xref: /aosp_15_r20/external/google-cloud-java/java-grafeas/src/main/proto/grafeas/v1/compliance.proto (revision 55e87721aa1bc457b326496a7ca40f3ea1a63287) 
1// Copyright 2021 The Grafeas Authors. All rights reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//    http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package grafeas.v1;
18
19import "grafeas/v1/severity.proto";
20
21option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
22option java_multiple_files = true;
23option java_package = "io.grafeas.v1";
24option objc_class_prefix = "GRA";
25
26message ComplianceNote {
27  // The title that identifies this compliance check.
28  string title = 1;
29  // A description about this compliance check.
30  string description = 2;
31  // The OS and config versions the benchmark applies to.
32  repeated grafeas.v1.ComplianceVersion version = 3;
33  // A rationale for the existence of this compliance check.
34  string rationale = 4;
35  // A description of remediation steps if the compliance check fails.
36  string remediation = 5;
37  // A compliance check that is a CIS benchmark.
38  message CisBenchmark {
39    int32 profile_level = 1;
40    grafeas.v1.Severity severity = 2;
41  }
42  oneof compliance_type {
43    CisBenchmark cis_benchmark = 6;
44  }
45  // Serialized scan instructions with a predefined format.
46  bytes scan_instructions = 7;
47}
48
49// Describes the CIS benchmark version that is applicable to a given OS and
50// os version.
51message ComplianceVersion {
52  // The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
53  // applicable to.
54  string cpe_uri = 1;
55  // The name of the document that defines this benchmark, e.g. "CIS
56  // Container-Optimized OS".
57  string benchmark_document = 3;
58  // The version of the benchmark. This is set to the version of the OS-specific
59  // CIS document the benchmark is defined in.
60  string version = 2;
61}
62
63// An indication that the compliance checks in the associated ComplianceNote
64// were not satisfied for particular resources or a specified reason.
65message ComplianceOccurrence {
66  repeated NonCompliantFile non_compliant_files = 2;
67  string non_compliance_reason = 3;
68}
69
70// Details about files that caused a compliance check to fail.
71message NonCompliantFile {
72  // display_command is a single command that can be used to display a list of
73  // non compliant files. When there is no such command, we can also iterate a
74  // list of non compliant file using 'path'.
75
76  // Empty if `display_command` is set.
77  string path = 1;
78  // Command to display the non-compliant files.
79  string display_command = 2;
80  // Explains why a file is non compliant for a CIS check.
81  string reason = 3;
82}
83