Occurence

name string

The unique name of the resource.

args OccurenceArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

resource_name str

The unique name of the resource.

opts ResourceOptions

A bag of options that control this resource's behavior.

ctx Context

Context object for the current deployment.

name string

The unique name of the resource.

args OccurenceArgs

The arguments to resource properties.

opts ResourceOption

Bag of options to control resource's behavior.

name string

The unique name of the resource.

args OccurenceArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

Attestation OccurenceAttestationArgs

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

NoteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

ResourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Remediation string

A description of actions that can be taken to remedy the note.

Attestation OccurenceAttestation

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

NoteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

ResourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Remediation string

A description of actions that can be taken to remedy the note.

attestation OccurenceAttestation

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

noteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

resourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

remediation string

A description of actions that can be taken to remedy the note.

attestation Dict[OccurenceAttestation]

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

note_name str

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

resource_uri str

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

remediation str

A description of actions that can be taken to remedy the note.

CreateTime string

The time when the repository was created.

Id string

The provider-assigned unique ID for this managed resource.

Kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Name string

The name of the occurrence.

UpdateTime string

The time when the repository was last updated.

CreateTime string

The time when the repository was created.

Id string

The provider-assigned unique ID for this managed resource.

Kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Name string

The name of the occurrence.

UpdateTime string

The time when the repository was last updated.

createTime string

The time when the repository was created.

id string

The provider-assigned unique ID for this managed resource.

kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

name string

The name of the occurrence.

updateTime string

The time when the repository was last updated.

create_time str

The time when the repository was created.

id str

The provider-assigned unique ID for this managed resource.

kind str

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

name str

The name of the occurrence.

update_time str

The time when the repository was last updated.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

resource_name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

Attestation OccurenceAttestationArgs

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

CreateTime string

The time when the repository was created.

Kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Name string

The name of the occurrence.

NoteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Remediation string

A description of actions that can be taken to remedy the note.

ResourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

UpdateTime string

The time when the repository was last updated.

Attestation OccurenceAttestation

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

CreateTime string

The time when the repository was created.

Kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Name string

The name of the occurrence.

NoteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Remediation string

A description of actions that can be taken to remedy the note.

ResourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

UpdateTime string

The time when the repository was last updated.

attestation OccurenceAttestation

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

createTime string

The time when the repository was created.

kind string

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

name string

The name of the occurrence.

noteName string

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

remediation string

A description of actions that can be taken to remedy the note.

resourceUri string

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

updateTime string

The time when the repository was last updated.

attestation Dict[OccurenceAttestation]

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

create_time str

The time when the repository was created.

kind str

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

name str

The name of the occurrence.

note_name str

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

remediation str

A description of actions that can be taken to remedy the note.

resource_uri str

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

update_time str

The time when the repository was last updated.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

SerializedPayload string

The serialized payload that is verified by one or more signatures. A base64-encoded string.

Signatures List<OccurenceAttestationSignatureArgs>

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

SerializedPayload string

The serialized payload that is verified by one or more signatures. A base64-encoded string.

Signatures []OccurenceAttestationSignature

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

serializedPayload string

The serialized payload that is verified by one or more signatures. A base64-encoded string.

signatures OccurenceAttestationSignature[]

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

serializedPayload str

The serialized payload that is verified by one or more signatures. A base64-encoded string.

signatures List[OccurenceAttestationSignature]

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

PublicKeyId string

The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values: * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. * openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”

Signature string

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

PublicKeyId string

The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values: * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. * openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”

Signature string

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

publicKeyId string

The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values: * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. * openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”

signature string

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

publicKeyId str

The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values: * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. * openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”

signature str

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.