1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

// This file is @generated by prost-build.
/// Identifies a package vulnerability found within a workload.
#[allow(clippy::derive_partial_eq_without_eq)]
#[derive(Clone, PartialEq, ::prost::Message)]
pub struct Vulnerability {
    /// package name where vulnerability detected
    #[prost(string, tag = "1")]
    pub package_name: ::prost::alloc::string::String,
    /// affected package version
    #[prost(string, tag = "2")]
    pub affected_package_version: ::prost::alloc::string::String,
    /// title of vulnerability assigned by CVE
    #[prost(string, tag = "3")]
    pub cve_id: ::prost::alloc::string::String,
    /// cpe_uri where vulnerability detected
    #[prost(string, tag = "4")]
    pub cpe_uri: ::prost::alloc::string::String,
    /// assigned severity for vulnerability
    #[prost(enumeration = "Severity", tag = "5")]
    pub severity: i32,
    /// overall CVSS score
    #[prost(float, tag = "6")]
    pub cvss_score: f32,
    /// detailed CVSS score, format `CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N`
    #[prost(string, tag = "7")]
    pub cvss_vector: ::prost::alloc::string::String,
    /// cpe_uri where vulnerability is fixed
    #[prost(string, tag = "8")]
    pub fixed_cpe_uri: ::prost::alloc::string::String,
    /// type of package (os, maven, go)
    #[prost(string, tag = "9")]
    pub package_type: ::prost::alloc::string::String,
    /// package name where vulnerability is fixed
    #[prost(string, tag = "10")]
    pub fixed_package: ::prost::alloc::string::String,
    /// fixed package version
    #[prost(string, tag = "11")]
    pub fixed_package_version: ::prost::alloc::string::String,
    /// detailed description
    #[prost(string, tag = "12")]
    pub description: ::prost::alloc::string::String,
    /// reference URL for source CVE database
    #[prost(string, repeated, tag = "13")]
    pub related_urls: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
    /// affected images
    #[prost(string, repeated, tag = "14")]
    pub affected_images: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
}
/// A security concern for an asset(i.e cluster, workload, etc). Each finding
/// corresponds to a type of security concern. A finding is created during the
/// scan of an asset by any one of the GKE Security Posture features that are
/// enabled.
#[allow(clippy::derive_partial_eq_without_eq)]
#[derive(Clone, PartialEq, ::prost::Message)]
pub struct Finding {
    /// Fully qualified resource name of the k8s resource, e.g.:
    /// {api}/{version}/namespaces/{namespace}/{kind}/{workload name}
    #[prost(string, tag = "1")]
    pub resource_name: ::prost::alloc::string::String,
    /// The type of security finding this is.
    #[prost(enumeration = "FindingType", tag = "2")]
    pub r#type: i32,
    /// State determines whether the finding still exists or has been resolved.
    #[prost(enumeration = "finding::State", tag = "3")]
    pub state: i32,
    /// The human readable representation of the specific security finding.
    /// e.g. RUN_AS_NONROOT, CVE_ID_0 etc depending on the type.
    #[prost(string, tag = "4")]
    pub finding: ::prost::alloc::string::String,
    /// Severity determines the recommended actions for this finding.
    #[prost(enumeration = "Severity", tag = "5")]
    pub severity: i32,
    /// The time this finding was found/remediated.
    #[prost(message, optional, tag = "6")]
    pub event_time: ::core::option::Option<::prost_types::Timestamp>,
    /// Specific details about the security finding if there are any.
    #[prost(oneof = "finding::Details", tags = "7")]
    pub details: ::core::option::Option<finding::Details>,
}
/// Nested message and enum types in `Finding`.
pub mod finding {
    /// The current state of the finding(e.g still active, has been fixed etc).
    #[derive(
        Clone,
        Copy,
        Debug,
        PartialEq,
        Eq,
        Hash,
        PartialOrd,
        Ord,
        ::prost::Enumeration
    )]
    #[repr(i32)]
    pub enum State {
        /// Default value, only used to determine that nothing was specified.
