From d1d9f22629e4c7362705bc32bc7fbfebc3ca9faf Mon Sep 17 00:00:00 2001 From: Junaid Shaikh <64411220+genos1998@users.noreply.github.com> Date: Wed, 18 Sep 2024 23:50:10 +0530 Subject: [PATCH] Upgrade aug v2 (#9) * required files created * func added to transition into new jira schema * jira translation done * not needed file removed * schema and folder added * files altered * scoring function * scoring func updated in sync with ssd opa * log messages added * fix: logs & continue/return stats * fix: artifact risk id query --------- Co-authored-by: priyanshishikha --- august2024august2024v2/genqlient.yaml | 17 + august2024august2024v2/modules.go | 60 + august2024august2024v2/queries.graphql | 107 + august2024august2024v2/schema-generated.go | 732 +++ august2024august2024v2/schema.graphql | 5334 +++++++++++++++++ august2024august2024v2/scoring.go | 338 ++ august2024august2024v2/upgradeSteps.go | 27 + august2024august2024v2/utils.go | 22 + common/schemaHelpers.go | 23 +- common/upgradeSteps.go | 6 +- graphqlFunc/adminQueries.go | 2 + july2024august2024/jiraDetails.go | 7 +- july2024august2024/july2024/queries.graphql | 8 +- .../july2024/schema-generated.go | 43 +- schemas/august2024v2.go | 777 +++ 15 files changed, 7483 insertions(+), 20 deletions(-) create mode 100644 august2024august2024v2/genqlient.yaml create mode 100644 august2024august2024v2/modules.go create mode 100644 august2024august2024v2/queries.graphql create mode 100644 august2024august2024v2/schema-generated.go create mode 100644 august2024august2024v2/schema.graphql create mode 100644 august2024august2024v2/scoring.go create mode 100644 august2024august2024v2/upgradeSteps.go create mode 100644 august2024august2024v2/utils.go create mode 100644 schemas/august2024v2.go diff --git a/august2024august2024v2/genqlient.yaml b/august2024august2024v2/genqlient.yaml new file mode 100644 index 0000000..8d17413 --- /dev/null +++ b/august2024august2024v2/genqlient.yaml @@ -0,0 +1,17 @@ +schema: schema.graphql +operations: +- queries.graphql +generated: schema-generated.go +package: august2024august2024v2 +use_struct_references: true +bindings: + Boolean: + type: "*bool" + DateTime: + type: "*time.Time" + Int64: + type: int64 + Int: + type: "*int" + ID: + type: "*string" \ No newline at end of file diff --git a/august2024august2024v2/modules.go b/august2024august2024v2/modules.go new file mode 100644 index 0000000..f16deab --- /dev/null +++ b/august2024august2024v2/modules.go @@ -0,0 +1,60 @@ +package august2024august2024v2 + +import "time" + +const ( + RunHistoryStatusException = "exception" + + Pass string = "pass" + Fail string = "fail" + Low string = "low" + Medium string = "medium" + High string = "high" + Critical string = "critical" + + SOURCE string = "source" + BUILD string = "build" + ARTIFACT string = "artifact" + DEPLOY string = "deploy" + ImageRisk string = "imageRisk" + + HighStatusValue int = 50 + LowStatusValue int = 70 +) + +type Scoring struct { + OrganizationName string + TeamName string + Namespace string + ClusterId string + ApplicationName string + ServiceName string + DeployedAt time.Time + Policy map[string][]PolicyDetail + Image string + ImageTag string + ImageSha string + ApplicationDeploymentId string + BlockedDeployment bool + FailDeploymentFirewallResult bool + DeploymentFirewall bool +} + +type PolicyDetail struct { + PolicyName string + Stage string + Status string + Severity string +} + +type PolicyStatusCount struct { + PassCount int + LowPassCount int + MediumPassCount int + HighPassCount int + CriticalPassCount int + LowCount int + MediumCount int + HighCount int + CriticalCount int +} diff --git a/august2024august2024v2/queries.graphql b/august2024august2024v2/queries.graphql new file mode 100644 index 0000000..7a39cd0 --- /dev/null +++ b/august2024august2024v2/queries.graphql @@ -0,0 +1,107 @@ +query GetArtifactScanDataId { + queryArtifactScanData { + id + artifactRisk { + id + } + } +} + +query QueryArtifactScanDataRunHistory ($scanDataId: String!) { + queryArtifactScanData(filter: {id:{eq:$scanDataId}}) @cascade(fields: ["artifactRunHistory"]) { + artifactRunHistory @cascade(fields: ["id"]) { + id + policyId + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + CreatedAt + UpdatedAt + DeployedAt + Hash + Pass + MetaData + scheduledPolicy + DatasourceTool + Status + securityIssue { + AlertTitle + AlertMessage + Suggestions + Severity + Action + Error + } + policyEnforcements { + id + status + severity + action + conditionValue + policy { + id + policyName + category + stage + scheduledPolicy + script + variables + conditionName + suggestion + } + } + } + } +} + +query GetArtifactRisk($id: ID!) { + getArtifactRisk(id: $id) { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + artifactRiskStatus + } +} + +mutation UpdateArtifactScanDataRiskScoreAndStatus( + $id: ID! + $riskStatus: RiskStatus! + $buildAlertsScore: Int + $sourceCodeAlertsScore: Int + $artifactAlertsScore: Int + $deploymentAlertsScore: Int +) { + updateArtifactRisk( + input: { + set: { + artifactRiskStatus: $riskStatus + sourceCodeAlertsScore: $sourceCodeAlertsScore + buildAlertsScore: $buildAlertsScore + artifactAlertsScore: $artifactAlertsScore + deploymentAlertsScore: $deploymentAlertsScore + } + filter: { id: [$id] } + } + ) { + numUids + } +} + + +mutation UpdateArtifactScanData($artifactScanDataId: String!) { + updateArtifactScanData( + input: { + set: { artifactRisk: { artifactRiskStatus: scanning } } + filter: { id: { eq: $artifactScanDataId } } + } + ) { + artifactScanData { + artifactRisk { + id + } + } + } +} \ No newline at end of file diff --git a/august2024august2024v2/schema-generated.go b/august2024august2024v2/schema-generated.go new file mode 100644 index 0000000..0d81889 --- /dev/null +++ b/august2024august2024v2/schema-generated.go @@ -0,0 +1,732 @@ +// Code generated by github.com/Khan/genqlient, DO NOT EDIT. + +package august2024august2024v2 + +import ( + "context" + "time" + + "github.com/Khan/genqlient/graphql" +) + +// GetArtifactRiskGetArtifactRisk includes the requested fields of the GraphQL type ArtifactRisk. +type GetArtifactRiskGetArtifactRisk struct { + SourceCodeAlertsScore *int `json:"sourceCodeAlertsScore"` + BuildAlertsScore *int `json:"buildAlertsScore"` + ArtifactAlertsScore *int `json:"artifactAlertsScore"` + DeploymentAlertsScore *int `json:"deploymentAlertsScore"` + ArtifactRiskStatus RiskStatus `json:"artifactRiskStatus"` +} + +// GetSourceCodeAlertsScore returns GetArtifactRiskGetArtifactRisk.SourceCodeAlertsScore, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskGetArtifactRisk) GetSourceCodeAlertsScore() *int { + return v.SourceCodeAlertsScore +} + +// GetBuildAlertsScore returns GetArtifactRiskGetArtifactRisk.BuildAlertsScore, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskGetArtifactRisk) GetBuildAlertsScore() *int { return v.BuildAlertsScore } + +// GetArtifactAlertsScore returns GetArtifactRiskGetArtifactRisk.ArtifactAlertsScore, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskGetArtifactRisk) GetArtifactAlertsScore() *int { return v.ArtifactAlertsScore } + +// GetDeploymentAlertsScore returns GetArtifactRiskGetArtifactRisk.DeploymentAlertsScore, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskGetArtifactRisk) GetDeploymentAlertsScore() *int { + return v.DeploymentAlertsScore +} + +// GetArtifactRiskStatus returns GetArtifactRiskGetArtifactRisk.ArtifactRiskStatus, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskGetArtifactRisk) GetArtifactRiskStatus() RiskStatus { + return v.ArtifactRiskStatus +} + +// GetArtifactRiskResponse is returned by GetArtifactRisk on success. +type GetArtifactRiskResponse struct { + GetArtifactRisk *GetArtifactRiskGetArtifactRisk `json:"getArtifactRisk"` +} + +// GetGetArtifactRisk returns GetArtifactRiskResponse.GetArtifactRisk, and is useful for accessing the field via an interface. +func (v *GetArtifactRiskResponse) GetGetArtifactRisk() *GetArtifactRiskGetArtifactRisk { + return v.GetArtifactRisk +} + +// GetArtifactScanDataIdQueryArtifactScanData includes the requested fields of the GraphQL type ArtifactScanData. +type GetArtifactScanDataIdQueryArtifactScanData struct { + Id string `json:"id"` + ArtifactRisk *GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk `json:"artifactRisk"` +} + +// GetId returns GetArtifactScanDataIdQueryArtifactScanData.Id, and is useful for accessing the field via an interface. +func (v *GetArtifactScanDataIdQueryArtifactScanData) GetId() string { return v.Id } + +// GetArtifactRisk returns GetArtifactScanDataIdQueryArtifactScanData.ArtifactRisk, and is useful for accessing the field via an interface. +func (v *GetArtifactScanDataIdQueryArtifactScanData) GetArtifactRisk() *GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk { + return v.ArtifactRisk +} + +// GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk includes the requested fields of the GraphQL type ArtifactRisk. +type GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk struct { + Id *string `json:"id"` +} + +// GetId returns GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk.Id, and is useful for accessing the field via an interface. +func (v *GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk) GetId() *string { return v.Id } + +// GetArtifactScanDataIdResponse is returned by GetArtifactScanDataId on success. +type GetArtifactScanDataIdResponse struct { + QueryArtifactScanData []*GetArtifactScanDataIdQueryArtifactScanData `json:"queryArtifactScanData"` +} + +// GetQueryArtifactScanData returns GetArtifactScanDataIdResponse.QueryArtifactScanData, and is useful for accessing the field via an interface. +func (v *GetArtifactScanDataIdResponse) GetQueryArtifactScanData() []*GetArtifactScanDataIdQueryArtifactScanData { + return v.QueryArtifactScanData +} + +// QueryArtifactScanDataRunHistoryQueryArtifactScanData includes the requested fields of the GraphQL type ArtifactScanData. +type QueryArtifactScanDataRunHistoryQueryArtifactScanData struct { + ArtifactRunHistory []*QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory `json:"artifactRunHistory"` +} + +// GetArtifactRunHistory returns QueryArtifactScanDataRunHistoryQueryArtifactScanData.ArtifactRunHistory, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanData) GetArtifactRunHistory() []*QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory { + return v.ArtifactRunHistory +} + +// QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory includes the requested fields of the GraphQL type RunHistory. +type QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory struct { + Id *string `json:"id"` + PolicyId string `json:"policyId"` + PolicyName string `json:"PolicyName"` + Stage string `json:"Stage"` + Artifact string `json:"Artifact"` + ArtifactTag string `json:"ArtifactTag"` + ArtifactSha string `json:"ArtifactSha"` + CreatedAt *time.Time `json:"CreatedAt"` + UpdatedAt *time.Time `json:"UpdatedAt"` + DeployedAt *time.Time `json:"DeployedAt"` + Hash string `json:"Hash"` + Pass *bool `json:"Pass"` + MetaData string `json:"MetaData"` + ScheduledPolicy *bool `json:"scheduledPolicy"` + DatasourceTool string `json:"DatasourceTool"` + Status string `json:"Status"` + SecurityIssue *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue `json:"securityIssue"` + PolicyEnforcements *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement `json:"policyEnforcements"` +} + +// GetId returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Id, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetId() *string { + return v.Id +} + +// GetPolicyId returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.PolicyId, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetPolicyId() string { + return v.PolicyId +} + +// GetPolicyName returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.PolicyName, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetPolicyName() string { + return v.PolicyName +} + +// GetStage returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Stage, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetStage() string { + return v.Stage +} + +// GetArtifact returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Artifact, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetArtifact() string { + return v.Artifact +} + +// GetArtifactTag returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.ArtifactTag, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetArtifactTag() string { + return v.ArtifactTag +} + +// GetArtifactSha returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.ArtifactSha, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetArtifactSha() string { + return v.ArtifactSha +} + +// GetCreatedAt returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.CreatedAt, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetCreatedAt() *time.Time { + return v.CreatedAt +} + +// GetUpdatedAt returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.UpdatedAt, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetUpdatedAt() *time.Time { + return v.UpdatedAt +} + +// GetDeployedAt returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.DeployedAt, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetDeployedAt() *time.Time { + return v.DeployedAt +} + +// GetHash returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Hash, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetHash() string { + return v.Hash +} + +// GetPass returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Pass, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetPass() *bool { + return v.Pass +} + +// GetMetaData returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.MetaData, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetMetaData() string { + return v.MetaData +} + +// GetScheduledPolicy returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.ScheduledPolicy, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetScheduledPolicy() *bool { + return v.ScheduledPolicy +} + +// GetDatasourceTool returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.DatasourceTool, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetDatasourceTool() string { + return v.DatasourceTool +} + +// GetStatus returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.Status, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetStatus() string { + return v.Status +} + +// GetSecurityIssue returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.SecurityIssue, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetSecurityIssue() *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue { + return v.SecurityIssue +} + +// GetPolicyEnforcements returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory.PolicyEnforcements, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistory) GetPolicyEnforcements() *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement { + return v.PolicyEnforcements +} + +// QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement includes the requested fields of the GraphQL type PolicyEnforcement. +type QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement struct { + Id *string `json:"id"` + Status *bool `json:"status"` + Severity Severity `json:"severity"` + Action string `json:"action"` + ConditionValue string `json:"conditionValue"` + Policy *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition `json:"policy"` +} + +// GetId returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.Id, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetId() *string { + return v.Id +} + +// GetStatus returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.Status, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetStatus() *bool { + return v.Status +} + +// GetSeverity returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.Severity, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetSeverity() Severity { + return v.Severity +} + +// GetAction returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.Action, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetAction() string { + return v.Action +} + +// GetConditionValue returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.ConditionValue, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetConditionValue() string { + return v.ConditionValue +} + +// GetPolicy returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement.Policy, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcement) GetPolicy() *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition { + return v.Policy +} + +// QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition includes the requested fields of the GraphQL type PolicyDefinition. +type QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition struct { + Id string `json:"id"` + PolicyName string `json:"policyName"` + Category string `json:"category"` + Stage string `json:"stage"` + ScheduledPolicy *bool `json:"scheduledPolicy"` + Script string `json:"script"` + Variables string `json:"variables"` + ConditionName string `json:"conditionName"` + Suggestion string `json:"suggestion"` +} + +// GetId returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Id, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetId() string { + return v.Id +} + +// GetPolicyName returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.PolicyName, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetPolicyName() string { + return v.PolicyName +} + +// GetCategory returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Category, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetCategory() string { + return v.Category +} + +// GetStage returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Stage, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetStage() string { + return v.Stage +} + +// GetScheduledPolicy returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.ScheduledPolicy, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetScheduledPolicy() *bool { + return