google-apis-rs/google_containeranalysis1_beta1_cli/search/search_index.json

{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"The containeranalysis1-beta1 command-line interface (CLI) allows to use most features of the Google Container Analysis service from the comfort of your terminal. By default all output is printed to standard out, but flags can be set to direct it into a file independent of your shell's capabilities. Errors will be printed to standard error, and cause the program's exit code to be non-zero. If data-structures are requested, these will be returned as pretty-printed JSON, to be useful as input to other tools. Everything else about the Container Analysis API can be found at the official documentation site . Installation and Source Code Install the command-line interface with cargo using: cargo install google-containeranalysis1_beta1-cli Find the source code on github . Usage This documentation was generated from the Container Analysis API at revision 20240223 . The CLI is at version 5.0.4 . containeranalysis1-beta1 [options] projects notes-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-delete <name> [-p <v>]... [-o <out>] notes-get <name> [-p <v>]... [-o <out>] notes-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-list <parent> [-p <v>]... [-o <out>] notes-occurrences-list <name> [-p <v>]... [-o <out>] notes-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] notes-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-delete <name> [-p <v>]... [-o <out>] occurrences-get <name> [-p <v>]... [-o <out>] occurrences-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-get-notes <name> [-p <v>]... [-o <out>] occurrences-get-vulnerability-summary <parent> [-p <v>]... [-o <out>] occurrences-list <parent> [-p <v>]... [-o <out>] occurrences-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] resources-export-sbom <name> (-r <kv>)... [-p <v>]... [-o <out>] resources-generate-packages-summary <name> (-r <kv>)... [-p <v>]... [-o <out>] containeranalysis1-beta1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli] Configuration The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with containeranalysis1-beta1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs. Authentication Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/containeranalysis1-beta1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation . Application Secrets In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/containeranalysis1-beta1-secret.json , assuming that the required containeranalysis API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation . Debugging Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. containeranalysis1-beta1 --debug <resource> <method> [options] 2>debug.txt .","title":"Home"},{"location":"#installation-and-source-code","text":"Install the command-line interface with cargo using: cargo install google-containeranalysis1_beta1-cli Find the source code on github .","title":"Installation and Source Code"},{"location":"#usage","text":"This documentation was generated from the Container Analysis API at revision 20240223 . The CLI is at version 5.0.4 . containeranalysis1-beta1 [options] projects notes-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-delete <name> [-p <v>]... [-o <out>] notes-get <name> [-p <v>]... [-o <out>] notes-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-list <parent> [-p <v>]... [-o <out>] notes-occurrences-list <name> [-p <v>]... [-o <out>] notes-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] notes-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-delete <name> [-p <v>]... [-o <out>] occurrences-get <name> [-p <v>]... [-o <out>] occurrences-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-get-notes <name> [-p <v>]... [-o <out>] occurrences-get-vulnerability-summary <parent> [-p <v>]... [-o <out>] occurrences-list <parent> [-p <v>]... [-o <out>] occurrences-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] resources-export-sbom <name> (-r <kv>)... [-p <v>]... [-o <out>] resources-generate-packages-summary <name> (-r <kv>)... [-p <v>]... [-o <out>] containeranalysis1-beta1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli]","title":"Usage"},{"location":"#configuration","text":"The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with containeranalysis1-beta1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs.","title":"Configuration"},{"location":"#authentication","text":"Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/containeranalysis1-beta1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation .","title":"Authentication"},{"location":"#application-secrets","text":"In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/containeranalysis1-beta1-secret.json , assuming that the required containeranalysis API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation .","title":"Application Secrets"},{"location":"#debugging","text":"Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. containeranalysis1-beta1 --debug <resource> <method> [options] 2>debug.txt .","title":"Debugging"},{"location":"projects_notes-batch-create/","text":"Creates new notes in batch. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-batch-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the notes are to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateNotesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Batch Create"},{"location":"projects_notes-batch-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-batch-create ...","title":"Scopes"},{"location":"projects_notes-batch-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the notes are to be created.","title":"Required Scalar Argument"},{"location":"projects_notes-batch-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateNotesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_notes-batch-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-batch-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-batch-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-create/","text":"Creates a new note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the note is to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation-authority: hint: human-readable-name: string base-image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string build: builder-version: string signature: key-id: string key-type: string public-key: string signature: string create-time: string deployable: resource-uri: [string] discovery: analysis-kind: string expiration-time: string intoto: expected-command: [string] step-name: string threshold: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom: data-licence: string spdx-version: string sbom-reference: format: string version: string short-description: string spdx-file: checksum: [string] file-type: string title: string spdx-package: analyzed: boolean attribution: string checksum: string copyright: string detailed-description: string download-location: string files-license-info: [string] home-page: string license-declared: comments: string expression: string originator: string package-type: string summary-description: string supplier: string title: string verification-code: string version: string spdx-relationship: type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cwe: [string] severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation-authority.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...base-image.fingerprint v1-name=magna Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=no Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=voluptua. Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. ..build builder-version=at Required. Immutable. Version of the builder which produced this build. signature key-id=sanctus An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). key-type=sed The type of the key, either stored in public_key or referenced in key_id . public-key=amet. Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin signature=takimata Required. Signature of the related BuildProvenance . In JSON, this is base-64 encoded. ... create-time=amet. Output only. The time this note was created. This field can be used as a filter in list requests. deployable resource-uri=duo Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=ipsum Required. Immutable. The kind of analysis that is handled by this discovery. .. expiration-time=gubergren Time of expiration for this note. Empty if note does not expire. intoto expected-command=lorem This field contains the expected command used to perform the step. Each invocation of this argument appends the given value to the array. step-name=gubergren This field identifies the name of the step in the supply chain. threshold=eos This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link. .. kind=dolor Output only. The type of analysis. This field can be used as a filter in list requests. long-description=ea A detailed description of this note. name=ipsum Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=invidunt The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=amet The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=duo The description of this package. license comments=ipsum Comments expression=sed Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=ut A freeform text denoting the maintainer of this package. name=gubergren Required. Immutable. The name of the package. package-type=rebum. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=est The homepage for this package. version epoch=51 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=est Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=gubergren Required only when version kind is NORMAL. The main part of the version name. revision=ea The iteration of the package build from the above version. ... related-note-names=dolor Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom data-licence=lorem Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields (\"SPDX-Metadata\") spdx-version=eos Provide a reference number that can be used to understand how to parse and interpret the rest of the file ..sbom-reference format=labore The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=sed The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=duo A one sentence description of this note. spdx-file checksum=sed Provide a unique identifier to match analysis information on each specific file in a package Each invocation of this argument appends the given value to the array. file-type=no This field provides information about the type of file identified title=stet Identify the full path and filename that corresponds to the file information in this section ..spdx-package analyzed=true Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document attribution=et A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts checksum=et Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file copyright=vero Identify the copyright holders of the package, as well as any dates present detailed-description=erat A more detailed description of the package download-location=sed This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created files-license-info=duo Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field \u2013 it is simply a listing of all licenses found Each invocation of this argument appends the given value to the array. home-page=dolore Provide a place for the SPDX file creator to record a web site that serves as the package's home page license-declared comments=et Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. originator=amet. If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came package-type=consetetur The type of package: OS, MAVEN, GO, GO_STDLIB, etc. summary-description=diam A short description of the package supplier=dolor Identify the actual distribution source for the package/directory identified in the SPDX file title=et Identify the full name of the package as given by the Package Originator verification-code=et This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file version=sadipscing Identify the version of the package ..spdx-relationship type=stet The type of relationship between the source and target SPDX elements .. update-time=dolor Output only. The time this note was last updated. This field can be used as a filter in list requests. vulnerability cvss-score=0.6349978834153693 The CVSS score for this vulnerability. cvss-v2 attack-complexity=vero Defined in CVSS v3, CVSS v2 attack-vector=invidunt Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=stet Defined in CVSS v2 availability-impact=vero Defined in CVSS v3, CVSS v2 base-score=0.4523282032393763 The base score is a function of the base metric scores. confidentiality-impact=diam Defined in CVSS v3, CVSS v2 exploitability-score=0.31428290912855783 No description provided. impact-score=0.7954074288671369 No description provided. integrity-impact=accusam Defined in CVSS v3, CVSS v2 privileges-required=takimata Defined in CVSS v3 scope=consetetur Defined in CVSS v3 user-interaction=voluptua. Defined in CVSS v3 ..cvss-v3 attack-complexity=et No description provided. attack-vector=erat Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=consetetur No description provided. base-score=0.7759968264300798 The base score is a function of the base metric scores. confidentiality-impact=sed No description provided. exploitability-score=0.726541471822237 No description provided. impact-score=0.3072987560065821 No description provided. integrity-impact=et No description provided. privileges-required=accusam No description provided. scope=voluptua. No description provided. user-interaction=dolore No description provided. .. cvss-version=dolore CVSS version used to populate cvss_score and severity. cwe=dolore A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html Each invocation of this argument appends the given value to the array. severity=voluptua. Note provider assigned impact of the vulnerability. source-update-time=amet. The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=ea Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=sadipscing Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=lorem Additional details on why this justification was chosen. justification-type=invidunt The justification type for this vulnerability. .. long-description=no A detailed description of this Vex. short-description=est A one sentence description of this Vex. state=at Provides the state of this Vulnerability assessment. vulnerability-id=sed The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=sit Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=et A detailed description of this Vex. product generic-uri=tempor Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=aliquyam Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=ipsum Name of the product. ..publisher issuing-authority=et Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=sanctus Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=lorem The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=est A one sentence description of this Vex. title=sed The title of the note. E.g. Vex-Debian-11.4 About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p note-id=string Required. The ID to use for this note. