From 4153effc0e2a8139d7b913d938a6161fce8eee98 Mon Sep 17 00:00:00 2001 From: Junaid Shaikh <64411220+genos1998@users.noreply.github.com> Date: Thu, 5 Dec 2024 02:19:46 +0530 Subject: [PATCH] feat: vulnrichment params (#20) --- common/schemaHelpers.go | 4 + common/upgradeSteps.go | 5 + october2024november2024/genqlient.yaml | 17 + october2024november2024/queries.graphql | 10 + october2024november2024/schema-generated.go | 60 + october2024november2024/schema.graphql | 6124 +++++++++++++++++++ october2024november2024/upgradesteps.go | 27 + schemas/november2024.go | 857 +++ 8 files changed, 7104 insertions(+) create mode 100644 october2024november2024/genqlient.yaml create mode 100644 october2024november2024/queries.graphql create mode 100644 october2024november2024/schema-generated.go create mode 100644 october2024november2024/schema.graphql create mode 100644 october2024november2024/upgradesteps.go create mode 100644 schemas/november2024.go diff --git a/common/schemaHelpers.go b/common/schemaHelpers.go index ad80d67..338a286 100644 --- a/common/schemaHelpers.go +++ b/common/schemaHelpers.go @@ -17,6 +17,7 @@ const ( August2024Version2 September2024Version October2024Version + November2024Version ) var SchemasString = map[SchemaOrder]string{ @@ -28,6 +29,7 @@ var SchemasString = map[SchemaOrder]string{ August2024Version2: schemas.August2024Version2, September2024Version: schemas.September2024Schema, October2024Version: schemas.October2024Schema, + November2024Version: schemas.November2024Schema, } var schemaOrderMap = map[string]SchemaOrder{ @@ -39,6 +41,7 @@ var schemaOrderMap = map[string]SchemaOrder{ "August2024V2": August2024Version2, "September2024": September2024Version, "October2024": October2024Version, + "November2024": November2024Version, } var expDgraphSchemaMap = map[int]bool{ @@ -50,6 +53,7 @@ var expDgraphSchemaMap = map[int]bool{ August2024Version2.Int(): false, September2024Version.Int(): false, October2024Version.Int(): false, + November2024Version.Int(): false, } func (e SchemaOrder) NameOfSchema() string { diff --git a/common/upgradeSteps.go b/common/upgradeSteps.go index add79aa..e698c62 100644 --- a/common/upgradeSteps.go +++ b/common/upgradeSteps.go @@ -13,6 +13,7 @@ import ( "upgradationScript/july2024august2024" "upgradationScript/june2024june2024v2" "upgradationScript/june2024v2july2024" + "upgradationScript/october2024november2024" "upgradationScript/september2024october2024" "upgradationScript/logger" @@ -163,6 +164,10 @@ func beginProcessOfUpgrade(upgradeTo SchemaOrder, isSecondDgraphRequired, isLast return september2024october2024.UpgradeToOctober2024(Conf.ProdGraphQLAddr, Conf.ProdDgraphToken, "", prodGraphqlClient) + case November2024Version: + + return october2024november2024.UpgradeToNovember2024(Conf.ProdGraphQLAddr, Conf.ProdDgraphToken, "", prodGraphqlClient) + } logger.Sl.Debugf("no upgrade steps for %s", upgradeTo.NameOfSchema()) diff --git a/october2024november2024/genqlient.yaml b/october2024november2024/genqlient.yaml new file mode 100644 index 0000000..e258b03 --- /dev/null +++ b/october2024november2024/genqlient.yaml @@ -0,0 +1,17 @@ +schema: schema.graphql +operations: +- queries.graphql +generated: schema-generated.go +package: october2024november2024 +use_struct_references: true +bindings: + Boolean: + type: "*bool" + DateTime: + type: "*time.Time" + Int64: + type: int64 + Int: + type: "*int" + ID: + type: "*string" \ No newline at end of file diff --git a/october2024november2024/queries.graphql b/october2024november2024/queries.graphql new file mode 100644 index 0000000..3475af4 --- /dev/null +++ b/october2024november2024/queries.graphql @@ -0,0 +1,10 @@ +mutation defaultVulnrichmentParams { + updateVulnerability( + input: { + set: { exploitation: "", automatable: "", technicalImpact: "" } + filter: { has: id } + } + ) { + numUids + } +} diff --git a/october2024november2024/schema-generated.go b/october2024november2024/schema-generated.go new file mode 100644 index 0000000..820b774 --- /dev/null +++ b/october2024november2024/schema-generated.go @@ -0,0 +1,60 @@ +// Code generated by github.com/Khan/genqlient, DO NOT EDIT. + +package october2024november2024 + +import ( + "context" + + "github.com/Khan/genqlient/graphql" +) + +// defaultVulnrichmentParamsResponse is returned by defaultVulnrichmentParams on success. +type defaultVulnrichmentParamsResponse struct { + UpdateVulnerability *defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload `json:"updateVulnerability"` +} + +// GetUpdateVulnerability returns defaultVulnrichmentParamsResponse.UpdateVulnerability, and is useful for accessing the field via an interface. +func (v *defaultVulnrichmentParamsResponse) GetUpdateVulnerability() *defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload { + return v.UpdateVulnerability +} + +// defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload includes the requested fields of the GraphQL type UpdateVulnerabilityPayload. +type defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload struct { + NumUids *int `json:"numUids"` +} + +// GetNumUids returns defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload.NumUids, and is useful for accessing the field via an interface. +func (v *defaultVulnrichmentParamsUpdateVulnerabilityUpdateVulnerabilityPayload) GetNumUids() *int { + return v.NumUids +} + +// The query or mutation executed by defaultVulnrichmentParams. +const defaultVulnrichmentParams_Operation = ` +mutation defaultVulnrichmentParams { + updateVulnerability(input: {set:{exploitation:"",automatable:"",technicalImpact:""},filter:{has:id}}) { + numUids + } +} +` + +func defaultVulnrichmentParams( + ctx_ context.Context, + client_ graphql.Client, +) (*defaultVulnrichmentParamsResponse, error) { + req_ := &graphql.Request{ + OpName: "defaultVulnrichmentParams", + Query: defaultVulnrichmentParams_Operation, + } + var err_ error + + var data_ defaultVulnrichmentParamsResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} diff --git a/october2024november2024/schema.graphql b/october2024november2024/schema.graphql new file mode 100644 index 0000000..5b779c5 --- /dev/null +++ b/october2024november2024/schema.graphql @@ -0,0 +1,6124 @@ +directive @id(interface: Boolean) on FIELD_DEFINITION + +directive @custom(http: CustomHTTP, dql: String) on FIELD_DEFINITION + +directive @dgraph(type: String, pred: String) on OBJECT | INTERFACE | FIELD_DEFINITION + +directive @lambdaOnMutate(add: Boolean, update: Boolean, delete: Boolean) on OBJECT | INTERFACE + +directive @generate(query: GenerateQueryParams, mutation: GenerateMutationParams, subscription: Boolean) on OBJECT | INTERFACE + +directive @auth(password: AuthRule, query: AuthRule, add: AuthRule, update: AuthRule, delete: AuthRule) on OBJECT | INTERFACE + +directive @remoteResponse(name: String) on FIELD_DEFINITION + +directive @cacheControl(maxAge: Int!) on QUERY + +directive @hasInverse(field: String!) on FIELD_DEFINITION + +directive @search(by: [DgraphIndex!]) on FIELD_DEFINITION + +directive @withSubscription on OBJECT | INTERFACE | FIELD_DEFINITION + +directive @secret(field: String!, pred: String) on OBJECT | INTERFACE + +directive @remote on OBJECT | INTERFACE | UNION | INPUT_OBJECT | ENUM + +directive @cascade(fields: [String]) on FIELD + +directive @lambda on FIELD_DEFINITION + +input AddApplicationDeploymentInput { + """id is randomly assigned""" + id: String! + + """ + platform will help us identify which image was actually deployed helping us identify the accurate sha + """ + platform: String + serviceUrl: String + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef! + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage! + + """source is argo, spinnaker etc""" + source: String! + + """component would be a service""" + component: String! + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef! + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type AddApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + numUids: Int +} + +input AddApplicationDeploymentRiskInput { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + postDeploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef! +} + +type AddApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + numUids: Int +} + +input AddApplicationEnvironmentInput { + """id is randomly assigned""" + id: String! + environment: EnvironmentRef + application: ApplicationRef! + deploymentTarget: DeploymentTargetRef! + namespace: String! + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type AddApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + numUids: Int +} + +input AddApplicationInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef! + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type AddApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + numUids: Int +} + +input AddApplicationRiskStatusInput { + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + postDeploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment: ApplicationEnvironmentRef! +} + +type AddApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + numUids: Int +} + +input AddArtifactInput { + id: String! + artifactType: String! + artifactName: String! + artifactTag: String! + artifactSha: String! + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + sourceDetails: SourceCodeToolRef + plugins: [BuildToolRef!] +} + +type AddArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + numUids: Int +} + +input AddArtifactRiskInput { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef! +} + +type AddArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + numUids: Int +} + +input AddArtifactScanDataInput { + id: String! + + """platform: String! @search(by: [exact]) -> add later""" + artifactSha: String! + artifactNameTag: String! + tool: String! + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] + artifactScanTS: [ArtifactScanDataTSRef!] +} + +type AddArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + numUids: Int +} + +input AddArtifactScanDataTSInput { + artifact: ArtifactScanDataRef! + timestamps: [DateTime!] + summary: [SecurityIssueAffectsSummaryRef!] +} + +type AddArtifactScanDataTSPayload { + artifactScanDataTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS] + numUids: Int +} + +input AddBuildToolInput { + """id is randomly assigned""" + id: String! + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String! + + """tool is jenkins etc""" + tool: String! + + """buildName is the name of the job/pipeline/action""" + buildName: String! + buildUrl: String! + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + buildPlugins: [ArtifactRef!] + sourceCodeTool: [SourceCodeToolRef!] + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime! +} + +type AddBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + numUids: Int +} + +input AddCommitMetaDataInput { + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef! +} + +type AddCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + numUids: Int +} + +input AddComponentAnalysisInput { + Name: String! + Components: [ComponentRef!] + Severity: Severity + SeverityInt: Int + Stars: Int + Forks: Int + Contributors: Int + VulnCritical: Int + VulnHigh: Int + VulnMedium: Int + VulnLow: Int + VulnOthers: Int + MeanTimeToRepair: Int + Licenses: [String!] + CreatedAt: DateTime + ScannedAt: DateTime + LastViewed: DateTime +} + +type AddComponentAnalysisPayload { + componentAnalysis(filter: ComponentAnalysisFilter, order: ComponentAnalysisOrder, first: Int, offset: Int): [ComponentAnalysis] + numUids: Int +} + +input AddComponentInput { + id: String! + type: String! + name: String! + version: String! + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + analysisRequired: Boolean + analysis: ComponentAnalysisRef + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +input AddComponentLicensesInput { + Name: String! + Category: String! +} + +type AddComponentLicensesPayload { + componentLicenses(filter: ComponentLicensesFilter, order: ComponentLicensesOrder, first: Int, offset: Int): [ComponentLicenses] + numUids: Int +} + +type AddComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + numUids: Int +} + +input AddCWEInput { + id: String! + name: String! + description: String +} + +type AddCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + numUids: Int +} + +input AddDeploymentTargetInput { + """id is randomly assigned""" + id: String! + name: String! + + """this would be the ip/server address of the target environment""" + ip: String! + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef! + defaultEnvironment: EnvironmentRef! +} + +type AddDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + numUids: Int +} + +input AddEnvironmentInput { + id: String! + organization: OrganizationRef! + purpose: String! +} + +type AddEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + numUids: Int +} + +input AddExceptionAffectsInput { + roles: [RoleRef!] + createdBy: String! + affectsTeam: TeamRef! + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime! + createdAt: DateTime! + updatedAt: DateTime! + reason: String! + status: String! + exception: ExceptionRef! + runHistories: [RunHistoryRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type AddExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + numUids: Int +} + +input AddExceptionInput { + roles: [RoleRef!] + type: String! + name: String! + affects: [ExceptionAffectsRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +type AddExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + numUids: Int +} + +input AddFeatureModeInput { + id: String! + organization: OrganizationRef! + key: String! + value: String! + category: String! + createdAt: DateTime! + updatedAt: DateTime! + integrator: IntegratorRef! +} + +type AddFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + numUids: Int +} + +input AddIntegratorConfigsInput { + name: String! + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef! +} + +type AddIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + numUids: Int +} + +input AddIntegratorInput { + id: String! + organization: OrganizationRef! + type: String! + category: String! + status: String! + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +input AddIntegratorKeyValuesInput { + key: String! + value: String! + encrypt: Boolean! +} + +type AddIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + numUids: Int +} + +type AddIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + numUids: Int +} + +input AddJiraInput { + jiraId: String! + url: String! + status: String! + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +type AddJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + numUids: Int +} + +input AddKeyValueInput { + id: String! + name: String! + value: String! + createdAt: DateTime! +} + +type AddKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + numUids: Int +} + +input AddOrganizationInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +type AddOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + numUids: Int +} + +input AddPolicyDefinitionInput { + id: String! + ownerOrg: OrganizationRef! + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! + category: String! + stage: String! + description: String! + scheduledPolicy: Boolean! + script: String! + variables: String + conditionName: String + suggestion: String +} + +type AddPolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + numUids: Int +} + +input AddPolicyEnforcementInput { + policy: PolicyDefinitionRef! + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean! + forceApply: Boolean + severity: Severity! + datasourceTool: String! + action: String! + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +type AddPolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + numUids: Int +} + +input AddPolicyEvaluationDataInput { + dataType: String! + rawData: String + vulnNode: VulnerabilityRef + affects: RunHistoryRef! +} + +type AddPolicyEvaluationDataPayload { + policyEvaluationData(filter: PolicyEvaluationDataFilter, order: PolicyEvaluationDataOrder, first: Int, offset: Int): [PolicyEvaluationData] + numUids: Int +} + +input AddRoleInput { + """id is randomly assigned""" + id: String! + + """group should be a URI format that includes a scope or realm""" + group: String! + permission: RolePermission! +} + +type AddRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + numUids: Int +} + +input AddRunHistoryInput { + policyId: String! + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String! + Stage: String! + Artifact: String! + ArtifactTag: String! + ArtifactSha: String! + ArtifactNameTag: String! + DatasourceTool: String! + CreatedAt: DateTime! + UpdatedAt: DateTime! + DeployedAt: DateTime! + Hash: String + Pass: Boolean! + EvalData: PolicyEvaluationDataRef + FileApi: String + AttachedJira: JiraRef + Status: String! + exception: ExceptionAffectsRef + scheduledPolicy: Boolean! + policyEnforcements: PolicyEnforcementRef! + securityIssue: SecurityIssueRef +} + +type AddRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + numUids: Int +} + +input AddScanFileResultInput { + name: String! + url: String! +} + +type AddScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + numUids: Int +} + +input AddSchemaVersionInput { + version: String! +} + +type AddSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + numUids: Int +} + +input AddSecurityIssueAffectsSummaryInput { + """only pre-deployment analysis or deployment analysis""" + type: String! + team: TeamRef + application: ApplicationRef + applicationEnvironment: ApplicationEnvironmentRef + service: String + currentDeployed: ApplicationDeploymentRef + artifactScanTS: [ArtifactScanDataTSRef!] + exception: ExceptionAffectsRef + securityIssue: SecurityIssueRef! +} + +type AddSecurityIssueAffectsSummaryPayload { + securityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary] + numUids: Int +} + +input AddSecurityIssueInput { + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity! + SeverityInt: Int! + CreatedAt: DateTime! + UpdatedAt: DateTime! + Action: String! + Reason: String + Error: String + policyEnforcements: PolicyEnforcementRef! + AttachedJira: JiraRef + Affects: [RunHistoryRef!] + Summary: [SecurityIssueAffectsSummaryRef!] +} + +type AddSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + numUids: Int +} + +input AddSourceCodeToolInput { + """id is randomly assigned""" + id: String! + createdAt: DateTime! + + """scm is the scm tool github/gitlab etc""" + scm: String! + + """repository is the git remote repository""" + repository: String! + + """branch is the git branch on which the artifact was built""" + branch: String! + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef! + sourceCodePath: String + sonarqubeProjectKey: String + artifactNode: ArtifactRef + + """digest is the sha of the artifact""" + digest: String! + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String +} + +type AddSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + numUids: Int +} + +input AddTagInput { + id: String! + tagName: String! + tagValue: String! + tagDescription: String + createdBy: String + createdAt: DateTime! + updatedAt: DateTime! + policies: [PolicyEnforcementRef!] +} + +type AddTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + numUids: Int +} + +input AddTeamInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + organization: OrganizationRef! + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type AddTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + numUids: Int +} + +input AddToolsUsedInput { + source: String + build: String + artifact: String + deploy: String + postdeploy: String + sbom: String + misc: [String!] +} + +type AddToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + numUids: Int +} + +input AddVulnerabilityInput { + id: String! + parent: String! + ratings: Severity + ratingsInt: Int + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + priorityInt: Int + epss: Float + cisa_kev: String + exploitation: String + automatable: String + technicalImpact: String + affects: [ComponentRef!] + policyEvaluation: [PolicyEvaluationDataRef!] +} + +type AddVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + numUids: Int +} + +type Application implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + environments(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment!] + team(filter: TeamFilter): Team! + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + metadata(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + hasSecurityIssues(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + environmentsAggregate(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + metadataAggregate(filter: KeyValueFilter): KeyValueAggregateResult + hasSecurityIssuesAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type ApplicationAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +""" +ApplicationDeployment tells us about the the artifact deployed along with its associated details. +""" +type ApplicationDeployment { + """id is randomly assigned""" + id: String! + + """ + platform will help us identify which image was actually deployed helping us identify the accurate sha + """ + platform: String + serviceUrl: String + + """artifact that is deployed""" + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact!] + applicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironment! + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage! + + """source is argo, spinnaker etc""" + source: String! + + """component would be a service""" + component: String! + + """user who deployed the artifact""" + deployedBy: String + + """ + toolsUsed contains tools of different stages of source, build, artifact and deploy along with some different tools + """ + toolsUsed(filter: ToolsUsedFilter): ToolsUsed! + + """deploymentRisk is the risk status of the deployment""" + deploymentRisk(filter: ApplicationDeploymentRiskFilter): ApplicationDeploymentRisk + + """policyRunHistory is the policy execution history for this deployment""" + policyRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + deploymentTags(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + hasSecurityIssues(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + artifactAggregate(filter: ArtifactFilter): ArtifactAggregateResult + policyRunHistoryAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + deploymentTagsAggregate(filter: KeyValueFilter): KeyValueAggregateResult + hasSecurityIssuesAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type ApplicationDeploymentAggregateResult { + count: Int + idMin: String + idMax: String + platformMin: String + platformMax: String + serviceUrlMin: String + serviceUrlMax: String + deployedAtMin: DateTime + deployedAtMax: DateTime + sourceMin: String + sourceMax: String + componentMin: String + componentMax: String + deployedByMin: String + deployedByMax: String +} + +input ApplicationDeploymentFilter { + id: StringHashFilter + platform: StringTermFilter + serviceUrl: StringTermFilter + deployedAt: DateTimeFilter + deploymentStage: DeploymentStage_exact + component: StringExactFilter_StringRegExpFilter + has: [ApplicationDeploymentHasFilter] + and: [ApplicationDeploymentFilter] + or: [ApplicationDeploymentFilter] + not: ApplicationDeploymentFilter +} + +enum ApplicationDeploymentHasFilter { + id + platform + serviceUrl + artifact + applicationEnvironment + deployedAt + deploymentStage + source + component + deployedBy + toolsUsed + deploymentRisk + policyRunHistory + deploymentTags + hasSecurityIssues +} + +input ApplicationDeploymentOrder { + asc: ApplicationDeploymentOrderable + desc: ApplicationDeploymentOrderable + then: ApplicationDeploymentOrder +} + +enum ApplicationDeploymentOrderable { + id + platform + serviceUrl + deployedAt + source + component + deployedBy +} + +input ApplicationDeploymentPatch { + """ + platform will help us identify which image was actually deployed helping us identify the accurate sha + """ + platform: String + serviceUrl: String + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage + + """source is argo, spinnaker etc""" + source: String + + """component would be a service""" + component: String + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input ApplicationDeploymentRef { + """id is randomly assigned""" + id: String + + """ + platform will help us identify which image was actually deployed helping us identify the accurate sha + """ + platform: String + serviceUrl: String + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage + + """source is argo, spinnaker etc""" + source: String + + """component would be a service""" + component: String + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +""" +ApplicationDeploymentRisk tells us about the risk status and alerts for different stages for an application deployment. +""" +type ApplicationDeploymentRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + postDeploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeployment! +} + +type ApplicationDeploymentRiskAggregateResult { + count: Int + sourceCodeAlertsScoreMin: Int + sourceCodeAlertsScoreMax: Int + sourceCodeAlertsScoreSum: Int + sourceCodeAlertsScoreAvg: Float + buildAlertsScoreMin: Int + buildAlertsScoreMax: Int + buildAlertsScoreSum: Int + buildAlertsScoreAvg: Float + artifactAlertsScoreMin: Int + artifactAlertsScoreMax: Int + artifactAlertsScoreSum: Int + artifactAlertsScoreAvg: Float + deploymentAlertsScoreMin: Int + deploymentAlertsScoreMax: Int + deploymentAlertsScoreSum: Int + deploymentAlertsScoreAvg: Float + postDeploymentAlertsScoreMin: Int + postDeploymentAlertsScoreMax: Int + postDeploymentAlertsScoreSum: Int + postDeploymentAlertsScoreAvg: Float +} + +input ApplicationDeploymentRiskFilter { + id: [ID!] + deploymentRiskStatus: RiskStatus_exact_StringRegExpFilter + has: [ApplicationDeploymentRiskHasFilter] + and: [ApplicationDeploymentRiskFilter] + or: [ApplicationDeploymentRiskFilter] + not: ApplicationDeploymentRiskFilter +} + +enum ApplicationDeploymentRiskHasFilter { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + postDeploymentAlertsScore + deploymentRiskStatus + applicationDeployment +} + +input ApplicationDeploymentRiskOrder { + asc: ApplicationDeploymentRiskOrderable + desc: ApplicationDeploymentRiskOrderable + then: ApplicationDeploymentRiskOrder +} + +enum ApplicationDeploymentRiskOrderable { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + postDeploymentAlertsScore +} + +input ApplicationDeploymentRiskPatch { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + postDeploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef +} + +input ApplicationDeploymentRiskRef { + id: ID + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + postDeploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef +} + +""" +ApplicationEnvironment is a running instance of an application down to the level of a namespace or its non k8s equivalent. +""" +type ApplicationEnvironment { + """id is randomly assigned""" + id: String! + + """environment denotes whether it is dev, prod, staging, non-prod etc""" + environment(filter: EnvironmentFilter): Environment + application(filter: ApplicationFilter): Application! + deploymentTarget(filter: DeploymentTargetFilter): DeploymentTarget! + namespace: String! + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment!] + riskStatus(filter: ApplicationRiskStatusFilter): ApplicationRiskStatus + metadata(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + hasSecurityIssues(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + deploymentsAggregate(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult + metadataAggregate(filter: KeyValueFilter): KeyValueAggregateResult + hasSecurityIssuesAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type ApplicationEnvironmentAggregateResult { + count: Int + idMin: String + idMax: String + namespaceMin: String + namespaceMax: String +} + +input ApplicationEnvironmentFilter { + id: StringHashFilter + namespace: StringExactFilter_StringRegExpFilter + has: [ApplicationEnvironmentHasFilter] + and: [ApplicationEnvironmentFilter] + or: [ApplicationEnvironmentFilter] + not: ApplicationEnvironmentFilter +} + +enum ApplicationEnvironmentHasFilter { + id + environment + application + deploymentTarget + namespace + toolsUsed + deployments + riskStatus + metadata + hasSecurityIssues +} + +input ApplicationEnvironmentOrder { + asc: ApplicationEnvironmentOrderable + desc: ApplicationEnvironmentOrderable + then: ApplicationEnvironmentOrder +} + +enum ApplicationEnvironmentOrderable { + id + namespace +} + +input ApplicationEnvironmentPatch { + environment: EnvironmentRef + application: ApplicationRef + deploymentTarget: DeploymentTargetRef + namespace: String + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input ApplicationEnvironmentRef { + """id is randomly assigned""" + id: String + environment: EnvironmentRef + application: ApplicationRef + deploymentTarget: DeploymentTargetRef + namespace: String + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input ApplicationFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + has: [ApplicationHasFilter] + and: [ApplicationFilter] + or: [ApplicationFilter] + not: ApplicationFilter +} + +enum ApplicationHasFilter { + id + name + roles + environments + team + policies + policyEnforcements + metadata + hasSecurityIssues +} + +input ApplicationOrder { + asc: ApplicationOrderable + desc: ApplicationOrderable + then: ApplicationOrder +} + +enum ApplicationOrderable { + id + name +} + +input ApplicationPatch { + name: String + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input ApplicationRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +""" +ApplicationRiskStatus tells us about the risk status and alerts for different stages for an application environment. +""" +type ApplicationRiskStatus { + id: ID! + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + postDeploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironment! +} + +type ApplicationRiskStatusAggregateResult { + count: Int + sourceCodeAlertsMin: Int + sourceCodeAlertsMax: Int + sourceCodeAlertsSum: Int + sourceCodeAlertsAvg: Float + buildAlertsMin: Int + buildAlertsMax: Int + buildAlertsSum: Int + buildAlertsAvg: Float + artifactAlertsMin: Int + artifactAlertsMax: Int + artifactAlertsSum: Int + artifactAlertsAvg: Float + deploymentAlertsMin: Int + deploymentAlertsMax: Int + deploymentAlertsSum: Int + deploymentAlertsAvg: Float + postDeploymentAlertsMin: Int + postDeploymentAlertsMax: Int + postDeploymentAlertsSum: Int + postDeploymentAlertsAvg: Float + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input ApplicationRiskStatusFilter { + id: [ID!] + riskStatus: RiskStatus_exact_StringRegExpFilter + has: [ApplicationRiskStatusHasFilter] + and: [ApplicationRiskStatusFilter] + or: [ApplicationRiskStatusFilter] + not: ApplicationRiskStatusFilter +} + +enum ApplicationRiskStatusHasFilter { + riskStatus + sourceCodeAlerts + buildAlerts + artifactAlerts + deploymentAlerts + postDeploymentAlerts + createdAt + updatedAt + applicationEnvironment +} + +input ApplicationRiskStatusOrder { + asc: ApplicationRiskStatusOrderable + desc: ApplicationRiskStatusOrderable + then: ApplicationRiskStatusOrder +} + +enum ApplicationRiskStatusOrderable { + sourceCodeAlerts + buildAlerts + artifactAlerts + deploymentAlerts + postDeploymentAlerts + createdAt + updatedAt +} + +input ApplicationRiskStatusPatch { + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + postDeploymentAlerts: Int + createdAt: DateTime + updatedAt: DateTime + applicationEnvironment: ApplicationEnvironmentRef +} + +input ApplicationRiskStatusRef { + id: ID + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + postDeploymentAlerts: Int + createdAt: DateTime + updatedAt: DateTime + applicationEnvironment: ApplicationEnvironmentRef +} + +type Artifact { + id: String! + artifactType: String! + artifactName: String! + artifactTag: String! + artifactSha: String! + scanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData!] + artifactDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment!] + sourceDetails(filter: SourceCodeToolFilter): SourceCodeTool + plugins(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool!] + scanDataAggregate(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult + artifactDeploymentAggregate(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult + pluginsAggregate(filter: BuildToolFilter): BuildToolAggregateResult +} + +type ArtifactAggregateResult { + count: Int + idMin: String + idMax: String + artifactTypeMin: String + artifactTypeMax: String + artifactNameMin: String + artifactNameMax: String + artifactTagMin: String + artifactTagMax: String + artifactShaMin: String + artifactShaMax: String +} + +input ArtifactFilter { + id: StringHashFilter + artifactType: StringExactFilter + artifactName: StringExactFilter_StringRegExpFilter + artifactTag: StringExactFilter_StringRegExpFilter + artifactSha: StringExactFilter + has: [ArtifactHasFilter] + and: [ArtifactFilter] + or: [ArtifactFilter] + not: ArtifactFilter +} + +enum ArtifactHasFilter { + id + artifactType + artifactName + artifactTag + artifactSha + scanData + artifactDeployment + sourceDetails + plugins +} + +input ArtifactOrder { + asc: ArtifactOrderable + desc: ArtifactOrderable + then: ArtifactOrder +} + +enum ArtifactOrderable { + id + artifactType + artifactName + artifactTag + artifactSha +} + +input ArtifactPatch { + artifactType: String + artifactName: String + artifactTag: String + artifactSha: String + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + sourceDetails: SourceCodeToolRef + plugins: [BuildToolRef!] +} + +input ArtifactRef { + id: String + artifactType: String + artifactName: String + artifactTag: String + artifactSha: String + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + sourceDetails: SourceCodeToolRef + plugins: [BuildToolRef!] +} + +type ArtifactRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult(filter: ArtifactScanDataFilter): ArtifactScanData! +} + +type ArtifactRiskAggregateResult { + count: Int + sourceCodeAlertsScoreMin: Int + sourceCodeAlertsScoreMax: Int + sourceCodeAlertsScoreSum: Int + sourceCodeAlertsScoreAvg: Float + buildAlertsScoreMin: Int + buildAlertsScoreMax: Int + buildAlertsScoreSum: Int + buildAlertsScoreAvg: Float + artifactAlertsScoreMin: Int + artifactAlertsScoreMax: Int + artifactAlertsScoreSum: Int + artifactAlertsScoreAvg: Float + deploymentAlertsScoreMin: Int + deploymentAlertsScoreMax: Int + deploymentAlertsScoreSum: Int + deploymentAlertsScoreAvg: Float +} + +input ArtifactRiskFilter { + id: [ID!] + artifactRiskStatus: RiskStatus_exact_StringRegExpFilter + has: [ArtifactRiskHasFilter] + and: [ArtifactRiskFilter] + or: [ArtifactRiskFilter] + not: ArtifactRiskFilter +} + +enum ArtifactRiskHasFilter { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + artifactRiskStatus + artifactScanResult +} + +input ArtifactRiskOrder { + asc: ArtifactRiskOrderable + desc: ArtifactRiskOrderable + then: ArtifactRiskOrder +} + +enum ArtifactRiskOrderable { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore +} + +input ArtifactRiskPatch { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef +} + +input ArtifactRiskRef { + id: ID + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef +} + +type ArtifactScanData { + id: String! + + """platform: String! @search(by: [exact]) -> add later""" + artifactSha: String! + artifactNameTag: String! + tool: String! + artifactDetails(filter: ArtifactFilter): Artifact + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult!] + artifactRisk(filter: ArtifactRiskFilter): ArtifactRisk + artifactRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + artifactTags(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + artifactScanTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS!] + componentsAggregate(filter: ComponentFilter): ComponentAggregateResult + scanFileAggregate(filter: ScanFileResultFilter): ScanFileResultAggregateResult + artifactRunHistoryAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + artifactTagsAggregate(filter: KeyValueFilter): KeyValueAggregateResult + artifactScanTSAggregate(filter: ArtifactScanDataTSFilter): ArtifactScanDataTSAggregateResult +} + +type ArtifactScanDataAggregateResult { + count: Int + idMin: String + idMax: String + artifactShaMin: String + artifactShaMax: String + artifactNameTagMin: String + artifactNameTagMax: String + toolMin: String + toolMax: String + lastScannedAtMin: DateTime + lastScannedAtMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + vulnTrackingIdMin: String + vulnTrackingIdMax: String + vulnScanStateMin: String + vulnScanStateMax: String + vulnCriticalCountMin: Int + vulnCriticalCountMax: Int + vulnCriticalCountSum: Int + vulnCriticalCountAvg: Float + vulnHighCountMin: Int + vulnHighCountMax: Int + vulnHighCountSum: Int + vulnHighCountAvg: Float + vulnMediumCountMin: Int + vulnMediumCountMax: Int + vulnMediumCountSum: Int + vulnMediumCountAvg: Float + vulnLowCountMin: Int + vulnLowCountMax: Int + vulnLowCountSum: Int + vulnLowCountAvg: Float + vulnInfoCountMin: Int + vulnInfoCountMax: Int + vulnInfoCountSum: Int + vulnInfoCountAvg: Float + vulnUnknownCountMin: Int + vulnUnknownCountMax: Int + vulnUnknownCountSum: Int + vulnUnknownCountAvg: Float + vulnNoneCountMin: Int + vulnNoneCountMax: Int + vulnNoneCountSum: Int + vulnNoneCountAvg: Float + vulnTotalCountMin: Int + vulnTotalCountMax: Int + vulnTotalCountSum: Int + vulnTotalCountAvg: Float +} + +input ArtifactScanDataFilter { + id: StringHashFilter + artifactSha: StringExactFilter + artifactNameTag: StringExactFilter_StringRegExpFilter + tool: StringExactFilter + vulnScanState: StringExactFilter + vulnCriticalCount: IntFilter + vulnHighCount: IntFilter + vulnMediumCount: IntFilter + vulnLowCount: IntFilter + vulnInfoCount: IntFilter + vulnUnknownCount: IntFilter + vulnNoneCount: IntFilter + vulnTotalCount: IntFilter + has: [ArtifactScanDataHasFilter] + and: [ArtifactScanDataFilter] + or: [ArtifactScanDataFilter] + not: ArtifactScanDataFilter +} + +enum ArtifactScanDataHasFilter { + id + artifactSha + artifactNameTag + tool + artifactDetails + lastScannedAt + createdAt + vulnTrackingId + vulnScanState + components + vulnCriticalCount + vulnHighCount + vulnMediumCount + vulnLowCount + vulnInfoCount + vulnUnknownCount + vulnNoneCount + vulnTotalCount + scanFile + artifactRisk + artifactRunHistory + artifactTags + artifactScanTS +} + +input ArtifactScanDataOrder { + asc: ArtifactScanDataOrderable + desc: ArtifactScanDataOrderable + then: ArtifactScanDataOrder +} + +enum ArtifactScanDataOrderable { + id + artifactSha + artifactNameTag + tool + lastScannedAt + createdAt + vulnTrackingId + vulnScanState + vulnCriticalCount + vulnHighCount + vulnMediumCount + vulnLowCount + vulnInfoCount + vulnUnknownCount + vulnNoneCount + vulnTotalCount +} + +input ArtifactScanDataPatch { + """platform: String! @search(by: [exact]) -> add later""" + artifactSha: String + artifactNameTag: String + tool: String + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] + artifactScanTS: [ArtifactScanDataTSRef!] +} + +input ArtifactScanDataRef { + id: String + + """platform: String! @search(by: [exact]) -> add later""" + artifactSha: String + artifactNameTag: String + tool: String + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] + artifactScanTS: [ArtifactScanDataTSRef!] +} + +type ArtifactScanDataTS { + id: ID! + artifact(filter: ArtifactScanDataFilter): ArtifactScanData! + timestamps: [DateTime!] + summary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + summaryAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type ArtifactScanDataTSAggregateResult { + count: Int +} + +input ArtifactScanDataTSFilter { + id: [ID!] + timestamps: DateTimeFilter + has: [ArtifactScanDataTSHasFilter] + and: [ArtifactScanDataTSFilter] + or: [ArtifactScanDataTSFilter] + not: ArtifactScanDataTSFilter +} + +enum ArtifactScanDataTSHasFilter { + artifact + timestamps + summary +} + +input ArtifactScanDataTSPatch { + artifact: ArtifactScanDataRef + timestamps: [DateTime!] + summary: [SecurityIssueAffectsSummaryRef!] +} + +input ArtifactScanDataTSRef { + id: ID + artifact: ArtifactScanDataRef + timestamps: [DateTime!] + summary: [SecurityIssueAffectsSummaryRef!] +} + +input AuthRule { + and: [AuthRule] + or: [AuthRule] + not: AuthRule + rule: String +} + +"""BuildTool contains data from build tool events.""" +type BuildTool { + """id is randomly assigned""" + id: String! + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String! + + """tool is jenkins etc""" + tool: String! + + """buildName is the name of the job/pipeline/action""" + buildName: String! + buildUrl: String! + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + + """plugins used at the build time""" + buildPlugins(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact!] + + """sourceCodeTool links a BuildTool node to the source details""" + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool!] + + """commitMetaData links a BuildTool node to the git commit based details""" + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData!] + createdAt: DateTime! + buildPluginsAggregate(filter: ArtifactFilter): ArtifactAggregateResult + sourceCodeToolAggregate(filter: SourceCodeToolFilter): SourceCodeToolAggregateResult + commitMetaDataAggregate(filter: CommitMetaDataFilter): CommitMetaDataAggregateResult +} + +type BuildToolAggregateResult { + count: Int + idMin: String + idMax: String + buildIdMin: String + buildIdMax: String + toolMin: String + toolMax: String + buildNameMin: String + buildNameMax: String + buildUrlMin: String + buildUrlMax: String + buildTimeMin: DateTime + buildTimeMax: DateTime + buildUserMin: String + buildUserMax: String + createdAtMin: DateTime + createdAtMax: DateTime +} + +input BuildToolFilter { + id: StringHashFilter + buildId: StringExactFilter_StringRegExpFilter + tool: StringExactFilter + buildName: StringExactFilter_StringRegExpFilter + buildUrl: StringExactFilter_StringRegExpFilter + has: [BuildToolHasFilter] + and: [BuildToolFilter] + or: [BuildToolFilter] + not: BuildToolFilter +} + +enum BuildToolHasFilter { + id + buildId + tool + buildName + buildUrl + buildTime + buildUser + buildPlugins + sourceCodeTool + commitMetaData + createdAt +} + +input BuildToolOrder { + asc: BuildToolOrderable + desc: BuildToolOrderable + then: BuildToolOrder +} + +enum BuildToolOrderable { + id + buildId + tool + buildName + buildUrl + buildTime + buildUser + createdAt +} + +input BuildToolPatch { + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String + + """tool is jenkins etc""" + tool: String + + """buildName is the name of the job/pipeline/action""" + buildName: String + buildUrl: String + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + buildPlugins: [ArtifactRef!] + sourceCodeTool: [SourceCodeToolRef!] + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime +} + +input BuildToolRef { + """id is randomly assigned""" + id: String + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String + + """tool is jenkins etc""" + tool: String + + """buildName is the name of the job/pipeline/action""" + buildName: String + buildUrl: String + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + buildPlugins: [ArtifactRef!] + sourceCodeTool: [SourceCodeToolRef!] + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime +} + +""" +CommitMetaData contains the git commit related details of the source repository . +""" +type CommitMetaData { + """id is randomly assigned""" + id: ID! + + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool(filter: BuildToolFilter): BuildTool! +} + +type CommitMetaDataAggregateResult { + count: Int + commitMin: String + commitMax: String + repositoryMin: String + repositoryMax: String + noOfReviewersConfMin: Int + noOfReviewersConfMax: Int + noOfReviewersConfSum: Int + noOfReviewersConfAvg: Float +} + +input CommitMetaDataFilter { + id: [ID!] + has: [CommitMetaDataHasFilter] + and: [CommitMetaDataFilter] + or: [CommitMetaDataFilter] + not: CommitMetaDataFilter +} + +enum CommitMetaDataHasFilter { + commit + repository + commitSign + noOfReviewersConf + reviewerList + approverList + buildTool +} + +input CommitMetaDataOrder { + asc: CommitMetaDataOrderable + desc: CommitMetaDataOrderable + then: CommitMetaDataOrder +} + +enum CommitMetaDataOrderable { + commit + repository + noOfReviewersConf +} + +input CommitMetaDataPatch { + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef +} + +input CommitMetaDataRef { + """id is randomly assigned""" + id: ID + + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef +} + +type Component { + id: String! + type: String! + name: String! + version: String! + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + analysisRequired: Boolean + analysis(filter: ComponentAnalysisFilter): ComponentAnalysis + vulnerabilities(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability!] + artifacts(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData!] + vulnerabilitiesAggregate(filter: VulnerabilityFilter): VulnerabilityAggregateResult + artifactsAggregate(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult +} + +type ComponentAggregateResult { + count: Int + idMin: String + idMax: String + typeMin: String + typeMax: String + nameMin: String + nameMax: String + versionMin: String + versionMax: String + purlMin: String + purlMax: String + cpeMin: String + cpeMax: String + scannedAtMin: DateTime + scannedAtMax: DateTime +} + +type ComponentAnalysis { + Id: ID! + Name: String! + Components(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component!] + Severity: Severity + SeverityInt: Int + Stars: Int + Forks: Int + Contributors: Int + VulnCritical: Int + VulnHigh: Int + VulnMedium: Int + VulnLow: Int + VulnOthers: Int + MeanTimeToRepair: Int + Licenses: [String!] + CreatedAt: DateTime + ScannedAt: DateTime + LastViewed: DateTime + ComponentsAggregate(filter: ComponentFilter): ComponentAggregateResult +} + +type ComponentAnalysisAggregateResult { + count: Int + NameMin: String + NameMax: String + SeverityIntMin: Int + SeverityIntMax: Int + SeverityIntSum: Int + SeverityIntAvg: Float + StarsMin: Int + StarsMax: Int + StarsSum: Int + StarsAvg: Float + ForksMin: Int + ForksMax: Int + ForksSum: Int + ForksAvg: Float + ContributorsMin: Int + ContributorsMax: Int + ContributorsSum: Int + ContributorsAvg: Float + VulnCriticalMin: Int + VulnCriticalMax: Int + VulnCriticalSum: Int + VulnCriticalAvg: Float + VulnHighMin: Int + VulnHighMax: Int + VulnHighSum: Int + VulnHighAvg: Float + VulnMediumMin: Int + VulnMediumMax: Int + VulnMediumSum: Int + VulnMediumAvg: Float + VulnLowMin: Int + VulnLowMax: Int + VulnLowSum: Int + VulnLowAvg: Float + VulnOthersMin: Int + VulnOthersMax: Int + VulnOthersSum: Int + VulnOthersAvg: Float + MeanTimeToRepairMin: Int + MeanTimeToRepairMax: Int + MeanTimeToRepairSum: Int + MeanTimeToRepairAvg: Float + CreatedAtMin: DateTime + CreatedAtMax: DateTime + ScannedAtMin: DateTime + ScannedAtMax: DateTime + LastViewedMin: DateTime + LastViewedMax: DateTime +} + +input ComponentAnalysisFilter { + Id: [ID!] + Name: StringExactFilter_StringRegExpFilter + Severity: Severity_exact_StringRegExpFilter + SeverityInt: IntFilter + Stars: IntFilter + Forks: IntFilter + Contributors: IntFilter + VulnCritical: IntFilter + VulnHigh: IntFilter + VulnMedium: IntFilter + VulnLow: IntFilter + VulnOthers: IntFilter + MeanTimeToRepair: IntFilter + Licenses: StringExactFilter_StringRegExpFilter + LastViewed: DateTimeFilter + has: [ComponentAnalysisHasFilter] + and: [ComponentAnalysisFilter] + or: [ComponentAnalysisFilter] + not: ComponentAnalysisFilter +} + +enum ComponentAnalysisHasFilter { + Name + Components + Severity + SeverityInt + Stars + Forks + Contributors + VulnCritical + VulnHigh + VulnMedium + VulnLow + VulnOthers + MeanTimeToRepair + Licenses + CreatedAt + ScannedAt + LastViewed +} + +input ComponentAnalysisOrder { + asc: ComponentAnalysisOrderable + desc: ComponentAnalysisOrderable + then: ComponentAnalysisOrder +} + +enum ComponentAnalysisOrderable { + Name + SeverityInt + Stars + Forks + Contributors + VulnCritical + VulnHigh + VulnMedium + VulnLow + VulnOthers + MeanTimeToRepair + CreatedAt + ScannedAt + LastViewed +} + +input ComponentAnalysisPatch { + Name: String + Components: [ComponentRef!] + Severity: Severity + SeverityInt: Int + Stars: Int + Forks: Int + Contributors: Int + VulnCritical: Int + VulnHigh: Int + VulnMedium: Int + VulnLow: Int + VulnOthers: Int + MeanTimeToRepair: Int + Licenses: [String!] + CreatedAt: DateTime + ScannedAt: DateTime + LastViewed: DateTime +} + +input ComponentAnalysisRef { + Id: ID + Name: String + Components: [ComponentRef!] + Severity: Severity + SeverityInt: Int + Stars: Int + Forks: Int + Contributors: Int + VulnCritical: Int + VulnHigh: Int + VulnMedium: Int + VulnLow: Int + VulnOthers: Int + MeanTimeToRepair: Int + Licenses: [String!] + CreatedAt: DateTime + ScannedAt: DateTime + LastViewed: DateTime +} + +input ComponentFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + version: StringExactFilter_StringRegExpFilter + purl: StringExactFilter + cpe: StringExactFilter + analysisRequired: Boolean + has: [ComponentHasFilter] + and: [ComponentFilter] + or: [ComponentFilter] + not: ComponentFilter +} + +enum ComponentHasFilter { + id + type + name + version + licenses + purl + cpe + scannedAt + analysisRequired + analysis + vulnerabilities + artifacts +} + +type ComponentLicenses { + Id: ID! + Name: String! + Category: String! +} + +type ComponentLicensesAggregateResult { + count: Int + NameMin: String + NameMax: String + CategoryMin: String + CategoryMax: String +} + +input ComponentLicensesFilter { + Id: [ID!] + Name: StringExactFilter_StringRegExpFilter + Category: StringExactFilter_StringRegExpFilter + has: [ComponentLicensesHasFilter] + and: [ComponentLicensesFilter] + or: [ComponentLicensesFilter] + not: ComponentLicensesFilter +} + +enum ComponentLicensesHasFilter { + Name + Category +} + +input ComponentLicensesOrder { + asc: ComponentLicensesOrderable + desc: ComponentLicensesOrderable + then: ComponentLicensesOrder +} + +enum ComponentLicensesOrderable { + Name + Category +} + +input ComponentLicensesPatch { + Name: String + Category: String +} + +input ComponentLicensesRef { + Id: ID + Name: String + Category: String +} + +input ComponentOrder { + asc: ComponentOrderable + desc: ComponentOrderable + then: ComponentOrder +} + +enum ComponentOrderable { + id + type + name + version + purl + cpe + scannedAt +} + +input ComponentPatch { + type: String + name: String + version: String + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + analysisRequired: Boolean + analysis: ComponentAnalysisRef + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +input ComponentRef { + id: String + type: String + name: String + version: String + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + analysisRequired: Boolean + analysis: ComponentAnalysisRef + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +input ContainsFilter { + point: PointRef + polygon: PolygonRef +} + +input CustomHTTP { + url: String! + method: HTTPMethod! + body: String + graphql: String + mode: Mode + forwardHeaders: [String!] + secretHeaders: [String!] + introspectionHeaders: [String!] + skipIntrospection: Boolean +} + +type CWE { + id: String! + name: String! + description: String +} + +type CWEAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + descriptionMin: String + descriptionMax: String +} + +input CWEFilter { + id: StringHashFilter + has: [CWEHasFilter] + and: [CWEFilter] + or: [CWEFilter] + not: CWEFilter +} + +enum CWEHasFilter { + id + name + description +} + +input CWEOrder { + asc: CWEOrderable + desc: CWEOrderable + then: CWEOrder +} + +enum CWEOrderable { + id + name + description +} + +input CWEPatch { + name: String + description: String +} + +input CWERef { + id: String + name: String + description: String +} + +""" +The DateTime scalar type represents date and time as a string in RFC3339 format. +For example: "1985-04-12T23:20:50.52Z" represents 20 mins 50.52 secs after the 23rd hour of Apr 12th 1985 in UTC. +""" +scalar DateTime + +input DateTimeFilter { + eq: DateTime + in: [DateTime] + le: DateTime + lt: DateTime + ge: DateTime + gt: DateTime + between: DateTimeRange +} + +input DateTimeRange { + min: DateTime! + max: DateTime! +} + +type DeleteApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + msg: String + numUids: Int +} + +type DeleteApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + msg: String + numUids: Int +} + +type DeleteApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + msg: String + numUids: Int +} + +type DeleteApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + msg: String + numUids: Int +} + +type DeleteApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + msg: String + numUids: Int +} + +type DeleteArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + msg: String + numUids: Int +} + +type DeleteArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + msg: String + numUids: Int +} + +type DeleteArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + msg: String + numUids: Int +} + +type DeleteArtifactScanDataTSPayload { + artifactScanDataTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS] + msg: String + numUids: Int +} + +type DeleteBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + msg: String + numUids: Int +} + +type DeleteCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + msg: String + numUids: Int +} + +type DeleteComponentAnalysisPayload { + componentAnalysis(filter: ComponentAnalysisFilter, order: ComponentAnalysisOrder, first: Int, offset: Int): [ComponentAnalysis] + msg: String + numUids: Int +} + +type DeleteComponentLicensesPayload { + componentLicenses(filter: ComponentLicensesFilter, order: ComponentLicensesOrder, first: Int, offset: Int): [ComponentLicenses] + msg: String + numUids: Int +} + +type DeleteComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + msg: String + numUids: Int +} + +type DeleteCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + msg: String + numUids: Int +} + +type DeleteDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + msg: String + numUids: Int +} + +type DeleteEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + msg: String + numUids: Int +} + +type DeleteExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + msg: String + numUids: Int +} + +type DeleteExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + msg: String + numUids: Int +} + +type DeleteFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + msg: String + numUids: Int +} + +type DeleteIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + msg: String + numUids: Int +} + +type DeleteIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + msg: String + numUids: Int +} + +type DeleteIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + msg: String + numUids: Int +} + +type DeleteJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + msg: String + numUids: Int +} + +type DeleteKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + msg: String + numUids: Int +} + +type DeleteOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + msg: String + numUids: Int +} + +type DeletePolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + msg: String + numUids: Int +} + +type DeletePolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + msg: String + numUids: Int +} + +type DeletePolicyEvaluationDataPayload { + policyEvaluationData(filter: PolicyEvaluationDataFilter, order: PolicyEvaluationDataOrder, first: Int, offset: Int): [PolicyEvaluationData] + msg: String + numUids: Int +} + +type DeleteRBACPayload { + rBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + msg: String + numUids: Int +} + +type DeleteRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + msg: String + numUids: Int +} + +type DeleteRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + msg: String + numUids: Int +} + +type DeleteScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + msg: String + numUids: Int +} + +type DeleteSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + msg: String + numUids: Int +} + +type DeleteSecurityIssueAffectsSummaryPayload { + securityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary] + msg: String + numUids: Int +} + +type DeleteSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + msg: String + numUids: Int +} + +type DeleteSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + msg: String + numUids: Int +} + +type DeleteTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + msg: String + numUids: Int +} + +type DeleteTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + msg: String + numUids: Int +} + +type DeleteToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + msg: String + numUids: Int +} + +type DeleteVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + msg: String + numUids: Int +} + +"""DeploymentStage is an enum denoting the stage of the deployment. .""" +enum DeploymentStage { + """deployment is discovered from the events""" + discovered + + """scanning is under process""" + scanning + + """ + deployment is known to have passed the deployment firewall and the deployment(ie the artifact) is live + """ + current + + """ + deployment becomes a past deployment because another fresh deployment has happened + """ + previous + + """deployment is blocked by the firewall""" + blocked +} + +input DeploymentStage_exact { + eq: DeploymentStage + in: [DeploymentStage] + le: DeploymentStage + lt: DeploymentStage + ge: DeploymentStage + gt: DeploymentStage + between: DeploymentStage +} + +""" +DeploymentTarget describes a single place that things can be deployed into, +such as an AWS account or a Kubernetes cluster. +""" +type DeploymentTarget { + """id is randomly assigned""" + id: String! + name: String! + + """this would be the ip/server address of the target environment""" + ip: String! + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization(filter: OrganizationFilter): Organization! + defaultEnvironment(filter: EnvironmentFilter): Environment! +} + +type DeploymentTargetAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + ipMin: String + ipMax: String + accountMin: String + accountMax: String + targetTypeMin: String + targetTypeMax: String + regionMin: String + regionMax: String + kubescapeServiceConnectedMin: String + kubescapeServiceConnectedMax: String +} + +input DeploymentTargetFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + ip: StringExactFilter + has: [DeploymentTargetHasFilter] + and: [DeploymentTargetFilter] + or: [DeploymentTargetFilter] + not: DeploymentTargetFilter +} + +enum DeploymentTargetHasFilter { + id + name + ip + account + targetType + region + kubescapeServiceConnected + isFirewall + organization + defaultEnvironment +} + +input DeploymentTargetOrder { + asc: DeploymentTargetOrderable + desc: DeploymentTargetOrderable + then: DeploymentTargetOrder +} + +enum DeploymentTargetOrderable { + id + name + ip + account + targetType + region + kubescapeServiceConnected +} + +input DeploymentTargetPatch { + name: String + + """this would be the ip/server address of the target environment""" + ip: String + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef + defaultEnvironment: EnvironmentRef +} + +input DeploymentTargetRef { + """id is randomly assigned""" + id: String + name: String + + """this would be the ip/server address of the target environment""" + ip: String + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef + defaultEnvironment: EnvironmentRef +} + +enum DgraphIndex { + int + int64 + float + bool + hash + exact + term + fulltext + trigram + regexp + year + month + day + hour + geo +} + +"""Environment can be things like dev, prod, staging etc.""" +type Environment { + id: String! + organization(filter: OrganizationFilter): Organization! + purpose: String! +} + +type EnvironmentAggregateResult { + count: Int + idMin: String + idMax: String + purposeMin: String + purposeMax: String +} + +input EnvironmentFilter { + id: StringHashFilter + purpose: StringExactFilter_StringRegExpFilter + has: [EnvironmentHasFilter] + and: [EnvironmentFilter] + or: [EnvironmentFilter] + not: EnvironmentFilter +} + +enum EnvironmentHasFilter { + id + organization + purpose +} + +input EnvironmentOrder { + asc: EnvironmentOrderable + desc: EnvironmentOrderable + then: EnvironmentOrder +} + +enum EnvironmentOrderable { + id + purpose +} + +input EnvironmentPatch { + organization: OrganizationRef + purpose: String +} + +input EnvironmentRef { + id: String + organization: OrganizationRef + purpose: String +} + +type Exception implements RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + id: ID! + type: String! + name: String! + affects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects!] + createdAt: DateTime! + updatedAt: DateTime! + rolesAggregate(filter: RoleFilter): RoleAggregateResult + affectsAggregate(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult +} + +type ExceptionAffects implements RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + id: ID! + createdBy: String! + affectsTeam(filter: TeamFilter): Team! + affectsApplication(filter: ApplicationFilter): Application + affectsServices: [String!] + validUpTo: DateTime! + createdAt: DateTime! + updatedAt: DateTime! + reason: String! + status: String! + exception(filter: ExceptionFilter): Exception! + runHistories(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + hasSecurityIssues(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + runHistoriesAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + hasSecurityIssuesAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type ExceptionAffectsAggregateResult { + count: Int + createdByMin: String + createdByMax: String + validUpToMin: DateTime + validUpToMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime + reasonMin: String + reasonMax: String + statusMin: String + statusMax: String +} + +input ExceptionAffectsFilter { + id: [ID!] + createdBy: StringExactFilter_StringRegExpFilter + affectsServices: StringExactFilter_StringRegExpFilter + validUpTo: DateTimeFilter + createdAt: DateTimeFilter + updatedAt: DateTimeFilter + reason: StringExactFilter_StringRegExpFilter + status: StringExactFilter_StringRegExpFilter + has: [ExceptionAffectsHasFilter] + and: [ExceptionAffectsFilter] + or: [ExceptionAffectsFilter] + not: ExceptionAffectsFilter +} + +enum ExceptionAffectsHasFilter { + roles + createdBy + affectsTeam + affectsApplication + affectsServices + validUpTo + createdAt + updatedAt + reason + status + exception + runHistories + hasSecurityIssues +} + +input ExceptionAffectsOrder { + asc: ExceptionAffectsOrderable + desc: ExceptionAffectsOrderable + then: ExceptionAffectsOrder +} + +enum ExceptionAffectsOrderable { + createdBy + validUpTo + createdAt + updatedAt + reason + status +} + +input ExceptionAffectsPatch { + roles: [RoleRef!] + createdBy: String + affectsTeam: TeamRef + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime + createdAt: DateTime + updatedAt: DateTime + reason: String + status: String + exception: ExceptionRef + runHistories: [RunHistoryRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input ExceptionAffectsRef { + id: ID + roles: [RoleRef!] + createdBy: String + affectsTeam: TeamRef + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime + createdAt: DateTime + updatedAt: DateTime + reason: String + status: String + exception: ExceptionRef + runHistories: [RunHistoryRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type ExceptionAggregateResult { + count: Int + typeMin: String + typeMax: String + nameMin: String + nameMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input ExceptionFilter { + id: [ID!] + type: StringExactFilter_StringRegExpFilter + name: StringExactFilter_StringRegExpFilter + createdAt: DateTimeFilter + updatedAt: DateTimeFilter + has: [ExceptionHasFilter] + and: [ExceptionFilter] + or: [ExceptionFilter] + not: ExceptionFilter +} + +enum ExceptionHasFilter { + roles + type + name + affects + createdAt + updatedAt +} + +input ExceptionOrder { + asc: ExceptionOrderable + desc: ExceptionOrderable + then: ExceptionOrder +} + +enum ExceptionOrderable { + type + name + createdAt + updatedAt +} + +input ExceptionPatch { + roles: [RoleRef!] + type: String + name: String + affects: [ExceptionAffectsRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input ExceptionRef { + id: ID + roles: [RoleRef!] + type: String + name: String + affects: [ExceptionAffectsRef!] + createdAt: DateTime + updatedAt: DateTime +} + +type FeatureMode { + id: String! + organization(filter: OrganizationFilter): Organization! + key: String! + value: String! + category: String! + createdAt: DateTime! + updatedAt: DateTime! + integrator(filter: IntegratorFilter): Integrator! +} + +type FeatureModeAggregateResult { + count: Int + idMin: String + idMax: String + keyMin: String + keyMax: String + valueMin: String + valueMax: String + categoryMin: String + categoryMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input FeatureModeFilter { + id: StringHashFilter + key: StringExactFilter + value: StringExactFilter + category: StringExactFilter + has: [FeatureModeHasFilter] + and: [FeatureModeFilter] + or: [FeatureModeFilter] + not: FeatureModeFilter +} + +enum FeatureModeHasFilter { + id + organization + key + value + category + createdAt + updatedAt + integrator +} + +input FeatureModeOrder { + asc: FeatureModeOrderable + desc: FeatureModeOrderable + then: FeatureModeOrder +} + +enum FeatureModeOrderable { + id + key + value + category + createdAt + updatedAt +} + +input FeatureModePatch { + organization: OrganizationRef + key: String + value: String + category: String + createdAt: DateTime + updatedAt: DateTime + integrator: IntegratorRef +} + +input FeatureModeRef { + id: String + organization: OrganizationRef + key: String + value: String + category: String + createdAt: DateTime + updatedAt: DateTime + integrator: IntegratorRef +} + +input FloatFilter { + eq: Float + in: [Float] + le: Float + lt: Float + ge: Float + gt: Float + between: FloatRange +} + +input FloatRange { + min: Float! + max: Float! +} + +input GenerateMutationParams { + add: Boolean + update: Boolean + delete: Boolean +} + +input GenerateQueryParams { + get: Boolean + query: Boolean + password: Boolean + aggregate: Boolean +} + +enum HTTPMethod { + GET + POST + PUT + PATCH + DELETE +} + +""" +The Int64 scalar type represents a signed 64‐bit numeric non‐fractional value. +Int64 can represent values in range [-(2^63),(2^63 - 1)]. +""" +scalar Int64 + +input Int64Filter { + eq: Int64 + in: [Int64] + le: Int64 + lt: Int64 + ge: Int64 + gt: Int64 + between: Int64Range +} + +input Int64Range { + min: Int64! + max: Int64! +} + +type Integrator { + id: String! + organization(filter: OrganizationFilter): Organization! + type: String! + category: String! + status: String! + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs!] + featureConfigs(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode!] + createdAt: DateTime! + updatedAt: DateTime! + integratorConfigsAggregate(filter: IntegratorConfigsFilter): IntegratorConfigsAggregateResult + featureConfigsAggregate(filter: FeatureModeFilter): FeatureModeAggregateResult +} + +type IntegratorAggregateResult { + count: Int + idMin: String + idMax: String + typeMin: String + typeMax: String + categoryMin: String + categoryMax: String + statusMin: String + statusMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +type IntegratorConfigs { + id: ID! + name: String! + configs(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues!] + integrator(filter: IntegratorFilter): Integrator! + configsAggregate(filter: IntegratorKeyValuesFilter): IntegratorKeyValuesAggregateResult +} + +type IntegratorConfigsAggregateResult { + count: Int + nameMin: String + nameMax: String +} + +input IntegratorConfigsFilter { + id: [ID!] + name: StringExactFilter + has: [IntegratorConfigsHasFilter] + and: [IntegratorConfigsFilter] + or: [IntegratorConfigsFilter] + not: IntegratorConfigsFilter +} + +enum IntegratorConfigsHasFilter { + name + configs + integrator +} + +input IntegratorConfigsOrder { + asc: IntegratorConfigsOrderable + desc: IntegratorConfigsOrderable + then: IntegratorConfigsOrder +} + +enum IntegratorConfigsOrderable { + name +} + +input IntegratorConfigsPatch { + name: String + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef +} + +input IntegratorConfigsRef { + id: ID + name: String + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef +} + +input IntegratorFilter { + id: StringHashFilter + type: StringExactFilter + category: StringExactFilter + status: StringExactFilter + has: [IntegratorHasFilter] + and: [IntegratorFilter] + or: [IntegratorFilter] + not: IntegratorFilter +} + +enum IntegratorHasFilter { + id + organization + type + category + status + integratorConfigs + featureConfigs + createdAt + updatedAt +} + +type IntegratorKeyValues { + key: String! + value: String! + encrypt: Boolean! +} + +type IntegratorKeyValuesAggregateResult { + count: Int + keyMin: String + keyMax: String + valueMin: String + valueMax: String +} + +input IntegratorKeyValuesFilter { + key: StringExactFilter + value: StringExactFilter + has: [IntegratorKeyValuesHasFilter] + and: [IntegratorKeyValuesFilter] + or: [IntegratorKeyValuesFilter] + not: IntegratorKeyValuesFilter +} + +enum IntegratorKeyValuesHasFilter { + key + value + encrypt +} + +input IntegratorKeyValuesOrder { + asc: IntegratorKeyValuesOrderable + desc: IntegratorKeyValuesOrderable + then: IntegratorKeyValuesOrder +} + +enum IntegratorKeyValuesOrderable { + key + value +} + +input IntegratorKeyValuesPatch { + key: String + value: String + encrypt: Boolean +} + +input IntegratorKeyValuesRef { + key: String + value: String + encrypt: Boolean +} + +input IntegratorOrder { + asc: IntegratorOrderable + desc: IntegratorOrderable + then: IntegratorOrder +} + +enum IntegratorOrderable { + id + type + category + status + createdAt + updatedAt +} + +input IntegratorPatch { + organization: OrganizationRef + type: String + category: String + status: String + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input IntegratorRef { + id: String + organization: OrganizationRef + type: String + category: String + status: String + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input IntersectsFilter { + polygon: PolygonRef + multiPolygon: MultiPolygonRef +} + +input IntFilter { + eq: Int + in: [Int] + le: Int + lt: Int + ge: Int + gt: Int + between: IntRange +} + +input IntRange { + min: Int! + max: Int! +} + +type Jira { + id: ID! + jiraId: String! + url: String! + status: String! + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent(filter: RunHistoryFilter): RunHistory + affectsSecurityissue(filter: SecurityIssueFilter): SecurityIssue +} + +type JiraAggregateResult { + count: Int + jiraIdMin: String + jiraIdMax: String + urlMin: String + urlMax: String + statusMin: String + statusMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input JiraFilter { + id: [ID!] + jiraId: StringExactFilter_StringRegExpFilter + status: StringExactFilter_StringRegExpFilter + has: [JiraHasFilter] + and: [JiraFilter] + or: [JiraFilter] + not: JiraFilter +} + +enum JiraHasFilter { + jiraId + url + status + createdAt + updatedAt + affectsIndividualComponent + affectsSecurityissue +} + +input JiraOrder { + asc: JiraOrderable + desc: JiraOrderable + then: JiraOrder +} + +enum JiraOrderable { + jiraId + url + status + createdAt + updatedAt +} + +input JiraPatch { + jiraId: String + url: String + status: String + createdAt: DateTime + updatedAt: DateTime + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +input JiraRef { + id: ID + jiraId: String + url: String + status: String + createdAt: DateTime + updatedAt: DateTime + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +""" +KeyValue is a generic key/value pair, used as an attribute list or similar. +""" +type KeyValue { + id: String! + name: String! + value: String! + createdAt: DateTime! +} + +type KeyValueAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + valueMin: String + valueMax: String + createdAtMin: DateTime + createdAtMax: DateTime +} + +input KeyValueFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + value: StringExactFilter_StringRegExpFilter + createdAt: DateTimeFilter + has: [KeyValueHasFilter] + and: [KeyValueFilter] + or: [KeyValueFilter] + not: KeyValueFilter +} + +enum KeyValueHasFilter { + id + name + value + createdAt +} + +input KeyValueOrder { + asc: KeyValueOrderable + desc: KeyValueOrderable + then: KeyValueOrder +} + +enum KeyValueOrderable { + id + name + value + createdAt +} + +input KeyValuePatch { + name: String + value: String + createdAt: DateTime +} + +input KeyValueRef { + id: String + name: String + value: String + createdAt: DateTime +} + +enum Mode { + BATCH + SINGLE +} + +type MultiPolygon { + polygons: [Polygon!]! +} + +input MultiPolygonRef { + polygons: [PolygonRef!]! +} + +type Mutation { + addSchemaVersion(input: [AddSchemaVersionInput!]!): AddSchemaVersionPayload + updateSchemaVersion(input: UpdateSchemaVersionInput!): UpdateSchemaVersionPayload + deleteSchemaVersion(filter: SchemaVersionFilter!): DeleteSchemaVersionPayload + updateRBAC(input: UpdateRBACInput!): UpdateRBACPayload + deleteRBAC(filter: RBACFilter!): DeleteRBACPayload + addRole(input: [AddRoleInput!]!, upsert: Boolean): AddRolePayload + updateRole(input: UpdateRoleInput!): UpdateRolePayload + deleteRole(filter: RoleFilter!): DeleteRolePayload + addKeyValue(input: [AddKeyValueInput!]!, upsert: Boolean): AddKeyValuePayload + updateKeyValue(input: UpdateKeyValueInput!): UpdateKeyValuePayload + deleteKeyValue(filter: KeyValueFilter!): DeleteKeyValuePayload + addOrganization(input: [AddOrganizationInput!]!, upsert: Boolean): AddOrganizationPayload + updateOrganization(input: UpdateOrganizationInput!): UpdateOrganizationPayload + deleteOrganization(filter: OrganizationFilter!): DeleteOrganizationPayload + addEnvironment(input: [AddEnvironmentInput!]!, upsert: Boolean): AddEnvironmentPayload + updateEnvironment(input: UpdateEnvironmentInput!): UpdateEnvironmentPayload + deleteEnvironment(filter: EnvironmentFilter!): DeleteEnvironmentPayload + addDeploymentTarget(input: [AddDeploymentTargetInput!]!, upsert: Boolean): AddDeploymentTargetPayload + updateDeploymentTarget(input: UpdateDeploymentTargetInput!): UpdateDeploymentTargetPayload + deleteDeploymentTarget(filter: DeploymentTargetFilter!): DeleteDeploymentTargetPayload + addTeam(input: [AddTeamInput!]!, upsert: Boolean): AddTeamPayload + updateTeam(input: UpdateTeamInput!): UpdateTeamPayload + deleteTeam(filter: TeamFilter!): DeleteTeamPayload + addApplication(input: [AddApplicationInput!]!, upsert: Boolean): AddApplicationPayload + updateApplication(input: UpdateApplicationInput!): UpdateApplicationPayload + deleteApplication(filter: ApplicationFilter!): DeleteApplicationPayload + addApplicationEnvironment(input: [AddApplicationEnvironmentInput!]!, upsert: Boolean): AddApplicationEnvironmentPayload + updateApplicationEnvironment(input: UpdateApplicationEnvironmentInput!): UpdateApplicationEnvironmentPayload + deleteApplicationEnvironment(filter: ApplicationEnvironmentFilter!): DeleteApplicationEnvironmentPayload + addApplicationRiskStatus(input: [AddApplicationRiskStatusInput!]!): AddApplicationRiskStatusPayload + updateApplicationRiskStatus(input: UpdateApplicationRiskStatusInput!): UpdateApplicationRiskStatusPayload + deleteApplicationRiskStatus(filter: ApplicationRiskStatusFilter!): DeleteApplicationRiskStatusPayload + addApplicationDeployment(input: [AddApplicationDeploymentInput!]!, upsert: Boolean): AddApplicationDeploymentPayload + updateApplicationDeployment(input: UpdateApplicationDeploymentInput!): UpdateApplicationDeploymentPayload + deleteApplicationDeployment(filter: ApplicationDeploymentFilter!): DeleteApplicationDeploymentPayload + addToolsUsed(input: [AddToolsUsedInput!]!): AddToolsUsedPayload + updateToolsUsed(input: UpdateToolsUsedInput!): UpdateToolsUsedPayload + deleteToolsUsed(filter: ToolsUsedFilter!): DeleteToolsUsedPayload + addApplicationDeploymentRisk(input: [AddApplicationDeploymentRiskInput!]!): AddApplicationDeploymentRiskPayload + updateApplicationDeploymentRisk(input: UpdateApplicationDeploymentRiskInput!): UpdateApplicationDeploymentRiskPayload + deleteApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter!): DeleteApplicationDeploymentRiskPayload + addIntegrator(input: [AddIntegratorInput!]!, upsert: Boolean): AddIntegratorPayload + updateIntegrator(input: UpdateIntegratorInput!): UpdateIntegratorPayload + deleteIntegrator(filter: IntegratorFilter!): DeleteIntegratorPayload + addIntegratorConfigs(input: [AddIntegratorConfigsInput!]!): AddIntegratorConfigsPayload + updateIntegratorConfigs(input: UpdateIntegratorConfigsInput!): UpdateIntegratorConfigsPayload + deleteIntegratorConfigs(filter: IntegratorConfigsFilter!): DeleteIntegratorConfigsPayload + addIntegratorKeyValues(input: [AddIntegratorKeyValuesInput!]!): AddIntegratorKeyValuesPayload + updateIntegratorKeyValues(input: UpdateIntegratorKeyValuesInput!): UpdateIntegratorKeyValuesPayload + deleteIntegratorKeyValues(filter: IntegratorKeyValuesFilter!): DeleteIntegratorKeyValuesPayload + addFeatureMode(input: [AddFeatureModeInput!]!, upsert: Boolean): AddFeatureModePayload + updateFeatureMode(input: UpdateFeatureModeInput!): UpdateFeatureModePayload + deleteFeatureMode(filter: FeatureModeFilter!): DeleteFeatureModePayload + addTag(input: [AddTagInput!]!, upsert: Boolean): AddTagPayload + updateTag(input: UpdateTagInput!): UpdateTagPayload + deleteTag(filter: TagFilter!): DeleteTagPayload + addPolicyDefinition(input: [AddPolicyDefinitionInput!]!, upsert: Boolean): AddPolicyDefinitionPayload + updatePolicyDefinition(input: UpdatePolicyDefinitionInput!): UpdatePolicyDefinitionPayload + deletePolicyDefinition(filter: PolicyDefinitionFilter!): DeletePolicyDefinitionPayload + addPolicyEnforcement(input: [AddPolicyEnforcementInput!]!): AddPolicyEnforcementPayload + updatePolicyEnforcement(input: UpdatePolicyEnforcementInput!): UpdatePolicyEnforcementPayload + deletePolicyEnforcement(filter: PolicyEnforcementFilter!): DeletePolicyEnforcementPayload + addJira(input: [AddJiraInput!]!): AddJiraPayload + updateJira(input: UpdateJiraInput!): UpdateJiraPayload + deleteJira(filter: JiraFilter!): DeleteJiraPayload + addRunHistory(input: [AddRunHistoryInput!]