v.ScheduledPolicy +} + +// GetScript returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Script, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetScript() string { + return v.Script +} + +// GetVariables returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Variables, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetVariables() string { + return v.Variables +} + +// GetConditionName returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.ConditionName, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetConditionName() string { + return v.ConditionName +} + +// GetSuggestion returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition.Suggestion, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistoryPolicyEnforcementsPolicyEnforcementPolicyPolicyDefinition) GetSuggestion() string { + return v.Suggestion +} + +// QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue includes the requested fields of the GraphQL type SecurityIssue. +type QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue struct { + AlertTitle string `json:"AlertTitle"` + AlertMessage string `json:"AlertMessage"` + Suggestions string `json:"Suggestions"` + Severity Severity `json:"Severity"` + Action string `json:"Action"` + Error string `json:"Error"` +} + +// GetAlertTitle returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.AlertTitle, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetAlertTitle() string { + return v.AlertTitle +} + +// GetAlertMessage returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.AlertMessage, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetAlertMessage() string { + return v.AlertMessage +} + +// GetSuggestions returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.Suggestions, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetSuggestions() string { + return v.Suggestions +} + +// GetSeverity returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.Severity, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetSeverity() Severity { + return v.Severity +} + +// GetAction returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.Action, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetAction() string { + return v.Action +} + +// GetError returns QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue.Error, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryQueryArtifactScanDataArtifactRunHistorySecurityIssue) GetError() string { + return v.Error +} + +// QueryArtifactScanDataRunHistoryResponse is returned by QueryArtifactScanDataRunHistory on success. +type QueryArtifactScanDataRunHistoryResponse struct { + QueryArtifactScanData []*QueryArtifactScanDataRunHistoryQueryArtifactScanData `json:"queryArtifactScanData"` +} + +// GetQueryArtifactScanData returns QueryArtifactScanDataRunHistoryResponse.QueryArtifactScanData, and is useful for accessing the field via an interface. +func (v *QueryArtifactScanDataRunHistoryResponse) GetQueryArtifactScanData() []*QueryArtifactScanDataRunHistoryQueryArtifactScanData { + return v.QueryArtifactScanData +} + +// RiskStatus tells us what risk a current application instance or a deployment is at. +type RiskStatus string + +const ( + RiskStatusLowrisk RiskStatus = "lowrisk" + RiskStatusMediumrisk RiskStatus = "mediumrisk" + RiskStatusHighrisk RiskStatus = "highrisk" + RiskStatusApocalypserisk RiskStatus = "apocalypserisk" + RiskStatusScanning RiskStatus = "scanning" +) + +type Severity string + +const ( + SeverityCritical Severity = "critical" + SeverityHigh Severity = "high" + SeverityMedium Severity = "medium" + SeverityLow Severity = "low" + SeverityInfo Severity = "info" + SeverityNone Severity = "none" + SeverityUnknown Severity = "unknown" +) + +// UpdateArtifactScanDataResponse is returned by UpdateArtifactScanData on success. +type UpdateArtifactScanDataResponse struct { + UpdateArtifactScanData *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload `json:"updateArtifactScanData"` +} + +// GetUpdateArtifactScanData returns UpdateArtifactScanDataResponse.UpdateArtifactScanData, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataResponse) GetUpdateArtifactScanData() *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload { + return v.UpdateArtifactScanData +} + +// UpdateArtifactScanDataRiskScoreAndStatusResponse is returned by UpdateArtifactScanDataRiskScoreAndStatus on success. +type UpdateArtifactScanDataRiskScoreAndStatusResponse struct { + UpdateArtifactRisk *UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload `json:"updateArtifactRisk"` +} + +// GetUpdateArtifactRisk returns UpdateArtifactScanDataRiskScoreAndStatusResponse.UpdateArtifactRisk, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataRiskScoreAndStatusResponse) GetUpdateArtifactRisk() *UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload { + return v.UpdateArtifactRisk +} + +// UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload includes the requested fields of the GraphQL type UpdateArtifactRiskPayload. +type UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload struct { + NumUids *int `json:"numUids"` +} + +// GetNumUids returns UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload.NumUids, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataRiskScoreAndStatusUpdateArtifactRiskUpdateArtifactRiskPayload) GetNumUids() *int { + return v.NumUids +} + +// UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload includes the requested fields of the GraphQL type UpdateArtifactScanDataPayload. +type UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload struct { + ArtifactScanData []*UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData `json:"artifactScanData"` +} + +// GetArtifactScanData returns UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload.ArtifactScanData, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayload) GetArtifactScanData() []*UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData { + return v.ArtifactScanData +} + +// UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData includes the requested fields of the GraphQL type ArtifactScanData. +type UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData struct { + ArtifactRisk *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk `json:"artifactRisk"` +} + +// GetArtifactRisk returns UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData.ArtifactRisk, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanData) GetArtifactRisk() *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk { + return v.ArtifactRisk +} + +// UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk includes the requested fields of the GraphQL type ArtifactRisk. +type UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk struct { + Id *string `json:"id"` +} + +// GetId returns UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk.Id, and is useful for accessing the field via an interface. +func (v *UpdateArtifactScanDataUpdateArtifactScanDataUpdateArtifactScanDataPayloadArtifactScanDataArtifactRisk) GetId() *string { + return v.Id +} + +// __GetArtifactRiskInput is used internally by genqlient +type __GetArtifactRiskInput struct { + Id *string `json:"id"` +} + +// GetId returns __GetArtifactRiskInput.Id, and is useful for accessing the field via an interface. +func (v *__GetArtifactRiskInput) GetId() *string { return v.Id } + +// __QueryArtifactScanDataRunHistoryInput is used internally by genqlient +type __QueryArtifactScanDataRunHistoryInput struct { + ScanDataId string `json:"scanDataId"` +} + +// GetScanDataId returns __QueryArtifactScanDataRunHistoryInput.ScanDataId, and is useful for accessing the field via an interface. +func (v *__QueryArtifactScanDataRunHistoryInput) GetScanDataId() string { return v.ScanDataId } + +// __UpdateArtifactScanDataInput is used internally by genqlient +type __UpdateArtifactScanDataInput struct { + ArtifactScanDataId string `json:"artifactScanDataId"` +} + +// GetArtifactScanDataId returns __UpdateArtifactScanDataInput.ArtifactScanDataId, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataInput) GetArtifactScanDataId() string { return v.ArtifactScanDataId } + +// __UpdateArtifactScanDataRiskScoreAndStatusInput is used internally by genqlient +type __UpdateArtifactScanDataRiskScoreAndStatusInput struct { + Id *string `json:"id"` + RiskStatus RiskStatus `json:"riskStatus"` + BuildAlertsScore *int `json:"buildAlertsScore"` + SourceCodeAlertsScore *int `json:"sourceCodeAlertsScore"` + ArtifactAlertsScore *int `json:"artifactAlertsScore"` + DeploymentAlertsScore *int `json:"deploymentAlertsScore"` +} + +// GetId returns __UpdateArtifactScanDataRiskScoreAndStatusInput.Id, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetId() *string { return v.Id } + +// GetRiskStatus returns __UpdateArtifactScanDataRiskScoreAndStatusInput.RiskStatus, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetRiskStatus() RiskStatus { + return v.RiskStatus +} + +// GetBuildAlertsScore returns __UpdateArtifactScanDataRiskScoreAndStatusInput.BuildAlertsScore, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetBuildAlertsScore() *int { + return v.BuildAlertsScore +} + +// GetSourceCodeAlertsScore returns __UpdateArtifactScanDataRiskScoreAndStatusInput.SourceCodeAlertsScore, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetSourceCodeAlertsScore() *int { + return v.SourceCodeAlertsScore +} + +// GetArtifactAlertsScore returns __UpdateArtifactScanDataRiskScoreAndStatusInput.ArtifactAlertsScore, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetArtifactAlertsScore() *int { + return v.ArtifactAlertsScore +} + +// GetDeploymentAlertsScore returns __UpdateArtifactScanDataRiskScoreAndStatusInput.DeploymentAlertsScore, and is useful for accessing the field via an interface. +func (v *__UpdateArtifactScanDataRiskScoreAndStatusInput) GetDeploymentAlertsScore() *int { + return v.DeploymentAlertsScore +} + +// The query or mutation executed by GetArtifactRisk. +const GetArtifactRisk_Operation = ` +query GetArtifactRisk ($id: ID!) { + getArtifactRisk(id: $id) { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + artifactRiskStatus + } +} +` + +func GetArtifactRisk( + ctx_ context.Context, + client_ graphql.Client, + id *string, +) (*GetArtifactRiskResponse, error) { + req_ := &graphql.Request{ + OpName: "GetArtifactRisk", + Query: GetArtifactRisk_Operation, + Variables: &__GetArtifactRiskInput{ + Id: id, + }, + } + var err_ error + + var data_ GetArtifactRiskResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} + +// The query or mutation executed by GetArtifactScanDataId. +const GetArtifactScanDataId_Operation = ` +query GetArtifactScanDataId { + queryArtifactScanData { + id + artifactRisk { + id + } + } +} +` + +func GetArtifactScanDataId( + ctx_ context.Context, + client_ graphql.Client, +) (*GetArtifactScanDataIdResponse, error) { + req_ := &graphql.Request{ + OpName: "GetArtifactScanDataId", + Query: GetArtifactScanDataId_Operation, + } + var err_ error + + var data_ GetArtifactScanDataIdResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} + +// The query or mutation executed by QueryArtifactScanDataRunHistory. +const QueryArtifactScanDataRunHistory_Operation = ` +query QueryArtifactScanDataRunHistory ($scanDataId: String!) { + queryArtifactScanData(filter: {id:{eq:$scanDataId}}) @cascade(fields: ["artifactRunHistory"]) { + artifactRunHistory @cascade(fields: ["id"]) { + id + policyId + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + CreatedAt + UpdatedAt + DeployedAt + Hash + Pass + MetaData + scheduledPolicy + DatasourceTool + Status + securityIssue { + AlertTitle + AlertMessage + Suggestions + Severity + Action + Error + } + policyEnforcements { + id + status + severity + action + conditionValue + policy { + id + policyName + category + stage + scheduledPolicy + script + variables + conditionName + suggestion + } + } + } + } +} +` + +func QueryArtifactScanDataRunHistory( + ctx_ context.Context, + client_ graphql.Client, + scanDataId string, +) (*QueryArtifactScanDataRunHistoryResponse, error) { + req_ := &graphql.Request{ + OpName: "QueryArtifactScanDataRunHistory", + Query: QueryArtifactScanDataRunHistory_Operation, + Variables: &__QueryArtifactScanDataRunHistoryInput{ + ScanDataId: scanDataId, + }, + } + var err_ error + + var data_ QueryArtifactScanDataRunHistoryResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} + +// The query or mutation executed by UpdateArtifactScanData. +const UpdateArtifactScanData_Operation = ` +mutation UpdateArtifactScanData ($artifactScanDataId: String!) { + updateArtifactScanData(input: {set:{artifactRisk:{artifactRiskStatus:scanning}},filter:{id:{eq:$artifactScanDataId}}}) { + artifactScanData { + artifactRisk { + id + } + } + } +} +` + +func UpdateArtifactScanData( + ctx_ context.Context, + client_ graphql.Client, + artifactScanDataId string, +) (*UpdateArtifactScanDataResponse, error) { + req_ := &graphql.Request{ + OpName: "UpdateArtifactScanData", + Query: UpdateArtifactScanData_Operation, + Variables: &__UpdateArtifactScanDataInput{ + ArtifactScanDataId: artifactScanDataId, + }, + } + var err_ error + + var data_ UpdateArtifactScanDataResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} + +// The query or mutation executed by UpdateArtifactScanDataRiskScoreAndStatus. +const UpdateArtifactScanDataRiskScoreAndStatus_Operation = ` +mutation UpdateArtifactScanDataRiskScoreAndStatus ($id: ID!, $riskStatus: RiskStatus!, $buildAlertsScore: Int, $sourceCodeAlertsScore: Int, $artifactAlertsScore: Int, $deploymentAlertsScore: Int) { + updateArtifactRisk(input: {set:{artifactRiskStatus:$riskStatus,sourceCodeAlertsScore:$sourceCodeAlertsScore,buildAlertsScore:$buildAlertsScore,artifactAlertsScore:$artifactAlertsScore,deploymentAlertsScore:$deploymentAlertsScore},filter:{id:[$id]}}) { + numUids + } +} +` + +func UpdateArtifactScanDataRiskScoreAndStatus( + ctx_ context.Context, + client_ graphql.Client, + id *string, + riskStatus RiskStatus, + buildAlertsScore *int, + sourceCodeAlertsScore *int, + artifactAlertsScore *int, + deploymentAlertsScore *int, +) (*UpdateArtifactScanDataRiskScoreAndStatusResponse, error) { + req_ := &graphql.Request{ + OpName: "UpdateArtifactScanDataRiskScoreAndStatus", + Query: UpdateArtifactScanDataRiskScoreAndStatus_Operation, + Variables: &__UpdateArtifactScanDataRiskScoreAndStatusInput{ + Id: id, + RiskStatus: riskStatus, + BuildAlertsScore: buildAlertsScore, + SourceCodeAlertsScore: sourceCodeAlertsScore, + ArtifactAlertsScore: artifactAlertsScore, + DeploymentAlertsScore: deploymentAlertsScore, + }, + } + var err_ error + + var data_ UpdateArtifactScanDataRiskScoreAndStatusResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} diff --git a/august2024august2024v2/schema.graphql b/august2024august2024v2/schema.graphql new file mode 100644 index 0000000..11e4436 --- /dev/null +++ b/august2024august2024v2/schema.graphql @@ -0,0 +1,5334 @@ +directive @lambdaOnMutate(add: Boolean, update: Boolean, delete: Boolean) on OBJECT | INTERFACE + +directive @cacheControl(maxAge: Int!) on QUERY + +directive @search(by: [DgraphIndex!]) on FIELD_DEFINITION + +directive @withSubscription on OBJECT | INTERFACE | FIELD_DEFINITION + +directive @auth(password: AuthRule, query: AuthRule, add: AuthRule, update: AuthRule, delete: AuthRule) on OBJECT | INTERFACE + +directive @secret(field: String!, pred: String) on OBJECT | INTERFACE + +directive @generate(query: GenerateQueryParams, mutation: GenerateMutationParams, subscription: Boolean) on OBJECT | INTERFACE + +directive @hasInverse(field: String!) on FIELD_DEFINITION + +directive @id(interface: Boolean) on FIELD_DEFINITION + +directive @custom(http: CustomHTTP, dql: String) on FIELD_DEFINITION + +directive @remote on OBJECT | INTERFACE | UNION | INPUT_OBJECT | ENUM + +directive @remoteResponse(name: String) on FIELD_DEFINITION + +directive @cascade(fields: [String]) on FIELD + +directive @lambda on FIELD_DEFINITION + +directive @dgraph(type: String, pred: String) on OBJECT | INTERFACE | FIELD_DEFINITION + +input AddApplicationDeploymentInput { + """id is randomly assigned""" + id: String! + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef! + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage! + + """source is argo, spinnaker etc""" + source: String! + + """component would be a service""" + component: String! + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef! + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] +} + +type AddApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + numUids: Int +} + +input AddApplicationDeploymentRiskInput { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef! +} + +type AddApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + numUids: Int +} + +input AddApplicationEnvironmentInput { + """id is randomly assigned""" + id: String! + environment: EnvironmentRef + application: ApplicationRef! + deploymentTarget: DeploymentTargetRef! + namespace: String! + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] +} + +type AddApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + numUids: Int +} + +input AddApplicationInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef! + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] +} + +type AddApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + numUids: Int +} + +input AddApplicationRiskStatusInput { + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment: ApplicationEnvironmentRef! +} + +type AddApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + numUids: Int +} + +input AddArtifactInput { + id: String! + artifactType: String! + artifactName: String! + artifactTag: String! + artifactSha: String! + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + buildDetails: BuildToolRef +} + +type AddArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + numUids: Int +} + +input AddArtifactRiskInput { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef! +} + +type AddArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + numUids: Int +} + +input AddArtifactScanDataInput { + id: String! + artifactSha: String! + tool: String! + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] +} + +type AddArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + numUids: Int +} + +input AddBuildToolInput { + """id is randomly assigned""" + id: String! + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String! + + """tool is jenkins etc""" + tool: String! + + """buildName is the name of the job/pipeline/action""" + buildName: String! + buildUrl: String! + artifactType: String + + """artifact would be something like nginx without the tag""" + artifact: String! + + """artifactTag would be the tag of the artifact""" + artifactTag: String! + + """digest is the sha of the artifact""" + digest: String! + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String + artifactNode: ArtifactRef + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + sourceCodeTool: SourceCodeToolRef + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime! +} + +type AddBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + numUids: Int +} + +input AddCommitMetaDataInput { + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef! +} + +type AddCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + numUids: Int +} + +input AddComponentInput { + id: String! + type: String! + name: String! + version: String! + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +type AddComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + numUids: Int +} + +input AddCWEInput { + id: String! + name: String! + description: String +} + +type AddCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + numUids: Int +} + +input AddDeploymentTargetInput { + """id is randomly assigned""" + id: String! + name: String! + + """this would be the ip/server address of the target environment""" + ip: String! + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef! + defaultEnvironment: EnvironmentRef! +} + +type AddDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + numUids: Int +} + +input AddEnvironmentInput { + id: String! + organization: OrganizationRef! + purpose: String! +} + +type AddEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + numUids: Int +} + +input AddExceptionAffectsInput { + roles: [RoleRef!] + createdBy: String! + affectsTeam: TeamRef! + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime! + createdAt: DateTime! + updatedAt: DateTime! + reason: String! + status: String! + exception: ExceptionRef! + runHistories: [RunHistoryRef!] +} + +type AddExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + numUids: Int +} + +input AddExceptionInput { + roles: [RoleRef!] + type: String! + name: String! + affects: [ExceptionAffectsRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +type AddExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + numUids: Int +} + +input AddFeatureModeInput { + id: String! + organization: OrganizationRef! + key: String! + value: String! + category: String! + createdAt: DateTime! + updatedAt: DateTime! + integrator: IntegratorRef! +} + +type AddFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + numUids: Int +} + +input AddIntegratorConfigsInput { + name: String! + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef! +} + +type AddIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + numUids: Int +} + +input AddIntegratorInput { + id: String! + organization: OrganizationRef! + type: String! + category: String! + status: String! + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +input AddIntegratorKeyValuesInput { + key: String! + value: String! + encrypt: Boolean! +} + +type AddIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + numUids: Int +} + +type AddIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + numUids: Int +} + +input AddJiraInput { + jiraId: String! + url: String! + status: String! + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +type AddJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + numUids: Int +} + +input AddKeyValueInput { + id: String! + name: String! + value: String! + createdAt: DateTime! +} + +type AddKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + numUids: Int +} + +input AddOrganizationInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +type AddOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + numUids: Int +} + +input AddPolicyDefinitionInput { + id: String! + ownerOrg: OrganizationRef! + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! + category: String! + stage: String! + description: String! + scheduledPolicy: Boolean! + script: String! + variables: String + conditionName: String + suggestion: String +} + +type AddPolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + numUids: Int +} + +input AddPolicyEnforcementInput { + policy: PolicyDefinitionRef! + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean! + forceApply: Boolean + severity: Severity! + datasourceTool: String! + action: String! + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime! + updatedAt: DateTime! +} + +type AddPolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + numUids: Int +} + +input AddRoleInput { + """id is randomly assigned""" + id: String! + + """group should be a URI format that includes a scope or realm""" + group: String! + permission: RolePermission! +} + +type AddRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + numUids: Int +} + +input AddRunHistoryInput { + policyId: String! + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String! + Stage: String! + Artifact: String! + ArtifactTag: String! + ArtifactSha: String! + ArtifactNameTag: String! + DatasourceTool: String! + CreatedAt: DateTime! + UpdatedAt: DateTime! + DeployedAt: DateTime! + Hash: String + Pass: Boolean! + MetaData: String + FileApi: String + AttachedJira: JiraRef + Status: String! + exception: ExceptionAffectsRef + scheduledPolicy: Boolean! + policyEnforcements: PolicyEnforcementRef! + securityIssue: SecurityIssueRef +} + +type AddRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + numUids: Int +} + +input AddScanFileResultInput { + name: String! + url: String! +} + +type AddScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + numUids: Int +} + +input AddSchemaVersionInput { + version: String! +} + +type AddSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + numUids: Int +} + +input AddSecurityIssueInput { + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity! + SeverityInt: Int! + CreatedAt: DateTime! + UpdatedAt: DateTime! + Action: String! + Reason: String + Error: String + AttachedJira: JiraRef + Affects: [RunHistoryRef!] +} + +type AddSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + numUids: Int +} + +input AddSourceCodeToolInput { + """id is randomly assigned""" + id: String! + createdAt: DateTime! + + """scm is the scm tool github/gitlab etc""" + scm: String! + + """repository is the git remote repository""" + repository: String! + + """branch is the git branch on which the artifact was built""" + branch: String! + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef! +} + +type AddSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + numUids: Int +} + +input AddTagInput { + id: String! + tagName: String! + tagValue: String! + tagDescription: String + createdBy: String + createdAt: DateTime! + updatedAt: DateTime! + policies: [PolicyEnforcementRef!] +} + +type AddTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + numUids: Int +} + +input AddTeamInput { + """id is randomly assigned""" + id: String! + name: String! + roles: [RoleRef!] + organization: OrganizationRef! + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] +} + +type AddTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + numUids: Int +} + +input AddToolsUsedInput { + source: String + build: String + artifact: String + deploy: String + sbom: String + misc: [String!] +} + +type AddToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + numUids: Int +} + +input AddVulnerabilityInput { + id: String! + parent: String! + ratings: Severity + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + epss: Float + cisa_kev: String + affects: [ComponentRef!] +} + +type AddVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + numUids: Int +} + +type Application implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + environments(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment!] + team(filter: TeamFilter): Team! + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + metadata(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + environmentsAggregate(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + metadataAggregate(filter: KeyValueFilter): KeyValueAggregateResult +} + +type ApplicationAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +""" +ApplicationDeployment tells us about the the artifact deployed along with its associated details. +""" +type ApplicationDeployment { + """id is randomly assigned""" + id: String! + + """artifact that is deployed""" + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact!] + applicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironment! + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage! + + """source is argo, spinnaker etc""" + source: String! + + """component would be a service""" + component: String! + + """user who deployed the artifact""" + deployedBy: String + + """ + toolsUsed contains tools of different stages of source, build, artifact and deploy along with some different tools + """ + toolsUsed(filter: ToolsUsedFilter): ToolsUsed! + + """deploymentRisk is the risk status of the deployment""" + deploymentRisk(filter: ApplicationDeploymentRiskFilter): ApplicationDeploymentRisk + + """policyRunHistory is the policy execution history for this deployment""" + policyRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + deploymentTags(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + artifactAggregate(filter: ArtifactFilter): ArtifactAggregateResult + policyRunHistoryAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + deploymentTagsAggregate(filter: KeyValueFilter): KeyValueAggregateResult +} + +type ApplicationDeploymentAggregateResult { + count: Int + idMin: String + idMax: String + deployedAtMin: DateTime + deployedAtMax: DateTime + sourceMin: String + sourceMax: String + componentMin: String + componentMax: String + deployedByMin: String + deployedByMax: String +} + +input ApplicationDeploymentFilter { + id: StringHashFilter + deployedAt: DateTimeFilter + deploymentStage: DeploymentStage_exact + component: StringExactFilter_StringRegExpFilter + has: [ApplicationDeploymentHasFilter] + and: [ApplicationDeploymentFilter] + or: [ApplicationDeploymentFilter] + not: ApplicationDeploymentFilter +} + +enum ApplicationDeploymentHasFilter { + id + artifact + applicationEnvironment + deployedAt + deploymentStage + source + component + deployedBy + toolsUsed + deploymentRisk + policyRunHistory + deploymentTags +} + +input ApplicationDeploymentOrder { + asc: ApplicationDeploymentOrderable + desc: ApplicationDeploymentOrderable + then: ApplicationDeploymentOrder +} + +enum ApplicationDeploymentOrderable { + id + deployedAt + source + component + deployedBy +} + +input ApplicationDeploymentPatch { + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage + + """source is argo, spinnaker etc""" + source: String + + """component would be a service""" + component: String + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] +} + +input ApplicationDeploymentRef { + """id is randomly assigned""" + id: String + artifact: [ArtifactRef!] + applicationEnvironment: ApplicationEnvironmentRef + deployedAt: DateTime + + """ + deploymentStage is an enum and can be discovered, current, previous or blocked + """ + deploymentStage: DeploymentStage + + """source is argo, spinnaker etc""" + source: String + + """component would be a service""" + component: String + + """user who deployed the artifact""" + deployedBy: String + toolsUsed: ToolsUsedRef + deploymentRisk: ApplicationDeploymentRiskRef + policyRunHistory: [RunHistoryRef!] + deploymentTags: [KeyValueRef!] +} + +""" +ApplicationDeploymentRisk tells us about the risk status and alerts for different stages for an application deployment. +""" +type ApplicationDeploymentRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeployment! +} + +type ApplicationDeploymentRiskAggregateResult { + count: Int + sourceCodeAlertsScoreMin: Int + sourceCodeAlertsScoreMax: Int + sourceCodeAlertsScoreSum: Int + sourceCodeAlertsScoreAvg: Float + buildAlertsScoreMin: Int + buildAlertsScoreMax: Int + buildAlertsScoreSum: Int + buildAlertsScoreAvg: Float + artifactAlertsScoreMin: Int + artifactAlertsScoreMax: Int + artifactAlertsScoreSum: Int + artifactAlertsScoreAvg: Float + deploymentAlertsScoreMin: Int + deploymentAlertsScoreMax: Int + deploymentAlertsScoreSum: Int + deploymentAlertsScoreAvg: Float +} + +input ApplicationDeploymentRiskFilter { + id: [ID!] + deploymentRiskStatus: RiskStatus_exact_StringRegExpFilter + has: [ApplicationDeploymentRiskHasFilter] + and: [ApplicationDeploymentRiskFilter] + or: [ApplicationDeploymentRiskFilter] + not: ApplicationDeploymentRiskFilter +} + +enum ApplicationDeploymentRiskHasFilter { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + deploymentRiskStatus + applicationDeployment +} + +input ApplicationDeploymentRiskOrder { + asc: ApplicationDeploymentRiskOrderable + desc: ApplicationDeploymentRiskOrderable + then: ApplicationDeploymentRiskOrder +} + +enum ApplicationDeploymentRiskOrderable { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore +} + +input ApplicationDeploymentRiskPatch { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef +} + +input ApplicationDeploymentRiskRef { + id: ID + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus + applicationDeployment: ApplicationDeploymentRef +} + +""" +ApplicationEnvironment is a running instance of an application down to the level of a namespace or its non k8s equivalent. +""" +type ApplicationEnvironment { + """id is randomly assigned""" + id: String! + + """environment denotes whether it is dev, prod, staging, non-prod etc""" + environment(filter: EnvironmentFilter): Environment + application(filter: ApplicationFilter): Application! + deploymentTarget(filter: DeploymentTargetFilter): DeploymentTarget! + namespace: String! + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment!] + riskStatus(filter: ApplicationRiskStatusFilter): ApplicationRiskStatus + metadata(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + deploymentsAggregate(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult + metadataAggregate(filter: KeyValueFilter): KeyValueAggregateResult +} + +type ApplicationEnvironmentAggregateResult { + count: Int + idMin: String + idMax: String + namespaceMin: String + namespaceMax: String +} + +input ApplicationEnvironmentFilter { + id: StringHashFilter + namespace: StringExactFilter_StringRegExpFilter + has: [ApplicationEnvironmentHasFilter] + and: [ApplicationEnvironmentFilter] + or: [ApplicationEnvironmentFilter] + not: ApplicationEnvironmentFilter +} + +enum ApplicationEnvironmentHasFilter { + id + environment + application + deploymentTarget + namespace + toolsUsed + deployments + riskStatus + metadata +} + +input ApplicationEnvironmentOrder { + asc: ApplicationEnvironmentOrderable + desc: ApplicationEnvironmentOrderable + then: ApplicationEnvironmentOrder +} + +enum ApplicationEnvironmentOrderable { + id + namespace +} + +input ApplicationEnvironmentPatch { + environment: EnvironmentRef + application: ApplicationRef + deploymentTarget: DeploymentTargetRef + namespace: String + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] +} + +input ApplicationEnvironmentRef { + """id is randomly assigned""" + id: String + environment: EnvironmentRef + application: ApplicationRef + deploymentTarget: DeploymentTargetRef + namespace: String + + """ + toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env + """ + toolsUsed: [String!] + deployments: [ApplicationDeploymentRef!] + riskStatus: ApplicationRiskStatusRef + metadata: [KeyValueRef!] +} + +input ApplicationFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + has: [ApplicationHasFilter] + and: [ApplicationFilter] + or: [ApplicationFilter] + not: ApplicationFilter +} + +enum ApplicationHasFilter { + id + name + roles + environments + team + policies + policyEnforcements + metadata +} + +input ApplicationOrder { + asc: ApplicationOrderable + desc: ApplicationOrderable + then: ApplicationOrder +} + +enum ApplicationOrderable { + id + name +} + +input ApplicationPatch { + name: String + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] +} + +input ApplicationRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + environments: [ApplicationEnvironmentRef!] + team: TeamRef + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + metadata: [KeyValueRef!] +} + +""" +ApplicationRiskStatus tells us about the risk status and alerts for different stages for an application environment. +""" +type ApplicationRiskStatus { + id: ID! + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironment! +} + +type ApplicationRiskStatusAggregateResult { + count: Int + sourceCodeAlertsMin: Int + sourceCodeAlertsMax: Int + sourceCodeAlertsSum: Int + sourceCodeAlertsAvg: Float + buildAlertsMin: Int + buildAlertsMax: Int + buildAlertsSum: Int + buildAlertsAvg: Float + artifactAlertsMin: Int + artifactAlertsMax: Int + artifactAlertsSum: Int + artifactAlertsAvg: Float + deploymentAlertsMin: Int + deploymentAlertsMax: Int + deploymentAlertsSum: Int + deploymentAlertsAvg: Float + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input ApplicationRiskStatusFilter { + id: [ID!] + riskStatus: RiskStatus_exact_StringRegExpFilter + has: [ApplicationRiskStatusHasFilter] + and: [ApplicationRiskStatusFilter] + or: [ApplicationRiskStatusFilter] + not: ApplicationRiskStatusFilter +} + +enum ApplicationRiskStatusHasFilter { + riskStatus + sourceCodeAlerts + buildAlerts + artifactAlerts + deploymentAlerts + createdAt + updatedAt + applicationEnvironment +} + +input ApplicationRiskStatusOrder { + asc: ApplicationRiskStatusOrderable + desc: ApplicationRiskStatusOrderable + then: ApplicationRiskStatusOrder +} + +enum ApplicationRiskStatusOrderable { + sourceCodeAlerts + buildAlerts + artifactAlerts + deploymentAlerts + createdAt + updatedAt +} + +input ApplicationRiskStatusPatch { + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + createdAt: DateTime + updatedAt: DateTime + applicationEnvironment: ApplicationEnvironmentRef +} + +input ApplicationRiskStatusRef { + id: ID + riskStatus: RiskStatus + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + createdAt: DateTime + updatedAt: DateTime + applicationEnvironment: ApplicationEnvironmentRef +} + +type Artifact { + id: String! + artifactType: String! + artifactName: String! + artifactTag: String! + artifactSha: String! + scanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData!] + artifactDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment!] + buildDetails(filter: BuildToolFilter): BuildTool + scanDataAggregate(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult + artifactDeploymentAggregate(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult +} + +type ArtifactAggregateResult { + count: Int + idMin: String + idMax: String + artifactTypeMin: String + artifactTypeMax: String + artifactNameMin: String + artifactNameMax: String + artifactTagMin: String + artifactTagMax: String + artifactShaMin: String + artifactShaMax: String +} + +input ArtifactFilter { + id: StringHashFilter + artifactType: StringExactFilter + artifactName: StringExactFilter_StringRegExpFilter + artifactTag: StringExactFilter_StringRegExpFilter + artifactSha: StringExactFilter + has: [ArtifactHasFilter] + and: [ArtifactFilter] + or: [ArtifactFilter] + not: ArtifactFilter +} + +enum ArtifactHasFilter { + id + artifactType + artifactName + artifactTag + artifactSha + scanData + artifactDeployment + buildDetails +} + +input ArtifactOrder { + asc: ArtifactOrderable + desc: ArtifactOrderable + then: ArtifactOrder +} + +enum ArtifactOrderable { + id + artifactType + artifactName + artifactTag + artifactSha +} + +input ArtifactPatch { + artifactType: String + artifactName: String + artifactTag: String + artifactSha: String + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + buildDetails: BuildToolRef +} + +input ArtifactRef { + id: String + artifactType: String + artifactName: String + artifactTag: String + artifactSha: String + scanData: [ArtifactScanDataRef!] + artifactDeployment: [ApplicationDeploymentRef!] + buildDetails: BuildToolRef +} + +type ArtifactRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult(filter: ArtifactScanDataFilter): ArtifactScanData! +} + +type ArtifactRiskAggregateResult { + count: Int + sourceCodeAlertsScoreMin: Int + sourceCodeAlertsScoreMax: Int + sourceCodeAlertsScoreSum: Int + sourceCodeAlertsScoreAvg: Float + buildAlertsScoreMin: Int + buildAlertsScoreMax: Int + buildAlertsScoreSum: Int + buildAlertsScoreAvg: Float + artifactAlertsScoreMin: Int + artifactAlertsScoreMax: Int + artifactAlertsScoreSum: Int + artifactAlertsScoreAvg: Float + deploymentAlertsScoreMin: Int + deploymentAlertsScoreMax: Int + deploymentAlertsScoreSum: Int + deploymentAlertsScoreAvg: Float +} + +input ArtifactRiskFilter { + id: [ID!] + artifactRiskStatus: RiskStatus_exact_StringRegExpFilter + has: [ArtifactRiskHasFilter] + and: [ArtifactRiskFilter] + or: [ArtifactRiskFilter] + not: ArtifactRiskFilter +} + +enum ArtifactRiskHasFilter { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore + artifactRiskStatus + artifactScanResult +} + +input ArtifactRiskOrder { + asc: ArtifactRiskOrderable + desc: ArtifactRiskOrderable + then: ArtifactRiskOrder +} + +enum ArtifactRiskOrderable { + sourceCodeAlertsScore + buildAlertsScore + artifactAlertsScore + deploymentAlertsScore +} + +input ArtifactRiskPatch { + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef +} + +input ArtifactRiskRef { + id: ID + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus + artifactScanResult: ArtifactScanDataRef +} + +type ArtifactScanData { + id: String! + artifactSha: String! + tool: String! + artifactDetails(filter: ArtifactFilter): Artifact + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult!] + artifactRisk(filter: ArtifactRiskFilter): ArtifactRisk + artifactRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + artifactTags(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + componentsAggregate(filter: ComponentFilter): ComponentAggregateResult + scanFileAggregate(filter: ScanFileResultFilter): ScanFileResultAggregateResult + artifactRunHistoryAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult + artifactTagsAggregate(filter: KeyValueFilter): KeyValueAggregateResult +} + +type ArtifactScanDataAggregateResult { + count: Int + idMin: String + idMax: String + artifactShaMin: String + artifactShaMax: String + toolMin: String + toolMax: String + lastScannedAtMin: DateTime + lastScannedAtMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + vulnTrackingIdMin: String + vulnTrackingIdMax: String + vulnScanStateMin: String + vulnScanStateMax: String + vulnCriticalCountMin: Int + vulnCriticalCountMax: Int + vulnCriticalCountSum: Int + vulnCriticalCountAvg: Float + vulnHighCountMin: Int + vulnHighCountMax: Int + vulnHighCountSum: Int + vulnHighCountAvg: Float + vulnMediumCountMin: Int + vulnMediumCountMax: Int + vulnMediumCountSum: Int + vulnMediumCountAvg: Float + vulnLowCountMin: Int + vulnLowCountMax: Int + vulnLowCountSum: Int + vulnLowCountAvg: Float + vulnInfoCountMin: Int + vulnInfoCountMax: Int + vulnInfoCountSum: Int + vulnInfoCountAvg: Float + vulnUnknownCountMin: Int + vulnUnknownCountMax: Int + vulnUnknownCountSum: Int + vulnUnknownCountAvg: Float + vulnNoneCountMin: Int + vulnNoneCountMax: Int + vulnNoneCountSum: Int + vulnNoneCountAvg: Float + vulnTotalCountMin: Int + vulnTotalCountMax: Int + vulnTotalCountSum: Int + vulnTotalCountAvg: Float +} + +input ArtifactScanDataFilter { + id: StringHashFilter + artifactSha: StringExactFilter + tool: StringExactFilter + vulnScanState: StringExactFilter + vulnCriticalCount: IntFilter + vulnHighCount: IntFilter + vulnMediumCount: IntFilter + vulnLowCount: IntFilter + vulnInfoCount: IntFilter + vulnUnknownCount: IntFilter + vulnNoneCount: IntFilter + vulnTotalCount: IntFilter + has: [ArtifactScanDataHasFilter] + and: [ArtifactScanDataFilter] + or: [ArtifactScanDataFilter] + not: ArtifactScanDataFilter +} + +enum ArtifactScanDataHasFilter { + id + artifactSha + tool + artifactDetails + lastScannedAt + createdAt + vulnTrackingId + vulnScanState + components + vulnCriticalCount + vulnHighCount + vulnMediumCount + vulnLowCount + vulnInfoCount + vulnUnknownCount + vulnNoneCount + vulnTotalCount + scanFile + artifactRisk + artifactRunHistory + artifactTags +} + +input ArtifactScanDataOrder { + asc: ArtifactScanDataOrderable + desc: ArtifactScanDataOrderable + then: ArtifactScanDataOrder +} + +enum ArtifactScanDataOrderable { + id + artifactSha + tool + lastScannedAt + createdAt + vulnTrackingId + vulnScanState + vulnCriticalCount + vulnHighCount + vulnMediumCount + vulnLowCount + vulnInfoCount + vulnUnknownCount + vulnNoneCount + vulnTotalCount +} + +input ArtifactScanDataPatch { + artifactSha: String + tool: String + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] +} + +input ArtifactScanDataRef { + id: String + artifactSha: String + tool: String + artifactDetails: ArtifactRef + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String + components: [ComponentRef!] + vulnCriticalCount: Int + vulnHighCount: Int + vulnMediumCount: Int + vulnLowCount: Int + vulnInfoCount: Int + vulnUnknownCount: Int + vulnNoneCount: Int + vulnTotalCount: Int + scanFile: [ScanFileResultRef!] + artifactRisk: ArtifactRiskRef + artifactRunHistory: [RunHistoryRef!] + artifactTags: [KeyValueRef!] +} + +input AuthRule { + and: [AuthRule] + or: [AuthRule] + not: AuthRule + rule: String +} + +"""BuildTool contains data from build tool events.""" +type BuildTool { + """id is randomly assigned""" + id: String! + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String! + + """tool is jenkins etc""" + tool: String! + + """buildName is the name of the job/pipeline/action""" + buildName: String! + buildUrl: String! + artifactType: String + + """artifact would be something like nginx without the tag""" + artifact: String! + + """artifactTag would be the tag of the artifact""" + artifactTag: String! + + """digest is the sha of the artifact""" + digest: String! + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String + + """artifactNode links a BuildTool node to an artifact""" + artifactNode(filter: ArtifactFilter): Artifact + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + + """sourceCodeTool links a BuildTool node to the source details""" + sourceCodeTool(filter: SourceCodeToolFilter): SourceCodeTool + + """commitMetaData links a BuildTool node to the git commit based details""" + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData!] + createdAt: DateTime! + commitMetaDataAggregate(filter: CommitMetaDataFilter): CommitMetaDataAggregateResult +} + +type BuildToolAggregateResult { + count: Int + idMin: String + idMax: String + buildIdMin: String + buildIdMax: String + toolMin: String + toolMax: String + buildNameMin: String + buildNameMax: String + buildUrlMin: String + buildUrlMax: String + artifactTypeMin: String + artifactTypeMax: String + artifactMin: String + artifactMax: String + artifactTagMin: String + artifactTagMax: String + digestMin: String + digestMax: String + buildDigestMin: String + buildDigestMax: String + buildTimeMin: DateTime + buildTimeMax: DateTime + buildUserMin: String + buildUserMax: String + createdAtMin: DateTime + createdAtMax: DateTime +} + +input BuildToolFilter { + id: StringHashFilter + buildId: StringExactFilter_StringRegExpFilter + tool: StringExactFilter + buildName: StringExactFilter_StringRegExpFilter + buildUrl: StringExactFilter + artifactType: StringExactFilter + artifact: StringExactFilter + artifactTag: StringExactFilter + digest: StringExactFilter + buildDigest: StringExactFilter + has: [BuildToolHasFilter] + and: [BuildToolFilter] + or: [BuildToolFilter] + not: BuildToolFilter +} + +enum BuildToolHasFilter { + id + buildId + tool + buildName + buildUrl + artifactType + artifact + artifactTag + digest + buildDigest + artifactNode + buildTime + buildUser + sourceCodeTool + commitMetaData + createdAt +} + +input BuildToolOrder { + asc: BuildToolOrderable + desc: BuildToolOrderable + then: BuildToolOrder +} + +enum BuildToolOrderable { + id + buildId + tool + buildName + buildUrl + artifactType + artifact + artifactTag + digest + buildDigest + buildTime + buildUser + createdAt +} + +input BuildToolPatch { + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String + + """tool is jenkins etc""" + tool: String + + """buildName is the name of the job/pipeline/action""" + buildName: String + buildUrl: String + artifactType: String + + """artifact would be something like nginx without the tag""" + artifact: String + + """artifactTag would be the tag of the artifact""" + artifactTag: String + + """digest is the sha of the artifact""" + digest: String + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String + artifactNode: ArtifactRef + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + sourceCodeTool: SourceCodeToolRef + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime +} + +input BuildToolRef { + """id is randomly assigned""" + id: String + + """buildId is a unique job id, run id for a job/pipeline/action""" + buildId: String + + """tool is jenkins etc""" + tool: String + + """buildName is the name of the job/pipeline/action""" + buildName: String + buildUrl: String + artifactType: String + + """artifact would be something like nginx without the tag""" + artifact: String + + """artifactTag would be the tag of the artifact""" + artifactTag: String + + """digest is the sha of the artifact""" + digest: String + + """buildDigest is the sha of the artifact as sent from the build tool""" + buildDigest: String + artifactNode: ArtifactRef + + """buildTime is the time at which the artifact was built""" + buildTime: DateTime + + """buildUser is the user that built the artifact""" + buildUser: String + sourceCodeTool: SourceCodeToolRef + commitMetaData: [CommitMetaDataRef!] + createdAt: DateTime +} + +""" +CommitMetaData contains the git commit related details of the source repository . +""" +type CommitMetaData { + """id is randomly assigned""" + id: ID! + + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool(filter: BuildToolFilter): BuildTool! +} + +type CommitMetaDataAggregateResult { + count: Int + commitMin: String + commitMax: String + repositoryMin: String + repositoryMax: String + noOfReviewersConfMin: Int + noOfReviewersConfMax: Int + noOfReviewersConfSum: Int + noOfReviewersConfAvg: Float +} + +input CommitMetaDataFilter { + id: [ID!] + has: [CommitMetaDataHasFilter] + and: [CommitMetaDataFilter] + or: [CommitMetaDataFilter] + not: CommitMetaDataFilter +} + +enum CommitMetaDataHasFilter { + commit + repository + commitSign + noOfReviewersConf + reviewerList + approverList + buildTool +} + +input CommitMetaDataOrder { + asc: CommitMetaDataOrderable + desc: CommitMetaDataOrderable + then: CommitMetaDataOrder +} + +enum CommitMetaDataOrderable { + commit + repository + noOfReviewersConf +} + +input CommitMetaDataPatch { + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef +} + +input CommitMetaDataRef { + """id is randomly assigned""" + id: ID + + """commit is a git commit that was used to build an artifact""" + commit: String + repository: String + + """commitSign tells us whether the commit is signed""" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildToolRef +} + +type Component { + id: String! + type: String! + name: String! + version: String! + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + vulnerabilities(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability!] + artifacts(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData!] + vulnerabilitiesAggregate(filter: VulnerabilityFilter): VulnerabilityAggregateResult + artifactsAggregate(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult +} + +type ComponentAggregateResult { + count: Int + idMin: String + idMax: String + typeMin: String + typeMax: String + nameMin: String + nameMax: String + versionMin: String + versionMax: String + purlMin: String + purlMax: String + cpeMin: String + cpeMax: String + scannedAtMin: DateTime + scannedAtMax: DateTime +} + +input ComponentFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + version: StringExactFilter_StringRegExpFilter + purl: StringExactFilter + cpe: StringExactFilter + has: [ComponentHasFilter] + and: [ComponentFilter] + or: [ComponentFilter] + not: ComponentFilter +} + +enum ComponentHasFilter { + id + type + name + version + licenses + purl + cpe + scannedAt + vulnerabilities + artifacts +} + +input ComponentOrder { + asc: ComponentOrderable + desc: ComponentOrderable + then: ComponentOrder +} + +enum ComponentOrderable { + id + type + name + version + purl + cpe + scannedAt +} + +input ComponentPatch { + type: String + name: String + version: String + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +input ComponentRef { + id: String + type: String + name: String + version: String + licenses: [String!] + purl: String + cpe: String + scannedAt: DateTime + vulnerabilities: [VulnerabilityRef!] + artifacts: [ArtifactScanDataRef!] +} + +input ContainsFilter { + point: PointRef + polygon: PolygonRef +} + +input CustomHTTP { + url: String! + method: HTTPMethod! + body: String + graphql: String + mode: Mode + forwardHeaders: [String!] + secretHeaders: [String!] + introspectionHeaders: [String!] + skipIntrospection: Boolean +} + +type CWE { + id: String! + name: String! + description: String +} + +type CWEAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + descriptionMin: String + descriptionMax: String +} + +input CWEFilter { + id: StringHashFilter + has: [CWEHasFilter] + and: [CWEFilter] + or: [CWEFilter] + not: CWEFilter +} + +enum CWEHasFilter { + id + name + description +} + +input CWEOrder { + asc: CWEOrderable + desc: CWEOrderable + then: CWEOrder +} + +enum CWEOrderable { + id + name + description +} + +input CWEPatch { + name: String + description: String +} + +input CWERef { + id: String + name: String + description: String +} + +""" +The DateTime scalar type represents date and time as a string in RFC3339 format. +For example: "1985-04-12T23:20:50.52Z" represents 20 mins 50.52 secs after the 23rd hour of Apr 12th 1985 in UTC. +""" +scalar DateTime + +input DateTimeFilter { + eq: DateTime + in: [DateTime] + le: DateTime + lt: DateTime + ge: DateTime + gt: DateTime + between: DateTimeRange +} + +input DateTimeRange { + min: DateTime! + max: DateTime! +} + +type DeleteApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + msg: String + numUids: Int +} + +type DeleteApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + msg: String + numUids: Int +} + +type DeleteApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + msg: String + numUids: Int +} + +type DeleteApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + msg: String + numUids: Int +} + +type DeleteApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + msg: String + numUids: Int +} + +type DeleteArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + msg: String + numUids: Int +} + +type DeleteArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + msg: String + numUids: Int +} + +type DeleteArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + msg: String + numUids: Int +} + +type DeleteBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + msg: String + numUids: Int +} + +type DeleteCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + msg: String + numUids: Int +} + +type DeleteComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + msg: String + numUids: Int +} + +type DeleteCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + msg: String + numUids: Int +} + +type DeleteDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + msg: String + numUids: Int +} + +type DeleteEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + msg: String + numUids: Int +} + +type DeleteExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + msg: String + numUids: Int +} + +type DeleteExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + msg: String + numUids: Int +} + +type DeleteFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + msg: String + numUids: Int +} + +type DeleteIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + msg: String + numUids: Int +} + +type DeleteIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + msg: String + numUids: Int +} + +type DeleteIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + msg: String + numUids: Int +} + +type DeleteJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + msg: String + numUids: Int +} + +type DeleteKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + msg: String + numUids: Int +} + +type DeleteOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + msg: String + numUids: Int +} + +type DeletePolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + msg: String + numUids: Int +} + +type DeletePolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + msg: String + numUids: Int +} + +type DeleteRBACPayload { + rBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + msg: String + numUids: Int +} + +type DeleteRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + msg: String + numUids: Int +} + +type DeleteRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + msg: String + numUids: Int +} + +type DeleteScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + msg: String + numUids: Int +} + +type DeleteSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + msg: String + numUids: Int +} + +type DeleteSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + msg: String + numUids: Int +} + +type DeleteSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + msg: String + numUids: Int +} + +type DeleteTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + msg: String + numUids: Int +} + +type DeleteTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + msg: String + numUids: Int +} + +type DeleteToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + msg: String + numUids: Int +} + +type DeleteVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + msg: String + numUids: Int +} + +"""DeploymentStage is an enum denoting the stage of the deployment. .""" +enum DeploymentStage { + """deployment is discovered from the events""" + discovered + + """scanning is under process""" + scanning + + """ + deployment is known to have passed the deployment firewall and the deployment(ie the artifact) is live + """ + current + + """ + deployment becomes a past deployment because another fresh deployment has happened + """ + previous + + """deployment is blocked by the firewall""" + blocked +} + +input DeploymentStage_exact { + eq: DeploymentStage + in: [DeploymentStage] + le: DeploymentStage + lt: DeploymentStage + ge: DeploymentStage + gt: DeploymentStage + between: DeploymentStage +} + +""" +DeploymentTarget describes a single place that things can be deployed into, +such as an AWS account or a Kubernetes cluster. +""" +type DeploymentTarget { + """id is randomly assigned""" + id: String! + name: String! + + """this would be the ip/server address of the target environment""" + ip: String! + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization(filter: OrganizationFilter): Organization! + defaultEnvironment(filter: EnvironmentFilter): Environment! +} + +type DeploymentTargetAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + ipMin: String + ipMax: String + accountMin: String + accountMax: String + targetTypeMin: String + targetTypeMax: String + regionMin: String + regionMax: String + kubescapeServiceConnectedMin: String + kubescapeServiceConnectedMax: String +} + +input DeploymentTargetFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + ip: StringExactFilter + has: [DeploymentTargetHasFilter] + and: [DeploymentTargetFilter] + or: [DeploymentTargetFilter] + not: DeploymentTargetFilter +} + +enum DeploymentTargetHasFilter { + id + name + ip + account + targetType + region + kubescapeServiceConnected + isFirewall + organization + defaultEnvironment +} + +input DeploymentTargetOrder { + asc: DeploymentTargetOrderable + desc: DeploymentTargetOrderable + then: DeploymentTargetOrder +} + +enum DeploymentTargetOrderable { + id + name + ip + account + targetType + region + kubescapeServiceConnected +} + +input DeploymentTargetPatch { + name: String + + """this would be the ip/server address of the target environment""" + ip: String + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef + defaultEnvironment: EnvironmentRef +} + +input DeploymentTargetRef { + """id is randomly assigned""" + id: String + name: String + + """this would be the ip/server address of the target environment""" + ip: String + account: String + + """this would be something like aws, gcp etc""" + targetType: String + + """this would be something like us-east-1 etc""" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: OrganizationRef + defaultEnvironment: EnvironmentRef +} + +enum DgraphIndex { + int + int64 + float + bool + hash + exact + term + fulltext + trigram + regexp + year + month + day + hour + geo +} + +"""Environment can be things like dev, prod, staging etc.""" +type Environment { + id: String! + organization(filter: OrganizationFilter): Organization! + purpose: String! +} + +type EnvironmentAggregateResult { + count: Int + idMin: String + idMax: String + purposeMin: String + purposeMax: String +} + +input EnvironmentFilter { + id: StringHashFilter + purpose: StringExactFilter_StringRegExpFilter + has: [EnvironmentHasFilter] + and: [EnvironmentFilter] + or: [EnvironmentFilter] + not: EnvironmentFilter +} + +enum EnvironmentHasFilter { + id + organization + purpose +} + +input EnvironmentOrder { + asc: EnvironmentOrderable + desc: EnvironmentOrderable + then: EnvironmentOrder +} + +enum EnvironmentOrderable { + id + purpose +} + +input EnvironmentPatch { + organization: OrganizationRef + purpose: String +} + +input EnvironmentRef { + id: String + organization: OrganizationRef + purpose: String +} + +type Exception implements RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + id: ID! + type: String! + name: String! + affects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects!] + createdAt: DateTime! + updatedAt: DateTime! + rolesAggregate(filter: RoleFilter): RoleAggregateResult + affectsAggregate(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult +} + +type ExceptionAffects implements RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + id: ID! + createdBy: String! + affectsTeam(filter: TeamFilter): Team! + affectsApplication(filter: ApplicationFilter): Application + affectsServices: [String!] + validUpTo: DateTime! + createdAt: DateTime! + updatedAt: DateTime! + reason: String! + status: String! + exception(filter: ExceptionFilter): Exception! + runHistories(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + runHistoriesAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult +} + +type ExceptionAffectsAggregateResult { + count: Int + createdByMin: String + createdByMax: String + validUpToMin: DateTime + validUpToMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime + reasonMin: String + reasonMax: String + statusMin: String + statusMax: String +} + +input ExceptionAffectsFilter { + id: [ID!] + createdBy: StringExactFilter_StringRegExpFilter + affectsServices: StringExactFilter_StringRegExpFilter + validUpTo: DateTimeFilter + createdAt: DateTimeFilter + updatedAt: DateTimeFilter + reason: StringExactFilter_StringRegExpFilter + status: StringExactFilter_StringRegExpFilter + has: [ExceptionAffectsHasFilter] + and: [ExceptionAffectsFilter] + or: [ExceptionAffectsFilter] + not: ExceptionAffectsFilter +} + +enum ExceptionAffectsHasFilter { + roles + createdBy + affectsTeam + affectsApplication + affectsServices + validUpTo + createdAt + updatedAt + reason + status + exception + runHistories +} + +input ExceptionAffectsOrder { + asc: ExceptionAffectsOrderable + desc: ExceptionAffectsOrderable + then: ExceptionAffectsOrder +} + +enum ExceptionAffectsOrderable { + createdBy + validUpTo + createdAt + updatedAt + reason + status +} + +input ExceptionAffectsPatch { + roles: [RoleRef!] + createdBy: String + affectsTeam: TeamRef + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime + createdAt: DateTime + updatedAt: DateTime + reason: String + status: String + exception: ExceptionRef + runHistories: [RunHistoryRef!] +} + +input ExceptionAffectsRef { + id: ID + roles: [RoleRef!] + createdBy: String + affectsTeam: TeamRef + affectsApplication: ApplicationRef + affectsServices: [String!] + validUpTo: DateTime + createdAt: DateTime + updatedAt: DateTime + reason: String + status: String + exception: ExceptionRef + runHistories: [RunHistoryRef!] +} + +type ExceptionAggregateResult { + count: Int + typeMin: String + typeMax: String + nameMin: String + nameMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input ExceptionFilter { + id: [ID!] + type: StringExactFilter_StringRegExpFilter + name: StringExactFilter_StringRegExpFilter + createdAt: DateTimeFilter + updatedAt: DateTimeFilter + has: [ExceptionHasFilter] + and: [ExceptionFilter] + or: [ExceptionFilter] + not: ExceptionFilter +} + +enum ExceptionHasFilter { + roles + type + name + affects + createdAt + updatedAt +} + +input ExceptionOrder { + asc: ExceptionOrderable + desc: ExceptionOrderable + then: ExceptionOrder +} + +enum ExceptionOrderable { + type + name + createdAt + updatedAt +} + +input ExceptionPatch { + roles: [RoleRef!] + type: String + name: String + affects: [ExceptionAffectsRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input ExceptionRef { + id: ID + roles: [RoleRef!] + type: String + name: String + affects: [ExceptionAffectsRef!] + createdAt: DateTime + updatedAt: DateTime +} + +type FeatureMode { + id: String! + organization(filter: OrganizationFilter): Organization! + key: String! + value: String! + category: String! + createdAt: DateTime! + updatedAt: DateTime! + integrator(filter: IntegratorFilter): Integrator! +} + +type FeatureModeAggregateResult { + count: Int + idMin: String + idMax: String + keyMin: String + keyMax: String + valueMin: String + valueMax: String + categoryMin: String + categoryMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input FeatureModeFilter { + id: StringHashFilter + key: StringExactFilter + value: StringExactFilter + category: StringExactFilter + has: [FeatureModeHasFilter] + and: [FeatureModeFilter] + or: [FeatureModeFilter] + not: FeatureModeFilter +} + +enum FeatureModeHasFilter { + id + organization + key + value + category + createdAt + updatedAt + integrator +} + +input FeatureModeOrder { + asc: FeatureModeOrderable + desc: FeatureModeOrderable + then: FeatureModeOrder +} + +enum FeatureModeOrderable { + id + key + value + category + createdAt + updatedAt +} + +input FeatureModePatch { + organization: OrganizationRef + key: String + value: String + category: String + createdAt: DateTime + updatedAt: DateTime + integrator: IntegratorRef +} + +input FeatureModeRef { + id: String + organization: OrganizationRef + key: String + value: String + category: String + createdAt: DateTime + updatedAt: DateTime + integrator: IntegratorRef +} + +input FloatFilter { + eq: Float + in: [Float] + le: Float + lt: Float + ge: Float + gt: Float + between: FloatRange +} + +input FloatRange { + min: Float! + max: Float! +} + +input GenerateMutationParams { + add: Boolean + update: Boolean + delete: Boolean +} + +input GenerateQueryParams { + get: Boolean + query: Boolean + password: Boolean + aggregate: Boolean +} + +enum HTTPMethod { + GET + POST + PUT + PATCH + DELETE +} + +""" +The Int64 scalar type represents a signed 64‐bit numeric non‐fractional value. +Int64 can represent values in range [-(2^63),(2^63 - 1)]. +""" +scalar Int64 + +input Int64Filter { + eq: Int64 + in: [Int64] + le: Int64 + lt: Int64 + ge: Int64 + gt: Int64 + between: Int64Range +} + +input Int64Range { + min: Int64! + max: Int64! +} + +type Integrator { + id: String! + organization(filter: OrganizationFilter): Organization! + type: String! + category: String! + status: String! + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs!] + featureConfigs(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode!] + createdAt: DateTime! + updatedAt: DateTime! + integratorConfigsAggregate(filter: IntegratorConfigsFilter): IntegratorConfigsAggregateResult + featureConfigsAggregate(filter: FeatureModeFilter): FeatureModeAggregateResult +} + +type IntegratorAggregateResult { + count: Int + idMin: String + idMax: String + typeMin: String + typeMax: String + categoryMin: String + categoryMax: String + statusMin: String + statusMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +type IntegratorConfigs { + id: ID! + name: String! + configs(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues!] + integrator(filter: IntegratorFilter): Integrator! + configsAggregate(filter: IntegratorKeyValuesFilter): IntegratorKeyValuesAggregateResult +} + +type IntegratorConfigsAggregateResult { + count: Int + nameMin: String + nameMax: String +} + +input IntegratorConfigsFilter { + id: [ID!] + name: StringExactFilter + has: [IntegratorConfigsHasFilter] + and: [IntegratorConfigsFilter] + or: [IntegratorConfigsFilter] + not: IntegratorConfigsFilter +} + +enum IntegratorConfigsHasFilter { + name + configs + integrator +} + +input IntegratorConfigsOrder { + asc: IntegratorConfigsOrderable + desc: IntegratorConfigsOrderable + then: IntegratorConfigsOrder +} + +enum IntegratorConfigsOrderable { + name +} + +input IntegratorConfigsPatch { + name: String + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef +} + +input IntegratorConfigsRef { + id: ID + name: String + configs: [IntegratorKeyValuesRef!] + integrator: IntegratorRef +} + +input IntegratorFilter { + id: StringHashFilter + type: StringExactFilter + category: StringExactFilter + status: StringExactFilter + has: [IntegratorHasFilter] + and: [IntegratorFilter] + or: [IntegratorFilter] + not: IntegratorFilter +} + +enum IntegratorHasFilter { + id + organization + type + category + status + integratorConfigs + featureConfigs + createdAt + updatedAt +} + +type IntegratorKeyValues { + key: String! + value: String! + encrypt: Boolean! +} + +type IntegratorKeyValuesAggregateResult { + count: Int + keyMin: String + keyMax: String + valueMin: String + valueMax: String +} + +input IntegratorKeyValuesFilter { + key: StringExactFilter + value: StringExactFilter + has: [IntegratorKeyValuesHasFilter] + and: [IntegratorKeyValuesFilter] + or: [IntegratorKeyValuesFilter] + not: IntegratorKeyValuesFilter +} + +enum IntegratorKeyValuesHasFilter { + key + value + encrypt +} + +input IntegratorKeyValuesOrder { + asc: IntegratorKeyValuesOrderable + desc: IntegratorKeyValuesOrderable + then: IntegratorKeyValuesOrder +} + +enum IntegratorKeyValuesOrderable { + key + value +} + +input IntegratorKeyValuesPatch { + key: String + value: String + encrypt: Boolean +} + +input IntegratorKeyValuesRef { + key: String + value: String + encrypt: Boolean +} + +input IntegratorOrder { + asc: IntegratorOrderable + desc: IntegratorOrderable + then: IntegratorOrder +} + +enum IntegratorOrderable { + id + type + category + status + createdAt + updatedAt +} + +input IntegratorPatch { + organization: OrganizationRef + type: String + category: String + status: String + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input IntegratorRef { + id: String + organization: OrganizationRef + type: String + category: String + status: String + integratorConfigs: [IntegratorConfigsRef!] + featureConfigs: [FeatureModeRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input IntersectsFilter { + polygon: PolygonRef + multiPolygon: MultiPolygonRef +} + +input IntFilter { + eq: Int + in: [Int] + le: Int + lt: Int + ge: Int + gt: Int + between: IntRange +} + +input IntRange { + min: Int! + max: Int! +} + +type Jira { + id: ID! + jiraId: String! + url: String! + status: String! + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent(filter: RunHistoryFilter): RunHistory + affectsSecurityissue(filter: SecurityIssueFilter): SecurityIssue +} + +type JiraAggregateResult { + count: Int + jiraIdMin: String + jiraIdMax: String + urlMin: String + urlMax: String + statusMin: String + statusMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input JiraFilter { + id: [ID!] + jiraId: StringExactFilter_StringRegExpFilter + status: StringExactFilter_StringRegExpFilter + has: [JiraHasFilter] + and: [JiraFilter] + or: [JiraFilter] + not: JiraFilter +} + +enum JiraHasFilter { + jiraId + url + status + createdAt + updatedAt + affectsIndividualComponent + affectsSecurityissue +} + +input JiraOrder { + asc: JiraOrderable + desc: JiraOrderable + then: JiraOrder +} + +enum JiraOrderable { + jiraId + url + status + createdAt + updatedAt +} + +input JiraPatch { + jiraId: String + url: String + status: String + createdAt: DateTime + updatedAt: DateTime + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +input JiraRef { + id: ID + jiraId: String + url: String + status: String + createdAt: DateTime + updatedAt: DateTime + affectsIndividualComponent: RunHistoryRef + affectsSecurityissue: SecurityIssueRef +} + +""" +KeyValue is a generic key/value pair, used as an attribute list or similar. +""" +type KeyValue { + id: String! + name: String! + value: String! + createdAt: DateTime! +} + +type KeyValueAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String + valueMin: String + valueMax: String + createdAtMin: DateTime + createdAtMax: DateTime +} + +input KeyValueFilter { + id: StringHashFilter + name: StringExactFilter_StringRegExpFilter + value: StringExactFilter_StringRegExpFilter + createdAt: DateTimeFilter + has: [KeyValueHasFilter] + and: [KeyValueFilter] + or: [KeyValueFilter] + not: KeyValueFilter +} + +enum KeyValueHasFilter { + id + name + value + createdAt +} + +input KeyValueOrder { + asc: KeyValueOrderable + desc: KeyValueOrderable + then: KeyValueOrder +} + +enum KeyValueOrderable { + id + name + value + createdAt +} + +input KeyValuePatch { + name: String + value: String + createdAt: DateTime +} + +input KeyValueRef { + id: String + name: String + value: String + createdAt: DateTime +} + +enum Mode { + BATCH + SINGLE +} + +type MultiPolygon { + polygons: [Polygon!]