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Create"},{"location":"projects_notes-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-create ...","title":"Scopes"},{"location":"projects_notes-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the note is to be created.","title":"Required Scalar Argument"},{"location":"projects_notes-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation-authority: hint: human-readable-name: string base-image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string build: builder-version: string signature: key-id: string key-type: string public-key: string signature: string create-time: string deployable: resource-uri: [string] discovery: analysis-kind: string expiration-time: string intoto: expected-command: [string] step-name: string threshold: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom: data-licence: string spdx-version: string sbom-reference: format: string version: string short-description: string spdx-file: checksum: [string] file-type: string title: string spdx-package: analyzed: boolean attribution: string checksum: string copyright: string detailed-description: string download-location: string files-license-info: [string] home-page: string license-declared: comments: string expression: string originator: string package-type: string summary-description: string supplier: string title: string verification-code: string version: string spdx-relationship: type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cwe: [string] severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation-authority.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...base-image.fingerprint v1-name=magna Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=no Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=voluptua. Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. ..build builder-version=at Required. Immutable. Version of the builder which produced this build. signature key-id=sanctus An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). key-type=sed The type of the key, either stored in public_key or referenced in key_id . public-key=amet. Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin signature=takimata Required. Signature of the related BuildProvenance . In JSON, this is base-64 encoded. ... create-time=amet. Output only. The time this note was created. This field can be used as a filter in list requests. deployable resource-uri=duo Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=ipsum Required. Immutable. The kind of analysis that is handled by this discovery. .. expiration-time=gubergren Time of expiration for this note. Empty if note does not expire. intoto expected-command=lorem This field contains the expected command used to perform the step. Each invocation of this argument appends the given value to the array. step-name=gubergren This field identifies the name of the step in the supply chain. threshold=eos This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link. .. kind=dolor Output only. The type of analysis. This field can be used as a filter in list requests. long-description=ea A detailed description of this note. name=ipsum Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=invidunt The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=amet The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=duo The description of this package. license comments=ipsum Comments expression=sed Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=ut A freeform text denoting the maintainer of this package. name=gubergren Required. Immutable. The name of the package. package-type=rebum. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=est The homepage for this package. version epoch=51 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=est Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=gubergren Required only when version kind is NORMAL. The main part of the version name. revision=ea The iteration of the package build from the above version. ... related-note-names=dolor Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom data-licence=lorem Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields (\"SPDX-Metadata\") spdx-version=eos Provide a reference number that can be used to understand how to parse and interpret the rest of the file ..sbom-reference format=labore The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=sed The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=duo A one sentence description of this note. spdx-file checksum=sed Provide a unique identifier to match analysis information on each specific file in a package Each invocation of this argument appends the given value to the array. file-type=no This field provides information about the type of file identified title=stet Identify the full path and filename that corresponds to the file information in this section ..spdx-package analyzed=true Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document attribution=et A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts checksum=et Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file copyright=vero Identify the copyright holders of the package, as well as any dates present detailed-description=erat A more detailed description of the package download-location=sed This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created files-license-info=duo Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field \u2013 it is simply a listing of all licenses found Each invocation of this argument appends the given value to the array. home-page=dolore Provide a place for the SPDX file creator to record a web site that serves as the package's home page license-declared comments=et Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. originator=amet. If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came package-type=consetetur The type of package: OS, MAVEN, GO, GO_STDLIB, etc. summary-description=diam A short description of the package supplier=dolor Identify the actual distribution source for the package/directory identified in the SPDX file title=et Identify the full name of the package as given by the Package Originator verification-code=et This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file version=sadipscing Identify the version of the package ..spdx-relationship type=stet The type of relationship between the source and target SPDX elements .. update-time=dolor Output only. The time this note was last updated. This field can be used as a filter in list requests. vulnerability cvss-score=0.6349978834153693 The CVSS score for this vulnerability. cvss-v2 attack-complexity=vero Defined in CVSS v3, CVSS v2 attack-vector=invidunt Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=stet Defined in CVSS v2 availability-impact=vero Defined in CVSS v3, CVSS v2 base-score=0.4523282032393763 The base score is a function of the base metric scores. confidentiality-impact=diam Defined in CVSS v3, CVSS v2 exploitability-score=0.31428290912855783 No description provided. impact-score=0.7954074288671369 No description provided. integrity-impact=accusam Defined in CVSS v3, CVSS v2 privileges-required=takimata Defined in CVSS v3 scope=consetetur Defined in CVSS v3 user-interaction=voluptua. Defined in CVSS v3 ..cvss-v3 attack-complexity=et No description provided. attack-vector=erat Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=consetetur No description provided. base-score=0.7759968264300798 The base score is a function of the base metric scores. confidentiality-impact=sed No description provided. exploitability-score=0.726541471822237 No description provided. impact-score=0.3072987560065821 No description provided. integrity-impact=et No description provided. privileges-required=accusam No description provided. scope=voluptua. No description provided. user-interaction=dolore No description provided. .. cvss-version=dolore CVSS version used to populate cvss_score and severity. cwe=dolore A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html Each invocation of this argument appends the given value to the array. severity=voluptua. Note provider assigned impact of the vulnerability. source-update-time=amet. The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=ea Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=sadipscing Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=lorem Additional details on why this justification was chosen. justification-type=invidunt The justification type for this vulnerability. .. long-description=no A detailed description of this Vex. short-description=est A one sentence description of this Vex. state=at Provides the state of this Vulnerability assessment. vulnerability-id=sed The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=sit Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=et A detailed description of this Vex. product generic-uri=tempor Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=aliquyam Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=ipsum Name of the product. ..publisher issuing-authority=et Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=sanctus Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=lorem The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=est A one sentence description of this Vex. title=sed The title of the note. E.g. Vex-Debian-11.4","title":"Required Request Value"},{"location":"projects_notes-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-create/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p note-id=string Required. The ID to use for this note.","title":"Optional Method Properties"},{"location":"projects_notes-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-delete/","text":"Deletes the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-delete ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Delete"},{"location":"projects_notes-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-delete ...","title":"Scopes"},{"location":"projects_notes-delete/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-get-iam-policy/","text":"Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-get-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=72 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Get Iam Policy"},{"location":"projects_notes-get-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-get-iam-policy ...","title":"Scopes"},{"location":"projects_notes-get-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-get-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=72 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_notes-get-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-get-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-get-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-get/","text":"Gets the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-get ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Get"},{"location":"projects_notes-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-get ...","title":"Scopes"},{"location":"projects_notes-get/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-list/","text":"Lists notes for the specified project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-list ... Required Scalar Argument <parent> (string) Required. The name of the project to list notes for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes List"},{"location":"projects_notes-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-list ...","title":"Scopes"},{"location":"projects_notes-list/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to list notes for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_notes-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-occurrences-list/","text":"Lists occurrences referencing the specified note. Provider projects can use this method to get all occurrences across consumer projects referencing the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-occurrences-list ... Required Scalar Argument <name> (string) Required. The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Occurrences List"},{"location":"projects_notes-occurrences-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-occurrences-list ...","title":"Scopes"},{"location":"projects_notes-occurrences-list/#required-scalar-argument","text":"<name> (string) Required. The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-occurrences-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-occurrences-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_notes-occurrences-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-patch/","text":"Updates the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-patch ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation-authority: hint: human-readable-name: string base-image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string build: builder-version: string signature: key-id: string key-type: string public-key: string signature: string create-time: string deployable: resource-uri: [string] discovery: analysis-kind: string expiration-time: string intoto: expected-command: [string] step-name: string threshold: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom: data-licence: string spdx-version: string sbom-reference: format: string version: string short-description: string spdx-file: checksum: [string] file-type: string title: string spdx-package: analyzed: boolean attribution: string checksum: string copyright: string detailed-description: string download-location: string files-license-info: [string] home-page: string license-declared: comments: string expression: string originator: string package-type: string summary-description: string supplier: string title: string verification-code: string version: string spdx-relationship: type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cwe: [string] severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation-authority.hint human-readable-name=dolores Required. The human readable name of this attestation authority, for example \"qa\". ...base-image.fingerprint v1-name=dolores Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=et Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=sed Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=no Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. ..build builder-version=et Required. Immutable. Version of the builder which produced this build. signature key-id=elitr An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). key-type=sed