mirror of
https://github.com/OMGeeky/google-apis-rs.git
synced 2026-01-29 05:12:45 +01:00
1 line
328 KiB
JSON
1 line
328 KiB
JSON
{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"The containeranalysis1 command-line interface (CLI) allows to use most features of the Google Container Analysis service from the comfort of your terminal. By default all output is printed to standard out, but flags can be set to direct it into a file independent of your shell's capabilities. Errors will be printed to standard error, and cause the program's exit code to be non-zero. If data-structures are requested, these will be returned as pretty-printed JSON, to be useful as input to other tools. Everything else about the Container Analysis API can be found at the official documentation site . Installation and Source Code Install the command-line interface with cargo using: cargo install google-containeranalysis1-cli Find the source code on github . Usage This documentation was generated from the Container Analysis API at revision 20240223 . The CLI is at version 5.0.4 . containeranalysis1 [options] projects notes-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-delete <name> [-p <v>]... [-o <out>] notes-get <name> [-p <v>]... [-o <out>] notes-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-list <parent> [-p <v>]... [-o <out>] notes-occurrences-list <name> [-p <v>]... [-o <out>] notes-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] notes-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-delete <name> [-p <v>]... [-o <out>] occurrences-get <name> [-p <v>]... [-o <out>] occurrences-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-get-notes <name> [-p <v>]... [-o <out>] occurrences-get-vulnerability-summary <parent> [-p <v>]... [-o <out>] occurrences-list <parent> [-p <v>]... [-o <out>] occurrences-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] resources-export-sbom <name> (-r <kv>)... [-p <v>]... [-o <out>] containeranalysis1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli] Configuration The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with containeranalysis1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs. Authentication Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/containeranalysis1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation . Application Secrets In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/containeranalysis1-secret.json , assuming that the required containeranalysis API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation . Debugging Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. containeranalysis1 --debug <resource> <method> [options] 2>debug.txt .","title":"Home"},{"location":"#installation-and-source-code","text":"Install the command-line interface with cargo using: cargo install google-containeranalysis1-cli Find the source code on github .","title":"Installation and Source Code"},{"location":"#usage","text":"This documentation was generated from the Container Analysis API at revision 20240223 . The CLI is at version 5.0.4 . containeranalysis1 [options] projects notes-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] notes-delete <name> [-p <v>]... [-o <out>] notes-get <name> [-p <v>]... [-o <out>] notes-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-list <parent> [-p <v>]... [-o <out>] notes-occurrences-list <name> [-p <v>]... [-o <out>] notes-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] notes-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] notes-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-batch-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-delete <name> [-p <v>]... [-o <out>] occurrences-get <name> [-p <v>]... [-o <out>] occurrences-get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-get-notes <name> [-p <v>]... [-o <out>] occurrences-get-vulnerability-summary <parent> [-p <v>]... [-o <out>] occurrences-list <parent> [-p <v>]... [-o <out>] occurrences-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] occurrences-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] resources-export-sbom <name> (-r <kv>)... [-p <v>]... [-o <out>] containeranalysis1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli]","title":"Usage"},{"location":"#configuration","text":"The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with containeranalysis1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs.","title":"Configuration"},{"location":"#authentication","text":"Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/containeranalysis1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation .","title":"Authentication"},{"location":"#application-secrets","text":"In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/containeranalysis1-secret.json , assuming that the required containeranalysis API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation .","title":"Application Secrets"},{"location":"#debugging","text":"Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. containeranalysis1 --debug <resource> <method> [options] 2>debug.txt .","title":"Debugging"},{"location":"projects_notes-batch-create/","text":"Creates new notes in batch. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-batch-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the notes are to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateNotesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Batch Create"},{"location":"projects_notes-batch-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-batch-create ...","title":"Scopes"},{"location":"projects_notes-batch-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the notes are to be created.","title":"Required Scalar Argument"},{"location":"projects_notes-batch-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateNotesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_notes-batch-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-batch-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-batch-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-create/","text":"Creates a new note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the note is to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation: hint: human-readable-name: string build: builder-version: string compliance: cis-benchmark: profile-level: integer severity: string description: string rationale: string remediation: string scan-instructions: string title: string create-time: string deployment: resource-uri: [string] discovery: analysis-kind: string dsse-attestation: hint: human-readable-name: string expiration-time: string image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom-reference: format: string version: string short-description: string update-time: string upgrade: package: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...build builder-version=magna Required. Immutable. Version of the builder which produced this build. ..compliance.cis-benchmark profile-level=90 No description provided. severity=ipsum No description provided. .. description=voluptua. A description about this compliance check. rationale=at A rationale for the existence of this compliance check. remediation=sanctus A description of remediation steps if the compliance check fails. scan-instructions=sed Serialized scan instructions with a predefined format. title=amet. The title that identifies this compliance check. .. create-time=takimata Output only. The time this note was created. This field can be used as a filter in list requests. deployment resource-uri=amet. Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=duo Required. Immutable. The kind of analysis that is handled by this discovery. ..dsse-attestation.hint human-readable-name=ipsum Required. The human readable name of this attestation authority, for example \"cloudbuild-prod\". ... expiration-time=gubergren Time of expiration for this note. Empty if note does not expire. image.fingerprint v1-name=lorem Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=gubergren Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=eos Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=dolor Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. .. kind=ea Output only. The type of analysis. This field can be used as a filter in list requests. long-description=ipsum A detailed description of this note. name=invidunt Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=amet The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=duo The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=ipsum The description of this package. license comments=sed Comments expression=ut Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=gubergren A freeform text denoting the maintainer of this package. name=rebum. Required. Immutable. The name of the package. package-type=est The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=ipsum The homepage for this package. version epoch=51 Used to correct mistakes in the version numbering scheme. full-name=est Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=ea Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=dolor Required only when version kind is NORMAL. The main part of the version name. revision=lorem The iteration of the package build from the above version. ... related-note-names=eos Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom-reference format=labore The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=sed The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=duo A one sentence description of this note. update-time=sed Output only. The time this note was last updated. This field can be used as a filter in list requests. upgrade package=no Required for non-Windows OS. The package this Upgrade is for. version epoch=86 Used to correct mistakes in the version numbering scheme. full-name=kasd Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=et Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=vero The iteration of the package build from the above version. ..windows-update description=erat The localized description of the update. identity revision=8 The revision number of the update. update-id=duo The revision independent identifier of the update. .. kb-article-ids=dolore The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=et The last published timestamp of the update. support-url=voluptua. The hyperlink to the support information for the update. title=amet. The localized title of the update. ...vulnerability cvss-score=0.04388040358005296 The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=dolor No description provided. attack-vector=et Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=et No description provided. availability-impact=sadipscing No description provided. base-score=0.6755988748158552 The base score is a function of the base metric scores. confidentiality-impact=duo No description provided. exploitability-score=0.19681975392268636 No description provided. impact-score=0.10459029141758258 No description provided. integrity-impact=vero No description provided. privileges-required=elitr No description provided. scope=lorem No description provided. user-interaction=diam No description provided. ..cvss-v3 attack-complexity=no No description provided. attack-vector=ipsum Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=accusam No description provided. base-score=0.333591971041029 The base score is a function of the base metric scores. confidentiality-impact=voluptua. No description provided. exploitability-score=0.7904276045322813 No description provided. impact-score=0.5496092442112607 No description provided. integrity-impact=amet. No description provided. privileges-required=sed No description provided. scope=takimata No description provided. user-interaction=dolores No description provided. .. cvss-version=gubergren CVSS version used to populate cvss_score and severity. severity=et The note provider assigned severity of this vulnerability. source-update-time=accusam The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=voluptua. Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=dolore Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=dolore Additional details on why this justification was chosen. justification-type=dolore The justification type for this vulnerability. .. long-description=voluptua. A detailed description of this Vex. short-description=amet. A one sentence description of this Vex. state=ea Provides the state of this Vulnerability assessment. vulnerability-id=sadipscing The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=lorem Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=invidunt A detailed description of this Vex. product generic-uri=no Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=est Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=at Name of the product. ..publisher issuing-authority=sed Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=sit Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=et The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=tempor A one sentence description of this Vex. title=aliquyam The title of the note. E.g. Vex-Debian-11.4 About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p note-id=string Required. The ID to use for this note. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Create"},{"location":"projects_notes-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-create ...","title":"Scopes"},{"location":"projects_notes-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the note is to be created.","title":"Required Scalar Argument"},{"location":"projects_notes-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation: hint: human-readable-name: string build: builder-version: string compliance: cis-benchmark: profile-level: integer severity: string description: string rationale: string remediation: string scan-instructions: string title: string create-time: string deployment: resource-uri: [string] discovery: analysis-kind: string dsse-attestation: hint: human-readable-name: string expiration-time: string image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom-reference: format: string version: string short-description: string update-time: string upgrade: package: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...build builder-version=magna Required. Immutable. Version of the builder which produced this build. ..compliance.cis-benchmark profile-level=90 No description provided. severity=ipsum No description provided. .. description=voluptua. A description about this compliance check. rationale=at A rationale for the existence of this compliance check. remediation=sanctus A description of remediation steps if the compliance check fails. scan-instructions=sed Serialized scan instructions with a predefined format. title=amet. The title that identifies this compliance check. .. create-time=takimata Output only. The time this note was created. This field can be used as a filter in list requests. deployment resource-uri=amet. Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=duo Required. Immutable. The kind of analysis that is handled by this discovery. ..dsse-attestation.hint human-readable-name=ipsum Required. The human readable name of this attestation authority, for example \"cloudbuild-prod\". ... expiration-time=gubergren Time of expiration for this note. Empty if note does not expire. image.fingerprint v1-name=lorem Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=gubergren Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=eos Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=dolor Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. .. kind=ea Output only. The type of analysis. This field can be used as a filter in list requests. long-description=ipsum A detailed description of this note. name=invidunt Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=amet The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=duo The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=ipsum The description of this package. license comments=sed Comments expression=ut Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=gubergren A freeform text denoting the maintainer of this package. name=rebum. Required. Immutable. The name of the package. package-type=est The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=ipsum The homepage for this package. version epoch=51 Used to correct mistakes in the version numbering scheme. full-name=est Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=ea Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=dolor Required only when version kind is NORMAL. The main part of the version name. revision=lorem The iteration of the package build from the above version. ... related-note-names=eos Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom-reference format=labore The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=sed The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=duo A one sentence description of this note. update-time=sed Output only. The time this note was last updated. This field can be used as a filter in list requests. upgrade package=no Required for non-Windows OS. The package this Upgrade is for. version epoch=86 Used to correct mistakes in the version numbering scheme. full-name=kasd Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=et Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=vero The iteration of the package build from the above version. ..windows-update description=erat The localized description of the update. identity revision=8 The revision number of the update. update-id=duo The revision independent identifier of the update. .. kb-article-ids=dolore The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=et The last published timestamp of the update. support-url=voluptua. The hyperlink to the support information for the update. title=amet. The localized title of the update. ...vulnerability cvss-score=0.04388040358005296 The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=dolor No description provided. attack-vector=et Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=et No description provided. availability-impact=sadipscing No description provided. base-score=0.6755988748158552 The base score is a function of the base metric scores. confidentiality-impact=duo No description provided. exploitability-score=0.19681975392268636 No description provided. impact-score=0.10459029141758258 No description provided. integrity-impact=vero No description provided. privileges-required=elitr No description provided. scope=lorem No description provided. user-interaction=diam No description provided. ..cvss-v3 attack-complexity=no No description provided. attack-vector=ipsum Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=accusam No description provided. base-score=0.333591971041029 The base score is a function of the base metric scores. confidentiality-impact=voluptua. No description provided. exploitability-score=0.7904276045322813 No description provided. impact-score=0.5496092442112607 No description provided. integrity-impact=amet. No description provided. privileges-required=sed No description provided. scope=takimata No description provided. user-interaction=dolores No description provided. .. cvss-version=gubergren CVSS version used to populate cvss_score and severity. severity=et The note provider assigned severity of this vulnerability. source-update-time=accusam The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=voluptua. Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=dolore Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=dolore Additional details on why this justification was chosen. justification-type=dolore The justification type for this vulnerability. .. long-description=voluptua. A detailed description of this Vex. short-description=amet. A one sentence description of this Vex. state=ea Provides the state of this Vulnerability assessment. vulnerability-id=sadipscing The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=lorem Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=invidunt A detailed description of this Vex. product generic-uri=no Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=est Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=at Name of the product. ..publisher issuing-authority=sed Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=sit Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=et The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=tempor A one sentence description of this Vex. title=aliquyam The title of the note. E.g. Vex-Debian-11.4","title":"Required Request Value"},{"location":"projects_notes-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-create/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p note-id=string Required. The ID to use for this note.","title":"Optional Method Properties"},{"location":"projects_notes-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-delete/","text":"Deletes the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-delete ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Delete"},{"location":"projects_notes-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-delete ...","title":"Scopes"},{"location":"projects_notes-delete/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-get-iam-policy/","text":"Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-get-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=96 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Get Iam Policy"},{"location":"projects_notes-get-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-get-iam-policy ...","title":"Scopes"},{"location":"projects_notes-get-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-get-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=96 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_notes-get-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-get-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-get-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-get/","text":"Gets the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-get ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Get"},{"location":"projects_notes-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-get ...","title":"Scopes"},{"location":"projects_notes-get/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-list/","text":"Lists notes for the specified project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-list ... Required Scalar Argument <parent> (string) Required. The name of the project to list notes for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes List"},{"location":"projects_notes-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-list ...","title":"Scopes"},{"location":"projects_notes-list/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to list notes for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_notes-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-occurrences-list/","text":"Lists occurrences referencing the specified note. Provider projects can use this method to get all occurrences across consumer projects referencing the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-occurrences-list ... Required Scalar Argument <name> (string) Required. The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Occurrences List"},{"location":"projects_notes-occurrences-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-occurrences-list ...","title":"Scopes"},{"location":"projects_notes-occurrences-list/#required-scalar-argument","text":"<name> (string) Required. The name of the note to list occurrences for in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-occurrences-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-occurrences-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_notes-occurrences-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-patch/","text":"Updates the specified note. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-patch ... Required Scalar Argument <name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation: hint: human-readable-name: string build: builder-version: string compliance: cis-benchmark: profile-level: integer severity: string description: string rationale: string remediation: string scan-instructions: string title: string create-time: string deployment: resource-uri: [string] discovery: analysis-kind: string dsse-attestation: hint: human-readable-name: string expiration-time: string image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom-reference: format: string version: string short-description: string update-time: string upgrade: package: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...build builder-version=sanctus Required. Immutable. Version of the builder which produced this build. ..compliance.cis-benchmark profile-level=45 No description provided. severity=est No description provided. .. description=sed A description about this compliance check. rationale=diam A rationale for the existence of this compliance check. remediation=dolores A description of remediation steps if the compliance check fails. scan-instructions=dolores Serialized scan instructions with a predefined format. title=et The title that identifies this compliance check. .. create-time=sed Output only. The time this note was created. This field can be used as a filter in list requests. deployment resource-uri=no Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=et Required. Immutable. The kind of analysis that is handled by this discovery. ..dsse-attestation.hint human-readable-name=elitr Required. The human readable name of this attestation authority, for example \"cloudbuild-prod\". ... expiration-time=sed Time of expiration for this note. Empty if note does not expire. image.fingerprint v1-name=no Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=nonumy Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=at Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=sadipscing Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. .. kind=aliquyam Output only. The type of analysis. This field can be used as a filter in list requests. long-description=dolores A detailed description of this note. name=sadipscing Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=erat The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=aliquyam The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=amet The description of this package. license comments=est Comments expression=et Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=sea A freeform text denoting the maintainer of this package. name=consetetur Required. Immutable. The name of the package. package-type=consetetur The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=stet The homepage for this package. version epoch=94 Used to correct mistakes in the version numbering scheme. full-name=aliquyam Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=duo Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=diam Required only when version kind is NORMAL. The main part of the version name. revision=est The iteration of the package build from the above version. ... related-note-names=sit Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom-reference format=sed The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=eos The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=lorem A one sentence description of this note. update-time=ea Output only. The time this note was last updated. This field can be used as a filter in list requests. upgrade package=stet Required for non-Windows OS. The package this Upgrade is for. version epoch=82 Used to correct mistakes in the version numbering scheme. full-name=eos Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=sea Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=at The iteration of the package build from the above version. ..windows-update description=dolore The localized description of the update. identity revision=61 The revision number of the update. update-id=lorem The revision independent identifier of the update. .. kb-article-ids=accusam The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=amet The last published timestamp of the update. support-url=erat The hyperlink to the support information for the update. title=dolores The localized title of the update. ...vulnerability cvss-score=0.15972633079770038 The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=sea No description provided. attack-vector=takimata Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=lorem No description provided. availability-impact=et No description provided. base-score=0.1945321992186927 The base score is a function of the base metric scores. confidentiality-impact=dolor No description provided. exploitability-score=0.9576851027078831 No description provided. impact-score=0.9295719371551834 No description provided. integrity-impact=erat No description provided. privileges-required=sea No description provided. scope=nonumy No description provided. user-interaction=et No description provided. ..cvss-v3 attack-complexity=gubergren No description provided. attack-vector=justo Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=sea No description provided. base-score=0.03937387488958621 The base score is a function of the base metric scores. confidentiality-impact=aliquyam No description provided. exploitability-score=0.5999462320813541 No description provided. impact-score=0.6413061576894121 No description provided. integrity-impact=gubergren No description provided. privileges-required=dolor No description provided. scope=aliquyam No description provided. user-interaction=no No description provided. .. cvss-version=amet. CVSS version used to populate cvss_score and severity. severity=ipsum The note provider assigned severity of this vulnerability. source-update-time=lorem The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=accusam Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=gubergren Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sadipscing Additional details on why this justification was chosen. justification-type=at The justification type for this vulnerability. .. long-description=sit A detailed description of this Vex. short-description=duo A one sentence description of this Vex. state=sit Provides the state of this Vulnerability assessment. vulnerability-id=magna The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=et Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=rebum. A detailed description of this Vex. product generic-uri=dolor Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=lorem Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=justo Name of the product. ..publisher issuing-authority=amet. Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=no Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=nonumy The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=sed A one sentence description of this Vex. title=kasd The title of the note. E.g. Vex-Debian-11.4 About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Patch"},{"location":"projects_notes-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-patch ...","title":"Scopes"},{"location":"projects_notes-patch/#required-scalar-argument","text":"<name> (string) Required. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] .","title":"Required Scalar Argument"},{"location":"projects_notes-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Note: attestation: hint: human-readable-name: string build: builder-version: string compliance: cis-benchmark: profile-level: integer severity: string description: string rationale: string remediation: string scan-instructions: string title: string create-time: string deployment: resource-uri: [string] discovery: analysis-kind: string dsse-attestation: hint: human-readable-name: string expiration-time: string image: fingerprint: v1-name: string v2-blob: [string] v2-name: string resource-url: string kind: string long-description: string name: string package: architecture: string cpe-uri: string description: string license: comments: string expression: string maintainer: string name: string package-type: string url: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string related-note-names: [string] sbom-reference: format: string version: string short-description: string update-time: string upgrade: package: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-v3: attack-complexity: string attack-vector: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string severity: string source-update-time: string vulnerability-assessment: assessment: cve: string impacts: [string] justification: details: string justification-type: string long-description: string short-description: string state: string vulnerability-id: string language-code: string long-description: string product: generic-uri: string id: string name: string publisher: issuing-authority: string name: string publisher-namespace: string short-description: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation.hint human-readable-name=et Required. The human readable name of this attestation authority, for example \"qa\". ...build builder-version=sanctus Required. Immutable. Version of the builder which produced this build. ..compliance.cis-benchmark profile-level=45 No description provided. severity=est No description provided. .. description=sed A description about this compliance check. rationale=diam A rationale for the existence of this compliance check. remediation=dolores A description of remediation steps if the compliance check fails. scan-instructions=dolores Serialized scan instructions with a predefined format. title=et The title that identifies this compliance check. .. create-time=sed Output only. The time this note was created. This field can be used as a filter in list requests. deployment resource-uri=no Required. Resource URI for the artifact being deployed. Each invocation of this argument appends the given value to the array. ..discovery analysis-kind=et Required. Immutable. The kind of analysis that is handled by this discovery. ..dsse-attestation.hint human-readable-name=elitr Required. The human readable name of this attestation authority, for example \"cloudbuild-prod\". ... expiration-time=sed Time of expiration for this note. Empty if note does not expire. image.fingerprint v1-name=no Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=nonumy Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=at Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. .. resource-url=sadipscing Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. .. kind=aliquyam Output only. The type of analysis. This field can be used as a filter in list requests. long-description=dolores A detailed description of this note. name=sadipscing Output only. The name of the note in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . package architecture=erat The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=aliquyam The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. description=amet The description of this package. license comments=est Comments expression=et Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. maintainer=sea A freeform text denoting the maintainer of this package. name=consetetur Required. Immutable. The name of the package. package-type=consetetur The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). url=stet The homepage for this package. version epoch=94 Used to correct mistakes in the version numbering scheme. full-name=aliquyam Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=duo Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=diam Required only when version kind is NORMAL. The main part of the version name. revision=est The iteration of the package build from the above version. ... related-note-names=sit Other notes related to this note. Each invocation of this argument appends the given value to the array. sbom-reference format=sed The format that SBOM takes. E.g. may be spdx, cyclonedx, etc... version=eos The version of the format that the SBOM takes. E.g. if the format is spdx, the version may be 2.3. .. short-description=lorem A one sentence description of this note. update-time=ea Output only. The time this note was last updated. This field can be used as a filter in list requests. upgrade package=stet Required for non-Windows OS. The package this Upgrade is for. version epoch=82 Used to correct mistakes in the version numbering scheme. full-name=eos Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=sea Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=et Required only when version kind is NORMAL. The main part of the version name. revision=at The iteration of the package build from the above version. ..windows-update description=dolore The localized description of the update. identity revision=61 The revision number of the update. update-id=lorem The revision independent identifier of the update. .. kb-article-ids=accusam The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=amet The last published timestamp of the update. support-url=erat The hyperlink to the support information for the update. title=dolores The localized title of the update. ...vulnerability cvss-score=0.15972633079770038 The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=sea No description provided. attack-vector=takimata Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=lorem No description provided. availability-impact=et No description provided. base-score=0.1945321992186927 The base score is a function of the base metric scores. confidentiality-impact=dolor No description provided. exploitability-score=0.9576851027078831 No description provided. impact-score=0.9295719371551834 No description provided. integrity-impact=erat No description provided. privileges-required=sea No description provided. scope=nonumy No description provided. user-interaction=et No description provided. ..cvss-v3 attack-complexity=gubergren No description provided. attack-vector=justo Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. availability-impact=sea No description provided. base-score=0.03937387488958621 The base score is a function of the base metric scores. confidentiality-impact=aliquyam No description provided. exploitability-score=0.5999462320813541 No description provided. impact-score=0.6413061576894121 No description provided. integrity-impact=gubergren No description provided. privileges-required=dolor No description provided. scope=aliquyam No description provided. user-interaction=no No description provided. .. cvss-version=amet. CVSS version used to populate cvss_score and severity. severity=ipsum The note provider assigned severity of this vulnerability. source-update-time=lorem The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. ..vulnerability-assessment.assessment cve=accusam Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=gubergren Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sadipscing Additional details on why this justification was chosen. justification-type=at The justification type for this vulnerability. .. long-description=sit A detailed description of this Vex. short-description=duo A one sentence description of this Vex. state=sit Provides the state of this Vulnerability assessment. vulnerability-id=magna The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. .. language-code=et Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. long-description=rebum. A detailed description of this Vex. product generic-uri=dolor Contains a URI which is vendor-specific. Example: The artifact repository URL of an image. id=lorem Token that identifies a product so that it can be referred to from other parts in the document. There is no predefined format as long as it uniquely identifies a group in the context of the current document. name=justo Name of the product. ..publisher issuing-authority=amet. Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations. name=no Name of the publisher. Examples: 'Google', 'Google Cloud Platform'. publisher-namespace=nonumy The context or namespace. Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. Example: https://csaf.io .. short-description=sed A one sentence description of this Vex. title=kasd The title of the note. E.g. Vex-Debian-11.4","title":"Required Request Value"},{"location":"projects_notes-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update.","title":"Optional Method Properties"},{"location":"projects_notes-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-set-iam-policy/","text":"Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-set-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=lorem etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=43 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Set Iam Policy"},{"location":"projects_notes-set-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-set-iam-policy ...","title":"Scopes"},{"location":"projects_notes-set-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-set-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=lorem etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=43 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_notes-set-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-set-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-set-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_notes-test-iam-permissions/","text":"Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list ). The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=nonumy The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Notes Test Iam Permissions"},{"location":"projects_notes-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects notes-test-iam-permissions ...","title":"Scopes"},{"location":"projects_notes-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_notes-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=nonumy The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"projects_notes-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_notes-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_notes-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-batch-create/","text":"Creates new occurrences in batch. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-batch-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrences are to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateOccurrencesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Batch Create"},{"location":"projects_occurrences-batch-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-batch-create ...","title":"Scopes"},{"location":"projects_occurrences-batch-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrences are to be created.","title":"Required Scalar Argument"},{"location":"projects_occurrences-batch-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: BatchCreateOccurrencesRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_occurrences-batch-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-batch-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-batch-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-create/","text":"Creates a new occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-create ... Required Scalar Argument <parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrence is to be created. