direct dependency.

indirect dependency.

type not known/not specified.

indirect dependency.

direct dependency.

Artifact represents an artifact identified by a checksum hash.

ArtifactConnection returns the paginated results for artifact.

ArtifactEdge contains the cursor for the resulting node and the artifact node itself.

ArtifactInputSpec specifies an artifact for mutations.

ArtifactSpec allows filtering the list of artifacts to return in a query.

Builder represents the builder (e.g., FRSCA or GitHub Actions).

BuilderConnection returns the paginated results for builder.

BuilderEdge contains the cursor for the resulting node and the Builder node itself.

BuilderInputSpec specifies a builder for mutations.

BuilderSpec allows filtering the list of builders to return in a query.

CertifyBad is an attestation that a package, source, or artifact is considered bad.

CertifyBadConnection returns the paginated results for CertifyBad.

CertifyBadEdge contains the cursor for the resulting node and the CertifyBad node itself.

CertifyBadInputSpec represents the mutation input to ingest a CertifyBad evidence.

CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a query.

CertifyGood is an attestation that a package, source, or artifact is considered good.

CertifyGoodConnection returns the paginated results for CertifyGood.

CertifyGoodEdge contains the cursor for the resulting node and the CertifyGood node itself.

CertifyGoodInputSpec represents the mutation input to ingest a CertifyGood evidence.

CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a query.

CertifyLegal is an attestation to attach legal information to a package or source.

CertifyLegalConnection returns the paginated results for CertifyLegal.

CertifyLegalEdge contains the cursor for the resulting node and the CertifyLegal node itself.

CertifyLegalInputSpec represents the input for certifying legal information in mutations.

CertifyLegalSpec allows filtering the list of legal certifications to return in a query.

CertifyScorecard is an attestation to attach a Scorecard analysis to a particular source repository.

CertifyScorecardConnection returns the paginated results for CertifyScorecard.

CertifyScorecardEdge contains the cursor for the resulting node and the CertifyScorecard node itself.

CertifyScorecardSpec allows filtering the list of Scorecards to return.

CertifyVEXStatement is an attestation to attach VEX statements to a package or artifact to clarify the impact of a specific vulnerability.

CertifyVEXStatementSpec allows filtering the list of VEX statements to return in a query.

CertifyVuln is an attestation to attach vulnerability information to a package.

CertifyVulnConnection returns the paginated results for CertifyVuln.

CertifyVulnEdge contains the cursor for the resulting node and the CertifyVuln node itself.

CertifyVulnSpec allows filtering the list of vulnerability certifications to return in a query.

FindSoftwareConnection returns the paginated results for FindSoftware.

HashEqual is an attestation that two artifacts are identical.

HashEqualConnection returns the paginated results for HashEqual.

HashEqualEdge contains the cursor for the resulting node and the HashEqual node itself.

HashEqualInputSpec represents the input to certify that packages are similar.

HashEqualSpec allows filtering the list of artifact equality statements to return in a query.

HasMetadata is an attestation that a package, source, or artifact has a certain attested property (key) with value (value).

HasMetadataConnection returns the paginated results for HasMetadata.

HasMetadataEdge contains the cursor for the resulting node and the HasMetadata node itself.

HasMetadataInputSpec represents the mutation input to ingest a CertifyGood evidence.

HasMetadataSpec allows filtering the list of HasMetadata evidence to return in a query.

HasSBOMConnection returns the paginated results for HasSBOM.

HasSBOMEdge contains the cursor for the resulting node and the HasSBOMEdge node itself.

HasSBOMInputSpec is similar to HasSBOM but for mutation input.

HasSBOMSpec allows filtering the list of HasSBOM to return.

HasSLSA records that a subject node has a SLSA attestation.

HasSLSAConnection returns the paginated results for HasSLSA.

HasSLSAEdge contains the cursor for the resulting node and the HasSLSA node itself.