The type of the key, either stored in public_key or referenced in key_id . public-key=no Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin signature=nonumy Required. Signature of the related BuildProvenance . In JSON, this is base-64 encoded. ... create-time=at Output only. The time this note was created. This field can be used as a filter in list requests. deployable resource-uri=sadipscing Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=aliquyam Required. Immutable. The kind of analysis that is handled by this discovery. .. expiration-time=dolores Time of expiration for this note. Empty if note does not expire. intoto expected-command=sadipscing This field contains the expected command used to perform the step. Each invocation of this argument appends the given value to the array. step-name=erat This field identifies the name of the step in the supply chain. threshold=aliquyam This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link. .. kind=amet Output only. The type of analysis. This field can be used as a filter in list requests. long-description=est A detailed description of this note. name=et Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=sea The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=consetetur The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=consetetur The description of this package. license comments=stet Comments expression=est Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=aliquyam A freeform text denoting the maintainer of this package. name=elitr Required. Immutable. The name of the package. package-type=duo The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=diam The homepage for this package. version epoch=44 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=sed Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=eos Required only when version kind is NORMAL. The main part of the version name. revision=lorem The iteration of the package build from the above version. ... related-note-names=ea Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom data-licence=stet Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields (\"SPDX-Metadata\") spdx-version=dolores Provide a reference number that can be used to understand how to parse and interpret the rest of the file ..sbom-reference format=eos The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=et The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=sea A one sentence description of this note. spdx-file checksum=et Provide a unique identifier to match analysis information on each specific file in a package Each invocation of this argument appends the given value to the array. file-type=at This field provides information about the type of file identified title=dolore Identify the full path and filename that corresponds to the file information in this section ..spdx-package analyzed=true Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document attribution=lorem A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts checksum=accusam Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file copyright=amet Identify the copyright holders of the package, as well as any dates present detailed-description=erat A more detailed description of the package download-location=dolores This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created files-license-info=erat Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field \u2013 it is simply a listing of all licenses found Each invocation of this argument appends the given value to the array. home-page=accusam Provide a place for the SPDX file creator to record a web site that serves as the package's home page license-declared comments=sea Comments expression=takimata Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. originator=lorem If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came package-type=et The type of package: OS, MAVEN, GO, GO_STDLIB, etc. summary-description=at A short description of the package supplier=dolor Identify the actual distribution source for the package/directory identified in the SPDX file title=et Identify the full name of the package as given by the Package Originator verification-code=sit This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file version=erat Identify the version of the package ..spdx-relationship type=sea The type of relationship between the source and target SPDX elements .. update-time=nonumy Output only. The time this note was last updated. This field can be used as a filter in list requests. vulnerability cvss-score=0.6219759262923519 The CVSS score for this vulnerability. cvss-v2 attack-complexity=justo Defined in CVSS v3, CVSS v2 attack-vector=sea Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=consetetur Defined in CVSS v2 availability-impact=sit Defined in CVSS v3, CVSS v2 base-score=0.5399657234545516 The base score is a function of the base metric scores. confidentiality-impact=at Defined in CVSS v3, CVSS v2 exploitability-score=0.6413061576894121 No description provided. impact-score=0.3069400471690349 No description provided. integrity-impact=aliquyam Defined in CVSS v3, CVSS v2 privileges-required=no Defined in CVSS v3 scope=amet. Defined in CVSS v3 user-interaction=ipsum Defined in CVSS v3 ..cvss-v3 attack-complexity=lorem No description provided. attack-vector=accusam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=gubergren No description provided. base-score=0.8918752107029069 The base score is a function of the base metric scores. confidentiality-impact=at No description provided. exploitability-score=0.3790569153851907 No description provided. impact-score=0.6365495128945027 No description provided. integrity-impact=magna No description provided. privileges-required=et No description provided. scope=rebum. No description provided. user-interaction=dolor No description provided. .. cvss-version=lorem CVSS version used to populate cvss_score and severity. cwe=justo A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html Each invocation of this argument appends the given value to the array. severity=amet. Note provider assigned impact of the vulnerability. source-update-time=no The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=nonumy Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=sed Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=kasd Additional details on why this justification was chosen. justification-type=lorem The justification type for this vulnerability. .. long-description=sanctus A detailed description of this Vex. short-description=nonumy A one sentence description of this Vex. state=rebum. Provides the state of this Vulnerability assessment. vulnerability-id=tempor The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=dolore Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=eos A detailed description of this Vex. product generic-uri=amet. Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=dolore Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=amet Name of the product. ..publisher issuing-authority=ut Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=at Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=sit The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=vero A one sentence description of this Vex. title=duo The title of the note. E.g. Vex-Debian-11.4 About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Patch"},{"location":"projects_notes-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-patch ...","title":"Scopes"},{"location":"projects_notes-patch/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation-authority: hint: human-readable-name: string base-image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string build: builder-version: string signature: key-id: string key-type: string public-key: string signature: string create-time: string deployable: resource-uri: [string] discovery: analysis-kind: string expiration-time: string intoto: expected-command: [string] step-name: string threshold: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom: data-licence: string spdx-version: string sbom-reference: format: string version: string short-description: string spdx-file: checksum: [string] file-type: string title: string spdx-package: analyzed: boolean attribution: string checksum: string copyright: string detailed-description: string download-location: string files-license-info: [string] home-page: string license-declared: comments: string expression: string originator: string package-type: string summary-description: string supplier: string title: string verification-code: string version: string spdx-relationship: type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cwe: [string] severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation-authority.hint human-readable-name=dolores Required. The human readable name of this attestation authority, for example \"qa\". ...base-image.fingerprint v1-name=dolores Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=et Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=sed Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=no Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. ..build builder-version=et Required. Immutable. Version of the builder which produced this build. signature key-id=elitr An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). key-type=sed The type of the key, either stored in public_key or referenced in key_id . public-key=no Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin signature=nonumy Required. Signature of the related BuildProvenance . In JSON, this is base-64 encoded. ... create-time=at Output only. The time this note was created. This field can be used as a filter in list requests. deployable resource-uri=sadipscing Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=aliquyam Required. Immutable. The kind of analysis that is handled by this discovery. .. expiration-time=dolores Time of expiration for this note. Empty if note does not expire. intoto expected-command=sadipscing This field contains the expected command used to perform the step. Each invocation of this argument appends the given value to the array. step-name=erat This field identifies the name of the step in the supply chain. threshold=aliquyam This field contains a value that indicates the minimum number of keys that need to be used to sign the step's in-toto link. .. kind=amet Output only. The type of analysis. This field can be used as a filter in list requests. long-description=est A detailed description of this note. name=et Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=sea The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=consetetur The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=consetetur The description of this package. license comments=stet Comments expression=est Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=aliquyam A freeform text denoting the maintainer of this package. name=elitr Required. Immutable. The name of the package. package-type=duo The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=diam The homepage for this package. version epoch=44 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=sed Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=eos Required only when version kind is NORMAL. The main part of the version name. revision=lorem The iteration of the package build from the above version. ... related-note-names=ea Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom data-licence=stet Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields (\"SPDX-Metadata\") spdx-version=dolores Provide a reference number that can be used to understand how to parse and interpret the rest of the file ..sbom-reference format=eos The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=et The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=sea A one sentence description of this note. spdx-file checksum=et Provide a unique identifier to match analysis information on each specific file in a package Each invocation of this argument appends the given value to the array. file-type=at This field provides information about the type of file identified title=dolore Identify the full path and filename that corresponds to the file information in this section ..spdx-package analyzed=true Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document attribution=lorem A place for the SPDX data creator to record, at the package level, acknowledgements that may be needed to be communicated in some contexts checksum=accusam Provide an independently reproducible mechanism that permits unique identification of a specific package that correlates to the data in this SPDX file copyright=amet Identify the copyright holders of the package, as well as any dates present detailed-description=erat A more detailed description of the package download-location=dolores This section identifies the download Universal Resource Locator (URL), or a specific location within a version control system (VCS) for the package at the time that the SPDX file was created files-license-info=erat Contain the license the SPDX file creator has concluded as governing the This field is to contain a list of all licenses found in the package. The relationship between licenses (i.e., conjunctive, disjunctive) is not specified in this field \u2013 it is simply a listing of all licenses found Each invocation of this argument appends the given value to the array. home-page=accusam Provide a place for the SPDX file creator to record a web site that serves as the package's home page license-declared comments=sea Comments expression=takimata Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. originator=lorem If the package identified in the SPDX file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came package-type=et The type of package: OS, MAVEN, GO, GO_STDLIB, etc. summary-description=at A short description of the package supplier=dolor Identify the actual distribution source for the package/directory identified in the SPDX file title=et Identify the full name of the package as given by the Package Originator verification-code=sit This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file version=erat Identify the version of the package ..spdx-relationship type=sea The type of relationship between the source and target SPDX elements .. update-time=nonumy Output only. The time this note was last updated. This field can be used as a filter in list requests. vulnerability cvss-score=0.6219759262923519 The CVSS score for this vulnerability. cvss-v2 attack-complexity=justo Defined in CVSS v3, CVSS v2 attack-vector=sea Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=consetetur Defined in CVSS v2 availability-impact=sit Defined in CVSS v3, CVSS v2 base-score=0.5399657234545516 The base score is a function of the base metric scores. confidentiality-impact=at Defined in CVSS v3, CVSS v2 exploitability-score=0.6413061576894121 No description provided. impact-score=0.3069400471690349 No description provided. integrity-impact=aliquyam Defined in CVSS v3, CVSS v2 privileges-required=no Defined in CVSS v3 scope=amet. Defined in CVSS v3 user-interaction=ipsum Defined in CVSS v3 ..cvss-v3 attack-complexity=lorem No description provided. attack-vector=accusam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=gubergren No description provided. base-score=0.8918752107029069 The base score is a function of the base metric scores. confidentiality-impact=at No description provided. exploitability-score=0.3790569153851907 No description provided. impact-score=0.6365495128945027 No description provided. integrity-impact=magna No description provided. privileges-required=et No description provided. scope=rebum. No description provided. user-interaction=dolor No description provided. .. cvss-version=lorem CVSS version used to populate cvss_score and severity. cwe=justo A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html Each invocation of this argument appends the given value to the array. severity=amet. Note provider assigned impact of the vulnerability. source-update-time=no The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=nonumy Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=sed Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=kasd Additional details on why this justification was chosen. justification-type=lorem The justification type for this vulnerability. .. long-description=sanctus A detailed description of this Vex. short-description=nonumy A one sentence description of this Vex. state=rebum. Provides the state of this Vulnerability assessment. vulnerability-id=tempor The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=dolore Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=eos A detailed description of this Vex. product generic-uri=amet. Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=dolore Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=amet Name of the product. ..publisher issuing-authority=ut Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=at Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=sit The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=vero A one sentence description of this Vex. title=duo The title of the note. E.g. Vex-Debian-11.4","title":"Required Request Value"},{"location":"projects_notes-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update.","title":"Optional Method Properties"},{"location":"projects_notes-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-set-iam-policy/","text":"Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-set-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=sadipscing etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=14 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Set Iam Policy"},{"location":"projects_notes-set-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-set-iam-policy ...","title":"Scopes"},{"location":"projects_notes-set-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-set-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=sadipscing etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=14 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_notes-set-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-set-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-set-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-test-iam-permissions/","text":"Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list ). The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=rebum. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Test Iam Permissions"},{"location":"projects_notes-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects notes-test-iam-permissions ...","title":"Scopes"},{"location":"projects_notes-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=rebum. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"projects_notes-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-batch-create/","text":"Creates new occurrences in batch. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-batch-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrences are to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateOccurrencesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Batch Create"},{"location":"projects_occurrences-batch-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-batch-create ...","title":"Scopes"},{"location":"projects_occurrences-batch-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrences are to be created.","title":"Required Scalar Argument"},{"location":"projects_occurrences-batch-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateOccurrencesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_occurrences-batch-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-batch-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-batch-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-create/","text":"Creates a new occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrence is to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: attestation: generic-signed-attestation: content-type: string serialized-payload: string pgp-signed-attestation: content-type: string pgp-key-id: string signature: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string create-time: string deployment: deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string derived-image: derived-image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string discovered: discovered: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string continuous-analysis: string last-analysis-time: string last-scan-time: string sbom-status: error: string sbom-state: string envelope: payload: string payload-type: string installation: installation: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer inclusive: boolean kind: string name: string revision: string intoto: signed: byproducts: custom-values: { string: string } command: [string] environment: custom-values: { string: string } kind: string name: string note-name: string remediation: string resource: content-hash: type: string value: string name: string uri: string sbom: create-time: string creator-comment: string creators: [string] document-comment: string external-document-refs: [string] id: string license-list-version: string namespace: string title: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string spdx-file: attributions: [string] comment: string contributors: [string] copyright: string files-license-info: [string] id: string license-concluded: comments: string expression: string notice: string spdx-package: comment: string filename: string home-page: string id: string license-concluded: comments: string expression: string package-type: string source-info: string summary-description: string title: string version: string spdx-relationship: comment: string source: string target: string type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string effective-severity: string extra-details: string long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.attestation.generic-signed-attestation content-type=duo Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). serialized-payload=kasd The serialized payload that is verified by one or more signatures . The encoding and semantic meaning of this payload must match what is set in content_type . ..pgp-signed-attestation content-type=sadipscing Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). pgp-key-id=tempor The cryptographic fingerprint of the key used to generate the signature, as output by, e.g. gpg --list-keys . This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge \"LONG\", \"SHORT\", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from the fpr field returned when calling --list-keys with --with-colons. For example: gpg --with-colons --with-fingerprint --force-v4-certs \\ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB . signature=sea Required. The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored ( --armor to gpg), non-clearsigned ( --sign rather than --clearsign to gpg) are supported. Concretely, gpg --sign --armor --output=signature.gpg payload.json will create the signature content expected in this field in signature.gpg for the payload.json attestation payload. ....build.in-toto-slsa-provenance-v1 -type=et InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=lorem No description provided. ..run-details.builder id=magna No description provided. version=key=takimata No description provided. the value will be associated with the given key ..metadata finished-on=rebum. No description provided. invocation-id=at No description provided. started-on=invidunt No description provided. .... predicate-type=clita No description provided. ..provenance build-options=key=stet Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=aliquyam Version string of the builder at the time this build was executed. create-time=ut Time at which the build was created. creator=sit E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=vero Time at which execution of the build was finished. id=rebum. Required. Unique identifier of the build. logs-uri=dolores URI where any logs for this provenance were written. project-id=consetetur ID of the project. source-provenance artifact-storage-source-uri=dolores If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=sed The alias kind. name=invidunt The alias name. ..repo-id.project-repo-id project-id=clita The ID of the project. repo-name=dolor The name of the repo. Leave empty for the default repo. .. uid=aliquyam A server-assigned, globally unique identifier. .. revision-id=magna A revision ID. ..gerrit.alias-context kind=diam The alias kind. name=nonumy The alias name. .. gerrit-project=et The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=sanctus The URI of a running Gerrit instance. revision-id=accusam A revision (commit) ID. ..git revision-id=tempor Git commit hash. url=sed Git repository URL. .. labels=key=est Labels with user defined metadata. the value will be associated with the given key ... start-time=takimata Time at which execution of the build was started. trigger-id=dolor Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=diam Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. .. create-time=at Output only. The time this occurrence was created. deployment.deployment address=erat Address of the runtime element hosting this deployment. config=justo Configuration used to create this deployment. deploy-time=ipsum Required. Beginning of the lifetime of this deployment. platform=accusam Platform hosting this deployment. resource-uri=dolores Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=consetetur End of the lifetime of this deployment. user-email=no Identity of the user that triggered this deployment. ...derived-image.derived-image base-resource-url=justo Output only. This contains the base image URL for the derived image occurrence. distance=56 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=diam Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=sea Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ....discovered.discovered.analysis-completed analysis-type=stet No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=gubergren The status of discovery for the resource. analysis-status-error code=96 The status code, which should be an enum value of google.rpc.Code. message=no A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. continuous-analysis=sit Whether the resource is continuously analyzed. last-analysis-time=kasd The last time continuous analysis was done for this resource. Deprecated, do not use. last-scan-time=amet The last time this resource was scanned. sbom-status error=lorem If there was an error generating an SBOM, this will indicate what that error was. sbom-state=justo The progress of the SBOM generation. ....envelope payload=invidunt No description provided. payload-type=sed No description provided. ..installation.installation architecture=nonumy Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=sea Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=ipsum Comments expression=kasd Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=justo Required. Output only. The name of the installed package. package-type=ea Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=24 Used to correct mistakes in the version numbering scheme. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=clita Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=vero Required only when version kind is NORMAL. The main part of the version name. revision=invidunt The iteration of the package build from the above version. ....intoto.signed.byproducts custom-values=key=nonumy No description provided. the value will be associated with the given key .. command=erat This field contains the full command executed for the step. This can also be empty if links are generated for operations that aren't directly mapped to a specific command. Each term in the command is an independent string in the list. An example of a command in the in-toto metadata field is: \"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"] Each invocation of this argument appends the given value to the array. environment custom-values=key=erat No description provided. the value will be associated with the given key .... kind=dolores Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=ipsum Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=voluptua. Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. remediation=eos A description of actions that can be taken to remedy the note. resource.content-hash type=duo Required. The type of hash that was performed. value=elitr Required. The hash value. .. name=consetetur Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - \"Debian\". uri=et Required. The unique URI of the resource. For example, https://gcr.io/project/image@sha256:foo for a Docker image. ..sbom create-time=clita Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard creator-comment=sit A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields creators=takimata Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name Each invocation of this argument appends the given value to the array. document-comment=erat A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document external-document-refs=diam Identify any external SPDX documents referenced within this SPDX document Each invocation of this argument appends the given value to the array. id=nonumy Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally license-list-version=lorem A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created namespace=at Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the \u2018#\u2019 delimiter title=diam Identify name of this document as designated by creator ..sbom-reference.payload -type=diam Identifier for the schema of the Statement. predicate digest=key=sed A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=et The location of the SBOM. mime-type=ea The mime type of the SBOM. referrer-id=dolore The person or system referring this predicate to the consumer. .. predicate-type=ipsum URI identifying the type of the Predicate. .. payload-type=ea The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. ..spdx-file attributions=at This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts Each invocation of this argument appends the given value to the array. comment=sit This field provides a place for the SPDX file creator to record any general comments about the file contributors=sit This field provides a place for the SPDX file creator to record file contributors Each invocation of this argument appends the given value to the array. copyright=lorem Identify the copyright holder of the file, as well as any dates present files-license-info=stet This field contains the license information actually found in the file, if any Each invocation of this argument appends the given value to the array. id=duo Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=elitr Comments expression=aliquyam Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. notice=erat This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file ..spdx-package comment=ut A place for the SPDX file creator to record any general comments about the package being described filename=et Provide the actual file name of the package, or path of the directory being treated as a package home-page=lorem Output only. Provide a place for the SPDX file creator to record a web site that serves as the package's home page id=rebum. Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=et Comments expression=sed Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. package-type=stet Output only. The type of package: OS, MAVEN, GO, GO_STDLIB, etc. source-info=aliquyam Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package summary-description=kasd Output only. A short description of the package title=lorem Output only. Identify the full name of the package as given by the Package Originator version=sit Output only. Identify the version of the package ..spdx-relationship comment=kasd A place for the SPDX file creator to record any general comments about the relationship source=tempor Also referred to as SPDXRef-A The source SPDX element (file, package, etc) target=dolor Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are \"known unknowns\", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it type=amet Output only. The type of relationship between the source and target SPDX elements .. update-time=sit Output only. The time this occurrence was last updated. vulnerability cvss-score=0.6642185324610259 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=ipsum Defined in CVSS v3, CVSS v2 attack-vector=ipsum Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=et Defined in CVSS v2 availability-impact=elitr Defined in CVSS v3, CVSS v2 base-score=0.08920170932611438 The base score is a function of the base metric scores. confidentiality-impact=sadipscing Defined in CVSS v3, CVSS v2 exploitability-score=0.8201834988730824 No description provided. impact-score=0.37408685535865127 No description provided. integrity-impact=consetetur Defined in CVSS v3, CVSS v2 privileges-required=et Defined in CVSS v3 scope=sit Defined in CVSS v3 user-interaction=lorem Defined in CVSS v3 ..cvss-v3 attack-complexity=nonumy Defined in CVSS v3, CVSS v2 attack-vector=diam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=ipsum Defined in CVSS v2 availability-impact=invidunt Defined in CVSS v3, CVSS v2 base-score=0.9674724688728986 The base score is a function of the base metric scores. confidentiality-impact=voluptua. Defined in CVSS v3, CVSS v2 exploitability-score=0.18951813186317334 No description provided. impact-score=0.4250572039863144 No description provided. integrity-impact=eirmod Defined in CVSS v3, CVSS v2 privileges-required=erat Defined in CVSS v3 scope=duo Defined in CVSS v3 user-interaction=et Defined in CVSS v3 .. cvss-version=erat Output only. CVSS version used to populate cvss_score and severity. effective-severity=sit The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=accusam Occurrence-specific extra details about the vulnerability. long-description=et Output only. A detailed description of this vulnerability. severity=nonumy Output only. The note provider assigned Severity of the vulnerability. short-description=accusam Output only. A one sentence description of this vulnerability. type=ut The type of package; whether native or non native(ruby gems, node.js packages etc) vex-assessment cve=voluptua. Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=consetetur Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=dolor Additional details on why this justification was chosen. justification-type=amet The justification type for this vulnerability. .. note-name=et The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=aliquyam Provides the state of this Vulnerability assessment. vulnerability-id=ipsum The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Create"},{"location":"projects_occurrences-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-create ...","title":"Scopes"},{"location":"projects_occurrences-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrence is to be created.","title":"Required Scalar Argument"},{"location":"projects_occurrences-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: attestation: generic-signed-attestation: content-type: string serialized-payload: string pgp-signed-attestation: content-type: string pgp-key-id: string signature: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string create-time: string deployment: deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string derived-image: derived-image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string discovered: discovered: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string continuous-analysis: string last-analysis-time: string last-scan-time: string sbom-status: error: string sbom-state: string envelope: payload: string payload-type: string installation: installation: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer inclusive: boolean kind: string name: string revision: string intoto: signed: byproducts: custom-values: { string: string } command: [string] environment: custom-values: { string: string } kind: string name: string note-name: string remediation: string resource: content-hash: type: string value: string name: string uri: string sbom: create-time: string creator-comment: string creators: [string] document-comment: string external-document-refs: [string] id: string license-list-version: string namespace: string title: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string spdx-file: attributions: [string] comment: string contributors: [string] copyright: string files-license-info: [string] id: string license-concluded: comments: string expression: string notice: string spdx-package: comment: string filename: string home-page: string id: string license-concluded: comments: string expression: string package-type: string source-info: string summary-description: string title: string version: string spdx-relationship: comment: string source: string target: string type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string effective-severity: string extra-details: string long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.attestation.generic-signed-attestation content-type=duo Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). serialized-payload=kasd The serialized payload that is verified by one or more signatures . The encoding and semantic meaning of this payload must match what is set in content_type . ..pgp-signed-attestation content-type=sadipscing Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). pgp-key-id=tempor The cryptographic fingerprint of the key used to generate the signature, as output by, e.g. gpg --list-keys . This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge \"LONG\", \"SHORT\", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from the fpr field returned when calling --list-keys with --with-colons. For example: gpg --with-colons --with-fingerprint --force-v4-certs \\ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB . signature=sea Required. The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored ( --armor to gpg), non-clearsigned ( --sign rather than --clearsign to gpg) are supported. Concretely, gpg --sign --armor --output=signature.gpg payload.json will create the signature content expected in this field in signature.gpg for the payload.json attestation payload. ....build.in-toto-slsa-provenance-v1 -type=et InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=lorem No description provided. ..run-details.builder id=magna No description provided. version=key=takimata No description provided. the value will be associated with the given key ..metadata finished-on=rebum. No description provided. invocation-id=at No description provided. started-on=invidunt No description provided. .... predicate-type=clita No description provided. ..provenance build-options=key=stet Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=aliquyam Version string of the builder at the time this build was executed. create-time=ut Time at which the build was created. creator=sit E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=vero Time at which execution of the build was finished. id=rebum. Required. Unique identifier of the build. logs-uri=dolores URI where any logs for this provenance were written. project-id=consetetur ID of the project. source-provenance artifact-storage-source-uri=dolores If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=sed The alias kind. name=invidunt The alias name. ..repo-id.project-repo-id project-id=clita The ID of the project. repo-name=dolor The name of the repo. Leave empty for the default repo. .. uid=aliquyam A server-assigned, globally unique identifier. .. revision-id=magna A revision ID. ..gerrit.alias-context kind=diam The alias kind. name=nonumy The alias name. .. gerrit-project=et The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=sanctus The URI of a running Gerrit instance. revision-id=accusam A revision (commit) ID. ..git revision-id=tempor Git commit hash. url=sed Git repository URL. .. labels=key=est Labels with user defined metadata. the value will be associated with the given key ... start-time=takimata Time at which execution of the build was started. trigger-id=dolor Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=diam Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. .. create-time=at Output only. The time this occurrence was created. deployment.deployment address=erat Address of the runtime element hosting this deployment. config=justo Configuration used to create this deployment. deploy-time=ipsum Required. Beginning of the lifetime of this deployment. platform=accusam Platform hosting this deployment. resource-uri=dolores Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=consetetur End of the lifetime of this deployment. user-email=no Identity of the user that triggered this deployment. ...derived-image.derived-image base-resource-url=justo Output only. This contains the base image URL for the derived image occurrence. distance=56 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=diam Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=sea Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ....discovered.discovered.analysis-completed analysis-type=stet No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=gubergren The status of discovery for the resource. analysis-status-error code=96 The status code, which should be an enum value of google.rpc.Code. message=no A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. continuous-analysis=sit Whether the resource is continuously analyzed. last-analysis-time=kasd The last time continuous analysis was done for this resource. Deprecated, do not use. last-scan-time=amet The last time this resource was scanned. sbom-status error=lorem If there was an error generating an SBOM, this will indicate what that error was. sbom-state=justo The progress of the SBOM generation. ....envelope payload=invidunt No description provided. payload-type=sed No description provided. ..installation.installation architecture=nonumy Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=sea Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=ipsum Comments expression=kasd Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=justo Required. Output only. The name of the installed package. package-type=ea Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=24 Used to correct mistakes in the version numbering scheme. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=clita Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=vero Required only when version kind is NORMAL. The main part of the version name. revision=invidunt The iteration of the package build from the above version. ....intoto.signed.byproducts custom-values=key=nonumy No description provided. the value will be associated with the given key .. command=erat This field contains the full command executed for the step. This can also be empty if links are generated for operations that aren't directly mapped to a specific command. Each term in the command is an independent string in the list. An example of a command in the in-toto metadata field is: \"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"] Each invocation of this argument appends the given value to the array. environment custom-values=key=erat No description provided. the value will be associated with the given key .... kind=dolores Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=ipsum Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=voluptua. Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. remediation=eos A description of actions that can be taken to remedy the note. resource.content-hash type=duo Required. The type of hash that was performed. value=elitr Required. The hash value. .. name=consetetur Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - \"Debian\". uri=et Required. The unique URI of the resource. For example, https://gcr.io/project/image@sha256:foo for a Docker image. ..sbom create-time=clita Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard creator-comment=sit A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields creators=takimata Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name Each invocation of this argument appends the given value to the array. document-comment=erat A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document external-document-refs=diam Identify any external SPDX documents referenced within this SPDX document Each invocation of this argument appends the given value to the array. id=nonumy Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally license-list-version=lorem A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created namespace=at Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the \u2018#\u2019 delimiter title=diam Identify name of this document as designated by creator ..sbom-reference.payload -type=diam Identifier for the schema of the Statement. predicate digest=key=sed A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=et The location of the SBOM. mime-type=ea The mime type of the SBOM. referrer-id=dolore The person or system referring this predicate to the consumer. .. predicate-type=ipsum URI identifying the type of the Predicate. .. payload-type=ea The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. ..spdx-file attributions=at This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts Each invocation of this argument appends the given value to the array. comment=sit This field provides a place for the SPDX file creator to record any general comments about the file contributors=sit This field provides a place for the SPDX file creator to record file contributors Each invocation of this argument appends the given value to the array. copyright=lorem Identify the copyright holder of the file, as well as any dates present files-license-info=stet This field contains the license information actually found in the file, if any Each invocation of this argument appends the given value to the array. id=duo Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=elitr Comments expression=aliquyam Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. notice=erat This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file ..spdx-package comment=ut A place for the SPDX file creator to record any general comments about the package being described filename=et Provide the actual file name of the package, or path of the directory being treated as a package home-page=lorem Output only. Provide a place for the SPDX file creator to record a web site that serves as the package's home page id=rebum. Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=et Comments expression=sed Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. package-type=stet Output only. The type of package: OS, MAVEN, GO, GO_STDLIB, etc. source-info=aliquyam Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package summary-description=kasd Output only. A short description of the package title=lorem Output only. Identify the full name of the package as given by the Package Originator version=sit Output only. Identify the version of the package ..spdx-relationship comment=kasd A place for the SPDX file creator to record any general comments about the relationship source=tempor Also referred to as SPDXRef-A The source SPDX element (file, package, etc) target=dolor Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are \"known unknowns\", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it type=amet Output only. The type of relationship between the source and target SPDX elements .. update-time=sit Output only. The time this occurrence was last updated. vulnerability cvss-score=0.6642185324610259 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=ipsum Defined in CVSS v3, CVSS v2 attack-vector=ipsum Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=et Defined in CVSS v2 availability-impact=elitr Defined in CVSS v3, CVSS v2 base-score=0.08920170932611438 The base score is a function of the base metric scores. confidentiality-impact=sadipscing Defined in CVSS v3, CVSS v2 exploitability-score=0.8201834988730824 No description provided. impact-score=0.37408685535865127 No description provided. integrity-impact=consetetur Defined in CVSS v3, CVSS v2 privileges-required=et Defined in CVSS v3 scope=sit Defined in CVSS v3 user-interaction=lorem Defined in CVSS v3 ..cvss-v3 attack-complexity=nonumy Defined in CVSS v3, CVSS v2 attack-vector=diam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=ipsum Defined in CVSS v2 availability-impact=invidunt Defined in CVSS v3, CVSS v2 base-score=0.9674724688728986 The base score is a function of the base metric scores. confidentiality-impact=voluptua. Defined in CVSS v3, CVSS v2 exploitability-score=0.18951813186317334 No description provided. impact-score=0.4250572039863144 No description provided. integrity-impact=eirmod Defined in CVSS v3, CVSS v2 privileges-required=erat Defined in CVSS v3 scope=duo Defined in CVSS v3 user-interaction=et Defined in CVSS v3 .. cvss-version=erat Output only. CVSS version used to populate cvss_score and severity. effective-severity=sit The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=accusam Occurrence-specific extra details about the vulnerability. long-description=et Output only. A detailed description of this vulnerability. severity=nonumy Output only. The note provider assigned Severity of the vulnerability. short-description=accusam Output only. A one sentence description of this vulnerability. type=ut The type of package; whether native or non native(ruby gems, node.js packages etc) vex-assessment cve=voluptua. Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=consetetur Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=dolor Additional details on why this justification was chosen. justification-type=amet The justification type for this vulnerability. .. note-name=et The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=aliquyam Provides the state of this Vulnerability assessment. vulnerability-id=ipsum The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.","title":"Required Request Value"},{"location":"projects_occurrences-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-delete/","text":"Deletes the specified occurrence. For example, use this method to delete an occurrence when the occurrence is no longer applicable for the given resource. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-delete ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Delete"},{"location":"projects_occurrences-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-delete ...","title":"Scopes"},{"location":"projects_occurrences-delete/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-iam-policy/","text":"Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=39 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Iam Policy"},{"location":"projects_occurrences-get-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-iam-policy ...","title":"Scopes"},{"location":"projects_occurrences-get-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=39 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_occurrences-get-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-get-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-notes/","text":"Gets the note attached to the specified occurrence. Consumer projects can use this method to get a note that belongs to a provider project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-notes ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Notes"},{"location":"projects_occurrences-get-notes/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-notes ...","title":"Scopes"},{"location":"projects_occurrences-get-notes/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-notes/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-notes/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-vulnerability-summary/","text":"Gets a summary of the number and severity of occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-vulnerability-summary ... Required Scalar Argument <parent> (string) Required. The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Vulnerability Summary"},{"location":"projects_occurrences-get-vulnerability-summary/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get-vulnerability-summary ...","title":"Scopes"},{"location":"projects_occurrences-get-vulnerability-summary/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression.","title":"Optional Method Properties"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get/","text":"Gets the specified occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get"},{"location":"projects_occurrences-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-get ...","title":"Scopes"},{"location":"projects_occurrences-get/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-list/","text":"Lists occurrences for the specified project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-list ... Required Scalar Argument <parent> (string) Required. The name of the project to list occurrences for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences List"},{"location":"projects_occurrences-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-list ...","title":"Scopes"},{"location":"projects_occurrences-list/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to list occurrences for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_occurrences-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-patch/","text":"Updates the specified occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-patch ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: attestation: generic-signed-attestation: content-type: string serialized-payload: string pgp-signed-attestation: content-type: string pgp-key-id: string signature: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string create-time: string deployment: deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string derived-image: derived-image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string discovered: discovered: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string continuous-analysis: string last-analysis-time: string last-scan-time: string sbom-status: error: string sbom-state: string envelope: payload: string payload-type: string installation: installation: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer inclusive: boolean kind: string name: string revision: string intoto: signed: byproducts: custom-values: { string: string } command: [string] environment: custom-values: { string: string } kind: string name: string note-name: string remediation: string resource: content-hash: type: string value: string name: string uri: string sbom: create-time: string creator-comment: string creators: [string] document-comment: string external-document-refs: [string] id: string license-list-version: string namespace: string title: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string spdx-file: attributions: [string] comment: string contributors: [string] copyright: string files-license-info: [string] id: string license-concluded: comments: string expression: string notice: string spdx-package: comment: string filename: string home-page: string id: string license-concluded: comments: string expression: string package-type: string source-info: string summary-description: string title: string version: string spdx-relationship: comment: string source: string target: string type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string effective-severity: string extra-details: string long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.attestation.generic-signed-attestation content-type=invidunt Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). serialized-payload=sea The serialized payload that is verified by one or more signatures . The encoding and semantic meaning of this payload must match what is set in content_type . ..pgp-signed-attestation content-type=duo Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). pgp-key-id=sea The cryptographic fingerprint of the key used to generate the signature, as output by, e.g. gpg --list-keys . This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge \"LONG\", \"SHORT\", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from the fpr field returned when calling --list-keys with --with-colons. For example: gpg --with-colons --with-fingerprint --force-v4-certs \\ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB . signature=stet Required. The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored ( --armor to gpg), non-clearsigned ( --sign rather than --clearsign to gpg) are supported. Concretely, gpg --sign --armor --output=signature.gpg payload.json will create the signature content expected in this field in signature.gpg for the payload.json attestation payload. ....build.in-toto-slsa-provenance-v1 -type=sadipscing InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=no No description provided. ..run-details.builder id=tempor No description provided. version=key=ipsum No description provided. the value will be associated with the given key ..metadata finished-on=sea No description provided. invocation-id=sit No description provided. started-on=amet. No description provided. .... predicate-type=ipsum No description provided. ..provenance build-options=key=at Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=vero Version string of the builder at the time this build was executed. create-time=takimata Time at which the build was created. creator=gubergren E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=et Time at which execution of the build was finished. id=invidunt Required. Unique identifier of the build. logs-uri=magna URI where any logs for this provenance were written. project-id=sit ID of the project. source-provenance artifact-storage-source-uri=gubergren If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=elitr The alias kind. name=ipsum The alias name. ..repo-id.project-repo-id project-id=kasd The ID of the project. repo-name=dolore The name of the repo. Leave empty for the default repo. .. uid=lorem A server-assigned, globally unique identifier. .. revision-id=amet A revision ID. ..gerrit.alias-context kind=ipsum The alias kind. name=lorem The alias name. .. gerrit-project=dolores The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=consetetur The URI of a running Gerrit instance. revision-id=stet A revision (commit) ID. ..git revision-id=accusam Git commit hash. url=consetetur Git repository URL. .. labels=key=takimata Labels with user defined metadata. the value will be associated with the given key ... start-time=sed Time at which execution of the build was started. trigger-id=nonumy Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=sea Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. .. create-time=eos Output only. The time this occurrence was created. deployment.deployment address=dolore Address of the runtime element hosting this deployment. config=accusam Configuration used to create this deployment. deploy-time=elitr Required. Beginning of the lifetime of this deployment. platform=sed Platform hosting this deployment. resource-uri=labore Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=et End of the lifetime of this deployment. user-email=eirmod Identity of the user that triggered this deployment. ...derived-image.derived-image base-resource-url=sed Output only. This contains the base image URL for the derived image occurrence. distance=74 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=stet Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=sit Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ....discovered.discovered.analysis-completed analysis-type=lorem No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=dolor The status of discovery for the resource. analysis-status-error code=4 The status code, which should be an enum value of google.rpc.Code. message=magna A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. continuous-analysis=magna Whether the resource is continuously analyzed. last-analysis-time=invidunt The last time continuous analysis was done for this resource. Deprecated, do not use. last-scan-time=et The last time this resource was scanned. sbom-status error=et If there was an error generating an SBOM, this will indicate what that error was. sbom-state=dolor The progress of the SBOM generation. ....envelope payload=erat No description provided. payload-type=dolore No description provided. ..installation.installation architecture=vero Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=ea Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=et Comments expression=amet. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=eirmod Required. Output only. The name of the installed package. package-type=sanctus Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=8 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=et Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=erat The iteration of the package build from the above version. ....intoto.signed.byproducts custom-values=key=eos No description provided. the value will be associated with the given key .. command=nonumy This field contains the full command executed for the step. This can also be empty if links are generated for operations that aren't directly mapped to a specific command. Each term in the command is an independent string in the list. An example of a command in the in-toto metadata field is: \"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"] Each invocation of this argument appends the given value to the array. environment custom-values=key=ea No description provided. the value will be associated with the given key .... kind=aliquyam Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=nonumy Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=stet Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. remediation=rebum. A description of actions that can be taken to remedy the note. resource.content-hash type=eirmod Required. The type of hash that was performed. value=dolores Required. The hash value. .. name=aliquyam Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - \"Debian\". uri=sanctus Required. The unique URI of the resource. For example, https://gcr.io/project/image@sha256:foo for a Docker image. ..sbom create-time=invidunt Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard creator-comment=dolor A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields creators=eos Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name Each invocation of this argument appends the given value to the array. document-comment=magna A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document external-document-refs=no Identify any external SPDX documents referenced within this SPDX document Each invocation of this argument appends the given value to the array. id=gubergren Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally license-list-version=erat A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created namespace=aliquyam Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the \u2018#\u2019 delimiter title=consetetur Identify name of this document as designated by creator ..sbom-reference.payload -type=ea Identifier for the schema of the Statement. predicate digest=key=lorem A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=elitr The location of the SBOM. mime-type=justo The mime type of the SBOM. referrer-id=lorem The person or system referring this predicate to the consumer. .. predicate-type=labore URI identifying the type of the Predicate. .. payload-type=gubergren The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. ..spdx-file attributions=vero This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts Each invocation of this argument appends the given value to the array. comment=ea This field provides a place for the SPDX file creator to record any general comments about the file contributors=sed This field provides a place for the SPDX file creator to record file contributors Each invocation of this argument appends the given value to the array. copyright=sanctus Identify the copyright holder of the file, as well as any dates present files-license-info=labore This field contains the license information actually found in the file, if any Each invocation of this argument appends the given value to the array. id=amet Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=et Comments expression=dolore Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. notice=voluptua. This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file ..spdx-package comment=sit A place for the SPDX file creator to record any general comments about the package being described filename=sanctus Provide the actual file name of the package, or path of the directory being treated as a package home-page=ipsum Output only. Provide a place for the SPDX file creator to record a web site that serves as the package's home page id=eirmod Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=vero Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. package-type=sea Output only. The type of package: OS, MAVEN, GO, GO_STDLIB, etc. source-info=ipsum Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package summary-description=sea Output only. A short description of the package title=et Output only. Identify the full name of the package as given by the Package Originator version=gubergren Output only. Identify the version of the package ..spdx-relationship comment=dolore A place for the SPDX file creator to record any general comments about the relationship source=ea Also referred to as SPDXRef-A The source SPDX element (file, package, etc) target=elitr Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are \"known unknowns\", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it type=takimata Output only. The type of relationship between the source and target SPDX elements .. update-time=duo Output only. The time this occurrence was last updated. vulnerability cvss-score=0.1004331208470497 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=sed Defined in CVSS v3, CVSS v2 attack-vector=no Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=stet Defined in CVSS v2 availability-impact=sea Defined in CVSS v3, CVSS v2 base-score=0.8755402661178983 The base score is a function of the base metric scores. confidentiality-impact=consetetur Defined in CVSS v3, CVSS v2 exploitability-score=0.2545914457773325 No description provided. impact-score=0.3205985526763834 No description provided. integrity-impact=kasd Defined in CVSS v3, CVSS v2 privileges-required=eirmod Defined in CVSS v3 scope=dolores Defined in CVSS v3 user-interaction=aliquyam Defined in CVSS v3 ..cvss-v3 attack-complexity=dolor Defined in CVSS v3, CVSS v2 attack-vector=vero Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=ea Defined in CVSS v2 availability-impact=magna Defined in CVSS v3, CVSS v2 base-score=0.27549071635704625 The base score is a function of the base metric scores. confidentiality-impact=sea Defined in CVSS v3, CVSS v2 exploitability-score=0.885559877998019 No description provided. impact-score=0.049910030774320546 No description provided. integrity-impact=dolore Defined in CVSS v3, CVSS v2 privileges-required=amet Defined in CVSS v3 scope=invidunt Defined in CVSS v3 user-interaction=invidunt Defined in CVSS v3 .. cvss-version=dolores Output only. CVSS version used to populate cvss_score and severity. effective-severity=diam The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=sanctus Occurrence-specific extra details about the vulnerability. long-description=sed Output only. A detailed description of this vulnerability. severity=eos Output only. The note provider assigned Severity of the vulnerability. short-description=sit Output only. A one sentence description of this vulnerability. type=et The type of package; whether native or non native(ruby gems, node.js packages etc) vex-assessment cve=ea Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=dolor Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sadipscing Additional details on why this justification was chosen. justification-type=diam The justification type for this vulnerability. .. note-name=at The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=at Provides the state of this Vulnerability assessment. vulnerability-id=kasd The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Patch"},{"location":"projects_occurrences-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-patch ...","title":"Scopes"},{"location":"projects_occurrences-patch/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: attestation: generic-signed-attestation: content-type: string serialized-payload: string pgp-signed-attestation: content-type: string pgp-key-id: string signature: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string create-time: string deployment: deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string derived-image: derived-image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string discovered: discovered: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string continuous-analysis: string last-analysis-time: string last-scan-time: string sbom-status: error: string sbom-state: string envelope: payload: string payload-type: string installation: installation: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer inclusive: boolean kind: string name: string revision: string intoto: signed: byproducts: custom-values: { string: string } command: [string] environment: custom-values: { string: string } kind: string name: string note-name: string remediation: string resource: content-hash: type: string value: string name: string uri: string sbom: create-time: string creator-comment: string creators: [string] document-comment: string external-document-refs: [string] id: string license-list-version: string namespace: string title: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string spdx-file: attributions: [string] comment: string contributors: [string] copyright: string files-license-info: [string] id: string license-concluded: comments: string expression: string notice: string spdx-package: comment: string filename: string home-page: string id: string license-concluded: comments: string expression: string package-type: string source-info: string summary-description: string title: string version: string spdx-relationship: comment: string source: string target: string type: string update-time: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string effective-severity: string extra-details: string long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.attestation.generic-signed-attestation content-type=invidunt Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). serialized-payload=sea The serialized payload that is verified by one or more signatures . The encoding and semantic meaning of this payload must match what is set in content_type . ..pgp-signed-attestation content-type=duo Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). pgp-key-id=sea The cryptographic fingerprint of the key used to generate the signature, as output by, e.g. gpg --list-keys . This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge \"LONG\", \"SHORT\", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from the fpr field returned when calling --list-keys with --with-colons. For example: gpg --with-colons --with-fingerprint --force-v4-certs \\ --list-keys attester@example.com tru::1:1513631572:0:3:1:5 pub:...... fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB: Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB . signature=stet Required. The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored ( --armor to gpg), non-clearsigned ( --sign rather than --clearsign to gpg) are supported. Concretely, gpg --sign --armor --output=signature.gpg payload.json will create the signature content expected in this field in signature.gpg for the payload.json attestation payload. ....build.in-toto-slsa-provenance-v1 -type=sadipscing InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=no No description provided. ..run-details.builder id=tempor No description provided. version=key=ipsum No description provided. the value will be associated with the given key ..metadata finished-on=sea No description provided. invocation-id=sit No description provided. started-on=amet. No description provided. .... predicate-type=ipsum No description provided. ..provenance build-options=key=at Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=vero Version string of the builder at the time this build was executed. create-time=takimata Time at which the build was created. creator=gubergren E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=et Time at which execution of the build was finished. id=invidunt Required. Unique identifier of the build. logs-uri=magna URI where any logs for this provenance were written. project-id=sit ID of the project. source-provenance artifact-storage-source-uri=gubergren If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=elitr The alias kind. name=ipsum The alias name. ..repo-id.project-repo-id project-id=kasd The ID of the project. repo-name=dolore The name of the repo. Leave empty for the default repo. .. uid=lorem A server-assigned, globally unique identifier. .. revision-id=amet A revision ID. ..gerrit.alias-context kind=ipsum The alias kind. name=lorem The alias name. .. gerrit-project=dolores The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=consetetur The URI of a running Gerrit instance. revision-id=stet A revision (commit) ID. ..git revision-id=accusam Git commit hash. url=consetetur Git repository URL. .. labels=key=takimata Labels with user defined metadata. the value will be associated with the given key ... start-time=sed Time at which execution of the build was started. trigger-id=nonumy Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=sea Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. .. create-time=eos Output only. The time this occurrence was created. deployment.deployment address=dolore Address of the runtime element hosting this deployment. config=accusam Configuration used to create this deployment. deploy-time=elitr Required. Beginning of the lifetime of this deployment. platform=sed Platform hosting this deployment. resource-uri=labore Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=et End of the lifetime of this deployment. user-email=eirmod Identity of the user that triggered this deployment. ...derived-image.derived-image base-resource-url=sed Output only. This contains the base image URL for the derived image occurrence. distance=74 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=stet Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=sit Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=ipsum Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ....discovered.discovered.analysis-completed analysis-type=lorem No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=dolor The status of discovery for the resource. analysis-status-error code=4 The status code, which should be an enum value of google.rpc.Code. message=magna A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. continuous-analysis=magna Whether the resource is continuously analyzed. last-analysis-time=invidunt The last time continuous analysis was done for this resource. Deprecated, do not use. last-scan-time=et The last time this resource was scanned. sbom-status error=et If there was an error generating an SBOM, this will indicate what that error was. sbom-state=dolor The progress of the SBOM generation. ....envelope payload=erat No description provided. payload-type=dolore No description provided. ..installation.installation architecture=vero Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=ea Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=et Comments expression=amet. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=eirmod Required. Output only. The name of the installed package. package-type=sanctus Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=8 Used to correct mistakes in the version numbering scheme. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=et Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=erat The iteration of the package build from the above version. ....intoto.signed.byproducts custom-values=key=eos No description provided. the value will be associated with the given key .. command=nonumy This field contains the full command executed for the step. This can also be empty if links are generated for operations that aren't directly mapped to a specific command. Each term in the command is an independent string in the list. An example of a command in the in-toto metadata field is: \"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"] Each invocation of this argument appends the given value to the array. environment custom-values=key=ea No description provided. the value will be associated with the given key .... kind=aliquyam Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=nonumy Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=stet Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. remediation=rebum. A description of actions that can be taken to remedy the note. resource.content-hash type=eirmod Required. The type of hash that was performed. value=dolores Required. The hash value. .. name=aliquyam Deprecated, do not use. Use uri instead. The name of the resource. For example, the name of a Docker image - \"Debian\". uri=sanctus Required. The unique URI of the resource. For example, https://gcr.io/project/image@sha256:foo for a Docker image. ..sbom create-time=invidunt Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard creator-comment=dolor A field for creators of the SPDX file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields creators=eos Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name Each invocation of this argument appends the given value to the array. document-comment=magna A field for creators of the SPDX file content to provide comments to the consumers of the SPDX document external-document-refs=no Identify any external SPDX documents referenced within this SPDX document Each invocation of this argument appends the given value to the array. id=gubergren Identify the current SPDX document which may be referenced in relationships by other files, packages internally and documents externally license-list-version=erat A field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created namespace=aliquyam Provide an SPDX document specific namespace as a unique absolute Uniform Resource Identifier (URI) as specified in RFC-3986, with the exception of the \u2018#\u2019 delimiter title=consetetur Identify name of this document as designated by creator ..sbom-reference.payload -type=ea Identifier for the schema of the Statement. predicate digest=key=lorem A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=elitr The location of the SBOM. mime-type=justo The mime type of the SBOM. referrer-id=lorem The person or system referring this predicate to the consumer. .. predicate-type=labore URI identifying the type of the Predicate. .. payload-type=gubergren The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. ..spdx-file attributions=vero This field provides a place for the SPDX data creator to record, at the file level, acknowledgements that may be needed to be communicated in some contexts Each invocation of this argument appends the given value to the array. comment=ea This field provides a place for the SPDX file creator to record any general comments about the file contributors=sed This field provides a place for the SPDX file creator to record file contributors Each invocation of this argument appends the given value to the array. copyright=sanctus Identify the copyright holder of the file, as well as any dates present files-license-info=labore This field contains the license information actually found in the file, if any Each invocation of this argument appends the given value to the array. id=amet Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=et Comments expression=dolore Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. notice=voluptua. This field provides a place for the SPDX file creator to record license notices or other such related notices found in the file ..spdx-package comment=sit A place for the SPDX file creator to record any general comments about the package being described filename=sanctus Provide the actual file name of the package, or path of the directory being treated as a package home-page=ipsum Output only. Provide a place for the SPDX file creator to record a web site that serves as the package's home page id=eirmod Uniquely identify any element in an SPDX document which may be referenced by other elements license-concluded comments=vero Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. package-type=sea Output only. The type of package: OS, MAVEN, GO, GO_STDLIB, etc. source-info=ipsum Provide a place for the SPDX file creator to record any relevant background information or additional comments about the origin of the package summary-description=sea Output only. A short description of the package title=et Output only. Identify the full name of the package as given by the Package Originator version=gubergren Output only. Identify the version of the package ..spdx-relationship comment=dolore A place for the SPDX file creator to record any general comments about the relationship source=ea Also referred to as SPDXRef-A The source SPDX element (file, package, etc) target=elitr Also referred to as SPDXRef-B The target SPDC element (file, package, etc) In cases where there are \"known unknowns\", the use of the keyword NOASSERTION can be used The keywords NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it type=takimata Output only. The type of relationship between the source and target SPDX elements .. update-time=duo Output only. The time this occurrence was last updated. vulnerability cvss-score=0.1004331208470497 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=sed Defined in CVSS v3, CVSS v2 attack-vector=no Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=stet Defined in CVSS v2 availability-impact=sea Defined in CVSS v3, CVSS v2 base-score=0.8755402661178983 The base score is a function of the base metric scores. confidentiality-impact=consetetur Defined in CVSS v3, CVSS v2 exploitability-score=0.2545914457773325 No description provided. impact-score=0.3205985526763834 No description provided. integrity-impact=kasd Defined in CVSS v3, CVSS v2 privileges-required=eirmod Defined in CVSS v3 scope=dolores Defined in CVSS v3 user-interaction=aliquyam Defined in CVSS v3 ..cvss-v3 attack-complexity=dolor Defined in CVSS v3, CVSS v2 attack-vector=vero Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2 authentication=ea Defined in CVSS v2 availability-impact=magna Defined in CVSS v3, CVSS v2 base-score=0.27549071635704625 The base score is a function of the base metric scores. confidentiality-impact=sea Defined in CVSS v3, CVSS v2 exploitability-score=0.885559877998019 No description provided. impact-score=0.049910030774320546 No description provided. integrity-impact=dolore Defined in CVSS v3, CVSS v2 privileges-required=amet Defined in CVSS v3 scope=invidunt Defined in CVSS v3 user-interaction=invidunt Defined in CVSS v3 .. cvss-version=dolores Output only. CVSS version used to populate cvss_score and severity. effective-severity=diam The distro assigned severity for this vulnerability when it is available, and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=sanctus Occurrence-specific extra details about the vulnerability. long-description=sed Output only. A detailed description of this vulnerability. severity=eos Output only. The note provider assigned Severity of the vulnerability. short-description=sit Output only. A one sentence description of this vulnerability. type=et The type of package; whether native or non native(ruby gems, node.js packages etc) vex-assessment cve=ea Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=dolor Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sadipscing Additional details on why this justification was chosen. justification-type=diam The justification type for this vulnerability. .. note-name=at The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=at Provides the state of this Vulnerability assessment. vulnerability-id=kasd The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.","title":"Required Request Value"},{"location":"projects_occurrences-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update.","title":"Optional Method Properties"},{"location":"projects_occurrences-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-set-iam-policy/","text":"Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-set-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=magna etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=49 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Set Iam Policy"},{"location":"projects_occurrences-set-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-set-iam-policy ...","title":"Scopes"},{"location":"projects_occurrences-set-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-set-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=magna etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=49 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_occurrences-set-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-set-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-set-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-test-iam-permissions/","text":"Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list ). The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=est The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Test Iam Permissions"},{"location":"projects_occurrences-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects occurrences-test-iam-permissions ...","title":"Scopes"},{"location":"projects_occurrences-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=est The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"projects_occurrences-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_resources-export-sbom/","text":"Generates an SBOM and other dependency information for the given resource. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects resources-export-sbom ... Required Scalar Argument <name> (string) Required. The name of the resource in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ExportSBOMRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Resources Export Sbom"},{"location":"projects_resources-export-sbom/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects resources-export-sbom ...","title":"Scopes"},{"location":"projects_resources-export-sbom/#required-scalar-argument","text":"<name> (string) Required. The name of the resource in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] .","title":"Required Scalar Argument"},{"location":"projects_resources-export-sbom/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ExportSBOMRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_resources-export-sbom/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_resources-export-sbom/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_resources-export-sbom/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_resources-generate-packages-summary/","text":"Gets a summary of the packages within a given resource. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects resources-generate-packages-summary ... Required Scalar Argument <name> (string) Required. The name of the resource to get a packages summary for in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GeneratePackagesSummaryRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Resources Generate Packages Summary"},{"location":"projects_resources-generate-packages-summary/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1-beta1 --scope <scope> projects resources-generate-packages-summary ...","title":"Scopes"},{"location":"projects_resources-generate-packages-summary/#required-scalar-argument","text":"<name> (string) Required. The name of the resource to get a packages summary for in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] .","title":"Required Scalar Argument"},{"location":"projects_resources-generate-packages-summary/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GeneratePackagesSummaryRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_resources-generate-packages-summary/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_resources-generate-packages-summary/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_resources-generate-packages-summary/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"}]}