatedUrl": [ # URLs associated with this note. 483 { # Metadata for any related URL information. 484 "url": "A String", # Specific URL associated with the resource. 485 "label": "A String", # Label to describe usage of the URL. 486 }, 487 ], 488 "longDescription": "A String", # A detailed description of this note. 489 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 490 # example, an organization might have one `Authority` for "QA" and one for 491 # "build". This note is intended to act strictly as a grouping mechanism for 492 # the attached occurrences (Attestations). This grouping mechanism also 493 # provides a security boundary, since IAM ACLs gate the ability for a principle 494 # to attach an occurrence to a given note. It also provides a single point of 495 # lookup to find all attached attestation occurrences, even if they don't all 496 # live in the same project. 497 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 498 # authority. Because the name of a note acts as its resource reference, it is 499 # important to disambiguate the canonical name of the Note (which might be a 500 # UUID for security purposes) from "readable" names more suitable for debug 501 # output. Note that these hints should not be used to look up authorities in 502 # security sensitive contexts, such as when looking up attestations to 503 # verify. 504 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 505 # example "qa". 506 }, 507 }, 508 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 509 # provenance message in the build details occurrence. 510 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 511 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 512 # containing build details. 513 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 514 # findings are valid and unchanged. If `key_type` is empty, this defaults 515 # to PEM encoded public keys. 516 # 517 # This field may be empty if `key_id` references an external key. 518 # 519 # For Cloud Build based signatures, this is a PEM encoded public 520 # key. To verify the Cloud Build signature, place the contents of 521 # this field into a file (public.pem). The signature field is base64-decoded 522 # into its binary representation in signature.bin, and the provenance bytes 523 # from `BuildDetails` are base64-decoded into a binary representation in 524 # signed.bin. OpenSSL can then verify the signature: 525 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 526 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 527 # `key_id`. 528 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 529 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 530 # CN for a cert), or a reference to an external key (such as a reference to a 531 # key in Cloud Key Management Service). 532 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 533 # base-64 encoded. 534 }, 535 }, 536 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 537 # relationship. Linked occurrences are derived from this or an 538 # equivalent image via: 539 # FROM <Basis.resource_url> 540 # Or an equivalent reference, e.g. a tag of the resource_url. 541 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 542 # basis of associated occurrence images. 543 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 544 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 545 # representation. 546 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 547 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 548 # Only the name of the final blob is kept. 549 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 550 "A String", 551 ], 552 }, 553 }, 554 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 555 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 556 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 557 "A String", 558 ], 559 }, 560 "shortDescription": "A String", # A one sentence description of this note. 561 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 562 # filter in list requests. 563 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 564 # exists in a provider's project. A `Discovery` occurrence is created in a 565 # consumer's project at the start of analysis. 566 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 567 # discovery. 568 }, 569 }, 570 ], 571 }</pre> 572</div> 573 574<div class="method"> 575 <code class="details" id="create">create(parent, body, noteId=None, x__xgafv=None)</code> 576 <pre>Creates a new note. 577 578Args: 579 parent: string, The name of the project in the form of `projects/[PROJECT_ID]`, under which 580the note is to be created. (required) 581 body: object, The request body. (required) 582 The object takes the form of: 583 584{ # A type of analysis that can be done for a resource. 585 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 586 # a filter in list requests. 587 "relatedNoteNames": [ # Other notes related to this note. 588 "A String", 589 ], 590 "name": "A String", # Output only. The name of the note in the form of 591 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 592 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 593 # channels. E.g., glibc (aka libc6) is distributed by many, at various 594 # versions. 595 "distribution": [ # The various channels by which a package is distributed. 596 { # This represents a particular channel of distribution for a given package. 597 # E.g., Debian's jessie-backports dpkg mirror. 598 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 599 # denoting the package manager version distributing a package. 600 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 601 "description": "A String", # The distribution channel-specific description of this package. 602 "url": "A String", # The distribution channel-specific homepage for this package. 603 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 604 # built. 605 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 606 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 607 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 608 # versions. 609 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 610 # name. 611 "revision": "A String", # The iteration of the package build from the above version. 612 }, 613 }, 614 ], 615 "name": "A String", # Required. Immutable. The name of the package. 616 }, 617 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 618 "windowsDetails": [ # Windows details get their own format because the information format and 619 # model don't match a normal detail. Specifically Windows updates are done as 620 # patches, thus Windows vulnerabilities really are a missing package, rather 621 # than a package being at an incorrect version. 622 { 623 "cpeUri": "A String", # Required. The CPE URI in 624 # [cpe format](https://cpe.mitre.org/specification/) in which the 625 # vulnerability manifests. Examples include distro or storage location for 626 # vulnerable jar. 627 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 628 # vulnerability. Note that there may be multiple hotfixes (and thus 629 # multiple KBs) that mitigate a given vulnerability. Currently any listed 630 # kb's presence is considered a fix. 631 { 632 "url": "A String", # A link to the KB in the Windows update catalog - 633 # https://www.catalog.update.microsoft.com/ 634 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 635 }, 636 ], 637 "name": "A String", # Required. The name of the vulnerability. 638 "description": "A String", # The description of the vulnerability. 639 }, 640 ], 641 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 642 # For details, see https://www.first.org/cvss/specification-document 643 "attackComplexity": "A String", 644 "attackVector": "A String", # Base Metrics 645 # Represents the intrinsic characteristics of a vulnerability that are 646 # constant over time and across user environments. 647 "availabilityImpact": "A String", 648 "userInteraction": "A String", 649 "baseScore": 3.14, # The base score is a function of the base metric scores. 650 "privilegesRequired": "A String", 651 "impactScore": 3.14, 652 "exploitabilityScore": 3.14, 653 "confidentialityImpact": "A String", 654 "integrityImpact": "A String", 655 "scope": "A String", 656 }, 657 "cvssScore": 3.14, # The CVSS score for this vulnerability. 658 "severity": "A String", # Note provider assigned impact of the vulnerability. 659 "details": [ # All information about the package to specifically identify this 660 # vulnerability. One entry per (version range and cpe_uri) the package 661 # vulnerability has manifested in. 662 { # Identifies all appearances of this vulnerability in the package for a 663 # specific distro/location. For example: glibc in 664 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 665 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 666 "cpeUri": "A String", # Required. The CPE URI in 667 # [cpe format](https://cpe.mitre.org/specification/) in which the 668 # vulnerability manifests. Examples include distro or storage location for 669 # vulnerable jar. 670 "description": "A String", # A vendor-specific description of this note. 671 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 672 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 673 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 674 # versions. 675 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 676 # name. 677 "revision": "A String", # The iteration of the package build from the above version. 678 }, 679 "package": "A String", # Required. The name of the package where the vulnerability was found. 680 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 681 # packages etc). 682 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 683 # obsolete details. 684 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 685 # 686 # The max version of the package in which the vulnerability exists. 687 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 688 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 689 # versions. 690 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 691 # name. 692 "revision": "A String", # The iteration of the package build from the above version. 693 }, 694 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 695 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 696 # format. Examples include distro or storage location for vulnerable jar. 697 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 698 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 699 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 700 # versions. 701 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 702 # name. 703 "revision": "A String", # The iteration of the package build from the above version. 704 }, 705 "package": "A String", # Required. The package being described. 706 }, 707 }, 708 ], 709 }, 710 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 711 # list requests. 712 "relatedUrl": [ # URLs associated with this note. 713 { # Metadata for any related URL information. 714 "url": "A String", # Specific URL associated with the resource. 715 "label": "A String", # Label to describe usage of the URL. 716 }, 717 ], 718 "longDescription": "A String", # A detailed description of this note. 719 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 720 # example, an organization might have one `Authority` for "QA" and one for 721 # "build". This note is intended to act strictly as a grouping mechanism for 722 # the attached occurrences (Attestations). This grouping mechanism also 723 # provides a security boundary, since IAM ACLs gate the ability for a principle 724 # to attach an occurrence to a given note. It also provides a single point of 725 # lookup to find all attached attestation occurrences, even if they don't all 726 # live in the same project. 727 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 728 # authority. Because the name of a note acts as its resource reference, it is 729 # important to disambiguate the canonical name of the Note (which might be a 730 # UUID for security purposes) from "readable" names more suitable for debug 731 # output. Note that these hints should not be used to look up authorities in 732 # security sensitive contexts, such as when looking up attestations to 733 # verify. 