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: serialized-payload: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string intoto-provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string intoto-statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string compliance: non-compliance-reason: string create-time: string deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string discovery: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string archive-time: string continuous-analysis: string cpe: string last-scan-time: string sbom-status: error: string sbom-state: string dsse-attestation: envelope: payload: string payload-type: string statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean envelope: payload: string payload-type: string image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string kind: string name: string note-name: string package: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string remediation: string resource-uri: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string update-time: string upgrade: distribution: classification: string cpe-uri: string cve: [string] severity: string package: string parsed-version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cvssv3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string effective-severity: string extra-details: string fix-available: boolean long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation serialized-payload=rebum. Required. The serialized payload that is verified by one or more signatures . ..build.in-toto-slsa-provenance-v1 -type=tempor InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=dolore No description provided. ..run-details.builder id=eos No description provided. version=key=amet. No description provided. the value will be associated with the given key ..metadata finished-on=dolore No description provided. invocation-id=amet No description provided. started-on=ut No description provided. .... predicate-type=at No description provided. ..intoto-provenance.builder-config id=sit No description provided. .. materials=vero The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=duo The timestamp of when the build completed. build-invocation-id=sadipscing Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=ut The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=sea Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=et String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=lorem URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...intoto-statement -type=magna Always https://in-toto.io/Statement/v0.1 . predicate-type=takimata https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=rebum. No description provided. .. materials=at The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=invidunt The timestamp of when the build completed. build-invocation-id=clita Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=stet The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=dolor Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=aliquyam String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=magna URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=diam No description provided. ..metadata build-finished-on=nonumy The timestamp of when the build completed. build-invocation-id=et Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=sanctus The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=at Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=erat String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=justo URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=ipsum No description provided. builder id=accusam No description provided. ..invocation.config-source digest=key=dolores No description provided. the value will be associated with the given key entry-point=consetetur No description provided. uri=no No description provided. ...metadata build-finished-on=justo No description provided. build-invocation-id=sadipscing No description provided. build-started-on=diam No description provided. completeness environment=true No description provided. materials=true No description provided. parameters=true No description provided. .. reproducible=false No description provided. ....provenance build-options=key=kasd Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=amet Version string of the builder at the time this build was executed. create-time=lorem Time at which the build was created. creator=justo E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=invidunt Time at which execution of the build was finished. id=sed Required. Unique identifier of the build. logs-uri=nonumy URI where any logs for this provenance were written. project-id=sea ID of the project. source-provenance artifact-storage-source-uri=ipsum If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=kasd The alias kind. name=justo The alias name. ..repo-id.project-repo-id project-id=ea The ID of the project. repo-name=at The name of the repo. Leave empty for the default repo. .. uid=erat A server-assigned, globally unique identifier. .. revision-id=clita A revision ID. ..gerrit.alias-context kind=vero The alias kind. name=invidunt The alias name. .. gerrit-project=nonumy The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=erat The URI of a running Gerrit instance. revision-id=erat A revision (commit) ID. ..git revision-id=dolores Git commit hash. url=ipsum Git repository URL. .. labels=key=voluptua. Labels with user defined metadata. the value will be associated with the given key ... start-time=eos Time at which execution of the build was started. trigger-id=duo Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=elitr Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. ..compliance non-compliance-reason=consetetur No description provided. .. create-time=et Output only. The time this occurrence was created. deployment address=clita Address of the runtime element hosting this deployment. config=sit Configuration used to create this deployment. deploy-time=takimata Required. Beginning of the lifetime of this deployment. platform=erat Platform hosting this deployment. resource-uri=diam Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=nonumy End of the lifetime of this deployment. user-email=lorem Identity of the user that triggered this deployment. ..discovery.analysis-completed analysis-type=at No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=diam The status of discovery for the resource. analysis-status-error code=9 The status code, which should be an enum value of google.rpc.Code. message=sed A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. archive-time=et Output only. The time occurrences related to this discovery occurrence were archived. continuous-analysis=ea Whether the resource is continuously analyzed. cpe=dolore The CPE of the resource being scanned. last-scan-time=ipsum The last time this resource was scanned. sbom-status error=ea If there was an error generating an SBOM, this will indicate what that error was. sbom-state=at The progress of the SBOM generation. ...dsse-attestation.envelope payload=sit No description provided. payload-type=sit No description provided. ..statement -type=lorem Always https://in-toto.io/Statement/v0.1 . predicate-type=stet https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=duo No description provided. .. materials=elitr The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=aliquyam The timestamp of when the build completed. build-invocation-id=erat Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=ut The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=kasd Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=lorem String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=sit URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=kasd No description provided. ..metadata build-finished-on=tempor The timestamp of when the build completed. build-invocation-id=dolor Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=dolor Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=sadipscing String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=dolor URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=dolor No description provided. builder id=consetetur No description provided. ..invocation.config-source digest=key=et No description provided. the value will be associated with the given key entry-point=sit No description provided. uri=lorem No description provided. ...metadata build-finished-on=nonumy No description provided. build-invocation-id=diam No description provided. build-started-on=ipsum No description provided. completeness environment=true No description provided. materials=false No description provided. parameters=false No description provided. .. reproducible=false No description provided. .....envelope payload=amet No description provided. payload-type=at No description provided. ..image base-resource-url=eirmod Output only. This contains the base image URL for the derived image occurrence. distance=70 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=duo Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=et Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=erat Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ... kind=sit Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=accusam Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=et Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. package architecture=nonumy Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=accusam Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=ut Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=consetetur Required. Output only. The name of the installed package. package-type=dolor Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=54 Used to correct mistakes in the version numbering scheme. full-name=et Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=invidunt Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=sea Required only when version kind is NORMAL. The main part of the version name. revision=duo The iteration of the package build from the above version. ... remediation=sea A description of actions that can be taken to remedy the note. resource-uri=stet Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image. sbom-reference.payload -type=sadipscing Identifier for the schema of the Statement. predicate digest=key=no A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=tempor The location of the SBOM. mime-type=ipsum The mime type of the SBOM. referrer-id=sea The person or system referring this predicate to the consumer. .. predicate-type=sit URI identifying the type of the Predicate. .. payload-type=amet. The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. .. update-time=ipsum Output only. The time this occurrence was last updated. upgrade.distribution classification=at The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85) cpe-uri=vero Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/. cve=takimata The cve tied to this Upgrade. Each invocation of this argument appends the given value to the array. severity=gubergren The severity as specified by the upstream operating system. .. package=et Required for non-Windows OS. The package this Upgrade is for. parsed-version epoch=13 Used to correct mistakes in the version numbering scheme. full-name=magna Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=gubergren Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=elitr Required only when version kind is NORMAL. The main part of the version name. revision=ipsum The iteration of the package build from the above version. ..windows-update description=kasd The localized description of the update. identity revision=67 The revision number of the update. update-id=lorem The revision independent identifier of the update. .. kb-article-ids=amet The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=ipsum The last published timestamp of the update. support-url=lorem The hyperlink to the support information for the update. title=dolores The localized title of the update. ...vulnerability cvss-score=0.040882562684536605 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=accusam No description provided. attack-vector=consetetur Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=takimata No description provided. availability-impact=sed No description provided. base-score=0.08239402616053437 The base score is a function of the base metric scores. confidentiality-impact=sea No description provided. exploitability-score=0.5971313679491855 No description provided. impact-score=0.6147102001911744 No description provided. integrity-impact=sed No description provided. privileges-required=labore No description provided. scope=et No description provided. user-interaction=eirmod No description provided. .. cvss-version=sed Output only. CVSS version used to populate cvss_score and severity. cvssv3 attack-complexity=at No description provided. attack-vector=stet Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=sit No description provided. availability-impact=ipsum No description provided. base-score=0.7454899800701926 The base score is a function of the base metric scores. confidentiality-impact=amet No description provided. exploitability-score=0.1447053339045612 No description provided. impact-score=0.1076976450388556 No description provided. integrity-impact=et No description provided. privileges-required=dolor No description provided. scope=erat No description provided. user-interaction=dolore No description provided. .. effective-severity=vero The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=ea Occurrence-specific extra details about the vulnerability. fix-available=true Output only. Whether at least one of the affected packages has a fix available. long-description=amet. Output only. A detailed description of this vulnerability. severity=eirmod Output only. The note provider assigned severity of this vulnerability. short-description=sanctus Output only. A one sentence description of this vulnerability. type=sed The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). vex-assessment cve=dolor Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=et Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=et Additional details on why this justification was chosen. justification-type=erat The justification type for this vulnerability. .. note-name=eos The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=nonumy Provides the state of this Vulnerability assessment. vulnerability-id=ea