! +} + +input MultiPolygonRef { + polygons: [PolygonRef!]! +} + +type Mutation { + addSchemaVersion(input: [AddSchemaVersionInput!]!): AddSchemaVersionPayload + updateSchemaVersion(input: UpdateSchemaVersionInput!): UpdateSchemaVersionPayload + deleteSchemaVersion(filter: SchemaVersionFilter!): DeleteSchemaVersionPayload + updateRBAC(input: UpdateRBACInput!): UpdateRBACPayload + deleteRBAC(filter: RBACFilter!): DeleteRBACPayload + addRole(input: [AddRoleInput!]!, upsert: Boolean): AddRolePayload + updateRole(input: UpdateRoleInput!): UpdateRolePayload + deleteRole(filter: RoleFilter!): DeleteRolePayload + addKeyValue(input: [AddKeyValueInput!]!, upsert: Boolean): AddKeyValuePayload + updateKeyValue(input: UpdateKeyValueInput!): UpdateKeyValuePayload + deleteKeyValue(filter: KeyValueFilter!): DeleteKeyValuePayload + addOrganization(input: [AddOrganizationInput!]!, upsert: Boolean): AddOrganizationPayload + updateOrganization(input: UpdateOrganizationInput!): UpdateOrganizationPayload + deleteOrganization(filter: OrganizationFilter!): DeleteOrganizationPayload + addEnvironment(input: [AddEnvironmentInput!]!, upsert: Boolean): AddEnvironmentPayload + updateEnvironment(input: UpdateEnvironmentInput!): UpdateEnvironmentPayload + deleteEnvironment(filter: EnvironmentFilter!): DeleteEnvironmentPayload + addDeploymentTarget(input: [AddDeploymentTargetInput!]!, upsert: Boolean): AddDeploymentTargetPayload + updateDeploymentTarget(input: UpdateDeploymentTargetInput!): UpdateDeploymentTargetPayload + deleteDeploymentTarget(filter: DeploymentTargetFilter!): DeleteDeploymentTargetPayload + addTeam(input: [AddTeamInput!]!, upsert: Boolean): AddTeamPayload + updateTeam(input: UpdateTeamInput!): UpdateTeamPayload + deleteTeam(filter: TeamFilter!): DeleteTeamPayload + addApplication(input: [AddApplicationInput!]!, upsert: Boolean): AddApplicationPayload + updateApplication(input: UpdateApplicationInput!): UpdateApplicationPayload + deleteApplication(filter: ApplicationFilter!): DeleteApplicationPayload + addApplicationEnvironment(input: [AddApplicationEnvironmentInput!]!, upsert: Boolean): AddApplicationEnvironmentPayload + updateApplicationEnvironment(input: UpdateApplicationEnvironmentInput!): UpdateApplicationEnvironmentPayload + deleteApplicationEnvironment(filter: ApplicationEnvironmentFilter!): DeleteApplicationEnvironmentPayload + addApplicationRiskStatus(input: [AddApplicationRiskStatusInput!]!): AddApplicationRiskStatusPayload + updateApplicationRiskStatus(input: UpdateApplicationRiskStatusInput!): UpdateApplicationRiskStatusPayload + deleteApplicationRiskStatus(filter: ApplicationRiskStatusFilter!): DeleteApplicationRiskStatusPayload + addApplicationDeployment(input: [AddApplicationDeploymentInput!]!, upsert: Boolean): AddApplicationDeploymentPayload + updateApplicationDeployment(input: UpdateApplicationDeploymentInput!): UpdateApplicationDeploymentPayload + deleteApplicationDeployment(filter: ApplicationDeploymentFilter!): DeleteApplicationDeploymentPayload + addToolsUsed(input: [AddToolsUsedInput!]!): AddToolsUsedPayload + updateToolsUsed(input: UpdateToolsUsedInput!): UpdateToolsUsedPayload + deleteToolsUsed(filter: ToolsUsedFilter!): DeleteToolsUsedPayload + addApplicationDeploymentRisk(input: [AddApplicationDeploymentRiskInput!]!): AddApplicationDeploymentRiskPayload + updateApplicationDeploymentRisk(input: UpdateApplicationDeploymentRiskInput!): UpdateApplicationDeploymentRiskPayload + deleteApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter!): DeleteApplicationDeploymentRiskPayload + addIntegrator(input: [AddIntegratorInput!]!, upsert: Boolean): AddIntegratorPayload + updateIntegrator(input: UpdateIntegratorInput!): UpdateIntegratorPayload + deleteIntegrator(filter: IntegratorFilter!): DeleteIntegratorPayload + addIntegratorConfigs(input: [AddIntegratorConfigsInput!]!): AddIntegratorConfigsPayload + updateIntegratorConfigs(input: UpdateIntegratorConfigsInput!): UpdateIntegratorConfigsPayload + deleteIntegratorConfigs(filter: IntegratorConfigsFilter!): DeleteIntegratorConfigsPayload + addIntegratorKeyValues(input: [AddIntegratorKeyValuesInput!]!): AddIntegratorKeyValuesPayload + updateIntegratorKeyValues(input: UpdateIntegratorKeyValuesInput!): UpdateIntegratorKeyValuesPayload + deleteIntegratorKeyValues(filter: IntegratorKeyValuesFilter!): DeleteIntegratorKeyValuesPayload + addFeatureMode(input: [AddFeatureModeInput!]!, upsert: Boolean): AddFeatureModePayload + updateFeatureMode(input: UpdateFeatureModeInput!): UpdateFeatureModePayload + deleteFeatureMode(filter: FeatureModeFilter!): DeleteFeatureModePayload + addTag(input: [AddTagInput!]!, upsert: Boolean): AddTagPayload + updateTag(input: UpdateTagInput!): UpdateTagPayload + deleteTag(filter: TagFilter!): DeleteTagPayload + addPolicyDefinition(input: [AddPolicyDefinitionInput!]!, upsert: Boolean): AddPolicyDefinitionPayload + updatePolicyDefinition(input: UpdatePolicyDefinitionInput!): UpdatePolicyDefinitionPayload + deletePolicyDefinition(filter: PolicyDefinitionFilter!): DeletePolicyDefinitionPayload + addPolicyEnforcement(input: [AddPolicyEnforcementInput!]!): AddPolicyEnforcementPayload + updatePolicyEnforcement(input: UpdatePolicyEnforcementInput!): UpdatePolicyEnforcementPayload + deletePolicyEnforcement(filter: PolicyEnforcementFilter!): DeletePolicyEnforcementPayload + addJira(input: [AddJiraInput!]!): AddJiraPayload + updateJira(input: UpdateJiraInput!): UpdateJiraPayload + deleteJira(filter: JiraFilter!): DeleteJiraPayload + addRunHistory(input: [AddRunHistoryInput!]!): AddRunHistoryPayload + updateRunHistory(input: UpdateRunHistoryInput!): UpdateRunHistoryPayload + deleteRunHistory(filter: RunHistoryFilter!): DeleteRunHistoryPayload + addSecurityIssue(input: [AddSecurityIssueInput!]!): AddSecurityIssuePayload + updateSecurityIssue(input: UpdateSecurityIssueInput!): UpdateSecurityIssuePayload + deleteSecurityIssue(filter: SecurityIssueFilter!): DeleteSecurityIssuePayload + addBuildTool(input: [AddBuildToolInput!]!, upsert: Boolean): AddBuildToolPayload + updateBuildTool(input: UpdateBuildToolInput!): UpdateBuildToolPayload + deleteBuildTool(filter: BuildToolFilter!): DeleteBuildToolPayload + addSourceCodeTool(input: [AddSourceCodeToolInput!]!, upsert: Boolean): AddSourceCodeToolPayload + updateSourceCodeTool(input: UpdateSourceCodeToolInput!): UpdateSourceCodeToolPayload + deleteSourceCodeTool(filter: SourceCodeToolFilter!): DeleteSourceCodeToolPayload + addCommitMetaData(input: [AddCommitMetaDataInput!]!): AddCommitMetaDataPayload + updateCommitMetaData(input: UpdateCommitMetaDataInput!): UpdateCommitMetaDataPayload + deleteCommitMetaData(filter: CommitMetaDataFilter!): DeleteCommitMetaDataPayload + addArtifact(input: [AddArtifactInput!]!, upsert: Boolean): AddArtifactPayload + updateArtifact(input: UpdateArtifactInput!): UpdateArtifactPayload + deleteArtifact(filter: ArtifactFilter!): DeleteArtifactPayload + addArtifactScanData(input: [AddArtifactScanDataInput!]!, upsert: Boolean): AddArtifactScanDataPayload + updateArtifactScanData(input: UpdateArtifactScanDataInput!): UpdateArtifactScanDataPayload + deleteArtifactScanData(filter: ArtifactScanDataFilter!): DeleteArtifactScanDataPayload + addArtifactRisk(input: [AddArtifactRiskInput!]!): AddArtifactRiskPayload + updateArtifactRisk(input: UpdateArtifactRiskInput!): UpdateArtifactRiskPayload + deleteArtifactRisk(filter: ArtifactRiskFilter!): DeleteArtifactRiskPayload + addScanFileResult(input: [AddScanFileResultInput!]!): AddScanFileResultPayload + updateScanFileResult(input: UpdateScanFileResultInput!): UpdateScanFileResultPayload + deleteScanFileResult(filter: ScanFileResultFilter!): DeleteScanFileResultPayload + addComponent(input: [AddComponentInput!]!, upsert: Boolean): AddComponentPayload + updateComponent(input: UpdateComponentInput!): UpdateComponentPayload + deleteComponent(filter: ComponentFilter!): DeleteComponentPayload + addVulnerability(input: [AddVulnerabilityInput!]!, upsert: Boolean): AddVulnerabilityPayload + updateVulnerability(input: UpdateVulnerabilityInput!): UpdateVulnerabilityPayload + deleteVulnerability(filter: VulnerabilityFilter!): DeleteVulnerabilityPayload + addCWE(input: [AddCWEInput!]!, upsert: Boolean): AddCWEPayload + updateCWE(input: UpdateCWEInput!): UpdateCWEPayload + deleteCWE(filter: CWEFilter!): DeleteCWEPayload + addException(input: [AddExceptionInput!]!): AddExceptionPayload + updateException(input: UpdateExceptionInput!): UpdateExceptionPayload + deleteException(filter: ExceptionFilter!): DeleteExceptionPayload + addExceptionAffects(input: [AddExceptionAffectsInput!]!): AddExceptionAffectsPayload + updateExceptionAffects(input: UpdateExceptionAffectsInput!): UpdateExceptionAffectsPayload + deleteExceptionAffects(filter: ExceptionAffectsFilter!): DeleteExceptionAffectsPayload +} + +input NearFilter { + distance: Float! + coordinate: PointRef! +} + +type Organization implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + teams(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team!] + environments(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget!] + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + integrators(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator!] + featureModes(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + teamsAggregate(filter: TeamFilter): TeamAggregateResult + environmentsAggregate(filter: DeploymentTargetFilter): DeploymentTargetAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + integratorsAggregate(filter: IntegratorFilter): IntegratorAggregateResult + featureModesAggregate(filter: FeatureModeFilter): FeatureModeAggregateResult +} + +type OrganizationAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +input OrganizationFilter { + id: StringHashFilter + name: StringExactFilter + has: [OrganizationHasFilter] + and: [OrganizationFilter] + or: [OrganizationFilter] + not: OrganizationFilter +} + +enum OrganizationHasFilter { + id + name + roles + teams + environments + policies + policyEnforcements + integrators + featureModes +} + +input OrganizationOrder { + asc: OrganizationOrderable + desc: OrganizationOrderable + then: OrganizationOrder +} + +enum OrganizationOrderable { + id + name +} + +input OrganizationPatch { + name: String + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +input OrganizationRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + teams: [TeamRef!] + environments: [DeploymentTargetRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + integrators: [IntegratorRef!] + featureModes: [FeatureModeRef!] +} + +type Point { + longitude: Float! + latitude: Float! +} + +input PointGeoFilter { + near: NearFilter + within: WithinFilter +} + +type PointList { + points: [Point!]! +} + +input PointListRef { + points: [PointRef!]! +} + +input PointRef { + longitude: Float! + latitude: Float! +} + +type PolicyDefinition { + id: String! + ownerOrg(filter: OrganizationFilter): Organization! + ownerTeam(filter: TeamFilter): Team + ownerApplication(filter: ApplicationFilter): Application + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! + category: String! + stage: String! + description: String! + scheduledPolicy: Boolean! + script: String! + variables: String + conditionName: String + suggestion: String +} + +type PolicyDefinitionAggregateResult { + count: Int + idMin: String + idMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime + policyNameMin: String + policyNameMax: String + categoryMin: String + categoryMax: String + stageMin: String + stageMax: String + descriptionMin: String + descriptionMax: String + scriptMin: String + scriptMax: String + variablesMin: String + variablesMax: String + conditionNameMin: String + conditionNameMax: String + suggestionMin: String + suggestionMax: String +} + +input PolicyDefinitionFilter { + id: StringHashFilter + policyName: StringExactFilter + category: StringExactFilter + stage: StringExactFilter + description: StringExactFilter + scheduledPolicy: Boolean + script: StringExactFilter + variables: StringExactFilter + conditionName: StringExactFilter + suggestion: StringExactFilter + has: [PolicyDefinitionHasFilter] + and: [PolicyDefinitionFilter] + or: [PolicyDefinitionFilter] + not: PolicyDefinitionFilter +} + +enum PolicyDefinitionHasFilter { + id + ownerOrg + ownerTeam + ownerApplication + createdAt + updatedAt + policyName + category + stage + description + scheduledPolicy + script + variables + conditionName + suggestion +} + +input PolicyDefinitionOrder { + asc: PolicyDefinitionOrderable + desc: PolicyDefinitionOrderable + then: PolicyDefinitionOrder +} + +enum PolicyDefinitionOrderable { + id + createdAt + updatedAt + policyName + category + stage + description + script + variables + conditionName + suggestion +} + +input PolicyDefinitionPatch { + ownerOrg: OrganizationRef + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime + updatedAt: DateTime + policyName: String + category: String + stage: String + description: String + scheduledPolicy: Boolean + script: String + variables: String + conditionName: String + suggestion: String +} + +input PolicyDefinitionRef { + id: String + ownerOrg: OrganizationRef + ownerTeam: TeamRef + ownerApplication: ApplicationRef + createdAt: DateTime + updatedAt: DateTime + policyName: String + category: String + stage: String + description: String + scheduledPolicy: Boolean + script: String + variables: String + conditionName: String + suggestion: String +} + +type PolicyEnforcement { + id: ID! + policy(filter: PolicyDefinitionFilter): PolicyDefinition! + enforcedOrg(filter: OrganizationFilter): Organization + enforcedTeam(filter: TeamFilter): Team + enforcedApplication(filter: ApplicationFilter): Application + status: Boolean! + forceApply: Boolean + severity: Severity! + datasourceTool: String! + action: String! + conditionValue: String + environments(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment!] + tags(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag!] + createdAt: DateTime! + updatedAt: DateTime! + environmentsAggregate(filter: EnvironmentFilter): EnvironmentAggregateResult + tagsAggregate(filter: TagFilter): TagAggregateResult +} + +type PolicyEnforcementAggregateResult { + count: Int + datasourceToolMin: String + datasourceToolMax: String + actionMin: String + actionMax: String + conditionValueMin: String + conditionValueMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input PolicyEnforcementFilter { + id: [ID!] + status: Boolean + forceApply: Boolean + datasourceTool: StringExactFilter + action: StringExactFilter + conditionValue: StringExactFilter + has: [PolicyEnforcementHasFilter] + and: [PolicyEnforcementFilter] + or: [PolicyEnforcementFilter] + not: PolicyEnforcementFilter +} + +enum PolicyEnforcementHasFilter { + policy + enforcedOrg + enforcedTeam + enforcedApplication + status + forceApply + severity + datasourceTool + action + conditionValue + environments + tags + createdAt + updatedAt +} + +input PolicyEnforcementOrder { + asc: PolicyEnforcementOrderable + desc: PolicyEnforcementOrderable + then: PolicyEnforcementOrder +} + +enum PolicyEnforcementOrderable { + datasourceTool + action + conditionValue + createdAt + updatedAt +} + +input PolicyEnforcementPatch { + policy: PolicyDefinitionRef + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean + forceApply: Boolean + severity: Severity + datasourceTool: String + action: String + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime + updatedAt: DateTime +} + +input PolicyEnforcementRef { + id: ID + policy: PolicyDefinitionRef + enforcedOrg: OrganizationRef + enforcedTeam: TeamRef + enforcedApplication: ApplicationRef + status: Boolean + forceApply: Boolean + severity: Severity + datasourceTool: String + action: String + conditionValue: String + environments: [EnvironmentRef!] + tags: [TagRef!] + createdAt: DateTime + updatedAt: DateTime +} + +type Polygon { + coordinates: [PointList!]! +} + +input PolygonGeoFilter { + near: NearFilter + within: WithinFilter + contains: ContainsFilter + intersects: IntersectsFilter +} + +input PolygonRef { + coordinates: [PointListRef!]