734 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 735 # example "qa". 736 }, 737 }, 738 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 739 # provenance message in the build details occurrence. 740 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 741 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 742 # containing build details. 743 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 744 # findings are valid and unchanged. If `key_type` is empty, this defaults 745 # to PEM encoded public keys. 746 # 747 # This field may be empty if `key_id` references an external key. 748 # 749 # For Cloud Build based signatures, this is a PEM encoded public 750 # key. To verify the Cloud Build signature, place the contents of 751 # this field into a file (public.pem). The signature field is base64-decoded 752 # into its binary representation in signature.bin, and the provenance bytes 753 # from `BuildDetails` are base64-decoded into a binary representation in 754 # signed.bin. OpenSSL can then verify the signature: 755 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 756 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 757 # `key_id`. 758 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 759 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 760 # CN for a cert), or a reference to an external key (such as a reference to a 761 # key in Cloud Key Management Service). 762 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 763 # base-64 encoded. 764 }, 765 }, 766 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 767 # relationship. Linked occurrences are derived from this or an 768 # equivalent image via: 769 # FROM <Basis.resource_url> 770 # Or an equivalent reference, e.g. a tag of the resource_url. 771 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 772 # basis of associated occurrence images. 773 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 774 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 775 # representation. 776 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 777 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 778 # Only the name of the final blob is kept. 779 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 780 "A String", 781 ], 782 }, 783 }, 784 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 785 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 786 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 787 "A String", 788 ], 789 }, 790 "shortDescription": "A String", # A one sentence description of this note. 791 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 792 # filter in list requests. 793 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 794 # exists in a provider's project. A `Discovery` occurrence is created in a 795 # consumer's project at the start of analysis. 796 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 797 # discovery. 798 }, 799} 800 801 noteId: string, The ID to use for this note. 802 x__xgafv: string, V1 error format. 803 Allowed values 804 1 - v1 error format 805 2 - v2 error format 806 807Returns: 808 An object of the form: 809 810 { # A type of analysis that can be done for a resource. 811 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 812 # a filter in list requests. 813 "relatedNoteNames": [ # Other notes related to this note. 814 "A String", 815 ], 816 "name": "A String", # Output only. The name of the note in the form of 817 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 818 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 819 # channels. E.g., glibc (aka libc6) is distributed by many, at various 820 # versions. 821 "distribution": [ # The various channels by which a package is distributed. 822 { # This represents a particular channel of distribution for a given package. 823 # E.g., Debian's jessie-backports dpkg mirror. 824 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 825 # denoting the package manager version distributing a package. 826 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 827 "description": "A String", # The distribution channel-specific description of this package. 828 "url": "A String", # The distribution channel-specific homepage for this package. 829 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 830 # built. 831 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 832 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 833 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 834 # versions. 835 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 836 # name. 837 "revision": "A String", # The iteration of the package build from the above version. 838 }, 839 }, 840 ], 841 "name": "A String", # Required. Immutable. The name of the package. 842 }, 843 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 844 "windowsDetails": [ # Windows details get their own format because the information format and 845 # model don't match a normal detail. Specifically Windows updates are done as 846 # patches, thus Windows vulnerabilities really are a missing package, rather 847 # than a package being at an incorrect version. 848 { 849 "cpeUri": "A String", # Required. The CPE URI in 850 # [cpe format](https://cpe.mitre.org/specification/) in which the 851 # vulnerability manifests. Examples include distro or storage location for 852 # vulnerable jar. 853 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 854 # vulnerability. Note that there may be multiple hotfixes (and thus 855 # multiple KBs) that mitigate a given vulnerability. Currently any listed 856 # kb's presence is considered a fix. 857 { 858 "url": "A String", # A link to the KB in the Windows update catalog - 859 # https://www.catalog.update.microsoft.com/ 860 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 861 }, 862 ], 863 "name": "A String", # Required. The name of the vulnerability. 864 "description": "A String", # The description of the vulnerability. 865 }, 866 ], 867 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 868 # For details, see https://www.first.org/cvss/specification-document 869 "attackComplexity": "A String", 870 "attackVector": "A String", # Base Metrics 871 # Represents the intrinsic characteristics of a vulnerability that are 872 # constant over time and across user environments. 873 "availabilityImpact": "A String", 874 "userInteraction": "A String", 875 "baseScore": 3.14, # The base score is a function of the base metric scores. 876 "privilegesRequired": "A String", 877 "impactScore": 3.14, 878 "exploitabilityScore": 3.14, 879 "confidentialityImpact": "A String", 880 "integrityImpact": "A String", 881 "scope": "A String", 882 }, 883 "cvssScore": 3.14, # The CVSS score for this vulnerability. 884 "severity": "A String", # Note provider assigned impact of the vulnerability. 885 "details": [ # All information about the package to specifically identify this 886 # vulnerability. One entry per (version range and cpe_uri) the package 887 # vulnerability has manifested in. 888 { # Identifies all appearances of this vulnerability in the package for a 889 # specific distro/location. For example: glibc in 890 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 891 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 892 "cpeUri": "A String", # Required. The CPE URI in 893 # [cpe format](https://cpe.mitre.org/specification/) in which the 894 # vulnerability manifests. Examples include distro or storage location for 895 # vulnerable jar. 896 "description": "A String", # A vendor-specific description of this note. 897 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 898 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 899 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 900 # versions. 901 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 902 # name. 903 "revision": "A String", # The iteration of the package build from the above version. 904 }, 905 "package": "A String", # Required. The name of the package where the vulnerability was found. 906 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 907 # packages etc). 908 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 909 # obsolete details. 910 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 911 # 912 # The max version of the package in which the vulnerability exists. 913 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 914 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 915 # versions. 916 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 917 # name. 918 "revision": "A String", # The iteration of the package build from the above version. 919 }, 920 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 921 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 922 # format. Examples include distro or storage location for vulnerable jar. 923 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 924 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 925 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 926 # versions. 927 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 928 # name. 929 "revision": "A String", # The iteration of the package build from the above version. 930 }, 931 "package": "A String", # Required. The package being described. 932 }, 933 }, 934 ], 935 }, 936 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 937 # list requests. 938 "relatedUrl": [ # URLs associated with this note. 939 { # Metadata for any related URL information. 940 "url": "A String", # Specific URL associated with the resource. 941 "label": "A String", # Label to describe usage of the URL. 942 }, 943 ], 944 "longDescription": "A String", # A detailed description of this note. 945 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 946 # example, an organization might have one `Authority` for "QA" and one for 947 # "build". This note is intended to act strictly as a grouping mechanism for 948 # the attached occurrences (Attestations). This grouping mechanism also 949 # provides a security boundary, since IAM ACLs gate the ability for a principle 950 # to attach an occurrence to a given note. It also provides a single point of 951 # lookup to find all attached attestation occurrences, even if they don't all 952 # live in the same project. 953 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 954 # authority. Because the name of a note acts as its resource reference, it is 955 # important to disambiguate the canonical name of the Note (which might be a 956 # UUID for security purposes) from "readable" names more suitable for debug 957 # output. Note that these hints should not be used to look up authorities in 958 # security sensitive contexts, such as when looking up attestations to 959 # verify. 960 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 961 # example "qa". 962 }, 963 }, 964 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 965 # provenance message in the build details occurrence. 966 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 967 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 968 # containing build details. 969 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 970 # findings are valid and unchanged. If `key_type` is empty, this defaults 971 # to PEM encoded public keys. 972 # 973 # This field may be empty if `key_id` references an external key. 974 # 975 # For Cloud Build based signatures, this is a PEM encoded public 976 # key. To verify the Cloud Build signature, place the contents of 977 # this field into a file (public.pem). The signature field is base64-decoded 978 # into its binary representation in signature.bin, and the provenance bytes 979 # from `BuildDetails` are base64-decoded into a binary representation in 980 # signed.bin. OpenSSL can then verify the signature: 981 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 982 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 983 # `key_id`. 984 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 985 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 986 # CN for a cert), or a reference to an external key (such as a reference to a 987 # key in Cloud Key Management Service). 