The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Create"},{"location":"projects_occurrences-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-create ...","title":"Scopes"},{"location":"projects_occurrences-create/#required-scalar-argument","text":"<parent> (string) Required. The name of the project in the form of projects/[PROJECT_ID] , under which the occurrence is to be created.","title":"Required Scalar Argument"},{"location":"projects_occurrences-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: serialized-payload: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string intoto-provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string intoto-statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string compliance: non-compliance-reason: string create-time: string deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string discovery: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string archive-time: string continuous-analysis: string cpe: string last-scan-time: string sbom-status: error: string sbom-state: string dsse-attestation: envelope: payload: string payload-type: string statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean envelope: payload: string payload-type: string image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string kind: string name: string note-name: string package: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string remediation: string resource-uri: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string update-time: string upgrade: distribution: classification: string cpe-uri: string cve: [string] severity: string package: string parsed-version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cvssv3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string effective-severity: string extra-details: string fix-available: boolean long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation serialized-payload=rebum. Required. The serialized payload that is verified by one or more signatures . ..build.in-toto-slsa-provenance-v1 -type=tempor InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=dolore No description provided. ..run-details.builder id=eos No description provided. version=key=amet. No description provided. the value will be associated with the given key ..metadata finished-on=dolore No description provided. invocation-id=amet No description provided. started-on=ut No description provided. .... predicate-type=at No description provided. ..intoto-provenance.builder-config id=sit No description provided. .. materials=vero The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=duo The timestamp of when the build completed. build-invocation-id=sadipscing Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=ut The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=sea Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=et String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=lorem URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...intoto-statement -type=magna Always https://in-toto.io/Statement/v0.1 . predicate-type=takimata https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=rebum. No description provided. .. materials=at The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=invidunt The timestamp of when the build completed. build-invocation-id=clita Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=stet The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=dolor Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=aliquyam String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=magna URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=diam No description provided. ..metadata build-finished-on=nonumy The timestamp of when the build completed. build-invocation-id=et Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=sanctus The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=at Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=erat String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=justo URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=ipsum No description provided. builder id=accusam No description provided. ..invocation.config-source digest=key=dolores No description provided. the value will be associated with the given key entry-point=consetetur No description provided. uri=no No description provided. ...metadata build-finished-on=justo No description provided. build-invocation-id=sadipscing No description provided. build-started-on=diam No description provided. completeness environment=true No description provided. materials=true No description provided. parameters=true No description provided. .. reproducible=false No description provided. ....provenance build-options=key=kasd Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=amet Version string of the builder at the time this build was executed. create-time=lorem Time at which the build was created. creator=justo E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=invidunt Time at which execution of the build was finished. id=sed Required. Unique identifier of the build. logs-uri=nonumy URI where any logs for this provenance were written. project-id=sea ID of the project. source-provenance artifact-storage-source-uri=ipsum If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=kasd The alias kind. name=justo The alias name. ..repo-id.project-repo-id project-id=ea The ID of the project. repo-name=at The name of the repo. Leave empty for the default repo. .. uid=erat A server-assigned, globally unique identifier. .. revision-id=clita A revision ID. ..gerrit.alias-context kind=vero The alias kind. name=invidunt The alias name. .. gerrit-project=nonumy The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=erat The URI of a running Gerrit instance. revision-id=erat A revision (commit) ID. ..git revision-id=dolores Git commit hash. url=ipsum Git repository URL. .. labels=key=voluptua. Labels with user defined metadata. the value will be associated with the given key ... start-time=eos Time at which execution of the build was started. trigger-id=duo Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=elitr Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. ..compliance non-compliance-reason=consetetur No description provided. .. create-time=et Output only. The time this occurrence was created. deployment address=clita Address of the runtime element hosting this deployment. config=sit Configuration used to create this deployment. deploy-time=takimata Required. Beginning of the lifetime of this deployment. platform=erat Platform hosting this deployment. resource-uri=diam Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=nonumy End of the lifetime of this deployment. user-email=lorem Identity of the user that triggered this deployment. ..discovery.analysis-completed analysis-type=at No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=diam The status of discovery for the resource. analysis-status-error code=9 The status code, which should be an enum value of google.rpc.Code. message=sed A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. archive-time=et Output only. The time occurrences related to this discovery occurrence were archived. continuous-analysis=ea Whether the resource is continuously analyzed. cpe=dolore The CPE of the resource being scanned. last-scan-time=ipsum The last time this resource was scanned. sbom-status error=ea If there was an error generating an SBOM, this will indicate what that error was. sbom-state=at The progress of the SBOM generation. ...dsse-attestation.envelope payload=sit No description provided. payload-type=sit No description provided. ..statement -type=lorem Always https://in-toto.io/Statement/v0.1 . predicate-type=stet https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=duo No description provided. .. materials=elitr The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=aliquyam The timestamp of when the build completed. build-invocation-id=erat Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=ut The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=kasd Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=lorem String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=sit URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=kasd No description provided. ..metadata build-finished-on=tempor The timestamp of when the build completed. build-invocation-id=dolor Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=dolor Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=sadipscing String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=dolor URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=dolor No description provided. builder id=consetetur No description provided. ..invocation.config-source digest=key=et No description provided. the value will be associated with the given key entry-point=sit No description provided. uri=lorem No description provided. ...metadata build-finished-on=nonumy No description provided. build-invocation-id=diam No description provided. build-started-on=ipsum No description provided. completeness environment=true No description provided. materials=false No description provided. parameters=false No description provided. .. reproducible=false No description provided. .....envelope payload=amet No description provided. payload-type=at No description provided. ..image base-resource-url=eirmod Output only. This contains the base image URL for the derived image occurrence. distance=70 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=duo Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=et Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=erat Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ... kind=sit Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=accusam Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=et Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. package architecture=nonumy Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=accusam Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=ut Comments expression=voluptua. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=consetetur Required. Output only. The name of the installed package. package-type=dolor Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=54 Used to correct mistakes in the version numbering scheme. full-name=et Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=invidunt Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=sea Required only when version kind is NORMAL. The main part of the version name. revision=duo The iteration of the package build from the above version. ... remediation=sea A description of actions that can be taken to remedy the note. resource-uri=stet Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image. sbom-reference.payload -type=sadipscing Identifier for the schema of the Statement. predicate digest=key=no A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=tempor The location of the SBOM. mime-type=ipsum The mime type of the SBOM. referrer-id=sea The person or system referring this predicate to the consumer. .. predicate-type=sit URI identifying the type of the Predicate. .. payload-type=amet. The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. .. update-time=ipsum Output only. The time this occurrence was last updated. upgrade.distribution classification=at The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85) cpe-uri=vero Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/. cve=takimata The cve tied to this Upgrade. Each invocation of this argument appends the given value to the array. severity=gubergren The severity as specified by the upstream operating system. .. package=et Required for non-Windows OS. The package this Upgrade is for. parsed-version epoch=13 Used to correct mistakes in the version numbering scheme. full-name=magna Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=false Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=gubergren Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=elitr Required only when version kind is NORMAL. The main part of the version name. revision=ipsum The iteration of the package build from the above version. ..windows-update description=kasd The localized description of the update. identity revision=67 The revision number of the update. update-id=lorem The revision independent identifier of the update. .. kb-article-ids=amet The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=ipsum The last published timestamp of the update. support-url=lorem The hyperlink to the support information for the update. title=dolores The localized title of the update. ...vulnerability cvss-score=0.040882562684536605 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=accusam No description provided. attack-vector=consetetur Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=takimata No description provided. availability-impact=sed No description provided. base-score=0.08239402616053437 The base score is a function of the base metric scores. confidentiality-impact=sea No description provided. exploitability-score=0.5971313679491855 No description provided. impact-score=0.6147102001911744 No description provided. integrity-impact=sed No description provided. privileges-required=labore No description provided. scope=et No description provided. user-interaction=eirmod No description provided. .. cvss-version=sed Output only. CVSS version used to populate cvss_score and severity. cvssv3 attack-complexity=at No description provided. attack-vector=stet Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=sit No description provided. availability-impact=ipsum No description provided. base-score=0.7454899800701926 The base score is a function of the base metric scores. confidentiality-impact=amet No description provided. exploitability-score=0.1447053339045612 No description provided. impact-score=0.1076976450388556 No description provided. integrity-impact=et No description provided. privileges-required=dolor No description provided. scope=erat No description provided. user-interaction=dolore No description provided. .. effective-severity=vero The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=ea Occurrence-specific extra details about the vulnerability. fix-available=true Output only. Whether at least one of the affected packages has a fix available. long-description=amet. Output only. A detailed description of this vulnerability. severity=eirmod Output only. The note provider assigned severity of this vulnerability. short-description=sanctus Output only. A one sentence description of this vulnerability. type=sed The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). vex-assessment cve=dolor Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=et Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=et Additional details on why this justification was chosen. justification-type=erat The justification type for this vulnerability. .. note-name=eos The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=nonumy Provides the state of this Vulnerability assessment. vulnerability-id=ea The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.","title":"Required Request Value"},{"location":"projects_occurrences-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-delete/","text":"Deletes the specified occurrence. For example, use this method to delete an occurrence when the occurrence is no longer applicable for the given resource. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-delete ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Delete"},{"location":"projects_occurrences-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-delete ...","title":"Scopes"},{"location":"projects_occurrences-delete/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-iam-policy/","text":"Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=69 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Iam Policy"},{"location":"projects_occurrences-get-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-iam-policy ...","title":"Scopes"},{"location":"projects_occurrences-get-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=69 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_occurrences-get-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-get-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-notes/","text":"Gets the note attached to the specified occurrence. Consumer projects can use this method to get a note that belongs to a provider project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-notes ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Notes"},{"location":"projects_occurrences-get-notes/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-notes ...","title":"Scopes"},{"location":"projects_occurrences-get-notes/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-notes/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-notes/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get-vulnerability-summary/","text":"Gets a summary of the number and severity of occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-vulnerability-summary ... Required Scalar Argument <parent> (string) Required. The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get Vulnerability Summary"},{"location":"projects_occurrences-get-vulnerability-summary/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get-vulnerability-summary ...","title":"Scopes"},{"location":"projects_occurrences-get-vulnerability-summary/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression.","title":"Optional Method Properties"},{"location":"projects_occurrences-get-vulnerability-summary/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-get/","text":"Gets the specified occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Get"},{"location":"projects_occurrences-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-get ...","title":"Scopes"},{"location":"projects_occurrences-get/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-list/","text":"Lists occurrences for the specified project. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-list ... Required Scalar Argument <parent> (string) Required. The name of the project to list occurrences for in the form of projects/[PROJECT_ID] . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences List"},{"location":"projects_occurrences-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-list ...","title":"Scopes"},{"location":"projects_occurrences-list/#required-scalar-argument","text":"<parent> (string) Required. The name of the project to list occurrences for in the form of projects/[PROJECT_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The filter expression. -p page-size=integer Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20. -p page-token=string Token to provide to skip to a particular spot in the list.","title":"Optional Method Properties"},{"location":"projects_occurrences-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-patch/","text":"Updates the specified occurrence. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-patch ... Required Scalar Argument <name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: serialized-payload: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string intoto-provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string intoto-statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string compliance: non-compliance-reason: string create-time: string deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string discovery: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string archive-time: string continuous-analysis: string cpe: string last-scan-time: string sbom-status: error: string sbom-state: string dsse-attestation: envelope: payload: string payload-type: string statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean envelope: payload: string payload-type: string image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string kind: string name: string note-name: string package: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string remediation: string resource-uri: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string update-time: string upgrade: distribution: classification: string cpe-uri: string cve: [string] severity: string package: string parsed-version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cvssv3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string effective-severity: string extra-details: string fix-available: boolean long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation serialized-payload=nonumy Required. The serialized payload that is verified by one or more signatures . ..build.in-toto-slsa-provenance-v1 -type=stet InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=rebum. No description provided. ..run-details.builder id=eirmod No description provided. version=key=dolores No description provided. the value will be associated with the given key ..metadata finished-on=aliquyam No description provided. invocation-id=sanctus No description provided. started-on=invidunt No description provided. .... predicate-type=dolor No description provided. ..intoto-provenance.builder-config id=eos No description provided. .. materials=magna The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=no The timestamp of when the build completed. build-invocation-id=gubergren Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=erat The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=justo Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=lorem String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=labore URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...intoto-statement -type=gubergren Always https://in-toto.io/Statement/v0.1 . predicate-type=vero https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=ea No description provided. .. materials=sed The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=sanctus The timestamp of when the build completed. build-invocation-id=labore Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=voluptua. Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=sea String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=ipsum URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=sea No description provided. ..metadata build-finished-on=et The timestamp of when the build completed. build-invocation-id=gubergren Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=dolore The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=sed Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=no String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=stet URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=sea No description provided. builder id=clita No description provided. ..invocation.config-source digest=key=consetetur No description provided. the value will be associated with the given key entry-point=dolores No description provided. uri=sit No description provided. ...metadata build-finished-on=sea No description provided. build-invocation-id=sanctus No description provided. build-started-on=kasd No description provided. completeness environment=false No description provided. materials=true No description provided. parameters=true No description provided. .. reproducible=false No description provided. ....provenance build-options=key=sea Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=sadipscing Version string of the builder at the time this build was executed. create-time=dolore Time at which the build was created. creator=amet E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=invidunt Time at which execution of the build was finished. id=invidunt Required. Unique identifier of the build. logs-uri=dolores URI where any logs for this provenance were written. project-id=diam ID of the project. source-provenance artifact-storage-source-uri=sanctus If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=sed The alias kind. name=eos The alias name. ..repo-id.project-repo-id project-id=sit The ID of the project. repo-name=et The name of the repo. Leave empty for the default repo. .. uid=ea A server-assigned, globally unique identifier. .. revision-id=dolor A revision ID. ..gerrit.alias-context kind=sadipscing The alias kind. name=diam The alias name. .. gerrit-project=at The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=at The URI of a running Gerrit instance. revision-id=kasd A revision (commit) ID. ..git revision-id=magna Git commit hash. url=amet. Git repository URL. .. labels=key=est Labels with user defined metadata. the value will be associated with the given key ... start-time=gubergren Time at which execution of the build was started. trigger-id=eos Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=dolore Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. ..compliance non-compliance-reason=tempor No description provided. .. create-time=stet Output only. The time this occurrence was created. deployment address=accusam Address of the runtime element hosting this deployment. config=et Configuration used to create this deployment. deploy-time=dolor Required. Beginning of the lifetime of this deployment. platform=diam Platform hosting this deployment. resource-uri=elitr Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=sea End of the lifetime of this deployment. user-email=vero Identity of the user that triggered this deployment. ..discovery.analysis-completed analysis-type=et No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=lorem The status of discovery for the resource. analysis-status-error code=48 The status code, which should be an enum value of google.rpc.Code. message=lorem A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. archive-time=amet. Output only. The time occurrences related to this discovery occurrence were archived. continuous-analysis=diam Whether the resource is continuously analyzed. cpe=diam The CPE of the resource being scanned. last-scan-time=et The last time this resource was scanned. sbom-status error=takimata If there was an error generating an SBOM, this will indicate what that error was. sbom-state=et The progress of the SBOM generation. ...dsse-attestation.envelope payload=dolores No description provided. payload-type=dolores No description provided. ..statement -type=diam Always https://in-toto.io/Statement/v0.1 . predicate-type=ea https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=sea No description provided. .. materials=dolore The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=dolores The timestamp of when the build completed. build-invocation-id=invidunt Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=tempor The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=et Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=labore String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=labore URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=et No description provided. ..metadata build-finished-on=aliquyam The timestamp of when the build completed. build-invocation-id=ut Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet. The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=eirmod Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=amet. String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=takimata URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=amet. No description provided. builder id=et No description provided. ..invocation.config-source digest=key=labore No description provided. the value will be associated with the given key entry-point=sed No description provided. uri=sit No description provided. ...metadata build-finished-on=sit No description provided. build-invocation-id=invidunt No description provided. build-started-on=elitr No description provided. completeness environment=false No description provided. materials=false No description provided. parameters=false No description provided. .. reproducible=false No description provided. .....envelope payload=no No description provided. payload-type=sit No description provided. ..image base-resource-url=est Output only. This contains the base image URL for the derived image occurrence. distance=7 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=et Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=consetetur Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=at Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ... kind=et Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=accusam Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=sit Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. package architecture=voluptua. Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=kasd Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=no Comments expression=amet. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=aliquyam Required. Output only. The name of the installed package. package-type=accusam Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=43 Used to correct mistakes in the version numbering scheme. full-name=duo Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=eos Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=no Required only when version kind is NORMAL. The main part of the version name. revision=kasd The iteration of the package build from the above version. ... remediation=sanctus A description of actions that can be taken to remedy the note. resource-uri=gubergren Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image. sbom-reference.payload -type=accusam Identifier for the schema of the Statement. predicate digest=key=lorem A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=dolor The location of the SBOM. mime-type=sanctus The mime type of the SBOM. referrer-id=sea The person or system referring this predicate to the consumer. .. predicate-type=diam URI identifying the type of the Predicate. .. payload-type=amet The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. .. update-time=magna Output only. The time this occurrence was last updated. upgrade.distribution classification=accusam The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85) cpe-uri=lorem Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/. cve=tempor The cve tied to this Upgrade. Each invocation of this argument appends the given value to the array. severity=consetetur The severity as specified by the upstream operating system. .. package=amet Required for non-Windows OS. The package this Upgrade is for. parsed-version epoch=51 Used to correct mistakes in the version numbering scheme. full-name=et Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=dolor Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=duo Required only when version kind is NORMAL. The main part of the version name. revision=diam The iteration of the package build from the above version. ..windows-update description=et The localized description of the update. identity revision=0 The revision number of the update. update-id=no The revision independent identifier of the update. .. kb-article-ids=sea The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=et The last published timestamp of the update. support-url=voluptua. The hyperlink to the support information for the update. title=ipsum The localized title of the update. ...vulnerability cvss-score=0.2666559945853675 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=eos No description provided. attack-vector=vero Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=sanctus No description provided. availability-impact=dolores No description provided. base-score=0.45119915289294743 The base score is a function of the base metric scores. confidentiality-impact=sed No description provided. exploitability-score=0.001595441516040963 No description provided. impact-score=0.6380468999017728 No description provided. integrity-impact=no No description provided. privileges-required=sadipscing No description provided. scope=sit No description provided. user-interaction=duo No description provided. .. cvss-version=stet Output only. CVSS version used to populate cvss_score and severity. cvssv3 attack-complexity=diam No description provided. attack-vector=accusam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=dolore No description provided. availability-impact=eirmod No description provided. base-score=0.3933268421172649 The base score is a function of the base metric scores. confidentiality-impact=est No description provided. exploitability-score=0.049386894448035235 No description provided. impact-score=0.013416310990004843 No description provided. integrity-impact=et No description provided. privileges-required=ut No description provided. scope=et No description provided. user-interaction=et No description provided. .. effective-severity=at The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=sed Occurrence-specific extra details about the vulnerability. fix-available=true Output only. Whether at least one of the affected packages has a fix available. long-description=sadipscing Output only. A detailed description of this vulnerability. severity=voluptua. Output only. The note provider assigned severity of this vulnerability. short-description=et Output only. A one sentence description of this vulnerability. type=clita The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). vex-assessment cve=sit Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=rebum. Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sanctus Additional details on why this justification was chosen. justification-type=no The justification type for this vulnerability. .. note-name=stet The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=diam Provides the state of this Vulnerability assessment. vulnerability-id=ipsum The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Patch"},{"location":"projects_occurrences-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-patch ...","title":"Scopes"},{"location":"projects_occurrences-patch/#required-scalar-argument","text":"<name> (string) Required. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] .","title":"Required Scalar Argument"},{"location":"projects_occurrences-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: Occurrence: attestation: serialized-payload: string build: in-toto-slsa-provenance-v1: -type: string predicate: build-definition: build-type: string run-details: builder: id: string version: { string: string } metadata: finished-on: string invocation-id: string started-on: string predicate-type: string intoto-provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string intoto-statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean provenance: build-options: { string: string } builder-version: string create-time: string creator: string end-time: string id: string logs-uri: string project-id: string source-provenance: artifact-storage-source-uri: string context: cloud-repo: alias-context: kind: string name: string repo-id: project-repo-id: project-id: string repo-name: string uid: string revision-id: string gerrit: alias-context: kind: string name: string gerrit-project: string host-uri: string revision-id: string git: revision-id: string url: string labels: { string: string } start-time: string trigger-id: string provenance-bytes: string compliance: non-compliance-reason: string create-time: string deployment: address: string config: string deploy-time: string platform: string resource-uri: [string] undeploy-time: string user-email: string discovery: analysis-completed: analysis-type: [string] analysis-status: string analysis-status-error: code: integer message: string archive-time: string continuous-analysis: string cpe: string last-scan-time: string sbom-status: error: string sbom-state: string dsse-attestation: envelope: payload: string payload-type: string statement: -type: string predicate-type: string provenance: builder-config: id: string materials: [string] metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance: builder: id: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: arguments: boolean environment: boolean materials: boolean reproducible: boolean recipe: defined-in-material: string entry-point: string type: string slsa-provenance-zero-two: build-type: string builder: id: string invocation: config-source: digest: { string: string } entry-point: string uri: string metadata: build-finished-on: string build-invocation-id: string build-started-on: string completeness: environment: boolean materials: boolean parameters: boolean reproducible: boolean envelope: payload: string payload-type: string image: base-resource-url: string distance: integer fingerprint: v1-name: string v2-blob: [string] v2-name: string kind: string name: string note-name: string package: architecture: string cpe-uri: string license: comments: string expression: string name: string package-type: string version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string remediation: string resource-uri: string sbom-reference: payload: -type: string predicate: digest: { string: string } location: string mime-type: string referrer-id: string predicate-type: string payload-type: string update-time: string upgrade: distribution: classification: string cpe-uri: string cve: [string] severity: string package: string parsed-version: epoch: integer full-name: string inclusive: boolean kind: string name: string revision: string windows-update: description: string identity: revision: integer update-id: string kb-article-ids: [string] last-published-timestamp: string support-url: string title: string vulnerability: cvss-score: number cvss-v2: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string cvss-version: string cvssv3: attack-complexity: string attack-vector: string authentication: string availability-impact: string base-score: number confidentiality-impact: string exploitability-score: number impact-score: number integrity-impact: string privileges-required: string scope: string user-interaction: string effective-severity: string extra-details: string fix-available: boolean long-description: string severity: string short-description: string type: string vex-assessment: cve: string impacts: [string] justification: details: string justification-type: string note-name: string state: string vulnerability-id: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .attestation serialized-payload=nonumy Required. The serialized payload that is verified by one or more signatures . ..build.in-toto-slsa-provenance-v1 -type=stet InToto spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement predicate.build-definition build-type=rebum. No description provided. ..run-details.builder id=eirmod No description provided. version=key=dolores No description provided. the value will be associated with the given key ..metadata finished-on=aliquyam No description provided. invocation-id=sanctus No description provided. started-on=invidunt No description provided. .... predicate-type=dolor No description provided. ..intoto-provenance.builder-config id=eos No description provided. .. materials=magna The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=no The timestamp of when the build completed. build-invocation-id=gubergren Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=erat The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=justo Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=lorem String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=labore URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...intoto-statement -type=gubergren Always https://in-toto.io/Statement/v0.1 . predicate-type=vero https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=ea No description provided. .. materials=sed The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=sanctus The timestamp of when the build completed. build-invocation-id=labore Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=false If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=voluptua. Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=sea String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=ipsum URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=sea No description provided. ..metadata build-finished-on=et The timestamp of when the build completed. build-invocation-id=gubergren Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=dolore The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=sed Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=no String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=stet URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=sea No description provided. builder id=clita No description provided. ..invocation.config-source digest=key=consetetur No description provided. the value will be associated with the given key entry-point=dolores No description provided. uri=sit No description provided. ...metadata build-finished-on=sea No description provided. build-invocation-id=sanctus No description provided. build-started-on=kasd No description provided. completeness environment=false No description provided. materials=true No description provided. parameters=true No description provided. .. reproducible=false No description provided. ....provenance build-options=key=sea Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. the value will be associated with the given key builder-version=sadipscing Version string of the builder at the time this build was executed. create-time=dolore Time at which the build was created. creator=amet E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. end-time=invidunt Time at which execution of the build was finished. id=invidunt Required. Unique identifier of the build. logs-uri=dolores URI where any logs for this provenance were written. project-id=diam ID of the project. source-provenance artifact-storage-source-uri=sanctus If provided, the input binary artifacts for the build came from this location. context.cloud-repo.alias-context kind=sed The alias kind. name=eos The alias name. ..repo-id.project-repo-id project-id=sit The ID of the project. repo-name=et The name of the repo. Leave empty for the default repo. .. uid=ea A server-assigned, globally unique identifier. .. revision-id=dolor A revision ID. ..gerrit.alias-context kind=sadipscing The alias kind. name=diam The alias name. .. gerrit-project=at The full project name within the host. Projects may be nested, so \"project/subproject\" is a valid project name. The \"repo name\" is the hostURI/project. host-uri=at The URI of a running Gerrit instance. revision-id=kasd A revision (commit) ID. ..git revision-id=magna Git commit hash. url=amet. Git repository URL. .. labels=key=est Labels with user defined metadata. the value will be associated with the given key ... start-time=gubergren Time at which execution of the build was started. trigger-id=eos Trigger identifier if the build was triggered automatically; empty if not. .. provenance-bytes=dolore Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, provenance_bytes can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes. ..compliance non-compliance-reason=tempor No description provided. .. create-time=stet Output only. The time this occurrence was created. deployment address=accusam Address of the runtime element hosting this deployment. config=et Configuration used to create this deployment. deploy-time=dolor Required. Beginning of the lifetime of this