feat: [grafeas] A new field in_toto_slsa_provenance_v1 is added to message BuildOccurrence (#12455)

BEGIN_COMMIT_OVERRIDE
feat: A new field `in_toto_slsa_provenance_v1` is added to message
`BuildOccurrence`
feat: A new value `SBOM_REFERENCE` is added to enum `NoteKind`
feat: A new field `impact` is added to message `ComplianceNote`
feat: A new message `SBOMStatus` is added
feat: A new field `sbom_status` is added to message
`DiscoveryOccurrence`
feat: A new field `sbom_reference` is added to message `Occurrence`
feat: A new field `sbom_reference` is added to message `Note`
feat: A new message `InTotoSlsaProvenanceV1` is added
feat: A new message `SBOMReferenceNote` is added
feat: A new message `SBOMReferenceOccurrence` is added
feat: A new message `SbomReferenceIntotoPayload` is added
feat: A new message `SbomReferenceIntotoPredicate` is added
feat: A new field `vulnerability_id` is added to message
`VulnerabilityAssessmentNote`
feat: A new field `vulnerability_id` is added to message
`VulnerabilityOccurrence`
feat: A new field `extra_details` is added to message
`VulnerabilityOccurrence`
docs: A comment for field `cve` in message `VulnerabilityAssessmentNote`
is changed
docs: A comment for field `cve` in message `VulnerabilityOccurrence` is
changed
END_COMMIT_OVERRIDE
- [ ] Regenerate this pull request now.

feat: A new value `SBOM_REFERENCE` is added to enum `NoteKind`
feat: A new field `impact` is added to message `ComplianceNote`
feat: A new message `SBOMStatus` is added
feat: A new field `sbom_status` is added to message
`DiscoveryOccurrence`
feat: A new field `sbom_reference` is added to message `Occurrence`
feat: A new field `sbom_reference` is added to message `Note`
feat: A new message `InTotoSlsaProvenanceV1` is added
feat: A new message `SBOMReferenceNote` is added
feat: A new message `SBOMReferenceOccurrence` is added
feat: A new message `SbomReferenceIntotoPayload` is added
feat: A new message `SbomReferenceIntotoPredicate` is added
feat: A new field `vulnerability_id` is added to message
`VulnerabilityAssessmentNote`
feat: A new field `vulnerability_id` is added to message
`VulnerabilityOccurrence`
feat: A new field `extra_details` is added to message
`VulnerabilityOccurrence`
docs: A comment for field `cve` in message `VulnerabilityAssessmentNote`
is changed
docs: A comment for field `cve` in message `VulnerabilityOccurrence` is
changed

PiperOrigin-RevId: 615482848

Source-Link:
googleapis/googleapis@3627f6c

Source-Link:
googleapis/googleapis-gen@58f5bcc
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ3JhZmVhcy8uT3dsQm90LnlhbWwiLCJoIjoiNThmNWJjYzVjYmIzZDYxZjUxNTk5MWRmY2M1MGEzN2UyODkzNDhhYiJ9

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/grafeas/grafeas/grafeas/__init__.py

@@ -85,7 +85,11 @@
     Metadata,
     Recipe,
 )
-from grafeas.grafeas_v1.types.intoto_statement import InTotoStatement, Subject
+from grafeas.grafeas_v1.types.intoto_statement import (
+    InTotoSlsaProvenanceV1,
+    InTotoStatement,
+    Subject,
+)
 from grafeas.grafeas_v1.types.package import (
     Architecture,
     Distribution,
@@ -109,6 +113,12 @@
     Source,
     SourceContext,
 )
+from grafeas.grafeas_v1.types.sbom import (
+    SbomReferenceIntotoPayload,
+    SbomReferenceIntotoPredicate,
+    SBOMReferenceNote,
+    SBOMReferenceOccurrence,
+)
 from grafeas.grafeas_v1.types.severity import Severity
 from grafeas.grafeas_v1.types.slsa_provenance import SlsaProvenance
 from grafeas.grafeas_v1.types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -183,6 +193,7 @@
     "InTotoProvenance",
     "Metadata",
     "Recipe",
+    "InTotoSlsaProvenanceV1",
     "InTotoStatement",
     "Subject",
     "Distribution",
@@ -204,6 +215,10 @@
     "RepoId",
     "Source",
     "SourceContext",
+    "SbomReferenceIntotoPayload",
+    "SbomReferenceIntotoPredicate",
+    "SBOMReferenceNote",
+    "SBOMReferenceOccurrence",
     "Severity",
     "SlsaProvenance",
     "SlsaProvenanceZeroTwo",

