Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	NoteKind_name = map[int32]string{
		0: "NOTE_KIND_UNSPECIFIED",
		1: "VULNERABILITY",
		2: "BUILD",
		3: "IMAGE",
		4: "PACKAGE",
		5: "DEPLOYMENT",
		6: "DISCOVERY",
		7: "ATTESTATION",
	}
	NoteKind_value = map[string]int32{
		"NOTE_KIND_UNSPECIFIED": 0,
		"VULNERABILITY":         1,
		"BUILD":                 2,
		"IMAGE":                 3,
		"PACKAGE":               4,
		"DEPLOYMENT":            5,
		"DISCOVERY":             6,
		"ATTESTATION":           7,
	}
)

Enum value maps for NoteKind.

View Source
var File_google_devtools_containeranalysis_v1beta1_common_common_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type NoteKind

type NoteKind int32

Kind represents the kinds of notes supported.

const (
	// Unknown.
	NoteKind_NOTE_KIND_UNSPECIFIED NoteKind = 0
	// The note and occurrence represent a package vulnerability.
	NoteKind_VULNERABILITY NoteKind = 1
	// The note and occurrence assert build provenance.
	NoteKind_BUILD NoteKind = 2
	// This represents an image basis relationship.
	NoteKind_IMAGE NoteKind = 3
	// This represents a package installed via a package manager.
	NoteKind_PACKAGE NoteKind = 4
	// The note and occurrence track deployment events.
	NoteKind_DEPLOYMENT NoteKind = 5
	// The note and occurrence track the initial discovery status of a resource.
	NoteKind_DISCOVERY NoteKind = 6
	// This represents a logical "role" that can attest to artifacts.
	NoteKind_ATTESTATION NoteKind = 7
)

func (NoteKind) Descriptor

func (NoteKind) Descriptor() protoreflect.EnumDescriptor

func (NoteKind) Enum

func (x NoteKind) Enum() *NoteKind

func (NoteKind) EnumDescriptor

func (NoteKind) EnumDescriptor() ([]byte, []int)

Deprecated: Use NoteKind.Descriptor instead.

func (NoteKind) Number

func (x NoteKind) Number() protoreflect.EnumNumber

func (NoteKind) String

func (x NoteKind) String() string

func (NoteKind) Type

type RelatedUrl

type RelatedUrl struct {

	// Specific URL associated with the resource.
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// Label to describe usage of the URL.
	Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty"`
	// contains filtered or unexported fields
}

Metadata for any related URL information.

func (*RelatedUrl) Descriptor

func (*RelatedUrl) Descriptor() ([]byte, []int)

Deprecated: Use RelatedUrl.ProtoReflect.Descriptor instead.

func (*RelatedUrl) GetLabel

func (x *RelatedUrl) GetLabel() string

func (*RelatedUrl) GetUrl

func (x *RelatedUrl) GetUrl() string

func (*RelatedUrl) ProtoMessage

func (*RelatedUrl) ProtoMessage()

func (*RelatedUrl) ProtoReflect

func (x *RelatedUrl) ProtoReflect() protoreflect.Message

func (*RelatedUrl) Reset

func (x *RelatedUrl) Reset()

func (*RelatedUrl) String

func (x *RelatedUrl) String() string

type Signature

type Signature struct {

	// The content of the signature, an opaque bytestring.
	// The payload that this signature verifies MUST be unambiguously provided
	// with the Signature during verification. A wrapper message might provide
	// the payload explicitly. Alternatively, a message might have a canonical
	// serialization that can always be unambiguously computed to derive the
	// payload.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// The identifier for the public key that verifies this signature.
	//   * The `public_key_id` is required.
	//   * The `public_key_id` MUST be an RFC3986 conformant URI.
	//   * When possible, the `public_key_id` SHOULD be an immutable reference,
	//     such as a cryptographic digest.
	//
	// Examples of valid `public_key_id`s:
	//
	// OpenPGP V4 public key fingerprint:
	//   * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
	// See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
	// details on this scheme.
	//
	// RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
	// serialization):
	//   * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
	//   * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
	PublicKeyId string `protobuf:"bytes,2,opt,name=public_key_id,json=publicKeyId,proto3" json:"public_key_id,omitempty"`
	// contains filtered or unexported fields
}

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm).

In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:

* The `public_key_id` is not recognized by the verifier.
* The public key that `public_key_id` refers to does not verify the
  signature with respect to the payload.

The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

func (*Signature) Descriptor

func (*Signature) Descriptor() ([]byte, []int)

Deprecated: Use Signature.ProtoReflect.Descriptor instead.

func (*Signature) GetPublicKeyId

func (x *Signature) GetPublicKeyId() string

func (*Signature) GetSignature

func (x *Signature) GetSignature() []byte

func (*Signature) ProtoMessage

func (*Signature) ProtoMessage()

func (*Signature) ProtoReflect

func (x *Signature) ProtoReflect() protoreflect.Message

func (*Signature) Reset

func (x *Signature) Reset()

func (*Signature) String

func (x *Signature) String() string

Source Files