deployment. platform=diam Platform hosting this deployment. resource-uri=elitr Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name. Each invocation of this argument appends the given value to the array. undeploy-time=sea End of the lifetime of this deployment. user-email=vero Identity of the user that triggered this deployment. ..discovery.analysis-completed analysis-type=et No description provided. Each invocation of this argument appends the given value to the array. .. analysis-status=lorem The status of discovery for the resource. analysis-status-error code=48 The status code, which should be an enum value of google.rpc.Code. message=lorem A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. .. archive-time=amet. Output only. The time occurrences related to this discovery occurrence were archived. continuous-analysis=diam Whether the resource is continuously analyzed. cpe=diam The CPE of the resource being scanned. last-scan-time=et The last time this resource was scanned. sbom-status error=takimata If there was an error generating an SBOM, this will indicate what that error was. sbom-state=et The progress of the SBOM generation. ...dsse-attestation.envelope payload=dolores No description provided. payload-type=dolores No description provided. ..statement -type=diam Always https://in-toto.io/Statement/v0.1 . predicate-type=ea https://slsa.dev/provenance/v0.1 for SlsaProvenance. provenance.builder-config id=sea No description provided. .. materials=dolore The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty. Each invocation of this argument appends the given value to the array. metadata build-finished-on=dolores The timestamp of when the build completed. build-invocation-id=invidunt Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=tempor The timestamp of when the build started. completeness arguments=false If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=false If true, the builder claims that recipe.environment is claimed to be complete. materials=true If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=et Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=labore String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=labore URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance.builder id=et No description provided. ..metadata build-finished-on=aliquyam The timestamp of when the build completed. build-invocation-id=ut Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec. build-started-on=amet. The timestamp of when the build started. completeness arguments=true If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe. environment=true If true, the builder claims that recipe.environment is claimed to be complete. materials=false If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\". .. reproducible=true If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output. ..recipe defined-in-material=eirmod Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64. entry-point=amet. String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use. type=takimata URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials. ...slsa-provenance-zero-two build-type=amet. No description provided. builder id=et No description provided. ..invocation.config-source digest=key=labore No description provided. the value will be associated with the given key entry-point=sed No description provided. uri=sit No description provided. ...metadata build-finished-on=sit No description provided. build-invocation-id=invidunt No description provided. build-started-on=elitr No description provided. completeness environment=false No description provided. materials=false No description provided. parameters=false No description provided. .. reproducible=false No description provided. .....envelope payload=no No description provided. payload-type=sit No description provided. ..image base-resource-url=est Output only. This contains the base image URL for the derived image occurrence. distance=7 Output only. The number of layers by which this image differs from the associated image basis. fingerprint v1-name=et Required. The layer ID of the final layer in the Docker image's v1 representation. v2-blob=consetetur Required. The ordered list of v2 blobs that represent a given image. Each invocation of this argument appends the given value to the array. v2-name=at Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + \" \" + v2_name[N+1]) Only the name of the final blob is kept. ... kind=et Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. name=accusam Output only. The name of the occurrence in the form of projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] . note-name=sit Required. Immutable. The analysis note associated with this occurrence, in the form of projects/[PROVIDER_ID]/notes/[NOTE_ID] . This field can be used as a filter in list requests. package architecture=voluptua. Output only. The CPU architecture for which packages in this distribution channel were built. Architecture will be blank for language packages. cpe-uri=kasd Output only. The cpe_uri in CPE format denoting the package manager version distributing a package. The cpe_uri will be blank for language packages. license comments=no Comments expression=amet. Often a single license can be used to represent the licensing terms. Sometimes it is necessary to include a choice of one or more licenses or some combination of license identifiers. Examples: \"LGPL-2.1-only OR MIT\", \"LGPL-2.1-only AND MIT\", \"GPL-2.0-or-later WITH Bison-exception-2.2\". .. name=aliquyam Required. Output only. The name of the installed package. package-type=accusam Output only. The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). version epoch=43 Used to correct mistakes in the version numbering scheme. full-name=duo Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=eos Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=no Required only when version kind is NORMAL. The main part of the version name. revision=kasd The iteration of the package build from the above version. ... remediation=sanctus A description of actions that can be taken to remedy the note. resource-uri=gubergren Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image. sbom-reference.payload -type=accusam Identifier for the schema of the Statement. predicate digest=key=lorem A map of algorithm to digest of the contents of the SBOM. the value will be associated with the given key location=dolor The location of the SBOM. mime-type=sanctus The mime type of the SBOM. referrer-id=sea The person or system referring this predicate to the consumer. .. predicate-type=diam URI identifying the type of the Predicate. .. payload-type=amet The kind of payload that SbomReferenceIntotoPayload takes. Since it's in the intoto format, this value is expected to be 'application/vnd.in-toto+json'. .. update-time=magna Output only. The time this occurrence was last updated. upgrade.distribution classification=accusam The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85) cpe-uri=lorem Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/. cve=tempor The cve tied to this Upgrade. Each invocation of this argument appends the given value to the array. severity=consetetur The severity as specified by the upstream operating system. .. package=amet Required for non-Windows OS. The package this Upgrade is for. parsed-version epoch=51 Used to correct mistakes in the version numbering scheme. full-name=et Human readable version string. This string is of the form :- and is only set when kind is NORMAL. inclusive=true Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range. kind=dolor Required. Distinguishes between sentinel MIN/MAX versions and normal versions. name=duo Required only when version kind is NORMAL. The main part of the version name. revision=diam The iteration of the package build from the above version. ..windows-update description=et The localized description of the update. identity revision=0 The revision number of the update. update-id=no The revision independent identifier of the update. .. kb-article-ids=sea The Microsoft Knowledge Base article IDs that are associated with the update. Each invocation of this argument appends the given value to the array. last-published-timestamp=et The last published timestamp of the update. support-url=voluptua. The hyperlink to the support information for the update. title=ipsum The localized title of the update. ...vulnerability cvss-score=0.2666559945853675 Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvss-v2 attack-complexity=eos No description provided. attack-vector=vero Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=sanctus No description provided. availability-impact=dolores No description provided. base-score=0.45119915289294743 The base score is a function of the base metric scores. confidentiality-impact=sed No description provided. exploitability-score=0.001595441516040963 No description provided. impact-score=0.6380468999017728 No description provided. integrity-impact=no No description provided. privileges-required=sadipscing No description provided. scope=sit No description provided. user-interaction=duo No description provided. .. cvss-version=stet Output only. CVSS version used to populate cvss_score and severity. cvssv3 attack-complexity=diam No description provided. attack-vector=accusam Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. authentication=dolore No description provided. availability-impact=eirmod No description provided. base-score=0.3933268421172649 The base score is a function of the base metric scores. confidentiality-impact=est No description provided. exploitability-score=0.049386894448035235 No description provided. impact-score=0.013416310990004843 No description provided. integrity-impact=et No description provided. privileges-required=ut No description provided. scope=et No description provided. user-interaction=et No description provided. .. effective-severity=at The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues. extra-details=sed Occurrence-specific extra details about the vulnerability. fix-available=true Output only. Whether at least one of the affected packages has a fix available. long-description=sadipscing Output only. A detailed description of this vulnerability. severity=voluptua. Output only. The note provider assigned severity of this vulnerability. short-description=et Output only. A one sentence description of this vulnerability. type=clita The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). vex-assessment cve=sit Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. impacts=rebum. Contains information about the impact of this vulnerability, this will change with time. Each invocation of this argument appends the given value to the array. justification details=sanctus Additional details on why this justification was chosen. justification-type=no The justification type for this vulnerability. .. note-name=stet The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: projects/[PROJECT_ID]/notes/[NOTE_ID] . state=diam Provides the state of this Vulnerability assessment. vulnerability-id=ipsum The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.","title":"Required Request Value"},{"location":"projects_occurrences-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string The fields to update.","title":"Optional Method Properties"},{"location":"projects_occurrences-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-set-iam-policy/","text":"Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively. The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-set-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=eos etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=70 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Set Iam Policy"},{"location":"projects_occurrences-set-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-set-iam-policy ...","title":"Scopes"},{"location":"projects_occurrences-set-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-set-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=eos etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=70 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"projects_occurrences-set-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-set-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-set-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_occurrences-test-iam-permissions/","text":"Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list ). The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=at The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Occurrences Test Iam Permissions"},{"location":"projects_occurrences-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects occurrences-test-iam-permissions ...","title":"Scopes"},{"location":"projects_occurrences-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"projects_occurrences-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=at The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"projects_occurrences-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_occurrences-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_occurrences-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"projects_resources-export-sbom/","text":"Generates an SBOM for the given resource. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects resources-export-sbom ... Required Scalar Argument <name> (string) Required. The name of the resource in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ExportSBOMRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Resources Export Sbom"},{"location":"projects_resources-export-sbom/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: containeranalysis1 --scope <scope> projects resources-export-sbom ...","title":"Scopes"},{"location":"projects_resources-export-sbom/#required-scalar-argument","text":"<name> (string) Required. The name of the resource in the form of projects/[PROJECT_ID]/resources/[RESOURCE_URL] .","title":"Required Scalar Argument"},{"location":"projects_resources-export-sbom/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ExportSBOMRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"projects_resources-export-sbom/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"projects_resources-export-sbom/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"projects_resources-export-sbom/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"}]} |