988 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 989 # base-64 encoded. 990 }, 991 }, 992 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 993 # relationship. Linked occurrences are derived from this or an 994 # equivalent image via: 995 # FROM <Basis.resource_url> 996 # Or an equivalent reference, e.g. a tag of the resource_url. 997 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 998 # basis of associated occurrence images. 999 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 1000 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 1001 # representation. 1002 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1003 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1004 # Only the name of the final blob is kept. 1005 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 1006 "A String", 1007 ], 1008 }, 1009 }, 1010 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 1011 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1012 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 1013 "A String", 1014 ], 1015 }, 1016 "shortDescription": "A String", # A one sentence description of this note. 1017 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1018 # filter in list requests. 1019 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 1020 # exists in a provider's project. A `Discovery` occurrence is created in a 1021 # consumer's project at the start of analysis. 1022 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 1023 # discovery. 1024 }, 1025 }</pre> 1026</div> 1027 1028<div class="method"> 1029 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 1030 <pre>Deletes the specified note. 1031 1032Args: 1033 name: string, The name of the note in the form of 1034`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required) 1035 x__xgafv: string, V1 error format. 1036 Allowed values 1037 1 - v1 error format 1038 2 - v2 error format 1039 1040Returns: 1041 An object of the form: 1042 1043 { # A generic empty message that you can re-use to avoid defining duplicated 1044 # empty messages in your APIs. A typical example is to use it as the request 1045 # or the response type of an API method. For instance: 1046 # 1047 # service Foo { 1048 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 1049 # } 1050 # 1051 # The JSON representation for `Empty` is empty JSON object `{}`. 1052 }</pre> 1053</div> 1054 1055<div class="method"> 1056 <code class="details" id="get">get(name, x__xgafv=None)</code> 1057 <pre>Gets the specified note. 1058 1059Args: 1060 name: string, The name of the note in the form of 1061`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required) 1062 x__xgafv: string, V1 error format. 1063 Allowed values 1064 1 - v1 error format 1065 2 - v2 error format 1066 1067Returns: 1068 An object of the form: 1069 1070 { # A type of analysis that can be done for a resource. 1071 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1072 # a filter in list requests. 1073 "relatedNoteNames": [ # Other notes related to this note. 1074 "A String", 1075 ], 1076 "name": "A String", # Output only. The name of the note in the form of 1077 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 1078 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 1079 # channels. E.g., glibc (aka libc6) is distributed by many, at various 1080 # versions. 1081 "distribution": [ # The various channels by which a package is distributed. 1082 { # This represents a particular channel of distribution for a given package. 1083 # E.g., Debian's jessie-backports dpkg mirror. 1084 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 1085 # denoting the package manager version distributing a package. 1086 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1087 "description": "A String", # The distribution channel-specific description of this package. 1088 "url": "A String", # The distribution channel-specific homepage for this package. 1089 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 1090 # built. 1091 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 1092 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1093 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1094 # versions. 1095 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1096 # name. 1097 "revision": "A String", # The iteration of the package build from the above version. 1098 }, 1099 }, 1100 ], 1101 "name": "A String", # Required. Immutable. The name of the package. 1102 }, 1103 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 1104 "windowsDetails": [ # Windows details get their own format because the information format and 1105 # model don't match a normal detail. Specifically Windows updates are done as 1106 # patches, thus Windows vulnerabilities really are a missing package, rather 1107 # than a package being at an incorrect version. 1108 { 1109 "cpeUri": "A String", # Required. The CPE URI in 1110 # [cpe format](https://cpe.mitre.org/specification/) in which the 1111 # vulnerability manifests. Examples include distro or storage location for 1112 # vulnerable jar. 1113 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 1114 # vulnerability. Note that there may be multiple hotfixes (and thus 1115 # multiple KBs) that mitigate a given vulnerability. Currently any listed 1116 # kb's presence is considered a fix. 1117 { 1118 "url": "A String", # A link to the KB in the Windows update catalog - 1119 # https://www.catalog.update.microsoft.com/ 1120 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 1121 }, 1122 ], 1123 "name": "A String", # Required. The name of the vulnerability. 1124 "description": "A String", # The description of the vulnerability. 1125 }, 1126 ], 1127 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 1128 # For details, see https://www.first.org/cvss/specification-document 1129 "attackComplexity": "A String", 1130 "attackVector": "A String", # Base Metrics 1131 # Represents the intrinsic characteristics of a vulnerability that are 1132 # constant over time and across user environments. 1133 "availabilityImpact": "A String", 1134 "userInteraction": "A String", 1135 "baseScore": 3.14, # The base score is a function of the base metric scores. 1136 "privilegesRequired": "A String", 1137 "impactScore": 3.14, 1138 "exploitabilityScore": 3.14, 1139 "confidentialityImpact": "A String", 1140 "integrityImpact": "A String", 1141 "scope": "A String", 1142 }, 1143 "cvssScore": 3.14, # The CVSS score for this vulnerability. 1144 "severity": "A String", # Note provider assigned impact of the vulnerability. 1145 "details": [ # All information about the package to specifically identify this 1146 # vulnerability. One entry per (version range and cpe_uri) the package 1147 # vulnerability has manifested in. 1148 { # Identifies all appearances of this vulnerability in the package for a 1149 # specific distro/location. For example: glibc in 1150 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1151 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1152 "cpeUri": "A String", # Required. The CPE URI in 1153 # [cpe format](https://cpe.mitre.org/specification/) in which the 1154 # vulnerability manifests. Examples include distro or storage location for 1155 # vulnerable jar. 1156 "description": "A String", # A vendor-specific description of this note. 1157 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 1158 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1159 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1160 # versions. 1161 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1162 # name. 1163 "revision": "A String", # The iteration of the package build from the above version. 1164 }, 1165 "package": "A String", # Required. The name of the package where the vulnerability was found. 1166 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 1167 # packages etc). 1168 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 1169 # obsolete details. 1170 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 1171 # 1172 # The max version of the package in which the vulnerability exists. 1173 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1174 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1175 # versions. 1176 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1177 # name. 1178 "revision": "A String", # The iteration of the package build from the above version. 1179 }, 1180 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 1181 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 1182 # format. Examples include distro or storage location for vulnerable jar. 1183 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 1184 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1185 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1186 # versions. 1187 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1188 # name. 1189 "revision": "A String", # The iteration of the package build from the above version. 1190 }, 1191 "package": "A String", # Required. The package being described. 1192 }, 1193 }, 1194 ], 1195 }, 1196 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 1197 # list requests. 1198 "relatedUrl": [ # URLs associated with this note. 1199 { # Metadata for any related URL information. 1200 "url": "A String", # Specific URL associated with the resource. 1201 "label": "A String", # Label to describe usage of the URL. 1202 }, 1203 ], 1204 "longDescription": "A String", # A detailed description of this note. 1205 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1206 # example, an organization might have one `Authority` for "QA" and one for 1207 # "build". This note is intended to act strictly as a grouping mechanism for 1208 # the attached occurrences (Attestations). This grouping mechanism also 1209 # provides a security boundary, since IAM ACLs gate the ability for a principle 1210 # to attach an occurrence to a given note. It also provides a single point of 1211 # lookup to find all attached attestation occurrences, even if they don't all 1212 # live in the same project. 1213 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 1214 # authority. Because the name of a note acts as its resource reference, it is 1215 # important to disambiguate the canonical name of the Note (which might be a 1216 # UUID for security purposes) from "readable" names more suitable for debug 1217 # output. Note that these hints should not be used to look up authorities in 1218 # security sensitive contexts, such as when looking up attestations to 1219 # verify. 1220 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 1221 # example "qa". 1222 }, 1223 }, 1224 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 1225 # provenance message in the build details occurrence. 1226 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 1227 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 1228 # containing build details. 1229 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1230 # findings are valid and unchanged. If `key_type` is empty, this defaults 1231 # to PEM encoded public keys. 1232 # 1233 # This field may be empty if `key_id` references an external key. 1234 # 1235 # For Cloud Build based signatures, this is a PEM encoded public 1236 # key. To verify the Cloud Build signature, place the contents of 1237 # this field into a file (public.pem). The signature field is base64-decoded 1238 # into its binary representation in signature.bin, and the provenance bytes 1239 # from `BuildDetails` are base64-decoded into a binary representation in 1240 # signed.bin. OpenSSL can then verify the signature: 1241 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1242 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1243 # `key_id`. 1244 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 1245 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 1246 # CN for a cert), or a reference to an external key (such as a reference to a 1247 # key in Cloud Key Management Service). 1248 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 1249 # base-64 encoded. 1250 }, 1251 }, 1252 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1253 # relationship. Linked occurrences are derived from this or an 1254 # equivalent image via: 1255 # FROM <Basis.resource_url> 1256 # Or an equivalent reference, e.g. a tag of the resource_url. 1257 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 1258 # basis of associated occurrence images. 