        Unspecified = 0,
        /// Active state means that the finding exists on the asset.
        Active = 1,
        /// Remediated means that the finding has been fixed on the asset.
        Remediated = 2,
    }
    impl State {
        /// String value of the enum field names used in the ProtoBuf definition.
        ///
        /// The values are not transformed in any way and thus are considered stable
        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
        pub fn as_str_name(&self) -> &'static str {
            match self {
                State::Unspecified => "STATE_UNSPECIFIED",
                State::Active => "ACTIVE",
                State::Remediated => "REMEDIATED",
            }
        }
        /// Creates an enum from field names used in the ProtoBuf definition.
        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
            match value {
                "STATE_UNSPECIFIED" => Some(Self::Unspecified),
                "ACTIVE" => Some(Self::Active),
                "REMEDIATED" => Some(Self::Remediated),
                _ => None,
            }
        }
    }
    /// Specific details about the security finding if there are any.
    #[allow(clippy::derive_partial_eq_without_eq)]
    #[derive(Clone, PartialEq, ::prost::Oneof)]
    pub enum Details {
        #[prost(message, tag = "7")]
        Vulnerability(super::Vulnerability),
    }
}
/// FindingType is an enumeration of all possible finding types in GKE Security
/// Posture.
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[repr(i32)]
pub enum FindingType {
    /// Default value, unspecified.
    Unspecified = 0,
    /// Workload misconfiguration policy audit.
    Misconfig = 1,
    /// Workload vulnerabilities scanning.
    Vulnerability = 2,
}
impl FindingType {
    /// String value of the enum field names used in the ProtoBuf definition.
    ///
    /// The values are not transformed in any way and thus are considered stable
    /// (if the ProtoBuf definition does not change) and safe for programmatic use.
    pub fn as_str_name(&self) -> &'static str {
        match self {
            FindingType::Unspecified => "FINDING_TYPE_UNSPECIFIED",
            FindingType::Misconfig => "FINDING_TYPE_MISCONFIG",
            FindingType::Vulnerability => "FINDING_TYPE_VULNERABILITY",
        }
    }
    /// Creates an enum from field names used in the ProtoBuf definition.
    pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
        match value {
            "FINDING_TYPE_UNSPECIFIED" => Some(Self::Unspecified),
            "FINDING_TYPE_MISCONFIG" => Some(Self::Misconfig),
            "FINDING_TYPE_VULNERABILITY" => Some(Self::Vulnerability),
            _ => None,
        }
    }
}
/// Severity is an enumeration of all the possible severities of a violation.
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[repr(i32)]
pub enum Severity {
    /// Default value, only used to determine that nothing was specified.
    Unspecified = 0,
    /// SEVERITY_CRITICAL recommends taking action immediately.
    Critical = 1,
    /// SEVERITY_HIGH recommends taking action if possible.
    High = 2,
    /// SEVERITY_MEDIUM recommends investigation.
    Medium = 3,
    /// SEVERITY_LOW recommends being aware of the problem.
    Low = 4,
}
impl Severity {
    /// String value of the enum field names used in the ProtoBuf definition.
    ///
    /// The values are not transformed in any way and thus are considered stable
    /// (if the ProtoBuf definition does not change) and safe for programmatic use.
    pub fn as_str_name(&self) -> &'static str {
        match self {
            Severity::Unspecified => "SEVERITY_UNSPECIFIED",
            Severity::Critical => "SEVERITY_CRITICAL",
            Severity::High => "SEVERITY_HIGH",
            Severity::Medium => "SEVERITY_MEDIUM",
            Severity::Low => "SEVERITY_LOW",
        }
    }
    /// Creates an enum from field names used in the ProtoBuf definition.
    pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
        match value {
            "SEVERITY_UNSPECIFIED" => Some(Self::Unspecified),
            "SEVERITY_CRITICAL" => Some(Self::Critical),
            "SEVERITY_HIGH" => Some(Self::High),
            "SEVERITY_MEDIUM" => Some(Self::Medium),
            "SEVERITY_LOW" => Some(Self::Low),
            _ => None,
        }
    }
}