packages/grafeas/grafeas/grafeas_v1/__init__.py

@@ -72,7 +72,7 @@
     Metadata,
     Recipe,
 )
-from .types.intoto_statement import InTotoStatement, Subject
+from .types.intoto_statement import InTotoSlsaProvenanceV1, InTotoStatement, Subject
 from .types.package import (
     Architecture,
     Distribution,
@@ -96,6 +96,12 @@
     Source,
     SourceContext,
 )
+from .types.sbom import (
+    SbomReferenceIntotoPayload,
+    SbomReferenceIntotoPredicate,
+    SBOMReferenceNote,
+    SBOMReferenceOccurrence,
+)
 from .types.severity import Severity
 from .types.slsa_provenance import SlsaProvenance
 from .types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -159,6 +165,7 @@
     "ImageNote",
     "ImageOccurrence",
     "InTotoProvenance",
+    "InTotoSlsaProvenanceV1",
     "InTotoStatement",
     "Jwt",
     "Layer",
@@ -181,6 +188,10 @@
     "Recipe",
     "RelatedUrl",
     "RepoId",
+    "SBOMReferenceNote",
+    "SBOMReferenceOccurrence",
+    "SbomReferenceIntotoPayload",
+    "SbomReferenceIntotoPredicate",
     "Severity",
     "Signature",
     "SlsaProvenance",

packages/grafeas/grafeas/grafeas_v1/services/grafeas/async_client.py

@@ -57,6 +57,7 @@
     grafeas,
     image,
     package,
+    sbom,
     upgrade,
     vex,
     vulnerability,

packages/grafeas/grafeas/grafeas_v1/services/grafeas/client.py

@@ -62,6 +62,7 @@
     grafeas,
     image,
     package,
+    sbom,
     upgrade,
     vex,
     vulnerability,

packages/grafeas/grafeas/grafeas_v1/services/grafeas/transports/rest.py

@@ -1141,6 +1141,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{name=projects/*/notes/*}",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{name=projects/*/locations/*/notes/*}",
+                },
             ]
             request, metadata = self._interceptor.pre_get_note(request, metadata)
             pb_request = grafeas.GetNoteRequest.pb(request)
@@ -1228,6 +1232,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{name=projects/*/occurrences/*}",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{name=projects/*/locations/*/occurrences/*}",
+                },
             ]
             request, metadata = self._interceptor.pre_get_occurrence(request, metadata)
             pb_request = grafeas.GetOccurrenceRequest.pb(request)
@@ -1316,6 +1324,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{name=projects/*/occurrences/*}/notes",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{name=projects/*/locations/*/occurrences/*}/notes",
+                },
             ]
             request, metadata = self._interceptor.pre_get_occurrence_note(
                 request, metadata
@@ -1406,6 +1418,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{name=projects/*/notes/*}/occurrences",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{name=projects/*/locations/*/notes/*}/occurrences",
+                },
             ]
             request, metadata = self._interceptor.pre_list_note_occurrences(
                 request, metadata
@@ -1493,6 +1509,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{parent=projects/*}/notes",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{parent=projects/*/locations/*}/notes",
+                },
             ]
             request, metadata = self._interceptor.pre_list_notes(request, metadata)
             pb_request = grafeas.ListNotesRequest.pb(request)
@@ -1578,6 +1598,10 @@ def __call__(
                     "method": "get",
                     "uri": "/v1/{parent=projects/*}/occurrences",
                 },
+                {
+                    "method": "get",
+                    "uri": "/v1/{parent=projects/*/locations/*}/occurrences",
+                },
             ]
             request, metadata = self._interceptor.pre_list_occurrences(
                 request, metadata

packages/grafeas/grafeas/grafeas_v1/types/__init__.py

@@ -66,7 +66,7 @@
     Metadata,
     Recipe,
 )
-from .intoto_statement import InTotoStatement, Subject
+from .intoto_statement import InTotoSlsaProvenanceV1, InTotoStatement, Subject
 from .package import (
     Architecture,
     Distribution,
@@ -90,6 +90,12 @@
     Source,
     SourceContext,
 )
+from .sbom import (
+    SbomReferenceIntotoPayload,
+    SbomReferenceIntotoPredicate,
+    SBOMReferenceNote,
+    SBOMReferenceOccurrence,
+)
 from .severity import Severity
 from .slsa_provenance import SlsaProvenance
 from .slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -154,6 +160,7 @@
     "InTotoProvenance",
     "Metadata",
     "Recipe",
+    "InTotoSlsaProvenanceV1",
     "InTotoStatement",
     "Subject",
     "Distribution",
@@ -175,6 +182,10 @@
     "RepoId",
     "Source",
     "SourceContext",
+    "SbomReferenceIntotoPayload",
+    "SbomReferenceIntotoPredicate",
+    "SBOMReferenceNote",
+    "SBOMReferenceOccurrence",
     "Severity",
     "SlsaProvenance",
     "SlsaProvenanceZeroTwo",