1259 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 1260 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 1261 # representation. 1262 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1263 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1264 # Only the name of the final blob is kept. 1265 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 1266 "A String", 1267 ], 1268 }, 1269 }, 1270 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 1271 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1272 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 1273 "A String", 1274 ], 1275 }, 1276 "shortDescription": "A String", # A one sentence description of this note. 1277 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1278 # filter in list requests. 1279 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 1280 # exists in a provider's project. A `Discovery` occurrence is created in a 1281 # consumer's project at the start of analysis. 1282 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 1283 # discovery. 1284 }, 1285 }</pre> 1286</div> 1287 1288<div class="method"> 1289 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 1290 <pre>Gets the access control policy for a note or an occurrence resource. 1291Requires `containeranalysis.notes.setIamPolicy` or 1292`containeranalysis.occurrences.setIamPolicy` permission if the resource is 1293a note or occurrence, respectively. 1294 1295The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 1296notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 1297occurrences. 1298 1299Args: 1300 resource: string, REQUIRED: The resource for which the policy is being requested. 1301See the operation documentation for the appropriate value for this field. (required) 1302 body: object, The request body. 1303 The object takes the form of: 1304 1305{ # Request message for `GetIamPolicy` method. 1306 } 1307 1308 x__xgafv: string, V1 error format. 1309 Allowed values 1310 1 - v1 error format 1311 2 - v2 error format 1312 1313Returns: 1314 An object of the form: 1315 1316 { # Defines an Identity and Access Management (IAM) policy. It is used to 1317 # specify access control policies for Cloud Platform resources. 1318 # 1319 # 1320 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1321 # `members` to a `role`, where the members can be user accounts, Google groups, 1322 # Google domains, and service accounts. A `role` is a named list of permissions 1323 # defined by IAM. 1324 # 1325 # **JSON Example** 1326 # 1327 # { 1328 # "bindings": [ 1329 # { 1330 # "role": "roles/owner", 1331 # "members": [ 1332 # "user:mike@example.com", 1333 # "group:admins@example.com", 1334 # "domain:google.com", 1335 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1336 # ] 1337 # }, 1338 # { 1339 # "role": "roles/viewer", 1340 # "members": ["user:sean@example.com"] 1341 # } 1342 # ] 1343 # } 1344 # 1345 # **YAML Example** 1346 # 1347 # bindings: 1348 # - members: 1349 # - user:mike@example.com 1350 # - group:admins@example.com 1351 # - domain:google.com 1352 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1353 # role: roles/owner 1354 # - members: 1355 # - user:sean@example.com 1356 # role: roles/viewer 1357 # 1358 # 1359 # For a description of IAM and its features, see the 1360 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1361 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1362 { # Specifies the audit configuration for a service. 1363 # The configuration determines which permission types are logged, and what 1364 # identities, if any, are exempted from logging. 1365 # An AuditConfig must have one or more AuditLogConfigs. 1366 # 1367 # If there are AuditConfigs for both `allServices` and a specific service, 1368 # the union of the two AuditConfigs is used for that service: the log_types 1369 # specified in each AuditConfig are enabled, and the exempted_members in each 1370 # AuditLogConfig are exempted. 1371 # 1372 # Example Policy with multiple AuditConfigs: 1373 # 1374 # { 1375 # "audit_configs": [ 1376 # { 1377 # "service": "allServices" 1378 # "audit_log_configs": [ 1379 # { 1380 # "log_type": "DATA_READ", 1381 # "exempted_members": [ 1382 # "user:foo@gmail.com" 1383 # ] 1384 # }, 1385 # { 1386 # "log_type": "DATA_WRITE", 1387 # }, 1388 # { 1389 # "log_type": "ADMIN_READ", 1390 # } 1391 # ] 1392 # }, 1393 # { 1394 # "service": "fooservice.googleapis.com" 1395 # "audit_log_configs": [ 1396 # { 1397 # "log_type": "DATA_READ", 1398 # }, 1399 # { 1400 # "log_type": "DATA_WRITE", 1401 # "exempted_members": [ 1402 # "user:bar@gmail.com" 1403 # ] 1404 # } 1405 # ] 1406 # } 1407 # ] 1408 # } 1409 # 1410 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1411 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1412 # bar@gmail.com from DATA_WRITE logging. 1413 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1414 { # Provides the configuration for logging a type of permissions. 1415 # Example: 1416 # 1417 # { 1418 # "audit_log_configs": [ 1419 # { 1420 # "log_type": "DATA_READ", 1421 # "exempted_members": [ 1422 # "user:foo@gmail.com" 1423 # ] 1424 # }, 1425 # { 1426 # "log_type": "DATA_WRITE", 1427 # } 1428 # ] 1429 # } 1430 # 1431 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1432 # foo@gmail.com from DATA_READ logging. 1433 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1434 # permission. 1435 # Follows the same format of Binding.members. 1436 "A String", 1437 ], 1438 "logType": "A String", # The log type that this config enables. 1439 }, 1440 ], 1441 "service": "A String", # Specifies a service that will be enabled for audit logging. 1442 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1443 # `allServices` is a special value that covers all services. 1444 }, 1445 ], 1446 "version": 42, # Deprecated. 1447 "bindings": [ # Associates a list of `members` to a `role`. 1448 # `bindings` with no members will result in an error. 1449 { # Associates `members` with a `role`. 1450 "role": "A String", # Role that is assigned to `members`. 1451 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1452 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1453 # `members` can have the following values: 1454 # 1455 # * `allUsers`: A special identifier that represents anyone who is 1456 # on the internet; with or without a Google account. 1457 # 1458 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1459 # who is authenticated with a Google account or a service account. 1460 # 1461 # * `user:{emailid}`: An email address that represents a specific Google 1462 # account. For example, `alice@gmail.com` . 1463 # 1464 # 1465 # * `serviceAccount:{emailid}`: An email address that represents a service 1466 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1467 # 1468 # * `group:{emailid}`: An email address that represents a Google group. 1469 # For example, `admins@example.com`. 1470 # 1471 # 1472 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1473 # users of that domain. For example, `google.com` or `example.com`. 1474 # 1475 "A String", 1476 ], 1477 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1478 # NOTE: An unsatisfied condition will not allow user access via current 1479 # binding. Different bindings, including their conditions, are examined 1480 # independently. 1481 # 1482 # title: "User account presence" 1483 # description: "Determines whether the request has a user account" 1484 # expression: "size(request.user) > 0" 1485 "location": "A String", # An optional string indicating the location of the expression for error 1486 # reporting, e.g. a file name and a position in the file. 1487 "expression": "A String", # Textual representation of an expression in 1488 # Common Expression Language syntax. 1489 # 1490 # The application context of the containing message determines which 1491 # well-known feature set of CEL is supported. 1492 "description": "A String", # An optional description of the expression. This is a longer text which 1493 # describes the expression, e.g. when hovered over it in a UI. 1494 "title": "A String", # An optional title for the expression, i.e. a short string describing 1495 # its purpose. This can be used e.g. in UIs which allow to enter the 1496 # expression. 1497 }, 1498 }, 1499 ], 1500 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1501 # prevent simultaneous updates of a policy from overwriting each other. 1502 # It is strongly suggested that systems make use of the `etag` in the 1503 # read-modify-write cycle to perform policy updates in order to avoid race 1504 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1505 # systems are expected to put that etag in the request to `setIamPolicy` to 1506 # ensure that their change will be applied to the same version of the policy. 1507 # 1508 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1509 # policy is overwritten blindly. 1510 }</pre> 1511</div> 1512 1513<div class="method"> 1514 <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 1515 <pre>Lists notes for the specified project. 1516 1517Args: 1518 parent: string, The name of the project to list notes for in the form of 1519`projects/[PROJECT_ID]`. (required) 1520 pageSize: integer, Number of notes to return in the list. Must be positive. Max allowed page 1521size is 1000. If not specified, page size defaults to 20. 1522 pageToken: string, Token to provide to skip to a particular spot in the list. 1523 x__xgafv: string, V1 error format. 1524 Allowed values 1525 1 - v1 error format 1526 2 - v2 error format 1527 filter: string, The filter expression. 1528 1529Returns: 1530 An object of the form: 1531 1532 { # Response for listing notes. 1533 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as 1534 # `page_token` for the following request. An empty value means no more 1535 # results. 1536 "notes": [ # The notes requested. 1537 { # A type of analysis that can be done for a resource. 1538 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1539 # a filter in list requests. 1540 "relatedNoteNames": [ # Other notes related to this note. 1541 "A String", 1542 ], 1543 "name": "A String", # Output only. The name of the note in the form of 1544 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 1545 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 1546 # channels. E.g., glibc (aka libc6) is distributed by many, at various 1547 # versions. 1548 "distribution": [ # The various channels by which a package is distributed. 1549 { # This represents a particular channel of distribution for a given package. 1550 # E.g., Debian's jessie-backports dpkg mirror. 1551 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 1552 # denoting the package manager version distributing a package. 1553 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1554 "description": "A String", # The distribution channel-specific description of this package. 1555 "url": "A String", # The distribution channel-specific homepage for this package. 1556 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 1557 # built. 1558 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 1559 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1560 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1561 # versions. 1562 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1563 # name. 1564 "revision": "A String", # The iteration of the package build from the above version. 1565 }, 1566 }, 1567 ], 1568 "name": "A String", # Required. Immutable. The name of the package. 1569 }, 1570 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 1571 "windowsDetails": [ # Windows details get their own format because the information format and 1572 # model don't match a normal detail. Specifically Windows updates are done as 1573 # patches, thus Windows vulnerabilities really are a missing package, rather 1574 # than a package being at an incorrect version. 