New creates a new Service.

NewService creates a new Service.

See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.

AdmissionRule: An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

AdmissionWhitelistPattern: An admission allowlist pattern exempts images from checks by admission rules.

AllowlistResult: Result of evaluating an image name allowlist.

AttestationAuthenticator: An attestation authenticator that will be used to verify attestations.

AttestationOccurrence: Occurrence that represents a single "attestation".

AttestationSource: Specifies the locations for fetching the provenance attestations.

Attestor: An attestor that attests to container image artifacts.

AttestorPublicKey: An attestor public key that will be used to verify attestations signed by this attestor.

Binding: Associates `members`, or principals, with a `role`.

Check: A single check to perform against a Pod.

CheckResult: Result of evaluating one check.

CheckResults: Result of evaluating one or more checks.

CheckSet: A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account.

CheckSetResult: Result of evaluating one check set.

Empty: A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.

EvaluateGkePolicyRequest: Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy.

EvaluateGkePolicyResponse: Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy.

EvaluationResult: Result of evaluating one check.

Expr: Represents a textual expression in the Common Expression Language (CEL) syntax.

GkePolicy: A Binary Authorization policy for a GKE cluster.

IamPolicy: An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

ImageAllowlist: Images that are exempted from normal checks based on name pattern only.

ImageFreshnessCheck: An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

ImageResult: Result of evaluating one image.

ListAttestorsResponse: Response message for BinauthzManagementServiceV1.ListAttestors.

ListPlatformPoliciesResponse: Response message for PlatformPolicyManagementService.ListPlatformPolicies.

PkixPublicKey: A public key in the PkixPublicKey format (https://tools.ietf.org/html/rfc5280#section-4.1.2.7).

PkixPublicKeySet: A bundle of PKIX public keys, used to authenticate attestation signatures.

PlatformPolicy: A Binary Authorization platform policy for deployments on various platforms.

PodResult: Result of evaluating the whole GKE policy for one Pod.

Policy: A policy for container image binary authorization.

Scope: A scope specifier for `CheckSet` objects.

SetIamPolicyRequest: Request message for `SetIamPolicy` method.

Signature: Verifiers (e.g.

SigstoreAuthority: A Sigstore authority, used to verify signatures that are created by Sigstore.

SigstorePublicKey: A Sigstore public key.

SigstorePublicKeySet: A bundle of Sigstore public keys, used to verify Sigstore signatures.

SigstoreSignatureCheck: A Sigstore signature check, which verifies the Sigstore signature associated with an image.

SimpleSigningAttestationCheck: Require a signed DSSE (https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

SlsaCheck: A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

TestIamPermissionsRequest: Request message for `TestIamPermissions` method.

TestIamPermissionsResponse: Response message for `TestIamPermissions` method.

TrustedDirectoryCheck: A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

UserOwnedGrafeasNote: An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

ValidateAttestationOccurrenceRequest: Request message for ValidationHelperV1.ValidateAttestationOccurrence.

ValidateAttestationOccurrenceResponse: Response message for ValidationHelperV1.ValidateAttestationOccurrence.

VerificationRule: Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted.

VulnerabilityCheck: An image vulnerability check, which rejects images that violate the configured vulnerability rules.