feat(ondemandscanning): update the api

#### ondemandscanning:v1 The following keys were deleted: - schemas.Binary (Total Keys: 4) - schemas.PackageData.properties.binary.$ref (Total Keys: 1) The following keys were added: - schemas.Occurrence.properties.sbomReference.$ref (Total Keys: 1) - schemas.PackageData.properties.binaryVersion.$ref (Total Keys: 1) - schemas.PackageData.properties.sourceVersion.$ref (Total Keys: 1) - schemas.PackageVersion (Total Keys: 4) - schemas.SBOMReferenceOccurrence (Total Keys: 6) - schemas.SbomReferenceIntotoPayload (Total Keys: 7) - schemas.SbomReferenceIntotoPredicate (Total Keys: 7) #### ondemandscanning:v1beta1 The following keys were deleted: - schemas.Binary (Total Keys: 4) - schemas.PackageData.properties.binary.$ref (Total Keys: 1) The following keys were added: - schemas.Occurrence.properties.sbomReference.$ref (Total Keys: 1) - schemas.PackageData.properties.binaryVersion.$ref (Total Keys: 1) - schemas.PackageData.properties.sourceVersion.$ref (Total Keys: 1) - schemas.PackageVersion (Total Keys: 4) - schemas.SBOMReferenceOccurrence (Total Keys: 6) - schemas.SbomReferenceIntotoPayload (Total Keys: 7) - schemas.SbomReferenceIntotoPredicate (Total Keys: 7)
googleapis · May 24, 2023 · 9225ac7 · 9225ac7
1 parent c1311fc
commit 9225ac7
Show file tree

Hide file tree

Showing 6 changed files with 306 additions and 44 deletions.
diff --git a/docs/dyn/ondemandscanning_v1.projects.locations.scans.html b/docs/dyn/ondemandscanning_v1.projects.locations.scans.html
@@ -100,7 +100,7 @@ <h3>Method Details</h3>
   &quot;packages&quot;: [ # The packages to analyze.
     {
       &quot;architecture&quot;: &quot;A String&quot;, # The architecture of the package.
-      &quot;binary&quot;: { # The binary package. This is significant when the source is different than the binary itself. Historically if they&#x27;ve differed, we&#x27;ve stored the name of the source and its version in the package/version fields, but we should also store the binary package info, as that&#x27;s what&#x27;s actually installed. See b/175908657#comment15.
+      &quot;binaryVersion&quot;: { # The binary package. This is significant when the source is different than the binary itself. Historically if they&#x27;ve differed, we&#x27;ve stored the name of the source and its version in the package/version fields, but we should also store the binary package info, as that&#x27;s what&#x27;s actually installed. See b/175908657#comment15.
         &quot;name&quot;: &quot;A String&quot;,
         &quot;version&quot;: &quot;A String&quot;,
       },
@@ -128,6 +128,10 @@ <h3>Method Details</h3>
       &quot;patchedCve&quot;: [ # CVEs that this package is no longer vulnerable to go/drydock-dd-custom-binary-scanning
         &quot;A String&quot;,
       ],
+      &quot;sourceVersion&quot;: { # The source package. Similar to the above, this is significant when the source is different than the binary itself. Since the top-level package/version fields are based on an if/else, we need a separate field for both binary and source if we want to know definitively where the data is coming from.
+        &quot;name&quot;: &quot;A String&quot;,
+        &quot;version&quot;: &quot;A String&quot;,
+      },
       &quot;unused&quot;: &quot;A String&quot;,
       &quot;version&quot;: &quot;A String&quot;, # The version of the package being analysed
     },

diff --git a/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html b/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
@@ -656,6 +656,35 @@ <h3>Method Details</h3>
       },
       &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the note.
       &quot;resourceUri&quot;: &quot;A String&quot;, # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+      &quot;sbomReference&quot;: { # The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more details. # Describes a specific SBOM reference occurrences.
+        &quot;payload&quot;: { # The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md for more details. # The actual payload that contains the SBOM reference data.
+          &quot;_type&quot;: &quot;A String&quot;, # Identifier for the schema of the Statement.
+          &quot;predicate&quot;: { # A predicate which describes the SBOM being referenced. # Additional parameters of the Predicate. Includes the actual data about the SBOM.
+            &quot;digest&quot;: { # A map of algorithm to digest of the contents of the SBOM.
+              &quot;a_key&quot;: &quot;A String&quot;,
+            },
+            &quot;location&quot;: &quot;A String&quot;, # The location of the SBOM.
+            &quot;mimeType&quot;: &quot;A String&quot;, # The mime type of the SBOM.
+            &quot;referrerId&quot;: &quot;A String&quot;, # The person or system referring this predicate to the consumer.
+          },
+          &quot;predicateType&quot;: &quot;A String&quot;, # URI identifying the type of the Predicate.
+          &quot;subject&quot;: [ # Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
+            {
+              &quot;digest&quot;: { # `&quot;&quot;: &quot;&quot;` Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                &quot;a_key&quot;: &quot;A String&quot;,
+              },
+              &quot;name&quot;: &quot;A String&quot;,
+            },
+          ],
+        },
+        &quot;payloadType&quot;: &quot;A String&quot;, # The kind of payload that SbomReferenceIntotoPayload takes. Since it&#x27;s in the intoto format, this value is expected to be &#x27;application/vnd.in-toto+json&#x27;.
+        &quot;signatures&quot;: [ # The signatures over the payload.
+          {
+            &quot;keyid&quot;: &quot;A String&quot;,
+            &quot;sig&quot;: &quot;A String&quot;,
+          },
+        ],
+      },
       &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this occurrence was last updated.
       &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
         &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.