1575 { 1576 "cpeUri": "A String", # Required. The CPE URI in 1577 # [cpe format](https://cpe.mitre.org/specification/) in which the 1578 # vulnerability manifests. Examples include distro or storage location for 1579 # vulnerable jar. 1580 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 1581 # vulnerability. Note that there may be multiple hotfixes (and thus 1582 # multiple KBs) that mitigate a given vulnerability. Currently any listed 1583 # kb's presence is considered a fix. 1584 { 1585 "url": "A String", # A link to the KB in the Windows update catalog - 1586 # https://www.catalog.update.microsoft.com/ 1587 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 1588 }, 1589 ], 1590 "name": "A String", # Required. The name of the vulnerability. 1591 "description": "A String", # The description of the vulnerability. 1592 }, 1593 ], 1594 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 1595 # For details, see https://www.first.org/cvss/specification-document 1596 "attackComplexity": "A String", 1597 "attackVector": "A String", # Base Metrics 1598 # Represents the intrinsic characteristics of a vulnerability that are 1599 # constant over time and across user environments. 1600 "availabilityImpact": "A String", 1601 "userInteraction": "A String", 1602 "baseScore": 3.14, # The base score is a function of the base metric scores. 1603 "privilegesRequired": "A String", 1604 "impactScore": 3.14, 1605 "exploitabilityScore": 3.14, 1606 "confidentialityImpact": "A String", 1607 "integrityImpact": "A String", 1608 "scope": "A String", 1609 }, 1610 "cvssScore": 3.14, # The CVSS score for this vulnerability. 1611 "severity": "A String", # Note provider assigned impact of the vulnerability. 1612 "details": [ # All information about the package to specifically identify this 1613 # vulnerability. One entry per (version range and cpe_uri) the package 1614 # vulnerability has manifested in. 1615 { # Identifies all appearances of this vulnerability in the package for a 1616 # specific distro/location. For example: glibc in 1617 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1618 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1619 "cpeUri": "A String", # Required. The CPE URI in 1620 # [cpe format](https://cpe.mitre.org/specification/) in which the 1621 # vulnerability manifests. Examples include distro or storage location for 1622 # vulnerable jar. 1623 "description": "A String", # A vendor-specific description of this note. 1624 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 1625 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1626 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1627 # versions. 1628 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1629 # name. 1630 "revision": "A String", # The iteration of the package build from the above version. 1631 }, 1632 "package": "A String", # Required. The name of the package where the vulnerability was found. 1633 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 1634 # packages etc). 1635 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 1636 # obsolete details. 1637 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 1638 # 1639 # The max version of the package in which the vulnerability exists. 1640 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1641 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1642 # versions. 1643 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1644 # name. 1645 "revision": "A String", # The iteration of the package build from the above version. 1646 }, 1647 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 1648 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 1649 # format. Examples include distro or storage location for vulnerable jar. 1650 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 1651 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1652 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1653 # versions. 1654 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1655 # name. 1656 "revision": "A String", # The iteration of the package build from the above version. 1657 }, 1658 "package": "A String", # Required. The package being described. 1659 }, 1660 }, 1661 ], 1662 }, 1663 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 1664 # list requests. 1665 "relatedUrl": [ # URLs associated with this note. 1666 { # Metadata for any related URL information. 1667 "url": "A String", # Specific URL associated with the resource. 1668 "label": "A String", # Label to describe usage of the URL. 1669 }, 1670 ], 1671 "longDescription": "A String", # A detailed description of this note. 1672 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1673 # example, an organization might have one `Authority` for "QA" and one for 1674 # "build". This note is intended to act strictly as a grouping mechanism for 1675 # the attached occurrences (Attestations). This grouping mechanism also 1676 # provides a security boundary, since IAM ACLs gate the ability for a principle 1677 # to attach an occurrence to a given note. It also provides a single point of 1678 # lookup to find all attached attestation occurrences, even if they don't all 1679 # live in the same project. 1680 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 1681 # authority. Because the name of a note acts as its resource reference, it is 1682 # important to disambiguate the canonical name of the Note (which might be a 1683 # UUID for security purposes) from "readable" names more suitable for debug 1684 # output. Note that these hints should not be used to look up authorities in 1685 # security sensitive contexts, such as when looking up attestations to 1686 # verify. 1687 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 1688 # example "qa". 1689 }, 1690 }, 1691 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 1692 # provenance message in the build details occurrence. 1693 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 1694 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 1695 # containing build details. 1696 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1697 # findings are valid and unchanged. If `key_type` is empty, this defaults 1698 # to PEM encoded public keys. 1699 # 1700 # This field may be empty if `key_id` references an external key. 1701 # 1702 # For Cloud Build based signatures, this is a PEM encoded public 1703 # key. To verify the Cloud Build signature, place the contents of 1704 # this field into a file (public.pem). The signature field is base64-decoded 1705 # into its binary representation in signature.bin, and the provenance bytes 1706 # from `BuildDetails` are base64-decoded into a binary representation in 1707 # signed.bin. OpenSSL can then verify the signature: 1708 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1709 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1710 # `key_id`. 1711 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 1712 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 1713 # CN for a cert), or a reference to an external key (such as a reference to a 1714 # key in Cloud Key Management Service). 1715 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 1716 # base-64 encoded. 1717 }, 1718 }, 1719 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1720 # relationship. Linked occurrences are derived from this or an 1721 # equivalent image via: 1722 # FROM <Basis.resource_url> 1723 # Or an equivalent reference, e.g. a tag of the resource_url. 1724 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 1725 # basis of associated occurrence images. 1726 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 1727 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 1728 # representation. 1729 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1730 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1731 # Only the name of the final blob is kept. 1732 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 1733 "A String", 1734 ], 1735 }, 1736 }, 1737 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 1738 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1739 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 1740 "A String", 1741 ], 1742 }, 1743 "shortDescription": "A String", # A one sentence description of this note. 1744 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1745 # filter in list requests. 1746 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 1747 # exists in a provider's project. A `Discovery` occurrence is created in a 1748 # consumer's project at the start of analysis. 1749 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 1750 # discovery. 1751 }, 1752 }, 1753 ], 1754 }</pre> 1755</div> 1756 1757<div class="method"> 1758 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 1759 <pre>Retrieves the next page of results. 1760 1761Args: 1762 previous_request: The request for the previous page. (required) 1763 previous_response: The response from the request for the previous page. (required) 1764 1765Returns: 1766 A request object that you can call 'execute()' on to request the next 1767 page. Returns None if there are no more items in the collection. 1768 </pre> 1769</div> 1770 1771<div class="method"> 1772 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 1773 <pre>Updates the specified note. 1774 1775Args: 1776 name: string, The name of the note in the form of 1777`projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required) 1778 body: object, The request body. (required) 1779 The object takes the form of: 1780 1781{ # A type of analysis that can be done for a resource. 1782 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1783 # a filter in list requests. 1784 "relatedNoteNames": [ # Other notes related to this note. 1785 "A String", 1786 ], 1787 "name": "A String", # Output only. The name of the note in the form of 1788 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 1789 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 1790 # channels. E.g., glibc (aka libc6) is distributed by many, at various 1791 # versions. 1792 "distribution": [ # The various channels by which a package is distributed. 1793 { # This represents a particular channel of distribution for a given package. 1794 # E.g., Debian's jessie-backports dpkg mirror. 1795 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 1796 # denoting the package manager version distributing a package. 1797 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1798 "description": "A String", # The distribution channel-specific description of this package. 1799 "url": "A String", # The distribution channel-specific homepage for this package. 1800 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 1801 # built. 1802 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 1803 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1804 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1805 # versions. 1806 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1807 # name. 1808 "revision": "A String", # The iteration of the package build from the above version. 1809 }, 1810 }, 1811 ], 1812 "name": "A String", # Required. Immutable. The name of the package. 1813 }, 1814 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 1815 "windowsDetails": [ # Windows details get their own format because the information format and 1816 # model don't match a normal detail. Specifically Windows updates are done as 1817 # patches, thus Windows vulnerabilities really are a missing package, rather 1818 # than a package being at an incorrect version. 1819 { 1820 "cpeUri": "A String", # Required. The CPE URI in 1821 # [cpe format](https://cpe.mitre.org/specification/) in which the 1822 # vulnerability manifests. Examples include distro or storage location for 1823 # vulnerable jar. 1824 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 1825 # vulnerability. Note that there may be multiple hotfixes (and thus 1826 # multiple KBs) that mitigate a given vulnerability. Currently any listed 1827 # kb's presence is considered a fix. 1828 { 1829 "url": "A String", # A link to the KB in the Windows update catalog - 1830 # https://www.catalog.update.microsoft.com/ 1831 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 1832 }, 1833 ], 1834 "name": "A String", # Required. The name of the vulnerability. 