!): AddRunHistoryPayload + updateRunHistory(input: UpdateRunHistoryInput!): UpdateRunHistoryPayload + deleteRunHistory(filter: RunHistoryFilter!): DeleteRunHistoryPayload + addPolicyEvaluationData(input: [AddPolicyEvaluationDataInput!]!): AddPolicyEvaluationDataPayload + updatePolicyEvaluationData(input: UpdatePolicyEvaluationDataInput!): UpdatePolicyEvaluationDataPayload + deletePolicyEvaluationData(filter: PolicyEvaluationDataFilter!): DeletePolicyEvaluationDataPayload + addSecurityIssue(input: [AddSecurityIssueInput!]!): AddSecurityIssuePayload + updateSecurityIssue(input: UpdateSecurityIssueInput!): UpdateSecurityIssuePayload + deleteSecurityIssue(filter: SecurityIssueFilter!): DeleteSecurityIssuePayload + addSecurityIssueAffectsSummary(input: [AddSecurityIssueAffectsSummaryInput!]!): AddSecurityIssueAffectsSummaryPayload + updateSecurityIssueAffectsSummary(input: UpdateSecurityIssueAffectsSummaryInput!): UpdateSecurityIssueAffectsSummaryPayload + deleteSecurityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter!): DeleteSecurityIssueAffectsSummaryPayload + addArtifactScanDataTS(input: [AddArtifactScanDataTSInput!]!): AddArtifactScanDataTSPayload + updateArtifactScanDataTS(input: UpdateArtifactScanDataTSInput!): UpdateArtifactScanDataTSPayload + deleteArtifactScanDataTS(filter: ArtifactScanDataTSFilter!): DeleteArtifactScanDataTSPayload + addBuildTool(input: [AddBuildToolInput!]!, upsert: Boolean): AddBuildToolPayload + updateBuildTool(input: UpdateBuildToolInput!): UpdateBuildToolPayload + deleteBuildTool(filter: BuildToolFilter!): DeleteBuildToolPayload + addSourceCodeTool(input: [AddSourceCodeToolInput!]!, upsert: Boolean): AddSourceCodeToolPayload + updateSourceCodeTool(input: UpdateSourceCodeToolInput!): UpdateSourceCodeToolPayload + deleteSourceCodeTool(filter: SourceCodeToolFilter!): DeleteSourceCodeToolPayload + addCommitMetaData(input: [AddCommitMetaDataInput!]!): AddCommitMetaDataPayload + updateCommitMetaData(input: UpdateCommitMetaDataInput!): UpdateCommitMetaDataPayload + deleteCommitMetaData(filter: CommitMetaDataFilter!): DeleteCommitMetaDataPayload + addArtifact(input: [AddArtifactInput!]!, upsert: Boolean): AddArtifactPayload + updateArtifact(input: UpdateArtifactInput!): UpdateArtifactPayload + deleteArtifact(filter: ArtifactFilter!): DeleteArtifactPayload + addArtifactScanData(input: [AddArtifactScanDataInput!]!, upsert: Boolean): AddArtifactScanDataPayload + updateArtifactScanData(input: UpdateArtifactScanDataInput!): UpdateArtifactScanDataPayload + deleteArtifactScanData(filter: ArtifactScanDataFilter!): DeleteArtifactScanDataPayload + addArtifactRisk(input: [AddArtifactRiskInput!]!): AddArtifactRiskPayload + updateArtifactRisk(input: UpdateArtifactRiskInput!): UpdateArtifactRiskPayload + deleteArtifactRisk(filter: ArtifactRiskFilter!): DeleteArtifactRiskPayload + addScanFileResult(input: [AddScanFileResultInput!]!): AddScanFileResultPayload + updateScanFileResult(input: UpdateScanFileResultInput!): UpdateScanFileResultPayload + deleteScanFileResult(filter: ScanFileResultFilter!): DeleteScanFileResultPayload + addComponent(input: [AddComponentInput!]!, upsert: Boolean): AddComponentPayload + updateComponent(input: UpdateComponentInput!): UpdateComponentPayload + deleteComponent(filter: ComponentFilter!): DeleteComponentPayload + addComponentAnalysis(input: [AddComponentAnalysisInput!]!): AddComponentAnalysisPayload + updateComponentAnalysis(input: UpdateComponentAnalysisInput!): UpdateComponentAnalysisPayload + deleteComponentAnalysis(filter: ComponentAnalysisFilter!): DeleteComponentAnalysisPayload + addComponentLicenses(input: [AddComponentLicensesInput!]!): AddComponentLicensesPayload + updateComponentLicenses(input: UpdateComponentLicensesInput!): UpdateComponentLicensesPayload + deleteComponentLicenses(filter: ComponentLicensesFilter!): DeleteComponentLicensesPayload + addVulnerability(input: [AddVulnerabilityInput!]!, upsert: Boolean): AddVulnerabilityPayload + updateVulnerability(input: UpdateVulnerabilityInput!): UpdateVulnerabilityPayload + deleteVulnerability(filter: VulnerabilityFilter!): DeleteVulnerabilityPayload + addCWE(input: [AddCWEInput!]!, upsert: Boolean): AddCWEPayload + updateCWE(input: UpdateCWEInput!): UpdateCWEPayload + deleteCWE(filter: CWEFilter!): DeleteCWEPayload + addException(input: [AddExceptionInput!]!): AddExceptionPayload + updateException(input: UpdateExceptionInput!): UpdateExceptionPayload + deleteException(filter: ExceptionFilter!): DeleteExceptionPayload + addExceptionAffects(input: [AddExceptionAffectsInput!]!): AddExceptionAffectsPayload + updateExceptionAffects(input: UpdateExceptionAffectsInput!): UpdateExceptionAffectsPayload + deleteExceptionAffects(filter: ExceptionAffectsFilter!): DeleteExceptionAffectsPayload +} + +input NearFilter { + distance: Float! + coordinate: PointRef! +} + +type Organization implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + teams(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team!] + environments(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget!] + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + integrators(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator!] + featureModes(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + teamsAggregate(filter: TeamFilter): TeamAggregateResult + environmentsAggregate(filter: DeploymentTargetFilter): DeploymentTargetAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + integratorsAggregate(filter: IntegratorFilter): IntegratorAggregateResult + featureModesAggregate(filter: FeatureModeFilter): FeatureModeAggregateResult +} + +type OrganizationAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +input OrganizationFilter { + id: StringHashFilter + name: StringExactFilter + has: [OrganizationHasFilter] + and: [OrganizationFilter] + or: [OrganizationFilter] + not: OrganizationFilter +} + +enum OrganizationHasFilter { + id + name + roles + teams + environments + policies + policyEnforcements + integrators + featureModes +} + +input OrganizationOrder { + asc: OrganizationOrderable + desc: OrganizationOrderable + then: OrganizationOrder +} + +enum OrganizationOrderable { + id + name +} + +input OrganizationPatch { + name: String + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +input OrganizationRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +type Point { + longitude: Float! + latitude: Float! +} + +input PointGeoFilter { + near: NearFilter + within: WithinFilter +} + +type PointList { + points: [Point!]! +} + +input PointListRef { + points: [PointRef!]! +} + +input PointRef { + longitude: Float! + latitude: Float! +} + +type PolicyDefinition { + id: String! + ownerOrg(filter: OrganizationFilter): Organization! + ownerTeam(filter: TeamFilter): Team + ownerApplication(filter: ApplicationFilter): Application + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! + category: String! + stage: String! + description: String! + scheduledPolicy: Boolean! + script: String! + variables: String + conditionName: String + suggestion: String +} + +type PolicyDefinitionAggregateResult { + count: Int + idMin: String + idMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime + policyNameMin: String + policyNameMax: String + categoryMin: String + categoryMax: String + stageMin: String + stageMax: String + descriptionMin: String + descriptionMax: String + scriptMin: String + scriptMax: String + variablesMin: String + variablesMax: String + conditionNameMin: String + conditionNameMax: String + suggestionMin: String + suggestionMax: String +} + +input PolicyDefinitionFilter { + id: StringHashFilter + policyName: StringExactFilter_StringRegExpFilter + category: StringExactFilter + stage: StringExactFilter_StringRegExpFilter + description: StringExactFilter + scheduledPolicy: Boolean + script: StringExactFilter + variables: StringExactFilter + conditionName: StringExactFilter + suggestion: StringExactFilter + has: [PolicyDefinitionHasFilter] + and: [PolicyDefinitionFilter] + or: [PolicyDefinitionFilter] + not: PolicyDefinitionFilter +} + +enum PolicyDefinitionHasFilter { + id + ownerOrg + ownerTeam + ownerApplication + createdAt + updatedAt + policyName + category + stage + description + scheduledPolicy + script + variables + conditionName + suggestion +} + +input PolicyDefinitionOrder { + asc: PolicyDefinitionOrderable + desc: PolicyDefinitionOrderable + then: PolicyDefinitionOrder +} + +enum PolicyDefinitionOrderable { + id + createdAt + updatedAt + policyName + category + stage + description + script + variables + conditionName + suggestion +} + +input PolicyDefinitionPatch { + ownerOrg: OrganizationRef + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime + updatedAt: DateTime + policyName: String + category: String + stage: String + description: String + scheduledPolicy: Boolean + script: String + variables: String + conditionName: String + suggestion: String +} + +input PolicyDefinitionRef { + id: String + ownerOrg: OrganizationRef + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime + updatedAt: DateTime + policyName: String + category: String + stage: String + description: String + scheduledPolicy: Boolean + script: String + variables: String + conditionName: String + suggestion: String +} + +type PolicyEnforcement { + id: ID! + policy(filter: PolicyDefinitionFilter): PolicyDefinition! + enforcedOrg(filter: OrganizationFilter): Organization + enforcedTeam(filter: TeamFilter): Team + enforcedApplication(filter: ApplicationFilter): Application + status: Boolean! + forceApply: Boolean + severity: Severity! + datasourceTool: String! + action: String! + conditionValue: String + environments(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment!] + tags(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag!] + createdAt: DateTime! + updatedAt: DateTime! + environmentsAggregate(filter: EnvironmentFilter): EnvironmentAggregateResult + tagsAggregate(filter: TagFilter): TagAggregateResult +} + +type PolicyEnforcementAggregateResult { + count: Int + datasourceToolMin: String + datasourceToolMax: String + actionMin: String + actionMax: String + conditionValueMin: String + conditionValueMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input PolicyEnforcementFilter { + id: [ID!] + status: Boolean + forceApply: Boolean + datasourceTool: StringExactFilter + action: StringExactFilter + conditionValue: StringExactFilter + has: [PolicyEnforcementHasFilter] + and: [PolicyEnforcementFilter] + or: [PolicyEnforcementFilter] + not: PolicyEnforcementFilter +} + +enum PolicyEnforcementHasFilter { + policy + enforcedOrg + enforcedTeam + enforcedApplication + status + forceApply + severity + datasourceTool + action + conditionValue + environments + tags + createdAt + updatedAt +} + +input PolicyEnforcementOrder { + asc: PolicyEnforcementOrderable + desc: PolicyEnforcementOrderable + then: PolicyEnforcementOrder +} + +enum PolicyEnforcementOrderable { + datasourceTool + action + conditionValue + createdAt + updatedAt +} + +input PolicyEnforcementPatch { + policy: PolicyDefinitionRef + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean + forceApply: Boolean + severity: Severity + datasourceTool: String + action: String + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input PolicyEnforcementRef { + id: ID + policy: PolicyDefinitionRef + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean + forceApply: Boolean + severity: Severity + datasourceTool: String + action: String + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime + updatedAt: DateTime +} + +type PolicyEvaluationData { + """ + data Type is gonna help us identify if a DB record is used to evaluate or a json + current scope json is for generic policies & vuln policies will attach + VulnNode -> pending redis data & other inprogram policies + """ + Id: ID! + dataType: String! + rawData: String + vulnNode(filter: VulnerabilityFilter): Vulnerability + affects(filter: RunHistoryFilter): RunHistory! +} + +type PolicyEvaluationDataAggregateResult { + count: Int + dataTypeMin: String + dataTypeMax: String + rawDataMin: String + rawDataMax: String +} + +input PolicyEvaluationDataFilter { + Id: [ID!] + dataType: StringExactFilter + has: [PolicyEvaluationDataHasFilter] + and: [PolicyEvaluationDataFilter] + or: [PolicyEvaluationDataFilter] + not: PolicyEvaluationDataFilter +} + +enum PolicyEvaluationDataHasFilter { + dataType + rawData + vulnNode + affects +} + +input PolicyEvaluationDataOrder { + asc: PolicyEvaluationDataOrderable + desc: PolicyEvaluationDataOrderable + then: PolicyEvaluationDataOrder +} + +enum PolicyEvaluationDataOrderable { + dataType + rawData +} + +input PolicyEvaluationDataPatch { + dataType: String + rawData: String + vulnNode: VulnerabilityRef + affects: RunHistoryRef +} + +input PolicyEvaluationDataRef { + """ + data Type is gonna help us identify if a DB record is used to evaluate or a json + current scope json is for generic policies & vuln policies will attach + VulnNode -> pending redis data & other inprogram policies + """ + Id: ID + dataType: String + rawData: String + vulnNode: VulnerabilityRef + affects: RunHistoryRef +} + +type Polygon { + coordinates: [PointList!]! +} + +input PolygonGeoFilter { + near: NearFilter + within: WithinFilter + contains: ContainsFilter + intersects: IntersectsFilter +} + +input PolygonRef { + coordinates: [PointListRef!]! +} + +type Query { + querySchemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + aggregateSchemaVersion(filter: SchemaVersionFilter): SchemaVersionAggregateResult + queryRBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + aggregateRBAC(filter: RBACFilter): RBACAggregateResult + getRole(id: String!): Role + queryRole(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + aggregateRole(filter: RoleFilter): RoleAggregateResult + getKeyValue(id: String!): KeyValue + queryKeyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + aggregateKeyValue(filter: KeyValueFilter): KeyValueAggregateResult + getOrganization(id: String!): Organization + queryOrganization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + aggregateOrganization(filter: OrganizationFilter): OrganizationAggregateResult + getEnvironment(id: String!): Environment + queryEnvironment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + aggregateEnvironment(filter: EnvironmentFilter): EnvironmentAggregateResult + getDeploymentTarget(id: String!): DeploymentTarget + queryDeploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + aggregateDeploymentTarget(filter: DeploymentTargetFilter): DeploymentTargetAggregateResult + getTeam(id: String!): Team + queryTeam(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + aggregateTeam(filter: TeamFilter): TeamAggregateResult + getApplication(id: String!): Application + queryApplication(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + aggregateApplication(filter: ApplicationFilter): ApplicationAggregateResult + getApplicationEnvironment(id: String!): ApplicationEnvironment + queryApplicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + aggregateApplicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult + getApplicationRiskStatus(id: ID!): ApplicationRiskStatus + queryApplicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + aggregateApplicationRiskStatus(filter: ApplicationRiskStatusFilter): ApplicationRiskStatusAggregateResult + getApplicationDeployment(id: String!): ApplicationDeployment + queryApplicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + aggregateApplicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult + getToolsUsed(id: ID!): ToolsUsed + queryToolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + aggregateToolsUsed(filter: ToolsUsedFilter): ToolsUsedAggregateResult + getApplicationDeploymentRisk(id: ID!): ApplicationDeploymentRisk + queryApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + aggregateApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter): ApplicationDeploymentRiskAggregateResult + getIntegrator(id: String!): Integrator + queryIntegrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + aggregateIntegrator(filter: IntegratorFilter): IntegratorAggregateResult + getIntegratorConfigs(id: ID!): IntegratorConfigs + queryIntegratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + aggregateIntegratorConfigs(filter: IntegratorConfigsFilter): IntegratorConfigsAggregateResult + queryIntegratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + aggregateIntegratorKeyValues(filter: IntegratorKeyValuesFilter): IntegratorKeyValuesAggregateResult + getFeatureMode(id: String!): FeatureMode + queryFeatureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + aggregateFeatureMode(filter: FeatureModeFilter): FeatureModeAggregateResult + getTag(id: String!): Tag + queryTag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + aggregateTag(filter: TagFilter): TagAggregateResult + getPolicyDefinition(id: String!): PolicyDefinition + queryPolicyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + aggregatePolicyDefinition(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + getPolicyEnforcement(id: ID!): PolicyEnforcement + queryPolicyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + aggregatePolicyEnforcement(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + getJira(id: ID!): Jira + queryJira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + aggregateJira(filter: JiraFilter): JiraAggregateResult + getRunHistory(id: ID!): RunHistory + queryRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + aggregateRunHistory(filter: RunHistoryFilter): RunHistoryAggregateResult + getPolicyEvaluationData(Id: ID!): PolicyEvaluationData + queryPolicyEvaluationData(filter: PolicyEvaluationDataFilter, order: PolicyEvaluationDataOrder, first: Int, offset: Int): [PolicyEvaluationData] + aggregatePolicyEvaluationData(filter: PolicyEvaluationDataFilter): PolicyEvaluationDataAggregateResult + getSecurityIssue(id: ID!): SecurityIssue + querySecurityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + aggregateSecurityIssue(filter: SecurityIssueFilter): SecurityIssueAggregateResult + getSecurityIssueAffectsSummary(id: ID!): SecurityIssueAffectsSummary + querySecurityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary] + aggregateSecurityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult + getArtifactScanDataTS(id: ID!): ArtifactScanDataTS + queryArtifactScanDataTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS] + aggregateArtifactScanDataTS(filter: ArtifactScanDataTSFilter): ArtifactScanDataTSAggregateResult + getBuildTool(id: String!): BuildTool + queryBuildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + aggregateBuildTool(filter: BuildToolFilter): BuildToolAggregateResult + getSourceCodeTool(id: String!): SourceCodeTool + querySourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + aggregateSourceCodeTool(filter: SourceCodeToolFilter): SourceCodeToolAggregateResult + getCommitMetaData(id: ID!): CommitMetaData + queryCommitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + aggregateCommitMetaData(filter: CommitMetaDataFilter): CommitMetaDataAggregateResult + getArtifact(id: String!): Artifact + queryArtifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + aggregateArtifact(filter: ArtifactFilter): ArtifactAggregateResult + getArtifactScanData(id: String!): ArtifactScanData + queryArtifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + aggregateArtifactScanData(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult + getArtifactRisk(id: ID!): ArtifactRisk + queryArtifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + aggregateArtifactRisk(filter: ArtifactRiskFilter): ArtifactRiskAggregateResult + getScanFileResult(id: ID!): ScanFileResult + queryScanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + aggregateScanFileResult(filter: ScanFileResultFilter): ScanFileResultAggregateResult + getComponent(id: String!): Component + queryComponent(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + aggregateComponent(filter: ComponentFilter): ComponentAggregateResult + getComponentAnalysis(Id: ID!): ComponentAnalysis + queryComponentAnalysis(filter: ComponentAnalysisFilter, order: ComponentAnalysisOrder, first: Int, offset: Int): [ComponentAnalysis] + aggregateComponentAnalysis(filter: ComponentAnalysisFilter): ComponentAnalysisAggregateResult + getComponentLicenses(Id: ID!): ComponentLicenses + queryComponentLicenses(filter: ComponentLicensesFilter, order: ComponentLicensesOrder, first: Int, offset: Int): [ComponentLicenses] + aggregateComponentLicenses(filter: ComponentLicensesFilter): ComponentLicensesAggregateResult + getVulnerability(id: String!): Vulnerability + queryVulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + aggregateVulnerability(filter: VulnerabilityFilter): VulnerabilityAggregateResult + getCWE(id: String!): CWE + queryCWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + aggregateCWE(filter: CWEFilter): CWEAggregateResult + getException(id: ID!): Exception + queryException(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + aggregateException(filter: ExceptionFilter): ExceptionAggregateResult + getExceptionAffects(id: ID!): ExceptionAffects + queryExceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + aggregateExceptionAffects(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult +} + +interface RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult +} + +type RBACAggregateResult { + count: Int +} + +input RBACFilter { + has: [RBACHasFilter] + and: [RBACFilter] + or: [RBACFilter] + not: RBACFilter +} + +enum RBACHasFilter { + roles +} + +input RBACPatch { + roles: [RoleRef!] +} + +""" +RiskStatus tells us what risk a current application instance or a deployment is at. +""" +enum RiskStatus { + lowrisk + mediumrisk + highrisk + apocalypserisk + scanning +} + +input RiskStatus_exact { + eq: RiskStatus + in: [RiskStatus] + le: RiskStatus + lt: RiskStatus + ge: RiskStatus + gt: RiskStatus + between: RiskStatus +} + +input RiskStatus_exact_StringRegExpFilter { + eq: RiskStatus + in: [RiskStatus] + le: RiskStatus + lt: RiskStatus + ge: RiskStatus + gt: RiskStatus + between: RiskStatus + regexp: String +} + +type Role { + """id is randomly assigned""" + id: String! + + """group should be a URI format that includes a scope or realm""" + group: String! + permission: RolePermission! +} + +type RoleAggregateResult { + count: Int + idMin: String + idMax: String + groupMin: String + groupMax: String +} + +input RoleFilter { + id: StringHashFilter + group: StringHashFilter + permission: RolePermission_hash + has: [RoleHasFilter] + and: [RoleFilter] + or: [RoleFilter] + not: RoleFilter +} + +enum RoleHasFilter { + id + group + permission +} + +input RoleOrder { + asc: RoleOrderable + desc: RoleOrderable + then: RoleOrder +} + +enum RoleOrderable { + id + group +} + +input RolePatch { + """group should be a URI format that includes a scope or realm""" + group: String + permission: RolePermission +} + +enum RolePermission { + admin + write + read +} + +input RolePermission_hash { + eq: RolePermission + in: [RolePermission] +} + +input RoleRef { + """id is randomly assigned""" + id: String + + """group should be a URI format that includes a scope or realm""" + group: String + permission: RolePermission +} + +type RunHistory { + id: ID! + policyId: String! + applicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeployment + artifactScan(filter: ArtifactScanDataFilter): ArtifactScanData + PolicyName: String! + Stage: String! + Artifact: String! + ArtifactTag: String! + ArtifactSha: String! + ArtifactNameTag: String! + DatasourceTool: String! + CreatedAt: DateTime! + UpdatedAt: DateTime! + DeployedAt: DateTime! + Hash: String + Pass: Boolean! + EvalData(filter: PolicyEvaluationDataFilter): PolicyEvaluationData + FileApi: String + AttachedJira(filter: JiraFilter): Jira + Status: String! + exception(filter: ExceptionAffectsFilter): ExceptionAffects + scheduledPolicy: Boolean! + policyEnforcements(filter: PolicyEnforcementFilter): PolicyEnforcement! + securityIssue(filter: SecurityIssueFilter): SecurityIssue +} + +type RunHistoryAggregateResult { + count: Int + policyIdMin: String + policyIdMax: String + PolicyNameMin: String + PolicyNameMax: String + StageMin: String + StageMax: String + ArtifactMin: String + ArtifactMax: String + ArtifactTagMin: String + ArtifactTagMax: String + ArtifactShaMin: String + ArtifactShaMax: String + ArtifactNameTagMin: String + ArtifactNameTagMax: String + DatasourceToolMin: String + DatasourceToolMax: String + CreatedAtMin: DateTime + CreatedAtMax: DateTime + UpdatedAtMin: DateTime + UpdatedAtMax: DateTime + DeployedAtMin: DateTime + DeployedAtMax: DateTime + HashMin: String + HashMax: String + FileApiMin: String + FileApiMax: String + StatusMin: String + StatusMax: String +} + +input RunHistoryFilter { + id: [ID!] + policyId: StringExactFilter + PolicyName: StringExactFilter_StringRegExpFilter + Stage: StringExactFilter_StringRegExpFilter + Artifact: StringExactFilter + ArtifactTag: StringExactFilter + ArtifactSha: StringExactFilter_StringRegExpFilter + ArtifactNameTag: StringExactFilter_StringRegExpFilter + DatasourceTool: StringExactFilter_StringRegExpFilter + CreatedAt: DateTimeFilter + UpdatedAt: DateTimeFilter + DeployedAt: DateTimeFilter + Pass: Boolean + Status: StringExactFilter + scheduledPolicy: Boolean + has: [RunHistoryHasFilter] + and: [RunHistoryFilter] + or: [RunHistoryFilter] + not: RunHistoryFilter +} + +enum RunHistoryHasFilter { + policyId + applicationDeployment + artifactScan + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + ArtifactNameTag + DatasourceTool + CreatedAt + UpdatedAt + DeployedAt + Hash + Pass + EvalData + FileApi + AttachedJira + Status + exception + scheduledPolicy + policyEnforcements + securityIssue +} + +input RunHistoryOrder { + asc: RunHistoryOrderable + desc: RunHistoryOrderable + then: RunHistoryOrder +} + +enum RunHistoryOrderable { + policyId + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + ArtifactNameTag + DatasourceTool + CreatedAt + UpdatedAt + DeployedAt + Hash + FileApi + Status +} + +input RunHistoryPatch { + policyId: String + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String + Stage: String + Artifact: String + ArtifactTag: String + ArtifactSha: String + ArtifactNameTag: String + DatasourceTool: String + CreatedAt: DateTime + UpdatedAt: DateTime + DeployedAt: DateTime + Hash: String + Pass: Boolean + EvalData: PolicyEvaluationDataRef + FileApi: String + AttachedJira: JiraRef + Status: String + exception: ExceptionAffectsRef + scheduledPolicy: Boolean + policyEnforcements: PolicyEnforcementRef + securityIssue: SecurityIssueRef +} + +input RunHistoryRef { + id: ID + policyId: String + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String + Stage: String + Artifact: String + ArtifactTag: String + ArtifactSha: String + ArtifactNameTag: String + DatasourceTool: String + CreatedAt: DateTime + UpdatedAt: DateTime + DeployedAt: DateTime + Hash: String + Pass: Boolean + EvalData: PolicyEvaluationDataRef + FileApi: String + AttachedJira: JiraRef + Status: String + exception: ExceptionAffectsRef + scheduledPolicy: Boolean + policyEnforcements: PolicyEnforcementRef + securityIssue: SecurityIssueRef +} + +type ScanFileResult { + id: ID! + name: String! + url: String! +} + +type ScanFileResultAggregateResult { + count: Int + nameMin: String + nameMax: String + urlMin: String + urlMax: String +} + +input ScanFileResultFilter { + id: [ID!] + name: StringExactFilter_StringRegExpFilter + has: [ScanFileResultHasFilter] + and: [ScanFileResultFilter] + or: [ScanFileResultFilter] + not: ScanFileResultFilter +} + +enum ScanFileResultHasFilter { + name + url +} + +input ScanFileResultOrder { + asc: ScanFileResultOrderable + desc: ScanFileResultOrderable + then: ScanFileResultOrder +} + +enum ScanFileResultOrderable { + name + url +} + +input ScanFileResultPatch { + name: String + url: String +} + +input ScanFileResultRef { + id: ID + name: String + url: String +} + +type SchemaVersion { + version: String! +} + +type SchemaVersionAggregateResult { + count: Int + versionMin: String + versionMax: String +} + +input SchemaVersionFilter { + has: [SchemaVersionHasFilter] + and: [SchemaVersionFilter] + or: [SchemaVersionFilter] + not: SchemaVersionFilter +} + +enum SchemaVersionHasFilter { + version +} + +input SchemaVersionOrder { + asc: SchemaVersionOrderable + desc: SchemaVersionOrderable + then: SchemaVersionOrder +} + +enum SchemaVersionOrderable { + version +} + +input SchemaVersionPatch { + version: String +} + +input SchemaVersionRef { + version: String +} + +type SecurityIssue { + id: ID! + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity! + SeverityInt: Int! + CreatedAt: DateTime! + UpdatedAt: DateTime! + Action: String! + Reason: String + Error: String + policyEnforcements(filter: PolicyEnforcementFilter): PolicyEnforcement! + AttachedJira(filter: JiraFilter): Jira + Affects(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + Summary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + AffectsAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + SummaryAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type SecurityIssueAffectsSummary { + id: ID! + + """only pre-deployment analysis or deployment analysis""" + type: String! + team(filter: TeamFilter): Team + application(filter: ApplicationFilter): Application + applicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironment + service: String + currentDeployed(filter: ApplicationDeploymentFilter): ApplicationDeployment + artifactScanTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS!] + exception(filter: ExceptionAffectsFilter): ExceptionAffects + securityIssue(filter: SecurityIssueFilter): SecurityIssue! + artifactScanTSAggregate(filter: ArtifactScanDataTSFilter): ArtifactScanDataTSAggregateResult +} + +type SecurityIssueAffectsSummaryAggregateResult { + count: Int + typeMin: String + typeMax: String + serviceMin: String + serviceMax: String +} + +input SecurityIssueAffectsSummaryFilter { + id: [ID!] + type: StringExactFilter + service: StringExactFilter_StringRegExpFilter + has: [SecurityIssueAffectsSummaryHasFilter] + and: [SecurityIssueAffectsSummaryFilter] + or: [SecurityIssueAffectsSummaryFilter] + not: SecurityIssueAffectsSummaryFilter +} + +enum SecurityIssueAffectsSummaryHasFilter { + type + team + application + applicationEnvironment + service + currentDeployed + artifactScanTS + exception + securityIssue +} + +input SecurityIssueAffectsSummaryOrder { + asc: SecurityIssueAffectsSummaryOrderable + desc: SecurityIssueAffectsSummaryOrderable + then: SecurityIssueAffectsSummaryOrder +} + +enum SecurityIssueAffectsSummaryOrderable { + type + service +} + +input SecurityIssueAffectsSummaryPatch { + """only pre-deployment analysis or deployment analysis""" + type: String + team: TeamRef + application: ApplicationRef + applicationEnvironment: ApplicationEnvironmentRef + service: String + currentDeployed: ApplicationDeploymentRef + artifactScanTS: [ArtifactScanDataTSRef!] + exception: ExceptionAffectsRef + securityIssue: SecurityIssueRef +} + +input SecurityIssueAffectsSummaryRef { + id: ID + + """only pre-deployment analysis or deployment analysis""" + type: String + team: TeamRef + application: ApplicationRef + applicationEnvironment: ApplicationEnvironmentRef + service: String + currentDeployed: ApplicationDeploymentRef + artifactScanTS: [ArtifactScanDataTSRef!] + exception: ExceptionAffectsRef + securityIssue: SecurityIssueRef +} + +type SecurityIssueAggregateResult { + count: Int + AlertTitleMin: String + AlertTitleMax: String + AlertMessageMin: String + AlertMessageMax: String + SuggestionsMin: String + SuggestionsMax: String + SeverityIntMin: Int + SeverityIntMax: Int + SeverityIntSum: Int + SeverityIntAvg: Float + CreatedAtMin: DateTime + CreatedAtMax: DateTime + UpdatedAtMin: DateTime + UpdatedAtMax: DateTime + ActionMin: String + ActionMax: String + ReasonMin: String + ReasonMax: String + ErrorMin: String + ErrorMax: String +} + +input SecurityIssueFilter { + id: [ID!] + AlertTitle: StringExactFilter_StringRegExpFilter + AlertMessage: StringExactFilter + Suggestions: StringExactFilter + Severity: Severity_exact_StringRegExpFilter + SeverityInt: IntFilter + CreatedAt: DateTimeFilter + UpdatedAt: DateTimeFilter + Action: StringExactFilter_StringRegExpFilter + Reason: StringExactFilter + Error: StringExactFilter + has: [SecurityIssueHasFilter] + and: [SecurityIssueFilter] + or: [SecurityIssueFilter] + not: SecurityIssueFilter +} + +enum SecurityIssueHasFilter { + AlertTitle + AlertMessage + Suggestions + Severity + SeverityInt + CreatedAt + UpdatedAt + Action + Reason + Error + policyEnforcements + AttachedJira + Affects + Summary +} + +input SecurityIssueOrder { + asc: SecurityIssueOrderable + desc: SecurityIssueOrderable + then: SecurityIssueOrder +} + +enum SecurityIssueOrderable { + AlertTitle + AlertMessage + Suggestions + SeverityInt + CreatedAt + UpdatedAt + Action + Reason + Error +} + +input SecurityIssuePatch { + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity + SeverityInt: Int + CreatedAt: DateTime + UpdatedAt: DateTime + Action: String + Reason: String + Error: String + policyEnforcements: PolicyEnforcementRef + AttachedJira: JiraRef + Affects: [RunHistoryRef!] + Summary: [SecurityIssueAffectsSummaryRef!] +} + +input SecurityIssueRef { + id: ID + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity + SeverityInt: Int + CreatedAt: DateTime + UpdatedAt: DateTime + Action: String + Reason: String + Error: String + policyEnforcements: PolicyEnforcementRef + AttachedJira: JiraRef + Affects: [RunHistoryRef!] + Summary: [SecurityIssueAffectsSummaryRef!] +} + +enum Severity { + apocalypse + critical + high + medium + low + info + none + unknown +} + +input Severity_exact { + eq: Severity + in: [Severity] + le: Severity + lt: Severity + ge: Severity + gt: Severity + between: Severity +} + +input Severity_exact_StringRegExpFilter { + eq: Severity + in: [Severity] + le: Severity + lt: Severity + ge: Severity + gt: Severity + between: Severity + regexp: String +} + +""" +SourceCodeTool contains the source details about the artifact that was built. +""" +type SourceCodeTool { + """id is randomly assigned""" + id: String! + createdAt: DateTime! + + """scm is the scm tool github/gitlab etc""" + scm: String! + + """repository is the git remote repository""" + repository: String! + + """branch is the git branch on which the artifact was built""" + branch: String! + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool(filter: BuildToolFilter): BuildTool! + sourceCodePath: String + sonarqubeProjectKey: String + + """artifactNode links a Source node to an artifact""" + artifactNode(filter: ArtifactFilter): Artifact + + """digest is the sha of the artifact""" + digest: String! + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String +} + +type SourceCodeToolAggregateResult { + count: Int + idMin: String + idMax: String + createdAtMin: DateTime + createdAtMax: DateTime + scmMin: String + scmMax: String + repositoryMin: String + repositoryMax: String + branchMin: String + branchMax: String + headCommitMin: String + headCommitMax: String + diffCommitsMin: String + diffCommitsMax: String + licenseNameMin: String + licenseNameMax: String + visibilityMin: String + visibilityMax: String + workflowNameMin: String + workflowNameMax: String + parentRepoMin: String + parentRepoMax: String + sourceCodePathMin: String + sourceCodePathMax: String + sonarqubeProjectKeyMin: String + sonarqubeProjectKeyMax: String + digestMin: String + digestMax: String + buildDigestMin: String + buildDigestMax: String +} + +input SourceCodeToolFilter { + id: StringHashFilter + repository: StringExactFilter_StringRegExpFilter + digest: StringExactFilter + buildDigest: StringExactFilter + has: [SourceCodeToolHasFilter] + and: [SourceCodeToolFilter] + or: [SourceCodeToolFilter] + not: SourceCodeToolFilter +} + +enum SourceCodeToolHasFilter { + id + createdAt + scm + repository + branch + headCommit + diffCommits + licenseName + visibility + workflowName + parentRepo + buildTool + sourceCodePath + sonarqubeProjectKey + artifactNode + digest + buildDigest +} + +input SourceCodeToolOrder { + asc: SourceCodeToolOrderable + desc: SourceCodeToolOrderable + then: SourceCodeToolOrder +} + +enum SourceCodeToolOrderable { + id + createdAt + scm + repository + branch + headCommit + diffCommits + licenseName + visibility + workflowName + parentRepo + sourceCodePath + sonarqubeProjectKey + digest + buildDigest +} + +input SourceCodeToolPatch { + createdAt: DateTime + + """scm is the scm tool github/gitlab etc""" + scm: String + + """repository is the git remote repository""" + repository: String + + """branch is the git branch on which the artifact was built""" + branch: String + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef + sourceCodePath: String + sonarqubeProjectKey: String + artifactNode: ArtifactRef + + """digest is the sha of the artifact""" + digest: String + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String +} + +input SourceCodeToolRef { + """id is randomly assigned""" + id: String + createdAt: DateTime + + """scm is the scm tool github/gitlab etc""" + scm: String + + """repository is the git remote repository""" + repository: String + + """branch is the git branch on which the artifact was built""" + branch: String + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef + sourceCodePath: String + sonarqubeProjectKey: String + artifactNode: ArtifactRef + + """digest is the sha of the artifact""" + digest: String + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String +} + +input StringExactFilter { + eq: String + in: [String] + le: String + lt: String + ge: String + gt: String + between: StringRange +} + +input StringExactFilter_StringRegExpFilter { + eq: String + in: [String] + le: String + lt: String + ge: String + gt: String + between: StringRange + regexp: String +} + +input StringFullTextFilter { + alloftext: String + anyoftext: String +} + +input StringHashFilter { + eq: String + in: [String] +} + +input StringRange { + min: String! + max: String! +} + +input StringRegExpFilter { + regexp: String +} + +input StringTermFilter { + allofterms: String + anyofterms: String +} + +type Subscription { + getOrganization(id: String!): Organization + queryOrganization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + aggregateOrganization(filter: OrganizationFilter): OrganizationAggregateResult + getTeam(id: String!): Team + queryTeam(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + aggregateTeam(filter: TeamFilter): TeamAggregateResult + getApplication(id: String!): Application + queryApplication(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + aggregateApplication(filter: ApplicationFilter): ApplicationAggregateResult + getApplicationEnvironment(id: String!): ApplicationEnvironment + queryApplicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + aggregateApplicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult +} + +""" +Tag tells us about the tags that are linked