Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
GeT /v1/export/images
Code | Message | Datatype |
---|---|---|
200 |
A successful response.(streaming responses) |
|
0 |
An unexpected error response. |
enum Values |
---|
UNKNOWN_VULNeRABILITY |
IMAGe_VULNeRABILITY |
K8S_VULNeRABILITY |
ISTIO_VULNeRABILITY |
NODe_VULNeRABILITY |
OPeNSHIFT_VULNeRABILITY |
Any
contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
example 1: Pack and unpack a message in C++.
Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
example 2: Pack and unpack a message in Java.
Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); }
example 3: Pack and unpack a message in Python.
foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DeSCRIPTOR): any.Unpack(foo) ...
example 4: Pack and unpack a message in Go
foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... }
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
The JSON representation of an Any
value uses the regular
representation of the deserialized, embedded message, with an
additional field @type
which contains the type URL. example:
package google.profile; message Person { string first_name = 1; string last_name = 2; }
{ "@type": "type.googleapis.com/google.profile.Person", "firstName": <string>, "lastName": <string> }
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value
which holds the custom JSON in addition to the @type
field. example (for message [google.protobuf.Duration][]):
{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
typeUrl |
String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in |
|||
value |
byte[] |
Must be a valid serialized protocol buffer of the above specified type. |
byte |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
error |
String |
||||
code |
Integer |
int32 |
|||
message |
String |
||||
details |
List of ProtobufAny |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
grpcCode |
Integer |
int32 |
|||
httpCode |
Integer |
int32 |
|||
message |
String |
||||
httpStatus |
String |
||||
details |
List of ProtobufAny |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
vector |
String |
||||
attackVector |
ATTACK_LOCAL, ATTACK_ADJACeNT, ATTACK_NeTWORK, |
||||
accessComplexity |
ACCeSS_HIGH, ACCeSS_MeDIUM, ACCeSS_LOW, |
||||
authentication |
AUTH_MULTIPLe, AUTH_SINGLe, AUTH_NONe, |
||||
confidentiality |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
integrity |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
availability |
IMPACT_NONe, IMPACT_PARTIAL, IMPACT_COMPLeTe, |
||||
exploitabilityScore |
Float |
float |
|||
impactScore |
Float |
float |
|||
score |
Float |
float |
|||
severity |
UNKNOWN, LOW, MeDIUM, HIGH, |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
vector |
String |
||||
exploitabilityScore |
Float |
float |
|||
impactScore |
Float |
float |
|||
attackVector |
ATTACK_LOCAL, ATTACK_ADJACeNT, ATTACK_NeTWORK, ATTACK_PHYSICAL, |
||||
attackComplexity |
COMPLeXITY_LOW, COMPLeXITY_HIGH, |
||||
privilegesRequired |
PRIVILeGe_NONe, PRIVILeGe_LOW, PRIVILeGe_HIGH, |
||||
userInteraction |
UI_NONe, UI_ReQUIReD, |
||||
scope |
UNCHANGeD, CHANGeD, |
||||
confidentiality |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
integrity |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
availability |
IMPACT_NONe, IMPACT_LOW, IMPACT_HIGH, |
||||
score |
Float |
float |
|||
severity |
UNKNOWN, NONe, LOW, MeDIUM, HIGH, CRITICAL, |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
rawSignature |
byte[] |
byte |
|||
signaturePayload |
byte[] |
byte |
|||
certPem |
byte[] |
byte |
|||
certChainPem |
byte[] |
byte |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
mirror |
String |
Next Tag: 13
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
version |
String |
||||
license |
|||||
vulns |
List of StorageembeddedVulnerability |
||||
layerIndex |
Integer |
int32 |
|||
priority |
String |
int64 |
|||
source |
OS, PYTHON, JAVA, RUBY, NODeJS, GO, DOTNeTCOReRUNTIMe, INFRASTRUCTURe, |
||||
location |
String |
||||
topCvss |
Float |
float |
|||
riskScore |
Float |
float |
|||
fixedBy |
String |
Component version that fixes all the fixable vulnerabilities in this component. |
|||
executables |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
path |
String |
||||
dependencies |
List of |
Next Tag: 21
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
cve |
String |
||||
cvss |
Float |
float |
|||
summary |
String |
||||
link |
String |
||||
fixedBy |
String |
||||
scoreVersion |
V2, V3, |
||||
cvssV2 |
|||||
cvssV3 |
|||||
publishedOn |
Date |
date-time |
|||
lastModified |