1835 "description": "A String", # The description of the vulnerability. 1836 }, 1837 ], 1838 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 1839 # For details, see https://www.first.org/cvss/specification-document 1840 "attackComplexity": "A String", 1841 "attackVector": "A String", # Base Metrics 1842 # Represents the intrinsic characteristics of a vulnerability that are 1843 # constant over time and across user environments. 1844 "availabilityImpact": "A String", 1845 "userInteraction": "A String", 1846 "baseScore": 3.14, # The base score is a function of the base metric scores. 1847 "privilegesRequired": "A String", 1848 "impactScore": 3.14, 1849 "exploitabilityScore": 3.14, 1850 "confidentialityImpact": "A String", 1851 "integrityImpact": "A String", 1852 "scope": "A String", 1853 }, 1854 "cvssScore": 3.14, # The CVSS score for this vulnerability. 1855 "severity": "A String", # Note provider assigned impact of the vulnerability. 1856 "details": [ # All information about the package to specifically identify this 1857 # vulnerability. One entry per (version range and cpe_uri) the package 1858 # vulnerability has manifested in. 1859 { # Identifies all appearances of this vulnerability in the package for a 1860 # specific distro/location. For example: glibc in 1861 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1862 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1863 "cpeUri": "A String", # Required. The CPE URI in 1864 # [cpe format](https://cpe.mitre.org/specification/) in which the 1865 # vulnerability manifests. Examples include distro or storage location for 1866 # vulnerable jar. 1867 "description": "A String", # A vendor-specific description of this note. 1868 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 1869 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1870 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1871 # versions. 1872 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1873 # name. 1874 "revision": "A String", # The iteration of the package build from the above version. 1875 }, 1876 "package": "A String", # Required. The name of the package where the vulnerability was found. 1877 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 1878 # packages etc). 1879 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 1880 # obsolete details. 1881 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 1882 # 1883 # The max version of the package in which the vulnerability exists. 1884 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1885 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1886 # versions. 1887 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1888 # name. 1889 "revision": "A String", # The iteration of the package build from the above version. 1890 }, 1891 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 1892 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 1893 # format. Examples include distro or storage location for vulnerable jar. 1894 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 1895 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1896 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 1897 # versions. 1898 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 1899 # name. 1900 "revision": "A String", # The iteration of the package build from the above version. 1901 }, 1902 "package": "A String", # Required. The package being described. 1903 }, 1904 }, 1905 ], 1906 }, 1907 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 1908 # list requests. 1909 "relatedUrl": [ # URLs associated with this note. 1910 { # Metadata for any related URL information. 1911 "url": "A String", # Specific URL associated with the resource. 1912 "label": "A String", # Label to describe usage of the URL. 1913 }, 1914 ], 1915 "longDescription": "A String", # A detailed description of this note. 1916 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1917 # example, an organization might have one `Authority` for "QA" and one for 1918 # "build". This note is intended to act strictly as a grouping mechanism for 1919 # the attached occurrences (Attestations). This grouping mechanism also 1920 # provides a security boundary, since IAM ACLs gate the ability for a principle 1921 # to attach an occurrence to a given note. It also provides a single point of 1922 # lookup to find all attached attestation occurrences, even if they don't all 1923 # live in the same project. 1924 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 1925 # authority. Because the name of a note acts as its resource reference, it is 1926 # important to disambiguate the canonical name of the Note (which might be a 1927 # UUID for security purposes) from "readable" names more suitable for debug 1928 # output. Note that these hints should not be used to look up authorities in 1929 # security sensitive contexts, such as when looking up attestations to 1930 # verify. 1931 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 1932 # example "qa". 1933 }, 1934 }, 1935 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 1936 # provenance message in the build details occurrence. 1937 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 1938 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 1939 # containing build details. 1940 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1941 # findings are valid and unchanged. If `key_type` is empty, this defaults 1942 # to PEM encoded public keys. 1943 # 1944 # This field may be empty if `key_id` references an external key. 1945 # 1946 # For Cloud Build based signatures, this is a PEM encoded public 1947 # key. To verify the Cloud Build signature, place the contents of 1948 # this field into a file (public.pem). The signature field is base64-decoded 1949 # into its binary representation in signature.bin, and the provenance bytes 1950 # from `BuildDetails` are base64-decoded into a binary representation in 1951 # signed.bin. OpenSSL can then verify the signature: 1952 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1953 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1954 # `key_id`. 1955 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 1956 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 1957 # CN for a cert), or a reference to an external key (such as a reference to a 1958 # key in Cloud Key Management Service). 1959 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 1960 # base-64 encoded. 1961 }, 1962 }, 1963 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1964 # relationship. Linked occurrences are derived from this or an 1965 # equivalent image via: 1966 # FROM <Basis.resource_url> 1967 # Or an equivalent reference, e.g. a tag of the resource_url. 1968 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 1969 # basis of associated occurrence images. 1970 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 1971 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 1972 # representation. 1973 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1974 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1975 # Only the name of the final blob is kept. 1976 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 1977 "A String", 1978 ], 1979 }, 1980 }, 1981 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 1982 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1983 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 1984 "A String", 1985 ], 1986 }, 1987 "shortDescription": "A String", # A one sentence description of this note. 1988 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1989 # filter in list requests. 1990 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 1991 # exists in a provider's project. A `Discovery` occurrence is created in a 1992 # consumer's project at the start of analysis. 1993 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 1994 # discovery. 1995 }, 1996} 1997 1998 updateMask: string, The fields to update. 1999 x__xgafv: string, V1 error format. 2000 Allowed values 2001 1 - v1 error format 2002 2 - v2 error format 2003 2004Returns: 2005 An object of the form: 2006 2007 { # A type of analysis that can be done for a resource. 2008 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 2009 # a filter in list requests. 2010 "relatedNoteNames": [ # Other notes related to this note. 2011 "A String", 2012 ], 2013 "name": "A String", # Output only. The name of the note in the form of 2014 # `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. 2015 "package": { # This represents a particular package that is distributed over various # A note describing a package hosted by various package managers. 2016 # channels. E.g., glibc (aka libc6) is distributed by many, at various 2017 # versions. 2018 "distribution": [ # The various channels by which a package is distributed. 2019 { # This represents a particular channel of distribution for a given package. 2020 # E.g., Debian's jessie-backports dpkg mirror. 2021 "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) 2022 # denoting the package manager version distributing a package. 2023 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 2024 "description": "A String", # The distribution channel-specific description of this package. 2025 "url": "A String", # The distribution channel-specific homepage for this package. 2026 "architecture": "A String", # The CPU architecture for which packages in this distribution channel were 2027 # built. 2028 "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel. 2029 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2030 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 2031 # versions. 2032 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 2033 # name. 2034 "revision": "A String", # The iteration of the package build from the above version. 2035 }, 2036 }, 2037 ], 2038 "name": "A String", # Required. Immutable. The name of the package. 2039 }, 2040 "vulnerability": { # Vulnerability provides metadata about a security vulnerability in a Note. # A note describing a package vulnerability. 2041 "windowsDetails": [ # Windows details get their own format because the information format and 2042 # model don't match a normal detail. Specifically Windows updates are done as 2043 # patches, thus Windows vulnerabilities really are a missing package, rather 2044 # than a package being at an incorrect version. 2045 { 2046 "cpeUri": "A String", # Required. The CPE URI in 2047 # [cpe format](https://cpe.mitre.org/specification/) in which the 2048 # vulnerability manifests. Examples include distro or storage location for 2049 # vulnerable jar. 2050 "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this 2051 # vulnerability. Note that there may be multiple hotfixes (and thus 2052 # multiple KBs) that mitigate a given vulnerability. Currently any listed 2053 # kb's presence is considered a fix. 2054 { 2055 "url": "A String", # A link to the KB in the Windows update catalog - 2056 # https://www.catalog.update.microsoft.com/ 2057 "name": "A String", # The KB name (generally of the form KB[0-9]+ i.e. KB123456). 2058 }, 2059 ], 2060 "name": "A String", # Required. The name of the vulnerability. 2061 "description": "A String", # The description of the vulnerability. 2062 }, 2063 ], 2064 "cvssV3": { # Common Vulnerability Scoring System version 3. # The full description of the CVSSv3. 2065 # For details, see https://www.first.org/cvss/specification-document 2066 "attackComplexity": "A String", 2067 "attackVector": "A String", # Base Metrics 2068 # Represents the intrinsic characteristics of a vulnerability that are 2069 # constant over time and across user environments. 2070 "availabilityImpact": "A String", 2071 "userInteraction": "A String", 2072 "baseScore": 3.14, # The base score is a function of the base metric scores. 2073 "privilegesRequired": "A String", 2074 "impactScore": 3.14, 2075 "exploitabilityScore": 3.14, 2076 "confidentialityImpact": "A String", 2077 "integrityImpact": "A String", 2078 "scope": "A String", 2079 }, 2080 "cvssScore": 3.14, # The CVSS score for this vulnerability. 2081 "severity": "A String", # Note provider assigned impact of the vulnerability. 