to policies and other components. +""" +type Tag { + id: String! + tagName: String! + tagValue: String! + tagDescription: String + createdBy: String + createdAt: DateTime! + updatedAt: DateTime! + policies(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + policiesAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult +} + +type TagAggregateResult { + count: Int + idMin: String + idMax: String + tagNameMin: String + tagNameMax: String + tagValueMin: String + tagValueMax: String + tagDescriptionMin: String + tagDescriptionMax: String + createdByMin: String + createdByMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input TagFilter { + id: StringExactFilter + tagName: StringExactFilter + tagValue: StringExactFilter_StringRegExpFilter + createdBy: StringExactFilter + has: [TagHasFilter] + and: [TagFilter] + or: [TagFilter] + not: TagFilter +} + +enum TagHasFilter { + id + tagName + tagValue + tagDescription + createdBy + createdAt + updatedAt + policies +} + +input TagOrder { + asc: TagOrderable + desc: TagOrderable + then: TagOrder +} + +enum TagOrderable { + id + tagName + tagValue + tagDescription + createdBy + createdAt + updatedAt +} + +input TagPatch { + tagName: String + tagValue: String + tagDescription: String + createdBy: String + createdAt: DateTime + updatedAt: DateTime + policies: [PolicyEnforcementRef!] +} + +input TagRef { + id: String + tagName: String + tagValue: String + tagDescription: String + createdBy: String + createdAt: DateTime + updatedAt: DateTime + policies: [PolicyEnforcementRef!] +} + +type Team implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + organization(filter: OrganizationFilter): Organization! + applications(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application!] + labels(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + exceptions(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects!] + hasSecurityIssues(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + applicationsAggregate(filter: ApplicationFilter): ApplicationAggregateResult + labelsAggregate(filter: KeyValueFilter): KeyValueAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + exceptionsAggregate(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult + hasSecurityIssuesAggregate(filter: SecurityIssueAffectsSummaryFilter): SecurityIssueAffectsSummaryAggregateResult +} + +type TeamAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +input TeamFilter { + id: StringHashFilter + name: StringExactFilter + has: [TeamHasFilter] + and: [TeamFilter] + or: [TeamFilter] + not: TeamFilter +} + +enum TeamHasFilter { + id + name + roles + organization + applications + labels + policies + policyEnforcements + exceptions + hasSecurityIssues +} + +input TeamOrder { + asc: TeamOrderable + desc: TeamOrderable + then: TeamOrder +} + +enum TeamOrderable { + id + name +} + +input TeamPatch { + name: String + roles: [RoleRef!] + organization: OrganizationRef + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +input TeamRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + organization: OrganizationRef + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] + hasSecurityIssues: [SecurityIssueAffectsSummaryRef!] +} + +type ToolsUsed { + id: ID! + source: String + build: String + artifact: String + deploy: String + postdeploy: String + sbom: String + misc: [String!] +} + +type ToolsUsedAggregateResult { + count: Int + sourceMin: String + sourceMax: String + buildMin: String + buildMax: String + artifactMin: String + artifactMax: String + deployMin: String + deployMax: String + postdeployMin: String + postdeployMax: String + sbomMin: String + sbomMax: String +} + +input ToolsUsedFilter { + id: [ID!] + sbom: StringExactFilter_StringRegExpFilter + has: [ToolsUsedHasFilter] + and: [ToolsUsedFilter] + or: [ToolsUsedFilter] + not: ToolsUsedFilter +} + +enum ToolsUsedHasFilter { + source + build + artifact + deploy + postdeploy + sbom + misc +} + +input ToolsUsedOrder { + asc: ToolsUsedOrderable + desc: ToolsUsedOrderable + then: ToolsUsedOrder +} + +enum ToolsUsedOrderable { + source + build + artifact + deploy + postdeploy + sbom +} + +input ToolsUsedPatch { + source: String + build: String + artifact: String + deploy: String + postdeploy: String + sbom: String + misc: [String!] +} + +input ToolsUsedRef { + id: ID + source: String + build: String + artifact: String + deploy: String + postdeploy: String + sbom: String + misc: [String!] +} + +input UpdateApplicationDeploymentInput { + filter: ApplicationDeploymentFilter! + set: ApplicationDeploymentPatch + remove: ApplicationDeploymentPatch +} + +type UpdateApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + numUids: Int +} + +input UpdateApplicationDeploymentRiskInput { + filter: ApplicationDeploymentRiskFilter! + set: ApplicationDeploymentRiskPatch + remove: ApplicationDeploymentRiskPatch +} + +type UpdateApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + numUids: Int +} + +input UpdateApplicationEnvironmentInput { + filter: ApplicationEnvironmentFilter! + set: ApplicationEnvironmentPatch + remove: ApplicationEnvironmentPatch +} + +type UpdateApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + numUids: Int +} + +input UpdateApplicationInput { + filter: ApplicationFilter! + set: ApplicationPatch + remove: ApplicationPatch +} + +type UpdateApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + numUids: Int +} + +input UpdateApplicationRiskStatusInput { + filter: ApplicationRiskStatusFilter! + set: ApplicationRiskStatusPatch + remove: ApplicationRiskStatusPatch +} + +type UpdateApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + numUids: Int +} + +input UpdateArtifactInput { + filter: ArtifactFilter! + set: ArtifactPatch + remove: ArtifactPatch +} + +type UpdateArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + numUids: Int +} + +input UpdateArtifactRiskInput { + filter: ArtifactRiskFilter! + set: ArtifactRiskPatch + remove: ArtifactRiskPatch +} + +type UpdateArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + numUids: Int +} + +input UpdateArtifactScanDataInput { + filter: ArtifactScanDataFilter! + set: ArtifactScanDataPatch + remove: ArtifactScanDataPatch +} + +type UpdateArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + numUids: Int +} + +input UpdateArtifactScanDataTSInput { + filter: ArtifactScanDataTSFilter! + set: ArtifactScanDataTSPatch + remove: ArtifactScanDataTSPatch +} + +type UpdateArtifactScanDataTSPayload { + artifactScanDataTS(filter: ArtifactScanDataTSFilter, first: Int, offset: Int): [ArtifactScanDataTS] + numUids: Int +} + +input UpdateBuildToolInput { + filter: BuildToolFilter! + set: BuildToolPatch + remove: BuildToolPatch +} + +type UpdateBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + numUids: Int +} + +input UpdateCommitMetaDataInput { + filter: CommitMetaDataFilter! + set: CommitMetaDataPatch + remove: CommitMetaDataPatch +} + +type UpdateCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + numUids: Int +} + +input UpdateComponentAnalysisInput { + filter: ComponentAnalysisFilter! + set: ComponentAnalysisPatch + remove: ComponentAnalysisPatch +} + +type UpdateComponentAnalysisPayload { + componentAnalysis(filter: ComponentAnalysisFilter, order: ComponentAnalysisOrder, first: Int, offset: Int): [ComponentAnalysis] + numUids: Int +} + +input UpdateComponentInput { + filter: ComponentFilter! + set: ComponentPatch + remove: ComponentPatch +} + +input UpdateComponentLicensesInput { + filter: ComponentLicensesFilter! + set: ComponentLicensesPatch + remove: ComponentLicensesPatch +} + +type UpdateComponentLicensesPayload { + componentLicenses(filter: ComponentLicensesFilter, order: ComponentLicensesOrder, first: Int, offset: Int): [ComponentLicenses] + numUids: Int +} + +type UpdateComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + numUids: Int +} + +input UpdateCWEInput { + filter: CWEFilter! + set: CWEPatch + remove: CWEPatch +} + +type UpdateCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + numUids: Int +} + +input UpdateDeploymentTargetInput { + filter: DeploymentTargetFilter! + set: DeploymentTargetPatch + remove: DeploymentTargetPatch +} + +type UpdateDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + numUids: Int +} + +input UpdateEnvironmentInput { + filter: EnvironmentFilter! + set: EnvironmentPatch + remove: EnvironmentPatch +} + +type UpdateEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + numUids: Int +} + +input UpdateExceptionAffectsInput { + filter: ExceptionAffectsFilter! + set: ExceptionAffectsPatch + remove: ExceptionAffectsPatch +} + +type UpdateExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + numUids: Int +} + +input UpdateExceptionInput { + filter: ExceptionFilter! + set: ExceptionPatch + remove: ExceptionPatch +} + +type UpdateExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + numUids: Int +} + +input UpdateFeatureModeInput { + filter: FeatureModeFilter! + set: FeatureModePatch + remove: FeatureModePatch +} + +type UpdateFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + numUids: Int +} + +input UpdateIntegratorConfigsInput { + filter: IntegratorConfigsFilter! + set: IntegratorConfigsPatch + remove: IntegratorConfigsPatch +} + +type UpdateIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + numUids: Int +} + +input UpdateIntegratorInput { + filter: IntegratorFilter! + set: IntegratorPatch + remove: IntegratorPatch +} + +input UpdateIntegratorKeyValuesInput { + filter: IntegratorKeyValuesFilter! + set: IntegratorKeyValuesPatch + remove: IntegratorKeyValuesPatch +} + +type UpdateIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + numUids: Int +} + +type UpdateIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + numUids: Int +} + +input UpdateJiraInput { + filter: JiraFilter! + set: JiraPatch + remove: JiraPatch +} + +type UpdateJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + numUids: Int +} + +input UpdateKeyValueInput { + filter: KeyValueFilter! + set: KeyValuePatch + remove: KeyValuePatch +} + +type UpdateKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + numUids: Int +} + +input UpdateOrganizationInput { + filter: OrganizationFilter! + set: OrganizationPatch + remove: OrganizationPatch +} + +type UpdateOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + numUids: Int +} + +input UpdatePolicyDefinitionInput { + filter: PolicyDefinitionFilter! + set: PolicyDefinitionPatch + remove: PolicyDefinitionPatch +} + +type UpdatePolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + numUids: Int +} + +input UpdatePolicyEnforcementInput { + filter: PolicyEnforcementFilter! + set: PolicyEnforcementPatch + remove: PolicyEnforcementPatch +} + +type UpdatePolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + numUids: Int +} + +input UpdatePolicyEvaluationDataInput { + filter: PolicyEvaluationDataFilter! + set: PolicyEvaluationDataPatch + remove: PolicyEvaluationDataPatch +} + +type UpdatePolicyEvaluationDataPayload { + policyEvaluationData(filter: PolicyEvaluationDataFilter, order: PolicyEvaluationDataOrder, first: Int, offset: Int): [PolicyEvaluationData] + numUids: Int +} + +input UpdateRBACInput { + filter: RBACFilter! + set: RBACPatch + remove: RBACPatch +} + +type UpdateRBACPayload { + rBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + numUids: Int +} + +input UpdateRoleInput { + filter: RoleFilter! + set: RolePatch + remove: RolePatch +} + +type UpdateRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + numUids: Int +} + +input UpdateRunHistoryInput { + filter: RunHistoryFilter! + set: RunHistoryPatch + remove: RunHistoryPatch +} + +type UpdateRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + numUids: Int +} + +input UpdateScanFileResultInput { + filter: ScanFileResultFilter! + set: ScanFileResultPatch + remove: ScanFileResultPatch +} + +type UpdateScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + numUids: Int +} + +input UpdateSchemaVersionInput { + filter: SchemaVersionFilter! + set: SchemaVersionPatch + remove: SchemaVersionPatch +} + +type UpdateSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + numUids: Int +} + +input UpdateSecurityIssueAffectsSummaryInput { + filter: SecurityIssueAffectsSummaryFilter! + set: SecurityIssueAffectsSummaryPatch + remove: SecurityIssueAffectsSummaryPatch +} + +type UpdateSecurityIssueAffectsSummaryPayload { + securityIssueAffectsSummary(filter: SecurityIssueAffectsSummaryFilter, order: SecurityIssueAffectsSummaryOrder, first: Int, offset: Int): [SecurityIssueAffectsSummary] + numUids: Int +} + +input UpdateSecurityIssueInput { + filter: SecurityIssueFilter! + set: SecurityIssuePatch + remove: SecurityIssuePatch +} + +type UpdateSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + numUids: Int +} + +input UpdateSourceCodeToolInput { + filter: SourceCodeToolFilter! + set: SourceCodeToolPatch + remove: SourceCodeToolPatch +} + +type UpdateSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + numUids: Int +} + +input UpdateTagInput { + filter: TagFilter! + set: TagPatch + remove: TagPatch +} + +type UpdateTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + numUids: Int +} + +input UpdateTeamInput { + filter: TeamFilter! + set: TeamPatch + remove: TeamPatch +} + +type UpdateTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + numUids: Int +} + +input UpdateToolsUsedInput { + filter: ToolsUsedFilter! + set: ToolsUsedPatch + remove: ToolsUsedPatch +} + +type UpdateToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + numUids: Int +} + +input UpdateVulnerabilityInput { + filter: VulnerabilityFilter! + set: VulnerabilityPatch + remove: VulnerabilityPatch +} + +type UpdateVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + numUids: Int +} + +type Vulnerability { + id: String! + parent: String! + ratings: Severity + ratingsInt: Int + cwes(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + priorityInt: Int + epss: Float + cisa_kev: String + exploitation: String + automatable: String + technicalImpact: String + affects(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component!] + policyEvaluation(filter: PolicyEvaluationDataFilter, order: PolicyEvaluationDataOrder, first: Int, offset: Int): [PolicyEvaluationData!] + cwesAggregate(filter: CWEFilter): CWEAggregateResult + affectsAggregate(filter: ComponentFilter): ComponentAggregateResult + policyEvaluationAggregate(filter: PolicyEvaluationDataFilter): PolicyEvaluationDataAggregateResult +} + +type VulnerabilityAggregateResult { + count: Int + idMin: String + idMax: String + parentMin: String + parentMax: String + ratingsIntMin: Int + ratingsIntMax: Int + ratingsIntSum: Int + ratingsIntAvg: Float + summaryMin: String + summaryMax: String + detailMin: String + detailMax: String + recommendationMin: String + recommendationMax: String + publishedMin: DateTime + publishedMax: DateTime + modifiedMin: DateTime + modifiedMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + cvssMin: Float + cvssMax: Float + cvssSum: Float + cvssAvg: Float + priorityMin: String + priorityMax: String + priorityIntMin: Int + priorityIntMax: Int + priorityIntSum: Int + priorityIntAvg: Float + epssMin: Float + epssMax: Float + epssSum: Float + epssAvg: Float + cisa_kevMin: String + cisa_kevMax: String + exploitationMin: String + exploitationMax: String + automatableMin: String + automatableMax: String + technicalImpactMin: String + technicalImpactMax: String +} + +input VulnerabilityFilter { + id: StringHashFilter + parent: StringExactFilter_StringRegExpFilter + ratings: Severity_exact + ratingsInt: IntFilter + createdAt: DateTimeFilter + cvss: FloatFilter + priority: StringExactFilter_StringRegExpFilter + priorityInt: IntFilter + epss: FloatFilter + cisa_kev: StringExactFilter_StringRegExpFilter + exploitation: StringExactFilter_StringRegExpFilter + automatable: StringExactFilter_StringRegExpFilter + technicalImpact: StringExactFilter_StringRegExpFilter + has: [VulnerabilityHasFilter] + and: [VulnerabilityFilter] + or: [VulnerabilityFilter] + not: VulnerabilityFilter +} + +enum VulnerabilityHasFilter { + id + parent + ratings + ratingsInt + cwes + summary + detail + recommendation + published + modified + createdAt + cvss + priority + priorityInt + epss + cisa_kev + exploitation + automatable + technicalImpact + affects + policyEvaluation +} + +input VulnerabilityOrder { + asc: VulnerabilityOrderable + desc: VulnerabilityOrderable + then: VulnerabilityOrder +} + +enum VulnerabilityOrderable { + id + parent + ratingsInt + summary + detail + recommendation + published + modified + createdAt + cvss + priority + priorityInt + epss + cisa_kev + exploitation + automatable + technicalImpact +} + +input VulnerabilityPatch { + parent: String + ratings: Severity + ratingsInt: Int + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + priorityInt: Int + epss: Float + cisa_kev: String + exploitation: String + automatable: String + technicalImpact: String + affects: [ComponentRef!] + policyEvaluation: [PolicyEvaluationDataRef!] +} + +input VulnerabilityRef { + id: String + parent: String + ratings: Severity + ratingsInt: Int + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + priorityInt: Int + epss: Float + cisa_kev: String + exploitation: String + automatable: String + technicalImpact: String + affects: [ComponentRef!] + policyEvaluation: [PolicyEvaluationDataRef!] +} + +input WithinFilter { + polygon: PolygonRef! +} \ No newline at end of file diff --git a/october2024november2024/upgradesteps.go b/october2024november2024/upgradesteps.go new file mode 100644 index 0000000..616eb8a --- /dev/null +++ b/october2024november2024/upgradesteps.go @@ -0,0 +1,27 @@ +package october2024november2024 + +import ( + "context" + "fmt" + graphqlfunc "upgradationScript/graphqlFunc" + "upgradationScript/logger" + "upgradationScript/schemas" + + "github.com/Khan/genqlient/graphql" +) + +func UpgradeToNovember2024(prodGraphUrl, prodToken, restoreServiceUrl string, prodDgraphClient graphql.Client) error { + + logger.Logger.Info("--------------Starting UpgradeToNovember2024------------------") + + if err := graphqlfunc.UpdateSchema(prodGraphUrl, prodToken, []byte(schemas.November2024Schema)); err != nil { + return fmt.Errorf("UpgradeToNovember2024: UpdateSchema: %s", err.Error()) + } + + if _, err := defaultVulnrichmentParams(context.Background(), prodDgraphClient); err != nil { + return fmt.Errorf("UpgradeToNovember2024: defaultVulnrichmentParams: error:%s ", err.Error()) + } + + logger.Logger.Info("--------------Completed UpgradeToNovember2024------------------") + return nil +} diff --git a/schemas/november2024.go b/schemas/november2024.go new file mode 100644 index 0000000..ca181e4 --- /dev/null +++ b/schemas/november2024.go @@ -0,0 +1,857 @@ +package schemas + +const November2024Schema = `type SchemaVersion { + version: String! +} + +interface RBAC { + roles: [Role!] +} + +enum RolePermission { + admin + write + read +} + +type Role { + "id is randomly assigned" + id: String! @id + "group should be a URI format that includes a scope or realm" + group: String! @search(by: [hash]) + permission: RolePermission! @search(by: [hash]) +} + +""" +KeyValue is a generic key/value pair, used as an attribute list or similar. +""" +type KeyValue { + id: String! @id + name: String! @search(by: [exact, regexp]) + value: String! @search(by: [exact, regexp]) + createdAt: DateTime! @search +} + + +type Organization implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact]) + roles: [Role!] + teams: [Team!] @hasInverse(field: organization) + environments: [DeploymentTarget!] @hasInverse(field: organization) + policies: [PolicyDefinition!] @hasInverse(field: ownerOrg) + policyEnforcements: [PolicyEnforcement!] + integrators: [Integrator!] @hasInverse(field: organization) + featureModes: [FeatureMode!] @hasInverse(field: organization) +} + +""" +Environment can be things like dev, prod, staging etc. +""" +type Environment { + id: String! @id + organization: Organization! + purpose: String! @search(by: [exact,regexp]) +} + +""" +DeploymentTarget describes a single place that things can be deployed into, +such as an AWS account or a Kubernetes cluster. +""" +type DeploymentTarget + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact, regexp]) + "this would be the ip/server address of the target environment" + ip: String! @search(by: [exact]) + account: String + "this would be something like aws, gcp etc" + targetType: String + "this would be something like us-east-1 etc" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: Organization! @hasInverse(field: environments) + defaultEnvironment: Environment! +} + + +type Team implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact]) + roles: [Role!] + organization: Organization! @hasInverse(field: teams) + applications: [Application!] + labels: [KeyValue!] + policies: [PolicyDefinition!] @hasInverse(field: ownerTeam) + policyEnforcements: [PolicyEnforcement!] + exceptions: [ExceptionAffects!] @hasInverse(field: affectsTeam) + hasSecurityIssues: [SecurityIssueAffectsSummary!] @hasInverse(field: team) +} + +type Application implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact, regexp]) + roles: [Role!] + environments: [ApplicationEnvironment!] @hasInverse(field: application) + team: Team! @hasInverse(field: applications) + policies: [PolicyDefinition!] @hasInverse(field: ownerApplication) + policyEnforcements: [PolicyEnforcement!] @hasInverse(field: enforcedApplication) + metadata: [KeyValue!] + hasSecurityIssues: [SecurityIssueAffectsSummary!] @hasInverse(field: application) +} + + +""" +ApplicationEnvironment is a running instance of an application down to the level of a namespace or its non k8s equivalent. +""" +type ApplicationEnvironment @withSubscription { + "id is randomly assigned" + id: String! @id + "environment denotes whether it is dev, prod, staging, non-prod etc" + environment: Environment + application: Application! + deploymentTarget: DeploymentTarget! + namespace: String! @search(by:[exact, regexp]) + "toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env" + toolsUsed: [String!] + deployments: [ApplicationDeployment!] @hasInverse(field: applicationEnvironment) + riskStatus: ApplicationRiskStatus @hasInverse(field: applicationEnvironment) + metadata: [KeyValue!] + hasSecurityIssues: [SecurityIssueAffectsSummary!] @hasInverse(field: applicationEnvironment) +} + +""" +RiskStatus tells us what risk a current application instance or a deployment is at. +""" +enum RiskStatus { + lowrisk + mediumrisk + highrisk + apocalypserisk + scanning +} + +""" +ApplicationRiskStatus tells us about the risk status and alerts for different stages for an application environment. +""" +type ApplicationRiskStatus { + id: ID! + riskStatus: RiskStatus @search(by: [exact,regexp]) + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + postDeploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment: ApplicationEnvironment! +} + + +""" +DeploymentStage is an enum denoting the stage of the deployment. . +""" +enum DeploymentStage { + "deployment is discovered from the events" + discovered + "scanning is under process" + scanning + "deployment is known to have passed the deployment firewall and the deployment(ie the artifact) is live" + current + "deployment becomes a past deployment because another fresh deployment has happened" + previous + "deployment is blocked by the firewall" + blocked +} + +""" +ApplicationDeployment tells us about the the artifact deployed along with its associated details. +""" +type ApplicationDeployment { + "id is randomly assigned" + id: String! @id + "platform will help us identify which image was actually deployed helping us identify the accurate sha" + platform: String @search + serviceUrl: String @search + "artifact that is deployed" + artifact: [Artifact!] @hasInverse(field: artifactDeployment) + applicationEnvironment: ApplicationEnvironment! + deployedAt: DateTime @search + "deploymentStage is an enum and can be discovered, current, previous or blocked" + deploymentStage: DeploymentStage! @search(by: [exact]) + "source is argo, spinnaker etc" + source: String! + "component would be a service" + component: String! @search(by: [exact, regexp]) + "user who deployed the artifact" + deployedBy: String + "toolsUsed contains tools of different stages of source, build, artifact and deploy along with some different tools" + toolsUsed: ToolsUsed! + "deploymentRisk is the risk status of the deployment" + deploymentRisk: ApplicationDeploymentRisk @hasInverse(field: applicationDeployment) + "policyRunHistory is the policy execution history for this deployment" + policyRunHistory: [RunHistory!] @hasInverse(field: applicationDeployment) + deploymentTags: [KeyValue!] + hasSecurityIssues: [SecurityIssueAffectsSummary!] @hasInverse(field: currentDeployed) +} + +type ToolsUsed { + id: ID! + source: String + build: String + artifact: String + deploy: String + postdeploy: String + sbom: String @search(by: [exact, regexp]) + misc: [String!] +} + +""" +ApplicationDeploymentRisk tells us about the risk status and alerts for different stages for an application deployment. +""" +type ApplicationDeploymentRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + postDeploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus @search(by: [exact,regexp]) + applicationDeployment: ApplicationDeployment! @hasInverse(field: deploymentRisk) +} + + +type Integrator + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + id: String! @id + organization: Organization! + type: String! @search(by: [exact]) + category: String! @search(by: [exact]) + status: String! @search(by: [exact]) + integratorConfigs: [IntegratorConfigs!] + featureConfigs: [FeatureMode!] @hasInverse(field: integrator) + createdAt: DateTime! + updatedAt: DateTime! +} + +type IntegratorConfigs @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + delete: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]} + ) { + id: ID! + name: String! @search(by: [exact]) + configs: [IntegratorKeyValues!] + integrator: Integrator! @hasInverse(field: integratorConfigs) +} + +type IntegratorKeyValues { + key: String! @search(by: [exact]) + value: String! @search(by: [exact]) + encrypt: Boolean! +} + + +type FeatureMode + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + id: String! @id + organization: Organization! + key: String! @search(by: [exact]) + value: String! @search(by: [exact]) + category: String! @search(by: [exact]) + createdAt: DateTime! + updatedAt: DateTime! + integrator: Integrator! @hasInverse(field: featureConfigs) +} + + + +""" +Tag tells us about the tags that are linked to policies and other components. +""" +type Tag { + id: String! @id @search(by:[exact]) + tagName: String! @search(by:[exact]) + tagValue: String! @search(by:[exact,regexp]) + tagDescription: String + createdBy: String @search(by:[exact]) + createdAt: DateTime! + updatedAt: DateTime! + policies: [PolicyEnforcement!] @hasInverse(field: tags) +} + +type PolicyDefinition { + id: String! @id + ownerOrg: Organization! + ownerTeam: Team + ownerApplication: Application + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! @search(by: [exact,regexp]) + category: String! @search(by: [exact]) + stage: String! @search(by: [exact,regexp]) + description: String! @search(by: [exact]) + scheduledPolicy: Boolean! @search + script: String! @search(by: [exact]) + variables: String @search(by: [exact]) + conditionName: String @search(by: [exact]) + suggestion: String @search(by: [exact]) +} + +type PolicyEnforcement { + id: ID! + policy: PolicyDefinition! + #It should be either of the three or else if node is shared it will make changes to 2 different destination, how to enforce that? + enforcedOrg: Organization @hasInverse(field: policyEnforcements) + enforcedTeam: Team @hasInverse(field: policyEnforcements) + enforcedApplication: Application @hasInverse(field: policyEnforcements) + status: Boolean! @search + forceApply: Boolean @search + severity: Severity! + datasourceTool: String! @search(by: [exact]) + action: String! @search(by: [exact]) + conditionValue: String @search(by: [exact]) + environments: [Environment!] + tags: [Tag!] @hasInverse(field: policies) + createdAt: DateTime! + updatedAt: DateTime! +} + +type Jira { + id: ID! + jiraId: String! @search(by: [exact, regexp]) + url: String! + status: String! @search(by: [exact, regexp]) + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent: RunHistory @hasInverse(field: AttachedJira) + affectsSecurityissue: SecurityIssue @hasInverse(field: AttachedJira) +} + +type RunHistory { + id: ID! + policyId: String! @search(by: [exact]) + applicationDeployment: ApplicationDeployment @hasInverse(field: policyRunHistory) + artifactScan: ArtifactScanData @hasInverse(field: artifactRunHistory) + PolicyName: String! @search(by: [exact,regexp]) + Stage: String! @search(by: [exact,regexp]) + Artifact: String! @search(by: [exact]) + ArtifactTag: String! @search(by: [exact]) + ArtifactSha: String! @search(by: [exact,regexp]) + ArtifactNameTag: String! @search(by: [exact,regexp]) + DatasourceTool: String! @search(by: [exact,regexp]) + CreatedAt: DateTime! @search + UpdatedAt: DateTime! @search + DeployedAt: DateTime! @search + Hash: String + Pass: Boolean! @search + EvalData: PolicyEvaluationData @hasInverse(field: affects) + FileApi: String + AttachedJira: Jira @hasInverse(field: affectsIndividualComponent) + Status: String! @search(by: [exact]) + exception: ExceptionAffects @hasInverse(field: runHistories) + scheduledPolicy: Boolean! @search + policyEnforcements: PolicyEnforcement! + securityIssue: SecurityIssue @hasInverse(field: Affects) +} + +type PolicyEvaluationData { + """data Type is gonna help us identify if a DB record is used to evaluate or a json + current scope json is for generic policies & vuln policies will attach VulnNode -> pending redis data & other inprogram policies""" + Id: ID! + dataType: String! @search(by: [exact]) + rawData: String + vulnNode: Vulnerability @hasInverse(field: policyEvaluation) + affects:RunHistory! @hasInverse(field: EvalData) +} + +type SecurityIssue { + id: ID! + AlertTitle: String @search(by: [exact,regexp]) + AlertMessage: String @search(by: [exact]) + Suggestions: String @search(by: [exact]) + Severity: Severity! @search(by: [exact,regexp]) + SeverityInt: Int! @search + CreatedAt: DateTime! @search + UpdatedAt: DateTime! @search + Action: String! @search(by: [exact,regexp]) + Reason: String @search(by: [exact]) + Error: String @search(by: [exact]) + policyEnforcements: PolicyEnforcement! + AttachedJira: Jira @hasInverse(field: affectsSecurityissue) + Affects: [RunHistory!] @hasInverse(field: securityIssue) + Summary: [SecurityIssueAffectsSummary!] @hasInverse(field: securityIssue) +} + +type SecurityIssueAffectsSummary { + id: ID! + "only pre-deployment analysis or deployment analysis" + type: String! @search(by: [exact]) + team: Team @hasInverse(field: hasSecurityIssues) + application: Application @hasInverse(field: hasSecurityIssues) + applicationEnvironment: ApplicationEnvironment @hasInverse(field: hasSecurityIssues) + service: String @search(by: [exact,regexp]) + currentDeployed: ApplicationDeployment @hasInverse(field: hasSecurityIssues) + artifactScanTS: [ArtifactScanDataTS!] @hasInverse(field: summary) + exception: ExceptionAffects @hasInverse(field: hasSecurityIssues) + securityIssue: SecurityIssue! @hasInverse(field: Summary) +} + +type ArtifactScanDataTS { + id: ID! + artifact: ArtifactScanData! @hasInverse(field: artifactScanTS) + timestamps: [DateTime!] @search + summary: [SecurityIssueAffectsSummary!] @hasInverse(field: artifactScanTS) +} + +""" +BuildTool contains data from build tool events. +""" +type BuildTool { + "id is randomly assigned" + id: String! @id + "buildId is a unique job id, run id for a job/pipeline/action" + buildId: String! @search(by: [exact,regexp]) + "tool is jenkins etc" + tool: String! @search(by: [exact]) + "buildName is the name of the job/pipeline/action" + buildName: String! @search(by: [exact, regexp]) + buildUrl: String! @search(by: [exact, regexp]) + "buildTime is the time at which the artifact was built" + buildTime: DateTime + "buildUser is the user that built the artifact" + buildUser: String + "plugins used at the build time" + buildPlugins:[Artifact!] @hasInverse(field: plugins) + "sourceCodeTool links a BuildTool node to the source details" + sourceCodeTool: [SourceCodeTool!] @hasInverse(field: buildTool) + "commitMetaData links a BuildTool node to the git commit based details" + commitMetaData: [CommitMetaData!] @hasInverse(field: buildTool) + createdAt: DateTime! +} + +""" +SourceCodeTool contains the source details about the artifact that was built. +""" +type SourceCodeTool { + "id is randomly assigned" + id: String! @id + createdAt: DateTime! + "scm is the scm tool github/gitlab etc" + scm: String! + "repository is the git remote repository" + repository: String! @search(by: [exact,regexp]) + "branch is the git branch on which the artifact was built" + branch: String! + "headCommit is the checkout out head commit" + headCommit: String + "diffCommits is a comma separated string of the commits between the previous built artifact and the current" + diffCommits: String + licenseName: String + visibility: String + workflowName: String + "parentRepo is populated in case the git repo is a fork" + parentRepo: String + buildTool: BuildTool! + sourceCodePath: String + sonarqubeProjectKey: String + "artifactNode links a Source node to an artifact" + artifactNode: Artifact @hasInverse(field: sourceDetails) + "digest is the sha of the artifact" + digest: String! @search(by: [exact]) + "buildDigest is the sha of the artifact as sent from the build tool" + buildDigest: String @search(by: [exact]) +} + +""" +CommitMetaData contains the git commit related details of the source repository . +""" +type CommitMetaData { + "id is randomly assigned" + id: ID! + "commit is a git commit that was used to build an artifact" + commit: String + repository: String + "commitSign tells us whether the commit is signed" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildTool! @hasInverse(field: commitMetaData) +} + +type Artifact { + id: String! @id + artifactType: String! @search(by: [exact]) + artifactName: String! @search(by: [exact, regexp]) + artifactTag: String! @search(by: [exact, regexp]) + artifactSha: String! @search(by: [exact]) + scanData: [ArtifactScanData!] + artifactDeployment: [ApplicationDeployment!] @hasInverse(field: artifact) + sourceDetails: SourceCodeTool @hasInverse(field: artifactNode) + plugins: [BuildTool!] @hasInverse(field: buildPlugins) +} + +type ArtifactScanData { + id: String! @id + "platform: String! @search(by: [exact]) -> add later" + artifactSha: String! @search(by: [exact]) + artifactNameTag: String! @search(by: [exact,regexp]) + tool: String! @search(by: [exact]) + artifactDetails: Artifact @hasInverse(field: scanData) + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String @search(by: [exact]) + components: [Component!] + vulnCriticalCount: Int @search + vulnHighCount: Int @search + vulnMediumCount: Int @search + vulnLowCount: Int @search + vulnInfoCount: Int @search + vulnUnknownCount: Int @search + vulnNoneCount: Int @search + vulnTotalCount: Int @search + scanFile: [ScanFileResult!] + artifactRisk: ArtifactRisk @hasInverse(field: artifactScanResult) + artifactRunHistory: [RunHistory!] @hasInverse(field: artifactScan) + artifactTags: [KeyValue!] + artifactScanTS: [ArtifactScanDataTS!] @hasInverse(field: artifact) +} + +type ArtifactRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus @search(by: [exact,regexp]) + artifactScanResult: ArtifactScanData! @hasInverse(field: artifactRisk) +} + +type ScanFileResult { + id: ID! + name: String! @search(by: [exact, regexp]) + url: String! +} + +type Component { + id: String! @id + type: String! + name: String! @search(by: [exact, regexp]) + version: String! @search(by: [exact, regexp]) + licenses: [String!] + purl: String @search(by: [exact]) + cpe: String @search(by: [exact]) + scannedAt: DateTime + analysisRequired: Boolean @search + analysis: ComponentAnalysis @hasInverse(field: Components) + vulnerabilities: [Vulnerability!] @hasInverse(field: affects) + artifacts: [ArtifactScanData!] @hasInverse(field: components) +} + +type ComponentAnalysis { + Id: ID! + Name: String! @search(by: [exact,regexp]) + Components:[Component!] @hasInverse(field: analysis) + Severity: Severity @search(by: [exact,regexp]) + SeverityInt: Int @search + Stars: Int @search + Forks: Int @search + Contributors: Int @search + VulnCritical: Int @search + VulnHigh: Int @search + VulnMedium: Int @search + VulnLow: Int @search + VulnOthers: Int @search + MeanTimeToRepair: Int @search + Licenses: [String!] @search(by: [exact,regexp]) + CreatedAt: DateTime + ScannedAt: DateTime + LastViewed: DateTime @search +} + +type ComponentLicenses { + Id: ID! + Name: String! @search(by: [exact,regexp]) + Category: String! @search(by: [exact,regexp]) +} + +enum Severity { + apocalypse + critical + high + medium + low + info + none + unknown +} + +type Vulnerability { + id: String! @id + parent: String! @search(by: [exact, regexp]) + ratings: Severity @search(by: [exact]) + ratingsInt: Int @search + cwes: [CWE!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime @search + cvss: Float @search + priority: String @search(by: [exact, regexp]) + priorityInt: Int @search + epss: Float @search + cisa_kev: String @search(by: [exact, regexp]) + exploitation: String @search(by: [exact, regexp]) + automatable: String @search(by: [exact, regexp]) + technicalImpact: String @search(by: [exact, regexp]) + affects: [Component!] @hasInverse(field: vulnerabilities) + policyEvaluation: [PolicyEvaluationData!] @hasInverse(field: vulnNode) +} + +type CWE { + id: String! @id + name: String! + description: String +} + +type Exception implements RBAC + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]}, + delete:{ + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]} + ) +{ + id: ID! + type: String! @search(by: [exact, regexp]) + name: String! @search(by: [exact, regexp]) + affects: [ExceptionAffects!] + createdAt: DateTime! @search + updatedAt: DateTime! @search +} + +type ExceptionAffects implements RBAC + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]}, + delete:{ + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]} + ) +{ + id: ID! + createdBy: String! @search(by: [exact, regexp]) + affectsTeam: Team! @hasInverse(field: exceptions) + affectsApplication: Application + affectsServices: [String!] @search(by: [exact, regexp]) + validUpTo: DateTime! @search + createdAt: DateTime! @search + updatedAt: DateTime! @search + reason: String! @search(by: [exact, regexp]) + status: String! @search(by: [exact, regexp]) + exception: Exception! @hasInverse(field: affects) + runHistories: [RunHistory!] @hasInverse(field: exception) + hasSecurityIssues: [SecurityIssueAffectsSummary!] @hasInverse(field: exception) +} + +# Dgraph.Allow-Origin "http://localhost:4200" +# Dgraph.Authorization {"VerificationKey":"","Header":"X-OpsMx-Auth","jwkurl":"http://token-machine:8050/jwk","Namespace":"ssd.opsmx.io","Algo":"","Audience":["ssd.opsmx.io"],"ClosedByDefault":false} +`