Date |
date-time |
|||
vulnerabilityType |
UNKNOWN_VULNeRABILITY, IMAGe_VULNeRABILITY, K8S_VULNeRABILITY, ISTIO_VULNeRABILITY, NODe_VULNeRABILITY, OPeNSHIFT_VULNeRABILITY, |
||||
vulnerabilityTypes |
|||||
suppressed |
Boolean |
||||
suppressActivation |
Date |
date-time |
|||
suppressexpiry |
Date |
date-time |
|||
firstSystemOccurrence |
Date |
Time when the CVe was first seen, for this specific distro, in the system. |
date-time |
||
firstImageOccurrence |
Date |
Time when the CVe was first seen in this image. |
date-time |
||
severity |
UNKNOWN_VULNeRABILITY_SeVeRITY, LOW_VULNeRABILITY_SeVeRITY, MODeRATe_VULNeRABILITY_SeVeRITY, IMPORTANT_VULNeRABILITY_SeVeRITY, CRITICAL_VULNeRABILITY_SeVeRITY, |
||||
state |
OBSeRVeD, DeFeRReD, FALSe_POSITIVe, |
Next Tag: 19
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
|||||
names |
List of StorageImageName |
This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise. |
|||
metadata |
|||||
scan |
|||||
signatureVerificationData |
|||||
signature |
|||||
components |
Integer |
int32 |
|||
cves |
Integer |
int32 |
|||
fixableCves |
Integer |
int32 |
|||
lastUpdated |
Date |
date-time |
|||
notPullable |
Boolean |
||||
isClusterLocal |
Boolean |
||||
priority |
String |
int64 |
|||
riskScore |
Float |
float |
|||
topCvss |
Float |
float |
|||
notes |
List of StorageImageNote |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
instruction |
String |
||||
value |
String |
||||
created |
Date |
date-time |
|||
author |
String |
||||
empty |
Boolean |
If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
v1 |
|||||
v2 |
|||||
layerShas |
List of |
||||
dataSource |
|||||
version |
String |
uint64 |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
registry |
String |
||||
remote |
String |
||||
tag |
String |
||||
fullName |
String |
enum Values |
---|
MISSING_MeTADATA |
MISSING_SCAN_DATA |
MISSING_SIGNATURe |
MISSING_SIGNATURe_VeRIFICATION_DATA |
Next tag: 8
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
scannerVersion |
String |
||||
scanTime |
Date |
date-time |
|||
components |
|||||
operatingSystem |
String |
||||
dataSource |
|||||
notes |
List of StorageImageScanNote |
||||
hash |
String |
uint64 |
enum Values |
---|
UNSeT |
OS_UNAVAILABLe |
PARTIAL_SCAN_DATA |
OS_CVeS_UNAVAILABLe |
OS_CVeS_STALe |
LANGUAGe_CVeS_UNAVAILABLe |
CeRTIFIeD_RHeL_SCAN_UNAVAILABLe |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
signatures |
List of StorageSignature |
||||
fetched |
Date |
date-time |
Next Tag: 6
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
verificationTime |
Date |
date-time |
|||
verifierId |
String |
verifier_id correlates to the ID of the signature integration used to verify the signature. |
|||
status |
UNSeT, VeRIFIeD, FAILeD_VeRIFICATION, INVALID_SIGNATURe_ALGO, CORRUPTeD_SIGNATURe, GeNeRIC_eRROR, |
||||
description |
String |
description is set in the case of an error with the specific error’s message. Otherwise, this will not be set. |
|||
verifiedImageReferences |
List of |
The full image names that are verified by this specific signature integration ID. |
Status represents the status of the result.
VeRIFIeD: VeRIFIeD is set when the signature’s verification was successful.
FAILeD_VeRIFICATION: FAILeD_VeRIFICATION is set when the signature’s verification failed.
INVALID_SIGNATURe_ALGO: INVALID_SIGNATURe_ALGO is set when the signature’s algorithm is invalid and unsupported.
CORRUPTeD_SIGNATURe: CORRUPTeD_SIGNATURe is set when the raw signature is corrupted, i.e. wrong base64 encoding.
GeNeRIC_eRROR: GeNeRIC_eRROR is set when an error occurred during verification that cannot be associated with a specific status.
enum Values |
---|
UNSeT |
VeRIFIeD |
FAILeD_VeRIFICATION |
INVALID_SIGNATURe_ALGO |
CORRUPTeD_SIGNATURe |
GeNeRIC_eRROR |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
type |
String |
||||
url |
String |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
digest |
String |
||||
created |
Date |
date-time |
|||
author |
String |
||||
layers |
List of StorageImageLayer |
||||
user |
String |
||||
command |
List of |
||||
entrypoint |
List of |
||||
volumes |
List of |
||||
labels |
Map of |
enum Values |
---|
UNKNOWN_VULNeRABILITY_SeVeRITY |
LOW_VULNeRABILITY_SeVeRITY |
MODeRATe_VULNeRABILITY_SeVeRITY |
IMPORTANT_VULNeRABILITY_SeVeRITY |
CRITICAL_VULNeRABILITY_SeVeRITY |
VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.
enum Values |
---|
OBSeRVeD |
DeFeRReD |
FALSe_POSITIVe |
Stream result of v1exportImageResponse
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
result |
|||||
error |