2082 "details": [ # All information about the package to specifically identify this 2083 # vulnerability. One entry per (version range and cpe_uri) the package 2084 # vulnerability has manifested in. 2085 { # Identifies all appearances of this vulnerability in the package for a 2086 # specific distro/location. For example: glibc in 2087 # cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 2088 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 2089 "cpeUri": "A String", # Required. The CPE URI in 2090 # [cpe format](https://cpe.mitre.org/specification/) in which the 2091 # vulnerability manifests. Examples include distro or storage location for 2092 # vulnerable jar. 2093 "description": "A String", # A vendor-specific description of this note. 2094 "minAffectedVersion": { # Version contains structured information about the version of a package. # The min version of the package in which the vulnerability exists. 2095 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2096 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 2097 # versions. 2098 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 2099 # name. 2100 "revision": "A String", # The iteration of the package build from the above version. 2101 }, 2102 "package": "A String", # Required. The name of the package where the vulnerability was found. 2103 "packageType": "A String", # The type of package; whether native or non native(ruby gems, node.js 2104 # packages etc). 2105 "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to 2106 # obsolete details. 2107 "maxAffectedVersion": { # Version contains structured information about the version of a package. # Deprecated, do not use. Use fixed_location instead. 2108 # 2109 # The max version of the package in which the vulnerability exists. 2110 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2111 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 2112 # versions. 2113 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 2114 # name. 2115 "revision": "A String", # The iteration of the package build from the above version. 2116 }, 2117 "fixedLocation": { # The location of the vulnerability. # The fix for this specific package version. 2118 "cpeUri": "A String", # Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/) 2119 # format. Examples include distro or storage location for vulnerable jar. 2120 "version": { # Version contains structured information about the version of a package. # Required. The version of the package being described. 2121 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 2122 "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal 2123 # versions. 2124 "name": "A String", # Required only when version kind is NORMAL. The main part of the version 2125 # name. 2126 "revision": "A String", # The iteration of the package build from the above version. 2127 }, 2128 "package": "A String", # Required. The package being described. 2129 }, 2130 }, 2131 ], 2132 }, 2133 "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in 2134 # list requests. 2135 "relatedUrl": [ # URLs associated with this note. 2136 { # Metadata for any related URL information. 2137 "url": "A String", # Specific URL associated with the resource. 2138 "label": "A String", # Label to describe usage of the URL. 2139 }, 2140 ], 2141 "longDescription": "A String", # A detailed description of this note. 2142 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 2143 # example, an organization might have one `Authority` for "QA" and one for 2144 # "build". This note is intended to act strictly as a grouping mechanism for 2145 # the attached occurrences (Attestations). This grouping mechanism also 2146 # provides a security boundary, since IAM ACLs gate the ability for a principle 2147 # to attach an occurrence to a given note. It also provides a single point of 2148 # lookup to find all attached attestation occurrences, even if they don't all 2149 # live in the same project. 2150 "hint": { # This submessage provides human-readable hints about the purpose of the # Hint hints at the purpose of the attestation authority. 2151 # authority. Because the name of a note acts as its resource reference, it is 2152 # important to disambiguate the canonical name of the Note (which might be a 2153 # UUID for security purposes) from "readable" names more suitable for debug 2154 # output. Note that these hints should not be used to look up authorities in 2155 # security sensitive contexts, such as when looking up attestations to 2156 # verify. 2157 "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for 2158 # example "qa". 2159 }, 2160 }, 2161 "build": { # Note holding the version of the provider's builder and the signature of the # A note describing build provenance for a verifiable build. 2162 # provenance message in the build details occurrence. 2163 "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build. 2164 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in occurrences pointing to this build note 2165 # containing build details. 2166 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 2167 # findings are valid and unchanged. If `key_type` is empty, this defaults 2168 # to PEM encoded public keys. 2169 # 2170 # This field may be empty if `key_id` references an external key. 2171 # 2172 # For Cloud Build based signatures, this is a PEM encoded public 2173 # key. To verify the Cloud Build signature, place the contents of 2174 # this field into a file (public.pem). The signature field is base64-decoded 2175 # into its binary representation in signature.bin, and the provenance bytes 2176 # from `BuildDetails` are base64-decoded into a binary representation in 2177 # signed.bin. OpenSSL can then verify the signature: 2178 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 2179 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 2180 # `key_id`. 2181 "keyId": "A String", # An ID for the key used to sign. This could be either an ID for the key 2182 # stored in `public_key` (such as the ID or fingerprint for a PGP key, or the 2183 # CN for a cert), or a reference to an external key (such as a reference to a 2184 # key in Cloud Key Management Service). 2185 "signature": "A String", # Required. Signature of the related `BuildProvenance`. In JSON, this is 2186 # base-64 encoded. 2187 }, 2188 }, 2189 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 2190 # relationship. Linked occurrences are derived from this or an 2191 # equivalent image via: 2192 # FROM <Basis.resource_url> 2193 # Or an equivalent reference, e.g. a tag of the resource_url. 2194 "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the 2195 # basis of associated occurrence images. 2196 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image. 2197 "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 2198 # representation. 2199 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 2200 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 2201 # Only the name of the final blob is kept. 2202 "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image. 2203 "A String", 2204 ], 2205 }, 2206 }, 2207 "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire. 2208 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 2209 "resourceUri": [ # Required. Resource URI for the artifact being deployed. 2210 "A String", 2211 ], 2212 }, 2213 "shortDescription": "A String", # A one sentence description of this note. 2214 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 2215 # filter in list requests. 2216 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing the initial analysis of a resource. 2217 # exists in a provider's project. A `Discovery` occurrence is created in a 2218 # consumer's project at the start of analysis. 2219 "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this 2220 # discovery. 2221 }, 2222 }</pre> 2223</div> 2224 2225<div class="method"> 2226 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 2227 <pre>Sets the access control policy on the specified note or occurrence. 2228Requires `containeranalysis.notes.setIamPolicy` or 2229`containeranalysis.occurrences.setIamPolicy` permission if the resource is 2230a note or an occurrence, respectively. 2231 2232The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 2233notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 2234occurrences. 2235 2236Args: 2237 resource: string, REQUIRED: The resource for which the policy is being specified. 2238See the operation documentation for the appropriate value for this field. (required) 2239 body: object, The request body. (required) 2240 The object takes the form of: 2241 2242{ # Request message for `SetIamPolicy` method. 2243 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 2244 # the policy is limited to a few 10s of KB. An empty policy is a 2245 # valid policy but certain Cloud Platform services (such as Projects) 2246 # might reject them. 2247 # specify access control policies for Cloud Platform resources. 2248 # 2249 # 2250 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 2251 # `members` to a `role`, where the members can be user accounts, Google groups, 2252 # Google domains, and service accounts. A `role` is a named list of permissions 2253 # defined by IAM. 2254 # 2255 # **JSON Example** 2256 # 2257 # { 2258 # "bindings": [ 2259 # { 2260 # "role": "roles/owner", 2261 # "members": [ 2262 # "user:mike@example.com", 2263 # "group:admins@example.com", 2264 # "domain:google.com", 2265 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 2266 # ] 2267 # }, 2268 # { 2269 # "role": "roles/viewer", 2270 # "members": ["user:sean@example.com"] 2271 # } 2272 # ] 2273 # } 2274 # 2275 # **YAML Example** 2276 # 2277 # bindings: 2278 # - members: 2279 # - user:mike@example.com 2280 # - group:admins@example.com 2281 # - domain:google.com 2282 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 2283 # role: roles/owner 2284 # - members: 2285 # - user:sean@example.com 2286 # role: roles/viewer 2287 # 2288 # 2289 # For a description of IAM and its features, see the 2290 # [IAM developer's guide](https://cloud.google.com/iam/docs). 2291 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 2292 { # Specifies the audit configuration for a service. 2293 # The configuration determines which permission types are logged, and what 2294 # identities, if any, are exempted from logging. 2295 # An AuditConfig must have one or more AuditLogConfigs. 2296 # 2297 # If there are AuditConfigs for both `allServices` and a specific service, 2298 # the union of the two AuditConfigs is used for that service: the log_types 2299 # specified in each AuditConfig are enabled, and the exempted_members in each 2300 # AuditLogConfig are exempted. 2301 # 2302 # Example Policy with multiple AuditConfigs: 2303 # 2304 # { 2305 # "audit_configs": [ 2306 # { 2307 # "service": "allServices" 2308 # "audit_log_configs": [ 2309 # { 2310 # "log_type": "DATA_READ", 2311 # "exempted_members": [ 2312 # "user:foo@gmail.com" 2313 # ] 2314 # }, 2315 # { 2316 # "log_type": "DATA_WRITE", 2317 # }, 2318 # { 2319 # "log_type": "ADMIN_READ", 2320 # } 2321 # ] 2322 # }, 2323 # { 2324 # "service": "fooservice.googleapis.com" 2325 # "audit_log_configs": [ 2326 # { 2327 # "log_type": "DATA_READ", 2328 # }, 2329 # { 2330 # "log_type": "DATA_WRITE", 2331 # "exempted_members": [ 2332 # "user:bar@gmail.com" 2333 # ] 2334 # } 2335 # ] 2336 # } 2337 # ] 2338 # } 2339 # 2340 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 2341 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 2342 # bar@gmail.com from DATA_WRITE logging. 2343 "auditLogConfigs": [ # The configuration for logging of each type of permission. 2344 { # Provides the configuration for logging a type of permissions. 2345 # Example: 2346 # 2347 # { 2348 # "audit_log_configs": [ 2349 # { 2350 # "log_type": "DATA_READ", 2351 # "exempted_members": [ 2352 # "user:foo@gmail.com" 2353 # ] 2354 # }, 2355 # { 2356 # "log_type": "DATA_WRITE", 2357 # } 2358 # ] 2359 # } 2360 # 2361 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 2362 # foo@gmail.com from DATA_READ logging. 2363 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 2364 # permission. 2365 # Follows the same format of Binding.members. 