HasSLSASpec allows filtering the list of HasSLSA to return.

HasSourceAt records that a package's repository is a given source.

HasSourceAtConnection returns the paginated results for HasSourceAt.

HasSourceAtEdge contains the cursor for the resulting node and the HasSourceAt node itself.

HasSourceAtInputSpec is the same as HasSourceAt but for mutation input.

HasSourceAtSpec allows filtering the list of HasSourceAt to return.

IDorArtifactInput allows for specifying either the artifact ID or the ArtifactInputSpec.

IDorBuilderInput allows for specifying either the builder ID or the BuilderInputSpec.

IDorLicenseInput allows for specifying either the license ID or the LicenseInputSpec.

IDorPkgInput allows for specifying either the package IDs or the PkgInputSpec.

IDorSourceInput allows for specifying either the source IDs or the SourceInputSpec.

IDorVulnerabilityInput allows for specifying either the vulnerability IDs or the VulnerabilityInputSpec.

IsDependency is an attestation to record that a package depends on another.

IsDependencyConnection returns the paginated results for IsDependency.

IsDependencyEdge contains the cursor for the resulting node and the IsDependency node itself.

IsDependencyInputSpec is the input to record a new dependency.

IsDependencySpec allows filtering the list of dependencies to return.

IsOccurrence is an attestation to link an artifact to a package or source.

IsOccurrenceConnection returns the paginated results for IsOccurrence.

IsOccurrenceEdge contains the cursor for the resulting node and the IsOccurrence node itself.

IsOccurrenceInputSpec represents the input to record an artifact's origin.

IsOccurrenceSpec allows filtering the list of artifact occurences to return in a query.

License represents a particular license.

LicenseConnection returns the paginated results for License.

LicenseEdge contains the cursor for the resulting node and the License node itself.

LicenseInputSpec specifies an license for mutations.

LicenseSpec allows filtering the list of licenses to return in a query.

MatchFlags is used to input the PkgMatchType enum.

NeighborConnection returns the paginated results for Neighbor.

NeighborEdge contains the cursor for the resulting node and the node itself.

Package represents the root of the package trie/tree.

PackageConnection returns the paginated results for Package.

PackageEdge contains the cursor for the resulting node and the Package node itself.

The IDs of the ingested package.

PackageName is a name for packages.

PackageNamespace is a namespace for packages.

PackageOrArtifactInput allows using PackageOrArtifact union as input type to be used in mutations.

PackageOrArtifactInputs allows using packages and artifacts as input for batch mutations.

PackageOrArtifactSpec allows using PackageOrArtifact union as input type to be used in read queries.

PackageOrSourceInput allows using PackageOrSource union as input for mutations.

PackageOrSourceInputs allows using packages and sources as input for batch mutations.

PackageOrSourceSpec allows using PackageOrSource union as input for queries.

PackageQualifier is a qualifier for a package, a key-value pair.

PackageQualifierInputSpec allows specifying package qualifiers in mutations.

PackageQualifierSpec allows filtering package qualifiers in a query.

PackageSourceOrArtifactInput allows using PackageSourceOrArtifact union as input type to be used in mutations.

PackageSourceOrArtifactInputs allows using PackageSourceOrArtifact union as input type to be used in bulk mutations.

PackageSourceOrArtifactSpec allows using PackageSourceOrArtifact union as input type to be used in read queries.

PackageVersion is a package version.

PageInfo serves the client information about the paginated query results.

PkgEqual is an attestation that two packages are similar.

PkgEqualConnection returns the paginated results for PkgEqual.

PkgEqualEdge contains the cursor for the resulting node and the PkgEqual node itself.

PkgEqualInputSpec represents the input to certify that packages are similar.

PkgEqualSpec allows filtering the list of package equality statements to return in a query.

PkgInputSpec specifies a package for mutations.

PkgSpec allows filtering the list of sources to return in a query.

PointOfContact is an attestation of how to get in touch with the person(s) responsible for a package, source, or artifact.