! +} + +type Query { + querySchemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + aggregateSchemaVersion(filter: SchemaVersionFilter): SchemaVersionAggregateResult + queryRBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + aggregateRBAC(filter: RBACFilter): RBACAggregateResult + getRole(id: String!): Role + queryRole(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + aggregateRole(filter: RoleFilter): RoleAggregateResult + getKeyValue(id: String!): KeyValue + queryKeyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + aggregateKeyValue(filter: KeyValueFilter): KeyValueAggregateResult + getOrganization(id: String!): Organization + queryOrganization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + aggregateOrganization(filter: OrganizationFilter): OrganizationAggregateResult + getEnvironment(id: String!): Environment + queryEnvironment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + aggregateEnvironment(filter: EnvironmentFilter): EnvironmentAggregateResult + getDeploymentTarget(id: String!): DeploymentTarget + queryDeploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + aggregateDeploymentTarget(filter: DeploymentTargetFilter): DeploymentTargetAggregateResult + getTeam(id: String!): Team + queryTeam(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + aggregateTeam(filter: TeamFilter): TeamAggregateResult + getApplication(id: String!): Application + queryApplication(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + aggregateApplication(filter: ApplicationFilter): ApplicationAggregateResult + getApplicationEnvironment(id: String!): ApplicationEnvironment + queryApplicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + aggregateApplicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult + getApplicationRiskStatus(id: ID!): ApplicationRiskStatus + queryApplicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + aggregateApplicationRiskStatus(filter: ApplicationRiskStatusFilter): ApplicationRiskStatusAggregateResult + getApplicationDeployment(id: String!): ApplicationDeployment + queryApplicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + aggregateApplicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeploymentAggregateResult + getToolsUsed(id: ID!): ToolsUsed + queryToolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + aggregateToolsUsed(filter: ToolsUsedFilter): ToolsUsedAggregateResult + getApplicationDeploymentRisk(id: ID!): ApplicationDeploymentRisk + queryApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + aggregateApplicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter): ApplicationDeploymentRiskAggregateResult + getIntegrator(id: String!): Integrator + queryIntegrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + aggregateIntegrator(filter: IntegratorFilter): IntegratorAggregateResult + getIntegratorConfigs(id: ID!): IntegratorConfigs + queryIntegratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + aggregateIntegratorConfigs(filter: IntegratorConfigsFilter): IntegratorConfigsAggregateResult + queryIntegratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + aggregateIntegratorKeyValues(filter: IntegratorKeyValuesFilter): IntegratorKeyValuesAggregateResult + getFeatureMode(id: String!): FeatureMode + queryFeatureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + aggregateFeatureMode(filter: FeatureModeFilter): FeatureModeAggregateResult + getTag(id: String!): Tag + queryTag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + aggregateTag(filter: TagFilter): TagAggregateResult + getPolicyDefinition(id: String!): PolicyDefinition + queryPolicyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + aggregatePolicyDefinition(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + getPolicyEnforcement(id: ID!): PolicyEnforcement + queryPolicyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + aggregatePolicyEnforcement(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + getJira(id: ID!): Jira + queryJira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + aggregateJira(filter: JiraFilter): JiraAggregateResult + getRunHistory(id: ID!): RunHistory + queryRunHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + aggregateRunHistory(filter: RunHistoryFilter): RunHistoryAggregateResult + getSecurityIssue(id: ID!): SecurityIssue + querySecurityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + aggregateSecurityIssue(filter: SecurityIssueFilter): SecurityIssueAggregateResult + getBuildTool(id: String!): BuildTool + queryBuildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + aggregateBuildTool(filter: BuildToolFilter): BuildToolAggregateResult + getSourceCodeTool(id: String!): SourceCodeTool + querySourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + aggregateSourceCodeTool(filter: SourceCodeToolFilter): SourceCodeToolAggregateResult + getCommitMetaData(id: ID!): CommitMetaData + queryCommitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + aggregateCommitMetaData(filter: CommitMetaDataFilter): CommitMetaDataAggregateResult + getArtifact(id: String!): Artifact + queryArtifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + aggregateArtifact(filter: ArtifactFilter): ArtifactAggregateResult + getArtifactScanData(id: String!): ArtifactScanData + queryArtifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + aggregateArtifactScanData(filter: ArtifactScanDataFilter): ArtifactScanDataAggregateResult + getArtifactRisk(id: ID!): ArtifactRisk + queryArtifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + aggregateArtifactRisk(filter: ArtifactRiskFilter): ArtifactRiskAggregateResult + getScanFileResult(id: ID!): ScanFileResult + queryScanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + aggregateScanFileResult(filter: ScanFileResultFilter): ScanFileResultAggregateResult + getComponent(id: String!): Component + queryComponent(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + aggregateComponent(filter: ComponentFilter): ComponentAggregateResult + getVulnerability(id: String!): Vulnerability + queryVulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + aggregateVulnerability(filter: VulnerabilityFilter): VulnerabilityAggregateResult + getCWE(id: String!): CWE + queryCWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + aggregateCWE(filter: CWEFilter): CWEAggregateResult + getException(id: ID!): Exception + queryException(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + aggregateException(filter: ExceptionFilter): ExceptionAggregateResult + getExceptionAffects(id: ID!): ExceptionAffects + queryExceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + aggregateExceptionAffects(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult +} + +interface RBAC { + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult +} + +type RBACAggregateResult { + count: Int +} + +input RBACFilter { + has: [RBACHasFilter] + and: [RBACFilter] + or: [RBACFilter] + not: RBACFilter +} + +enum RBACHasFilter { + roles +} + +input RBACPatch { + roles: [RoleRef!] +} + +""" +RiskStatus tells us what risk a current application instance or a deployment is at. +""" +enum RiskStatus { + lowrisk + mediumrisk + highrisk + apocalypserisk + scanning +} + +input RiskStatus_exact { + eq: RiskStatus + in: [RiskStatus] + le: RiskStatus + lt: RiskStatus + ge: RiskStatus + gt: RiskStatus + between: RiskStatus +} + +input RiskStatus_exact_StringRegExpFilter { + eq: RiskStatus + in: [RiskStatus] + le: RiskStatus + lt: RiskStatus + ge: RiskStatus + gt: RiskStatus + between: RiskStatus + regexp: String +} + +type Role { + """id is randomly assigned""" + id: String! + + """group should be a URI format that includes a scope or realm""" + group: String! + permission: RolePermission! +} + +type RoleAggregateResult { + count: Int + idMin: String + idMax: String + groupMin: String + groupMax: String +} + +input RoleFilter { + id: StringHashFilter + group: StringHashFilter + permission: RolePermission_hash + has: [RoleHasFilter] + and: [RoleFilter] + or: [RoleFilter] + not: RoleFilter +} + +enum RoleHasFilter { + id + group + permission +} + +input RoleOrder { + asc: RoleOrderable + desc: RoleOrderable + then: RoleOrder +} + +enum RoleOrderable { + id + group +} + +input RolePatch { + """group should be a URI format that includes a scope or realm""" + group: String + permission: RolePermission +} + +enum RolePermission { + admin + write + read +} + +input RolePermission_hash { + eq: RolePermission + in: [RolePermission] +} + +input RoleRef { + """id is randomly assigned""" + id: String + + """group should be a URI format that includes a scope or realm""" + group: String + permission: RolePermission +} + +type RunHistory { + id: ID! + policyId: String! + applicationDeployment(filter: ApplicationDeploymentFilter): ApplicationDeployment + artifactScan(filter: ArtifactScanDataFilter): ArtifactScanData + PolicyName: String! + Stage: String! + Artifact: String! + ArtifactTag: String! + ArtifactSha: String! + ArtifactNameTag: String! + DatasourceTool: String! + CreatedAt: DateTime! + UpdatedAt: DateTime! + DeployedAt: DateTime! + Hash: String + Pass: Boolean! + MetaData: String + FileApi: String + AttachedJira(filter: JiraFilter): Jira + Status: String! + exception(filter: ExceptionAffectsFilter): ExceptionAffects + scheduledPolicy: Boolean! + policyEnforcements(filter: PolicyEnforcementFilter): PolicyEnforcement! + securityIssue(filter: SecurityIssueFilter): SecurityIssue +} + +type RunHistoryAggregateResult { + count: Int + policyIdMin: String + policyIdMax: String + PolicyNameMin: String + PolicyNameMax: String + StageMin: String + StageMax: String + ArtifactMin: String + ArtifactMax: String + ArtifactTagMin: String + ArtifactTagMax: String + ArtifactShaMin: String + ArtifactShaMax: String + ArtifactNameTagMin: String + ArtifactNameTagMax: String + DatasourceToolMin: String + DatasourceToolMax: String + CreatedAtMin: DateTime + CreatedAtMax: DateTime + UpdatedAtMin: DateTime + UpdatedAtMax: DateTime + DeployedAtMin: DateTime + DeployedAtMax: DateTime + HashMin: String + HashMax: String + MetaDataMin: String + MetaDataMax: String + FileApiMin: String + FileApiMax: String + StatusMin: String + StatusMax: String +} + +input RunHistoryFilter { + id: [ID!] + policyId: StringExactFilter + PolicyName: StringExactFilter_StringRegExpFilter + Stage: StringExactFilter_StringRegExpFilter + Artifact: StringExactFilter + ArtifactTag: StringExactFilter + ArtifactSha: StringExactFilter_StringRegExpFilter + ArtifactNameTag: StringExactFilter_StringRegExpFilter + DatasourceTool: StringExactFilter_StringRegExpFilter + CreatedAt: DateTimeFilter + UpdatedAt: DateTimeFilter + DeployedAt: DateTimeFilter + Pass: Boolean + Status: StringExactFilter + scheduledPolicy: Boolean + has: [RunHistoryHasFilter] + and: [RunHistoryFilter] + or: [RunHistoryFilter] + not: RunHistoryFilter +} + +enum RunHistoryHasFilter { + policyId + applicationDeployment + artifactScan + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + ArtifactNameTag + DatasourceTool + CreatedAt + UpdatedAt + DeployedAt + Hash + Pass + MetaData + FileApi + AttachedJira + Status + exception + scheduledPolicy + policyEnforcements + securityIssue +} + +input RunHistoryOrder { + asc: RunHistoryOrderable + desc: RunHistoryOrderable + then: RunHistoryOrder +} + +enum RunHistoryOrderable { + policyId + PolicyName + Stage + Artifact + ArtifactTag + ArtifactSha + ArtifactNameTag + DatasourceTool + CreatedAt + UpdatedAt + DeployedAt + Hash + MetaData + FileApi + Status +} + +input RunHistoryPatch { + policyId: String + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String + Stage: String + Artifact: String + ArtifactTag: String + ArtifactSha: String + ArtifactNameTag: String + DatasourceTool: String + CreatedAt: DateTime + UpdatedAt: DateTime + DeployedAt: DateTime + Hash: String + Pass: Boolean + MetaData: String + FileApi: String + AttachedJira: JiraRef + Status: String + exception: ExceptionAffectsRef + scheduledPolicy: Boolean + policyEnforcements: PolicyEnforcementRef + securityIssue: SecurityIssueRef +} + +input RunHistoryRef { + id: ID + policyId: String + applicationDeployment: ApplicationDeploymentRef + artifactScan: ArtifactScanDataRef + PolicyName: String + Stage: String + Artifact: String + ArtifactTag: String + ArtifactSha: String + ArtifactNameTag: String + DatasourceTool: String + CreatedAt: DateTime + UpdatedAt: DateTime + DeployedAt: DateTime + Hash: String + Pass: Boolean + MetaData: String + FileApi: String + AttachedJira: JiraRef + Status: String + exception: ExceptionAffectsRef + scheduledPolicy: Boolean + policyEnforcements: PolicyEnforcementRef + securityIssue: SecurityIssueRef +} + +type ScanFileResult { + id: ID! + name: String! + url: String! +} + +type ScanFileResultAggregateResult { + count: Int + nameMin: String + nameMax: String + urlMin: String + urlMax: String +} + +input ScanFileResultFilter { + id: [ID!] + name: StringExactFilter_StringRegExpFilter + has: [ScanFileResultHasFilter] + and: [ScanFileResultFilter] + or: [ScanFileResultFilter] + not: ScanFileResultFilter +} + +enum ScanFileResultHasFilter { + name + url +} + +input ScanFileResultOrder { + asc: ScanFileResultOrderable + desc: ScanFileResultOrderable + then: ScanFileResultOrder +} + +enum ScanFileResultOrderable { + name + url +} + +input ScanFileResultPatch { + name: String + url: String +} + +input ScanFileResultRef { + id: ID + name: String + url: String +} + +type SchemaVersion { + version: String! +} + +type SchemaVersionAggregateResult { + count: Int + versionMin: String + versionMax: String +} + +input SchemaVersionFilter { + has: [SchemaVersionHasFilter] + and: [SchemaVersionFilter] + or: [SchemaVersionFilter] + not: SchemaVersionFilter +} + +enum SchemaVersionHasFilter { + version +} + +input SchemaVersionOrder { + asc: SchemaVersionOrderable + desc: SchemaVersionOrderable + then: SchemaVersionOrder +} + +enum SchemaVersionOrderable { + version +} + +input SchemaVersionPatch { + version: String +} + +input SchemaVersionRef { + version: String +} + +type SecurityIssue { + id: ID! + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity! + SeverityInt: Int! + CreatedAt: DateTime! + UpdatedAt: DateTime! + Action: String! + Reason: String + Error: String + AttachedJira(filter: JiraFilter): Jira + Affects(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory!] + AffectsAggregate(filter: RunHistoryFilter): RunHistoryAggregateResult +} + +type SecurityIssueAggregateResult { + count: Int + AlertTitleMin: String + AlertTitleMax: String + AlertMessageMin: String + AlertMessageMax: String + SuggestionsMin: String + SuggestionsMax: String + SeverityIntMin: Int + SeverityIntMax: Int + SeverityIntSum: Int + SeverityIntAvg: Float + CreatedAtMin: DateTime + CreatedAtMax: DateTime + UpdatedAtMin: DateTime + UpdatedAtMax: DateTime + ActionMin: String + ActionMax: String + ReasonMin: String + ReasonMax: String + ErrorMin: String + ErrorMax: String +} + +input SecurityIssueFilter { + id: [ID!] + AlertTitle: StringExactFilter_StringRegExpFilter + AlertMessage: StringExactFilter + Suggestions: StringExactFilter + Severity: Severity_exact_StringRegExpFilter + SeverityInt: IntFilter + CreatedAt: DateTimeFilter + UpdatedAt: DateTimeFilter + Action: StringExactFilter_StringRegExpFilter + Reason: StringExactFilter + Error: StringExactFilter + has: [SecurityIssueHasFilter] + and: [SecurityIssueFilter] + or: [SecurityIssueFilter] + not: SecurityIssueFilter +} + +enum SecurityIssueHasFilter { + AlertTitle + AlertMessage + Suggestions + Severity + SeverityInt + CreatedAt + UpdatedAt + Action + Reason + Error + AttachedJira + Affects +} + +input SecurityIssueOrder { + asc: SecurityIssueOrderable + desc: SecurityIssueOrderable + then: SecurityIssueOrder +} + +enum SecurityIssueOrderable { + AlertTitle + AlertMessage + Suggestions + SeverityInt + CreatedAt + UpdatedAt + Action + Reason + Error +} + +input SecurityIssuePatch { + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity + SeverityInt: Int + CreatedAt: DateTime + UpdatedAt: DateTime + Action: String + Reason: String + Error: String + AttachedJira: JiraRef + Affects: [RunHistoryRef!] +} + +input SecurityIssueRef { + id: ID + AlertTitle: String + AlertMessage: String + Suggestions: String + Severity: Severity + SeverityInt: Int + CreatedAt: DateTime + UpdatedAt: DateTime + Action: String + Reason: String + Error: String + AttachedJira: JiraRef + Affects: [RunHistoryRef!] +} + +enum Severity { + critical + high + medium + low + info + none + unknown +} + +input Severity_exact { + eq: Severity + in: [Severity] + le: Severity + lt: Severity + ge: Severity + gt: Severity + between: Severity +} + +input Severity_exact_StringRegExpFilter { + eq: Severity + in: [Severity] + le: Severity + lt: Severity + ge: Severity + gt: Severity + between: Severity + regexp: String +} + +""" +SourceCodeTool contains the source details about the artifact that was built. +""" +type SourceCodeTool { + """id is randomly assigned""" + id: String! + createdAt: DateTime! + + """scm is the scm tool github/gitlab etc""" + scm: String! + + """repository is the git remote repository""" + repository: String! + + """branch is the git branch on which the artifact was built""" + branch: String! + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool(filter: BuildToolFilter): BuildTool! +} + +type SourceCodeToolAggregateResult { + count: Int + idMin: String + idMax: String + createdAtMin: DateTime + createdAtMax: DateTime + scmMin: String + scmMax: String + repositoryMin: String + repositoryMax: String + branchMin: String + branchMax: String + headCommitMin: String + headCommitMax: String + diffCommitsMin: String + diffCommitsMax: String + licenseNameMin: String + licenseNameMax: String + visibilityMin: String + visibilityMax: String + workflowNameMin: String + workflowNameMax: String + parentRepoMin: String + parentRepoMax: String +} + +input SourceCodeToolFilter { + id: StringHashFilter + repository: StringExactFilter_StringRegExpFilter + has: [SourceCodeToolHasFilter] + and: [SourceCodeToolFilter] + or: [SourceCodeToolFilter] + not: SourceCodeToolFilter +} + +enum SourceCodeToolHasFilter { + id + createdAt + scm + repository + branch + headCommit + diffCommits + licenseName + visibility + workflowName + parentRepo + buildTool +} + +input SourceCodeToolOrder { + asc: SourceCodeToolOrderable + desc: SourceCodeToolOrderable + then: SourceCodeToolOrder +} + +enum SourceCodeToolOrderable { + id + createdAt + scm + repository + branch + headCommit + diffCommits + licenseName + visibility + workflowName + parentRepo +} + +input SourceCodeToolPatch { + createdAt: DateTime + + """scm is the scm tool github/gitlab etc""" + scm: String + + """repository is the git remote repository""" + repository: String + + """branch is the git branch on which the artifact was built""" + branch: String + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef +} + +input SourceCodeToolRef { + """id is randomly assigned""" + id: String + createdAt: DateTime + + """scm is the scm tool github/gitlab etc""" + scm: String + + """repository is the git remote repository""" + repository: String + + """branch