2366 "A String", 2367 ], 2368 "logType": "A String", # The log type that this config enables. 2369 }, 2370 ], 2371 "service": "A String", # Specifies a service that will be enabled for audit logging. 2372 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 2373 # `allServices` is a special value that covers all services. 2374 }, 2375 ], 2376 "version": 42, # Deprecated. 2377 "bindings": [ # Associates a list of `members` to a `role`. 2378 # `bindings` with no members will result in an error. 2379 { # Associates `members` with a `role`. 2380 "role": "A String", # Role that is assigned to `members`. 2381 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 2382 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 2383 # `members` can have the following values: 2384 # 2385 # * `allUsers`: A special identifier that represents anyone who is 2386 # on the internet; with or without a Google account. 2387 # 2388 # * `allAuthenticatedUsers`: A special identifier that represents anyone 2389 # who is authenticated with a Google account or a service account. 2390 # 2391 # * `user:{emailid}`: An email address that represents a specific Google 2392 # account. For example, `alice@gmail.com` . 2393 # 2394 # 2395 # * `serviceAccount:{emailid}`: An email address that represents a service 2396 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 2397 # 2398 # * `group:{emailid}`: An email address that represents a Google group. 2399 # For example, `admins@example.com`. 2400 # 2401 # 2402 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 2403 # users of that domain. For example, `google.com` or `example.com`. 2404 # 2405 "A String", 2406 ], 2407 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 2408 # NOTE: An unsatisfied condition will not allow user access via current 2409 # binding. Different bindings, including their conditions, are examined 2410 # independently. 2411 # 2412 # title: "User account presence" 2413 # description: "Determines whether the request has a user account" 2414 # expression: "size(request.user) > 0" 2415 "location": "A String", # An optional string indicating the location of the expression for error 2416 # reporting, e.g. a file name and a position in the file. 2417 "expression": "A String", # Textual representation of an expression in 2418 # Common Expression Language syntax. 2419 # 2420 # The application context of the containing message determines which 2421 # well-known feature set of CEL is supported. 2422 "description": "A String", # An optional description of the expression. This is a longer text which 2423 # describes the expression, e.g. when hovered over it in a UI. 2424 "title": "A String", # An optional title for the expression, i.e. a short string describing 2425 # its purpose. This can be used e.g. in UIs which allow to enter the 2426 # expression. 2427 }, 2428 }, 2429 ], 2430 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 2431 # prevent simultaneous updates of a policy from overwriting each other. 2432 # It is strongly suggested that systems make use of the `etag` in the 2433 # read-modify-write cycle to perform policy updates in order to avoid race 2434 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 2435 # systems are expected to put that etag in the request to `setIamPolicy` to 2436 # ensure that their change will be applied to the same version of the policy. 2437 # 2438 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 2439 # policy is overwritten blindly. 2440 }, 2441 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 2442 # the fields in the mask will be modified. If no mask is provided, the 2443 # following default mask is used: 2444 # paths: "bindings, etag" 2445 # This field is only used by Cloud IAM. 2446 } 2447 2448 x__xgafv: string, V1 error format. 2449 Allowed values 2450 1 - v1 error format 2451 2 - v2 error format 2452 2453Returns: 2454 An object of the form: 2455 2456 { # Defines an Identity and Access Management (IAM) policy. It is used to 2457 # specify access control policies for Cloud Platform resources. 2458 # 2459 # 2460 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 2461 # `members` to a `role`, where the members can be user accounts, Google groups, 2462 # Google domains, and service accounts. A `role` is a named list of permissions 2463 # defined by IAM. 2464 # 2465 # **JSON Example** 2466 # 2467 # { 2468 # "bindings": [ 2469 # { 2470 # "role": "roles/owner", 2471 # "members": [ 2472 # "user:mike@example.com", 2473 # "group:admins@example.com", 2474 # "domain:google.com", 2475 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 2476 # ] 2477 # }, 2478 # { 2479 # "role": "roles/viewer", 2480 # "members": ["user:sean@example.com"] 2481 # } 2482 # ] 2483 # } 2484 # 2485 # **YAML Example** 2486 # 2487 # bindings: 2488 # - members: 2489 # - user:mike@example.com 2490 # - group:admins@example.com 2491 # - domain:google.com 2492 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 2493 # role: roles/owner 2494 # - members: 2495 # - user:sean@example.com 2496 # role: roles/viewer 2497 # 2498 # 2499 # For a description of IAM and its features, see the 2500 # [IAM developer's guide](https://cloud.google.com/iam/docs). 2501 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 2502 { # Specifies the audit configuration for a service. 2503 # The configuration determines which permission types are logged, and what 2504 # identities, if any, are exempted from logging. 2505 # An AuditConfig must have one or more AuditLogConfigs. 2506 # 2507 # If there are AuditConfigs for both `allServices` and a specific service, 2508 # the union of the two AuditConfigs is used for that service: the log_types 2509 # specified in each AuditConfig are enabled, and the exempted_members in each 2510 # AuditLogConfig are exempted. 2511 # 2512 # Example Policy with multiple AuditConfigs: 2513 # 2514 # { 2515 # "audit_configs": [ 2516 # { 2517 # "service": "allServices" 2518 # "audit_log_configs": [ 2519 # { 2520 # "log_type": "DATA_READ", 2521 # "exempted_members": [ 2522 # "user:foo@gmail.com" 2523 # ] 2524 # }, 2525 # { 2526 # "log_type": "DATA_WRITE", 2527 # }, 2528 # { 2529 # "log_type": "ADMIN_READ", 2530 # } 2531 # ] 2532 # }, 2533 # { 2534 # "service": "fooservice.googleapis.com" 2535 # "audit_log_configs": [ 2536 # { 2537 # "log_type": "DATA_READ", 2538 # }, 2539 # { 2540 # "log_type": "DATA_WRITE", 2541 # "exempted_members": [ 2542 # "user:bar@gmail.com" 2543 # ] 2544 # } 2545 # ] 2546 # } 2547 # ] 2548 # } 2549 # 2550 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 2551 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 2552 # bar@gmail.com from DATA_WRITE logging. 2553 "auditLogConfigs": [ # The configuration for logging of each type of permission. 2554 { # Provides the configuration for logging a type of permissions. 2555 # Example: 2556 # 2557 # { 2558 # "audit_log_configs": [ 2559 # { 2560 # "log_type": "DATA_READ", 2561 # "exempted_members": [ 2562 # "user:foo@gmail.com" 2563 # ] 2564 # }, 2565 # { 2566 # "log_type": "DATA_WRITE", 2567 # } 2568 # ] 2569 # } 2570 # 2571 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 2572 # foo@gmail.com from DATA_READ logging. 2573 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 2574 # permission. 2575 # Follows the same format of Binding.members. 2576 "A String", 2577 ], 2578 "logType": "A String", # The log type that this config enables. 2579 }, 2580 ], 2581 "service": "A String", # Specifies a service that will be enabled for audit logging. 2582 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 2583 # `allServices` is a special value that covers all services. 2584 }, 2585 ], 2586 "version": 42, # Deprecated. 2587 "bindings": [ # Associates a list of `members` to a `role`. 2588 # `bindings` with no members will result in an error. 2589 { # Associates `members` with a `role`. 2590 "role": "A String", # Role that is assigned to `members`. 2591 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 2592 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 2593 # `members` can have the following values: 2594 # 2595 # * `allUsers`: A special identifier that represents anyone who is 2596 # on the internet; with or without a Google account. 2597 # 2598 # * `allAuthenticatedUsers`: A special identifier that represents anyone 2599 # who is authenticated with a Google account or a service account. 2600 # 2601 # * `user:{emailid}`: An email address that represents a specific Google 2602 # account. For example, `alice@gmail.com` . 2603 # 2604 # 2605 # * `serviceAccount:{emailid}`: An email address that represents a service 2606 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 2607 # 2608 # * `group:{emailid}`: An email address that represents a Google group. 2609 # For example, `admins@example.com`. 2610 # 2611 # 2612 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 2613 # users of that domain. For example, `google.com` or `example.com`. 2614 # 2615 "A String", 2616 ], 2617 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 2618 # NOTE: An unsatisfied condition will not allow user access via current 2619 # binding. Different bindings, including their conditions, are examined 2620 # independently. 2621 # 2622 # title: "User account presence" 2623 # description: "Determines whether the request has a user account" 2624 # expression: "size(request.user) > 0" 2625 "location": "A String", # An optional string indicating the location of the expression for error 2626 # reporting, e.g. a file name and a position in the file. 2627 "expression": "A String", # Textual representation of an expression in 2628 # Common Expression Language syntax. 2629 # 2630 # The application context of the containing message determines which 2631 # well-known feature set of CEL is supported. 2632 "description": "A String", # An optional description of the expression. This is a longer text which 2633 # describes the expression, e.g. when hovered over it in a UI. 2634 "title": "A String", # An optional title for the expression, i.e. a short string describing 2635 # its purpose. This can be used e.g. in UIs which allow to enter the 2636 # expression. 2637 }, 2638 }, 2639 ], 2640 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 2641 # prevent simultaneous updates of a policy from overwriting each other. 2642 # It is strongly suggested that systems make use of the `etag` in the 2643 # read-modify-write cycle to perform policy updates in order to avoid race 2644 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 2645 # systems are expected to put that etag in the request to `setIamPolicy` to 2646 # ensure that their change will be applied to the same version of the policy. 2647 # 2648 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 2649 # policy is overwritten blindly. 2650 }</pre> 2651</div> 2652 2653<div class="method"> 2654 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 2655 <pre>Returns the permissions that a caller has on the specified note or 2656occurrence. Requires list permission on the project (for example, 2657`containeranalysis.notes.list`). 2658 2659The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for 2660notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for 2661occurrences. 2662 2663Args: 2664 resource: string, REQUIRED: The resource for which the policy detail is being requested. 2665See the operation documentation for the appropriate value for this field. (required) 2666 body: object, The request body. (required) 2667 The object takes the form of: 2668 2669{ # Request message for `TestIamPermissions` method. 2670 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 2671 # wildcards (such as '*' or 'storage.*') are not allowed. For more 2672 # information see 2673 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 2674 "A String", 2675 ], 2676 } 2677 2678 x__xgafv: string, V1 error format. 2679 Allowed values 2680 1 - v1 error format 2681 2 - v2 error format 2682 2683Returns: 2684 An object of the form: 2685 2686 { # Response message for `TestIamPermissions` method. 2687 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 2688 # allowed. 2689 "A String", 2690 ], 2691 }</pre> 2692</div> 2693 2694</body></html>