GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck (google_api_binary_authorization v0.18.0)

View Source

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

Attributes

  • allowedCves (type: list(String.t), default: nil) - Optional. A list of specific CVEs to ignore even if the vulnerability level violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will allow vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305.
  • blockedCves (type: list(String.t), default: nil) - Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of CVE-2021-20305 will block vulnerabilities with a note name of either projects/goog-vulnz/notes/CVE-2021-20305 or projects/CUSTOM-PROJECT/notes/CVE-2021-20305.
  • containerAnalysisVulnerabilityProjects (type: list(String.t), default: nil) - Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of projects/[PROJECT_ID], e.g., projects/my-gcp-project. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Maximum number of container_analysis_vulnerability_projects allowed in each VulnerabilityCheck is 10.
  • maximumFixableSeverity (type: String.t, default: nil) - Required. The threshold for severity for which a fix is currently available. This field is required and must be set.
  • maximumUnfixableSeverity (type: String.t, default: nil) - Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set.

Summary

Types

t()

Functions

decode(value, options)

Unwrap a decoded JSON object into its complex fields.

Types

t()

@type t() :: %GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck{
  allowedCves: [String.t()] | nil,
  blockedCves: [String.t()] | nil,
  containerAnalysisVulnerabilityProjects: [String.t()] | nil,
  maximumFixableSeverity: String.t() | nil,
  maximumUnfixableSeverity: String.t() | nil
}

Functions

decode(value, options)

@spec decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.