packages/grafeas/grafeas/grafeas_v1/types/build.py

@@ -77,6 +77,12 @@ class BuildOccurrence(proto.Message):
             intoto_statement can contain any type of provenance. The
             serialized payload of the statement can be stored and signed
             in the Occurrence's envelope.
+        in_toto_slsa_provenance_v1 (grafeas.grafeas_v1.types.InTotoSlsaProvenanceV1):
+            In-Toto Slsa Provenance V1 represents a slsa
+            provenance meeting the slsa spec, wrapped in an
+            in-toto statement. This allows for direct
+            jsonification of a to-spec in-toto slsa
+            statement with a to-spec slsa provenance.
     """
 
     provenance: g_provenance.BuildProvenance = proto.Field(
@@ -98,6 +104,11 @@ class BuildOccurrence(proto.Message):
         number=4,
         message=g_intoto_statement.InTotoStatement,
     )
+    in_toto_slsa_provenance_v1: g_intoto_statement.InTotoSlsaProvenanceV1 = proto.Field(
+        proto.MESSAGE,
+        number=5,
+        message=g_intoto_statement.InTotoSlsaProvenanceV1,
+    )
 
 
 __all__ = tuple(sorted(__protobuf__.manifest))

packages/grafeas/grafeas/grafeas_v1/types/common.py

@@ -68,6 +68,8 @@ class NoteKind(proto.Enum):
             This represents a DSSE attestation Note
         VULNERABILITY_ASSESSMENT (11):
             This represents a Vulnerability Assessment.
+        SBOM_REFERENCE (12):
+            This represents an SBOM Reference.
     """
     NOTE_KIND_UNSPECIFIED = 0
     VULNERABILITY = 1
@@ -81,6 +83,7 @@ class NoteKind(proto.Enum):
     COMPLIANCE = 9
     DSSE_ATTESTATION = 10
     VULNERABILITY_ASSESSMENT = 11
+    SBOM_REFERENCE = 12
 
 
 class RelatedUrl(proto.Message):

packages/grafeas/grafeas/grafeas_v1/types/compliance.py

@@ -58,6 +58,9 @@ class ComplianceNote(proto.Message):
         scan_instructions (bytes):
             Serialized scan instructions with a
             predefined format.
+        impact (str):
+
+            This field is a member of `oneof`_ ``potential_impact``.
     """
 
     class CisBenchmark(proto.Message):
@@ -111,6 +114,11 @@ class CisBenchmark(proto.Message):
         proto.BYTES,
         number=7,
     )
+    impact: str = proto.Field(
+        proto.STRING,
+        number=8,
+        oneof="potential_impact",
+    )
 
 
 class ComplianceVersion(proto.Message):

packages/grafeas/grafeas/grafeas_v1/types/discovery.py

@@ -78,6 +78,8 @@ class DiscoveryOccurrence(proto.Message):
         archive_time (google.protobuf.timestamp_pb2.Timestamp):
             The time occurrences related to this
             discovery occurrence were archived.
+        sbom_status (grafeas.grafeas_v1.types.DiscoveryOccurrence.SBOMStatus):
+            The status of an SBOM generation.
     """
 
     class ContinuousAnalysis(proto.Enum):
@@ -141,6 +143,42 @@ class AnalysisCompleted(proto.Message):
             number=1,
         )
 
+    class SBOMStatus(proto.Message):
+        r"""The status of an SBOM generation.
+
+        Attributes:
+            sbom_state (grafeas.grafeas_v1.types.DiscoveryOccurrence.SBOMStatus.SBOMState):
+                The progress of the SBOM generation.
+            error (str):
+                If there was an error generating an SBOM,
+                this will indicate what that error was.
+        """
+
+        class SBOMState(proto.Enum):
+            r"""An enum indicating the progress of the SBOM generation.
+
+            Values:
+                SBOM_STATE_UNSPECIFIED (0):
+                    Default unknown state.
+                PENDING (1):
+                    SBOM scanning is pending.
+                COMPLETE (2):
+                    SBOM scanning has completed.
+            """
+            SBOM_STATE_UNSPECIFIED = 0
+            PENDING = 1
+            COMPLETE = 2
+
+        sbom_state: "DiscoveryOccurrence.SBOMStatus.SBOMState" = proto.Field(
+            proto.ENUM,
+            number=1,
+            enum="DiscoveryOccurrence.SBOMStatus.SBOMState",
+        )
+        error: str = proto.Field(
+            proto.STRING,
+            number=2,
+        )
+
     continuous_analysis: ContinuousAnalysis = proto.Field(
         proto.ENUM,
         number=1,
@@ -180,6 +218,11 @@ class AnalysisCompleted(proto.Message):
         number=6,
         message=timestamp_pb2.Timestamp,
     )
+    sbom_status: SBOMStatus = proto.Field(
+        proto.MESSAGE,
+        number=9,
+        message=SBOMStatus,
+    )
 
 
 __all__ = tuple(sorted(__protobuf__.manifest))