xref: /aosp_15_r20/external/googleapis/grafeas/v1/compliance.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2021 The Grafeas Authors. All rights reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//    http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package grafeas.v1;
18
19import "grafeas/v1/severity.proto";
20
21option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
22option java_multiple_files = true;
23option java_package = "io.grafeas.v1";
24option objc_class_prefix = "GRA";
25
26message ComplianceNote {
27  // The title that identifies this compliance check.
28  string title = 1;
29  // A description about this compliance check.
30  string description = 2;
31  // The OS and config versions the benchmark applies to.
32  repeated grafeas.v1.ComplianceVersion version = 3;
33  // A rationale for the existence of this compliance check.
34  string rationale = 4;
35  // A description of remediation steps if the compliance check fails.
36  string remediation = 5;
37  // A compliance check that is a CIS benchmark.
38  message CisBenchmark {
39    int32 profile_level = 1;
40    grafeas.v1.Severity severity = 2;
41  }
42  oneof compliance_type {
43    CisBenchmark cis_benchmark = 6;
44  }
45  // Serialized scan instructions with a predefined format.
46  bytes scan_instructions = 7;
47  // Potential impact of the suggested remediation
48  oneof potential_impact {
49    string impact = 8;
50  }
51}
52
53// Describes the CIS benchmark version that is applicable to a given OS and
54// os version.
55message ComplianceVersion {
56  // The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
57  // applicable to.
58  string cpe_uri = 1;
59  // The name of the document that defines this benchmark, e.g. "CIS
60  // Container-Optimized OS".
61  string benchmark_document = 3;
62  // The version of the benchmark. This is set to the version of the OS-specific
63  // CIS document the benchmark is defined in.
64  string version = 2;
65}
66
67// An indication that the compliance checks in the associated ComplianceNote
68// were not satisfied for particular resources or a specified reason.
69message ComplianceOccurrence {
70  repeated NonCompliantFile non_compliant_files = 2;
71  string non_compliance_reason = 3;
72}
73
74// Details about files that caused a compliance check to fail.
75message NonCompliantFile {
76  // display_command is a single command that can be used to display a list of
77  // non compliant files. When there is no such command, we can also iterate a
78  // list of non compliant file using 'path'.
79
80  // Empty if `display_command` is set.
81  string path = 1;
82  // Command to display the non-compliant files.
83  string display_command = 2;
84  // Explains why a file is non compliant for a CIS check.
85  string reason = 3;
86}
87