Git tag.

Unknown.

Git branch.

Used to specify non-standard aliases.

`KeyType` is not set.

`PGP ASCII Armored` public key.

`PKIX PEM` public key.

Custom user-defined platform.

Google App Engine: Flexible Environment.

Google Container Engine.

Unknown.

Unknown.

Analysis has finished unsuccessfully, the analysis itself is in a bad state.

Analysis has finished successfully.

Resource is known but no action has been taken yet.

Resource is being analyzed.

Analysis will not happen, the resource is not supported.

https://docs.docker.com/reference/builder/#add.

https://docs.docker.com/reference/builder/#arg.

https://docs.docker.com/reference/builder/#cmd.

https://docs.docker.com/reference/builder/#copy.

Default value for unsupported/missing directive.

https://docs.docker.com/reference/builder/#entrypoint.

https://docs.docker.com/reference/builder/#env.

https://docs.docker.com/reference/builder/#expose.

https://docs.docker.com/reference/builder/#healthcheck.

https://docs.docker.com/reference/builder/#label.

https://docs.docker.com/reference/builder/#maintainer.

https://docs.docker.com/reference/builder/#onbuild.

https://docs.docker.com/reference/builder/#run.

https://docs.docker.com/reference/builder/#shell.

https://docs.docker.com/reference/builder/#stopsignal.

https://docs.docker.com/reference/builder/#user.

https://docs.docker.com/reference/builder/#volume.

https://docs.docker.com/reference/builder/#workdir.

No hash requested.

A sha256 hash.

This represents a logical "role" that can attest to artifacts.

The note and occurrence assert build provenance.

The note and occurrence track deployment events.

The note and occurrence track the initial discovery status of a resource.

This represents an image basis relationship.

Unknown.

This represents a package installed via a package manager.

The note and occurrence represent a package vulnerability.

Unknown architecture.

X64 architecture.

X86 architecture.

`ContentType` is not set.

Atomic format attestation signature.

Critical Impact.

High Impact.

Low Impact.

Medium Impact.

Minimal Impact.

Unknown Impact.

A special version representing positive infinity, other fields are ignored.

A special version representing negative infinity, other fields are ignored.

A standard package version, defined by the other fields.

An alias to a repo revision.

Artifact describes a build product.

Note kind that represents a logical attestation "role" or "authority".

Occurrence that represents a single "attestation".

This submessage provides human-readable hints about the purpose of the AttestationAuthority.

Message encapsulating build provenance details.

Provenance of a build.

Message encapsulating the signature of the verified build.

Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.

A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.

Command describes a step performed as part of the build pipeline.

Request to insert a new note.

Request to insert a new occurrence.

Request for creating an operation.

Request to delete a note.

Request to delete a occurrence.

An artifact that can be deployed in some runtime.

The period during which some deployable was active in a runtime.

A note that indicates a type of analysis a provider would perform.

Provides information about the scan status of a discovered resource.

DockerImage holds types defining base image notes and derived image occurrences.

Basis describes the base image portion (Note) of the DockerImage relationship.

Derived describes the derived image portion (Occurrence) of the DockerImage relationship.

A set of properties that uniquely identify a given Docker image.

Layer holds metadata specific to a layer of a Docker image.

Container message for hashes of byte content of files, used in Source messages to verify integrity of source input to the build.

A SourceContext referring to a Gerrit project.

Request to get a Note.

Request to get the note to which this occurrence is attached.

Request to get a Occurrence.

Request to get a ScanConfig.

Request to get the vulnz summary for some set of vulnerability Occurrences.

A summary of how many vulnz occurrences there are per severity type.

The number of occurrences created for a specific severity.

A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub).

Container message for hash values.

Request to list occurrences.

Response including listed occurrences for a note.

Request to list notes.

Response including listed notes.

Request to list occurrences.

Response including listed active occurrences.

Request to list the available scan configurations.

A list of ScanConfigs for the project.

Provides a detailed description of a `Note`.

Metadata for any related URL information.

`Occurrence` includes information about analysis occurrences for an image.

Metadata for all operations used and required for all operations that created by Container Analysis Providers.

PackageManager provides metadata about available / installed packages.

This represents a particular channel of distribution for a given package.

This represents how a particular software package may be installed on a system.

An occurrence of a particular package installation found within a system's filesystem.

This represents a particular package that is distributed over various channels.

An attestation wrapper with a PGP-compatible signature.

Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project.

A unique identifier for a Cloud Repo.

RepoSource describes the location of the source in a Google Cloud Source Repository.

Resource is an entity that can have metadata.

Indicates various scans and whether they are turned on or off.

Source describes the location of the source used for the build.

A SourceContext is a reference to a tree of files.

StorageSource describes the location of the source in an archive file in Google Cloud Storage.

Request to update an existing note.

Request to update an existing occurrence.

Request for updating an existing operation.

A request to update a ScanConfig.

VulnerabilityType provides metadata about a security vulnerability.

Identifies all occurrences of this vulnerability in the package for a specific distro/location For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2.

This message wraps a location affected by a vulnerability and its associated fix (if one is available).

Version contains structured information about the version of the package.

Used by Occurrence to point to where the vulnerability exists and how to fix it.

The location of the vulnerability.

The type of an alias.

Public key formats.

Types of platforms.

Analysis status for a resource.

Instructions from dockerfile.

Specifies the hash algorithm, if any.

This must be 1:1 with members of our oneofs, it can be used for filtering Note and Occurrence on their kind.

Instruction set architectures supported by various package managers.

Type (for example schema) of the attestation payload that was signed.

Note provider-assigned severity/impact ranking.

Whether this is an ordinary package version or a sentinel MIN/MAX version.