diff --git a/docs/dyn/ondemandscanning_v1beta1.projects.locations.scans.html b/docs/dyn/ondemandscanning_v1beta1.projects.locations.scans.html
@@ -99,7 +99,7 @@ <h3>Method Details</h3>
   &quot;packages&quot;: [ # The packages to analyze.
     {
       &quot;architecture&quot;: &quot;A String&quot;, # The architecture of the package.
-      &quot;binary&quot;: { # The binary package. This is significant when the source is different than the binary itself. Historically if they&#x27;ve differed, we&#x27;ve stored the name of the source and its version in the package/version fields, but we should also store the binary package info, as that&#x27;s what&#x27;s actually installed. See b/175908657#comment15.
+      &quot;binaryVersion&quot;: { # The binary package. This is significant when the source is different than the binary itself. Historically if they&#x27;ve differed, we&#x27;ve stored the name of the source and its version in the package/version fields, but we should also store the binary package info, as that&#x27;s what&#x27;s actually installed. See b/175908657#comment15.
         &quot;name&quot;: &quot;A String&quot;,
         &quot;version&quot;: &quot;A String&quot;,
       },
@@ -127,6 +127,10 @@ <h3>Method Details</h3>
       &quot;patchedCve&quot;: [ # CVEs that this package is no longer vulnerable to go/drydock-dd-custom-binary-scanning
         &quot;A String&quot;,
       ],
+      &quot;sourceVersion&quot;: { # The source package. Similar to the above, this is significant when the source is different than the binary itself. Since the top-level package/version fields are based on an if/else, we need a separate field for both binary and source if we want to know definitively where the data is coming from.
+        &quot;name&quot;: &quot;A String&quot;,
+        &quot;version&quot;: &quot;A String&quot;,
+      },
       &quot;unused&quot;: &quot;A String&quot;,
       &quot;version&quot;: &quot;A String&quot;, # The version of the package being analysed
     },

diff --git a/docs/dyn/ondemandscanning_v1beta1.projects.locations.scans.vulnerabilities.html b/docs/dyn/ondemandscanning_v1beta1.projects.locations.scans.vulnerabilities.html
@@ -656,6 +656,35 @@ <h3>Method Details</h3>
       },
       &quot;remediation&quot;: &quot;A String&quot;, # A description of actions that can be taken to remedy the note.
       &quot;resourceUri&quot;: &quot;A String&quot;, # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+      &quot;sbomReference&quot;: { # The occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more details. # Describes a specific SBOM reference occurrences.
+        &quot;payload&quot;: { # The actual payload that contains the SBOM Reference data. The payload follows the intoto statement specification. See https://github.com/in-toto/attestation/blob/main/spec/v1.0/statement.md for more details. # The actual payload that contains the SBOM reference data.
+          &quot;_type&quot;: &quot;A String&quot;, # Identifier for the schema of the Statement.
+          &quot;predicate&quot;: { # A predicate which describes the SBOM being referenced. # Additional parameters of the Predicate. Includes the actual data about the SBOM.
+            &quot;digest&quot;: { # A map of algorithm to digest of the contents of the SBOM.
+              &quot;a_key&quot;: &quot;A String&quot;,
+            },
+            &quot;location&quot;: &quot;A String&quot;, # The location of the SBOM.
+            &quot;mimeType&quot;: &quot;A String&quot;, # The mime type of the SBOM.
+            &quot;referrerId&quot;: &quot;A String&quot;, # The person or system referring this predicate to the consumer.
+          },
+          &quot;predicateType&quot;: &quot;A String&quot;, # URI identifying the type of the Predicate.
+          &quot;subject&quot;: [ # Set of software artifacts that the attestation applies to. Each element represents a single software artifact.
+            {
+              &quot;digest&quot;: { # `&quot;&quot;: &quot;&quot;` Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                &quot;a_key&quot;: &quot;A String&quot;,
+              },
+              &quot;name&quot;: &quot;A String&quot;,
+            },
+          ],
+        },
+        &quot;payloadType&quot;: &quot;A String&quot;, # The kind of payload that SbomReferenceIntotoPayload takes. Since it&#x27;s in the intoto format, this value is expected to be &#x27;application/vnd.in-toto+json&#x27;.
+        &quot;signatures&quot;: [ # The signatures over the payload.
+          {
+            &quot;keyid&quot;: &quot;A String&quot;,
+            &quot;sig&quot;: &quot;A String&quot;,
+          },
+        ],
+      },
       &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time this occurrence was last updated.
       &quot;upgrade&quot;: { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
         &quot;distribution&quot;: { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.