PointOfContactConnection returns the paginated results for PointOfContact.

PointOfContactEdge contains the cursor for the resulting node and the PointOfContact node itself.

PointOfContactInputSpec represents the mutation input to ingest a PointOfContact evidence.

PointOfContactSpec allows filtering the list of PointOfContact evidence to return in a query.

ScanMetadata is the metadata attached to vulnerability certification.

ScanMetadataInput represents the input for certifying vulnerability scans in mutations.

Scorecard contains all of the fields present in a Scorecard attestation.

ScorecardCheck are the individual checks from scorecard and their values as a key-value pair.

ScorecardCheckInputSpec represents the mutation input for a Scorecard check.

ScorecardCheckSpec is the same as ScorecardCheck, but usable as query input.

ScorecardInputSpec represents the mutation input to ingest a Scorecard.

SLSA contains all of the fields present in a SLSA attestation.

SLSAInputSpec is the same as SLSA but for mutation input.

SLSAPredicate are the values from the SLSA predicate in key-value pair form.

SLSAPredicateInputSpec allows ingesting SLSAPredicateSpec.

SLSAPredicateSpec is the same as SLSAPredicate, but usable as query input.

SoftwareEdge contains the cursor for the resulting node and the PackageSourceOrArtifact node itself.

Source represents the root of the source trie/tree.

SourceConnection returns the paginated results for Source.

SourceEdge contains the cursor for the resulting node and the Source node itself.

The IDs of the ingested source.

SourceInputSpec specifies a source for mutations.

SourceName represents the url of the repository.

SourceNamespace is a namespace for sources.

SourceSpec allows filtering the list of sources to return in a query.

VEXConnection returns the paginated results for CertifyVEXStatement.

VEXEdge contains the cursor for the resulting node and the CertifyVEXStatement node itself.

VexStatementInputSpec represents the input to ingest VEX statements.

VulnEqual is an attestation to link two vulnerabilities together as being equal" Note that setting noVuln vulnerability type is invalid for VulnEqual!.

VulnEqualConnection returns the paginated results for VulnEqual.

VulnEqualEdge contains the cursor for the resulting node and the VulnEqual node itself.

VulnEqualInputSpec represents the input to link vulnerabilities to each other.

VulnEqualSpec allows filtering the list of vulnerability links to return in a query.

Vulnerability represents the root of the vulnerability trie/tree.

VulnerabilityConnection returns the paginated results for Vulnerability.

VulnerabilityEdge contains the cursor for the resulting node and the Vulnerability node itself.

VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability.

The IDs of the ingested vulnerability.

VulnInputSpec specifies a vulnerability for mutations.

VulnerabilityMetadata is an attestation that a vulnerability has a related score associated with it.

VulnerabilityMetadataConnection returns the paginated results for VulnerabilityMetadata.

VulnerabilityMetadataEdge contains the cursor for the resulting node and the VulnerabilityMetadata node itself.

VulnerabilityMetadataInputSpec represents the mutation input to ingest a vulnerability metadata.

VulnerabilityMetadataSpec allows filtering the list of VulnerabilityMetadata evidence to return in a query.

VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query.

Node is a union type of all the possible nodes.

PackageOrArtifact is a union of Package and Artifact.

PackageOrSource is a union of Package and Source.

PackageSourceOrArtifact is a union of Package, Source, and Artifact.

The Comparator is used by the vulnerability score filter on ranges.

DependencyType determines the type of the dependency.

Edge allows filtering path/neighbors output to only contain a subset of all possible GUAC links.

PkgMatchType is an enum to determine if the attestation should be done at the specific version or package name.

QueryType is used in conjunction with queryPackagesListForScan to specify if the last time scanned is checked for either certifyVuln or certifyLegal.

Records the justification included in the VEX statement.

Records the status of a VEX statement subject.

Records the type of the score being captured by the score node.