is the git branch on which the artifact was built""" + branch: String + + """headCommit is the checkout out head commit""" + headCommit: String + + """ + diffCommits is a comma separated string of the commits between the previous built artifact and the current + """ + diffCommits: String + licenseName: String + visibility: String + workflowName: String + + """parentRepo is populated in case the git repo is a fork""" + parentRepo: String + buildTool: BuildToolRef +} + +input StringExactFilter { + eq: String + in: [String] + le: String + lt: String + ge: String + gt: String + between: StringRange +} + +input StringExactFilter_StringRegExpFilter { + eq: String + in: [String] + le: String + lt: String + ge: String + gt: String + between: StringRange + regexp: String +} + +input StringFullTextFilter { + alloftext: String + anyoftext: String +} + +input StringHashFilter { + eq: String + in: [String] +} + +input StringRange { + min: String! + max: String! +} + +input StringRegExpFilter { + regexp: String +} + +input StringTermFilter { + allofterms: String + anyofterms: String +} + +type Subscription { + getOrganization(id: String!): Organization + queryOrganization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + aggregateOrganization(filter: OrganizationFilter): OrganizationAggregateResult + getTeam(id: String!): Team + queryTeam(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + aggregateTeam(filter: TeamFilter): TeamAggregateResult + getApplication(id: String!): Application + queryApplication(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + aggregateApplication(filter: ApplicationFilter): ApplicationAggregateResult + getApplicationEnvironment(id: String!): ApplicationEnvironment + queryApplicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + aggregateApplicationEnvironment(filter: ApplicationEnvironmentFilter): ApplicationEnvironmentAggregateResult +} + +""" +Tag tells us about the tags that are linked to policies and other components. +""" +type Tag { + id: String! + tagName: String! + tagValue: String! + tagDescription: String + createdBy: String + createdAt: DateTime! + updatedAt: DateTime! + policies(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + policiesAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult +} + +type TagAggregateResult { + count: Int + idMin: String + idMax: String + tagNameMin: String + tagNameMax: String + tagValueMin: String + tagValueMax: String + tagDescriptionMin: String + tagDescriptionMax: String + createdByMin: String + createdByMax: String + createdAtMin: DateTime + createdAtMax: DateTime + updatedAtMin: DateTime + updatedAtMax: DateTime +} + +input TagFilter { + id: StringExactFilter + tagName: StringExactFilter + tagValue: StringExactFilter_StringRegExpFilter + createdBy: StringExactFilter + has: [TagHasFilter] + and: [TagFilter] + or: [TagFilter] + not: TagFilter +} + +enum TagHasFilter { + id + tagName + tagValue + tagDescription + createdBy + createdAt + updatedAt + policies +} + +input TagOrder { + asc: TagOrderable + desc: TagOrderable + then: TagOrder +} + +enum TagOrderable { + id + tagName + tagValue + tagDescription + createdBy + createdAt + updatedAt +} + +input TagPatch { + tagName: String + tagValue: String + tagDescription: String + createdBy: String + createdAt: DateTime + updatedAt: DateTime + policies: [PolicyEnforcementRef!] +} + +input TagRef { + id: String + tagName: String + tagValue: String + tagDescription: String + createdBy: String + createdAt: DateTime + updatedAt: DateTime + policies: [PolicyEnforcementRef!] +} + +type Team implements RBAC { + """id is randomly assigned""" + id: String! + name: String! + roles(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role!] + organization(filter: OrganizationFilter): Organization! + applications(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application!] + labels(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue!] + policies(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition!] + policyEnforcements(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement!] + exceptions(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects!] + rolesAggregate(filter: RoleFilter): RoleAggregateResult + applicationsAggregate(filter: ApplicationFilter): ApplicationAggregateResult + labelsAggregate(filter: KeyValueFilter): KeyValueAggregateResult + policiesAggregate(filter: PolicyDefinitionFilter): PolicyDefinitionAggregateResult + policyEnforcementsAggregate(filter: PolicyEnforcementFilter): PolicyEnforcementAggregateResult + exceptionsAggregate(filter: ExceptionAffectsFilter): ExceptionAffectsAggregateResult +} + +type TeamAggregateResult { + count: Int + idMin: String + idMax: String + nameMin: String + nameMax: String +} + +input TeamFilter { + id: StringHashFilter + name: StringExactFilter + has: [TeamHasFilter] + and: [TeamFilter] + or: [TeamFilter] + not: TeamFilter +} + +enum TeamHasFilter { + id + name + roles + organization + applications + labels + policies + policyEnforcements + exceptions +} + +input TeamOrder { + asc: TeamOrderable + desc: TeamOrderable + then: TeamOrder +} + +enum TeamOrderable { + id + name +} + +input TeamPatch { + name: String + roles: [RoleRef!] + organization: OrganizationRef + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] +} + +input TeamRef { + """id is randomly assigned""" + id: String + name: String + roles: [RoleRef!] + organization: OrganizationRef + applications: [ApplicationRef!] + labels: [KeyValueRef!] + policies: [PolicyDefinitionRef!] + policyEnforcements: [PolicyEnforcementRef!] + exceptions: [ExceptionAffectsRef!] +} + +type ToolsUsed { + id: ID! + source: String + build: String + artifact: String + deploy: String + sbom: String + misc: [String!] +} + +type ToolsUsedAggregateResult { + count: Int + sourceMin: String + sourceMax: String + buildMin: String + buildMax: String + artifactMin: String + artifactMax: String + deployMin: String + deployMax: String + sbomMin: String + sbomMax: String +} + +input ToolsUsedFilter { + id: [ID!] + sbom: StringExactFilter_StringRegExpFilter + has: [ToolsUsedHasFilter] + and: [ToolsUsedFilter] + or: [ToolsUsedFilter] + not: ToolsUsedFilter +} + +enum ToolsUsedHasFilter { + source + build + artifact + deploy + sbom + misc +} + +input ToolsUsedOrder { + asc: ToolsUsedOrderable + desc: ToolsUsedOrderable + then: ToolsUsedOrder +} + +enum ToolsUsedOrderable { + source + build + artifact + deploy + sbom +} + +input ToolsUsedPatch { + source: String + build: String + artifact: String + deploy: String + sbom: String + misc: [String!] +} + +input ToolsUsedRef { + id: ID + source: String + build: String + artifact: String + deploy: String + sbom: String + misc: [String!] +} + +input UpdateApplicationDeploymentInput { + filter: ApplicationDeploymentFilter! + set: ApplicationDeploymentPatch + remove: ApplicationDeploymentPatch +} + +type UpdateApplicationDeploymentPayload { + applicationDeployment(filter: ApplicationDeploymentFilter, order: ApplicationDeploymentOrder, first: Int, offset: Int): [ApplicationDeployment] + numUids: Int +} + +input UpdateApplicationDeploymentRiskInput { + filter: ApplicationDeploymentRiskFilter! + set: ApplicationDeploymentRiskPatch + remove: ApplicationDeploymentRiskPatch +} + +type UpdateApplicationDeploymentRiskPayload { + applicationDeploymentRisk(filter: ApplicationDeploymentRiskFilter, order: ApplicationDeploymentRiskOrder, first: Int, offset: Int): [ApplicationDeploymentRisk] + numUids: Int +} + +input UpdateApplicationEnvironmentInput { + filter: ApplicationEnvironmentFilter! + set: ApplicationEnvironmentPatch + remove: ApplicationEnvironmentPatch +} + +type UpdateApplicationEnvironmentPayload { + applicationEnvironment(filter: ApplicationEnvironmentFilter, order: ApplicationEnvironmentOrder, first: Int, offset: Int): [ApplicationEnvironment] + numUids: Int +} + +input UpdateApplicationInput { + filter: ApplicationFilter! + set: ApplicationPatch + remove: ApplicationPatch +} + +type UpdateApplicationPayload { + application(filter: ApplicationFilter, order: ApplicationOrder, first: Int, offset: Int): [Application] + numUids: Int +} + +input UpdateApplicationRiskStatusInput { + filter: ApplicationRiskStatusFilter! + set: ApplicationRiskStatusPatch + remove: ApplicationRiskStatusPatch +} + +type UpdateApplicationRiskStatusPayload { + applicationRiskStatus(filter: ApplicationRiskStatusFilter, order: ApplicationRiskStatusOrder, first: Int, offset: Int): [ApplicationRiskStatus] + numUids: Int +} + +input UpdateArtifactInput { + filter: ArtifactFilter! + set: ArtifactPatch + remove: ArtifactPatch +} + +type UpdateArtifactPayload { + artifact(filter: ArtifactFilter, order: ArtifactOrder, first: Int, offset: Int): [Artifact] + numUids: Int +} + +input UpdateArtifactRiskInput { + filter: ArtifactRiskFilter! + set: ArtifactRiskPatch + remove: ArtifactRiskPatch +} + +type UpdateArtifactRiskPayload { + artifactRisk(filter: ArtifactRiskFilter, order: ArtifactRiskOrder, first: Int, offset: Int): [ArtifactRisk] + numUids: Int +} + +input UpdateArtifactScanDataInput { + filter: ArtifactScanDataFilter! + set: ArtifactScanDataPatch + remove: ArtifactScanDataPatch +} + +type UpdateArtifactScanDataPayload { + artifactScanData(filter: ArtifactScanDataFilter, order: ArtifactScanDataOrder, first: Int, offset: Int): [ArtifactScanData] + numUids: Int +} + +input UpdateBuildToolInput { + filter: BuildToolFilter! + set: BuildToolPatch + remove: BuildToolPatch +} + +type UpdateBuildToolPayload { + buildTool(filter: BuildToolFilter, order: BuildToolOrder, first: Int, offset: Int): [BuildTool] + numUids: Int +} + +input UpdateCommitMetaDataInput { + filter: CommitMetaDataFilter! + set: CommitMetaDataPatch + remove: CommitMetaDataPatch +} + +type UpdateCommitMetaDataPayload { + commitMetaData(filter: CommitMetaDataFilter, order: CommitMetaDataOrder, first: Int, offset: Int): [CommitMetaData] + numUids: Int +} + +input UpdateComponentInput { + filter: ComponentFilter! + set: ComponentPatch + remove: ComponentPatch +} + +type UpdateComponentPayload { + component(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component] + numUids: Int +} + +input UpdateCWEInput { + filter: CWEFilter! + set: CWEPatch + remove: CWEPatch +} + +type UpdateCWEPayload { + cWE(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE] + numUids: Int +} + +input UpdateDeploymentTargetInput { + filter: DeploymentTargetFilter! + set: DeploymentTargetPatch + remove: DeploymentTargetPatch +} + +type UpdateDeploymentTargetPayload { + deploymentTarget(filter: DeploymentTargetFilter, order: DeploymentTargetOrder, first: Int, offset: Int): [DeploymentTarget] + numUids: Int +} + +input UpdateEnvironmentInput { + filter: EnvironmentFilter! + set: EnvironmentPatch + remove: EnvironmentPatch +} + +type UpdateEnvironmentPayload { + environment(filter: EnvironmentFilter, order: EnvironmentOrder, first: Int, offset: Int): [Environment] + numUids: Int +} + +input UpdateExceptionAffectsInput { + filter: ExceptionAffectsFilter! + set: ExceptionAffectsPatch + remove: ExceptionAffectsPatch +} + +type UpdateExceptionAffectsPayload { + exceptionAffects(filter: ExceptionAffectsFilter, order: ExceptionAffectsOrder, first: Int, offset: Int): [ExceptionAffects] + numUids: Int +} + +input UpdateExceptionInput { + filter: ExceptionFilter! + set: ExceptionPatch + remove: ExceptionPatch +} + +type UpdateExceptionPayload { + exception(filter: ExceptionFilter, order: ExceptionOrder, first: Int, offset: Int): [Exception] + numUids: Int +} + +input UpdateFeatureModeInput { + filter: FeatureModeFilter! + set: FeatureModePatch + remove: FeatureModePatch +} + +type UpdateFeatureModePayload { + featureMode(filter: FeatureModeFilter, order: FeatureModeOrder, first: Int, offset: Int): [FeatureMode] + numUids: Int +} + +input UpdateIntegratorConfigsInput { + filter: IntegratorConfigsFilter! + set: IntegratorConfigsPatch + remove: IntegratorConfigsPatch +} + +type UpdateIntegratorConfigsPayload { + integratorConfigs(filter: IntegratorConfigsFilter, order: IntegratorConfigsOrder, first: Int, offset: Int): [IntegratorConfigs] + numUids: Int +} + +input UpdateIntegratorInput { + filter: IntegratorFilter! + set: IntegratorPatch + remove: IntegratorPatch +} + +input UpdateIntegratorKeyValuesInput { + filter: IntegratorKeyValuesFilter! + set: IntegratorKeyValuesPatch + remove: IntegratorKeyValuesPatch +} + +type UpdateIntegratorKeyValuesPayload { + integratorKeyValues(filter: IntegratorKeyValuesFilter, order: IntegratorKeyValuesOrder, first: Int, offset: Int): [IntegratorKeyValues] + numUids: Int +} + +type UpdateIntegratorPayload { + integrator(filter: IntegratorFilter, order: IntegratorOrder, first: Int, offset: Int): [Integrator] + numUids: Int +} + +input UpdateJiraInput { + filter: JiraFilter! + set: JiraPatch + remove: JiraPatch +} + +type UpdateJiraPayload { + jira(filter: JiraFilter, order: JiraOrder, first: Int, offset: Int): [Jira] + numUids: Int +} + +input UpdateKeyValueInput { + filter: KeyValueFilter! + set: KeyValuePatch + remove: KeyValuePatch +} + +type UpdateKeyValuePayload { + keyValue(filter: KeyValueFilter, order: KeyValueOrder, first: Int, offset: Int): [KeyValue] + numUids: Int +} + +input UpdateOrganizationInput { + filter: OrganizationFilter! + set: OrganizationPatch + remove: OrganizationPatch +} + +type UpdateOrganizationPayload { + organization(filter: OrganizationFilter, order: OrganizationOrder, first: Int, offset: Int): [Organization] + numUids: Int +} + +input UpdatePolicyDefinitionInput { + filter: PolicyDefinitionFilter! + set: PolicyDefinitionPatch + remove: PolicyDefinitionPatch +} + +type UpdatePolicyDefinitionPayload { + policyDefinition(filter: PolicyDefinitionFilter, order: PolicyDefinitionOrder, first: Int, offset: Int): [PolicyDefinition] + numUids: Int +} + +input UpdatePolicyEnforcementInput { + filter: PolicyEnforcementFilter! + set: PolicyEnforcementPatch + remove: PolicyEnforcementPatch +} + +type UpdatePolicyEnforcementPayload { + policyEnforcement(filter: PolicyEnforcementFilter, order: PolicyEnforcementOrder, first: Int, offset: Int): [PolicyEnforcement] + numUids: Int +} + +input UpdateRBACInput { + filter: RBACFilter! + set: RBACPatch + remove: RBACPatch +} + +type UpdateRBACPayload { + rBAC(filter: RBACFilter, first: Int, offset: Int): [RBAC] + numUids: Int +} + +input UpdateRoleInput { + filter: RoleFilter! + set: RolePatch + remove: RolePatch +} + +type UpdateRolePayload { + role(filter: RoleFilter, order: RoleOrder, first: Int, offset: Int): [Role] + numUids: Int +} + +input UpdateRunHistoryInput { + filter: RunHistoryFilter! + set: RunHistoryPatch + remove: RunHistoryPatch +} + +type UpdateRunHistoryPayload { + runHistory(filter: RunHistoryFilter, order: RunHistoryOrder, first: Int, offset: Int): [RunHistory] + numUids: Int +} + +input UpdateScanFileResultInput { + filter: ScanFileResultFilter! + set: ScanFileResultPatch + remove: ScanFileResultPatch +} + +type UpdateScanFileResultPayload { + scanFileResult(filter: ScanFileResultFilter, order: ScanFileResultOrder, first: Int, offset: Int): [ScanFileResult] + numUids: Int +} + +input UpdateSchemaVersionInput { + filter: SchemaVersionFilter! + set: SchemaVersionPatch + remove: SchemaVersionPatch +} + +type UpdateSchemaVersionPayload { + schemaVersion(filter: SchemaVersionFilter, order: SchemaVersionOrder, first: Int, offset: Int): [SchemaVersion] + numUids: Int +} + +input UpdateSecurityIssueInput { + filter: SecurityIssueFilter! + set: SecurityIssuePatch + remove: SecurityIssuePatch +} + +type UpdateSecurityIssuePayload { + securityIssue(filter: SecurityIssueFilter, order: SecurityIssueOrder, first: Int, offset: Int): [SecurityIssue] + numUids: Int +} + +input UpdateSourceCodeToolInput { + filter: SourceCodeToolFilter! + set: SourceCodeToolPatch + remove: SourceCodeToolPatch +} + +type UpdateSourceCodeToolPayload { + sourceCodeTool(filter: SourceCodeToolFilter, order: SourceCodeToolOrder, first: Int, offset: Int): [SourceCodeTool] + numUids: Int +} + +input UpdateTagInput { + filter: TagFilter! + set: TagPatch + remove: TagPatch +} + +type UpdateTagPayload { + tag(filter: TagFilter, order: TagOrder, first: Int, offset: Int): [Tag] + numUids: Int +} + +input UpdateTeamInput { + filter: TeamFilter! + set: TeamPatch + remove: TeamPatch +} + +type UpdateTeamPayload { + team(filter: TeamFilter, order: TeamOrder, first: Int, offset: Int): [Team] + numUids: Int +} + +input UpdateToolsUsedInput { + filter: ToolsUsedFilter! + set: ToolsUsedPatch + remove: ToolsUsedPatch +} + +type UpdateToolsUsedPayload { + toolsUsed(filter: ToolsUsedFilter, order: ToolsUsedOrder, first: Int, offset: Int): [ToolsUsed] + numUids: Int +} + +input UpdateVulnerabilityInput { + filter: VulnerabilityFilter! + set: VulnerabilityPatch + remove: VulnerabilityPatch +} + +type UpdateVulnerabilityPayload { + vulnerability(filter: VulnerabilityFilter, order: VulnerabilityOrder, first: Int, offset: Int): [Vulnerability] + numUids: Int +} + +type Vulnerability { + id: String! + parent: String! + ratings: Severity + cwes(filter: CWEFilter, order: CWEOrder, first: Int, offset: Int): [CWE!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + epss: Float + cisa_kev: String + affects(filter: ComponentFilter, order: ComponentOrder, first: Int, offset: Int): [Component!] + cwesAggregate(filter: CWEFilter): CWEAggregateResult + affectsAggregate(filter: ComponentFilter): ComponentAggregateResult +} + +type VulnerabilityAggregateResult { + count: Int + idMin: String + idMax: String + parentMin: String + parentMax: String + summaryMin: String + summaryMax: String + detailMin: String + detailMax: String + recommendationMin: String + recommendationMax: String + publishedMin: DateTime + publishedMax: DateTime + modifiedMin: DateTime + modifiedMax: DateTime + createdAtMin: DateTime + createdAtMax: DateTime + cvssMin: Float + cvssMax: Float + cvssSum: Float + cvssAvg: Float + priorityMin: String + priorityMax: String + epssMin: Float + epssMax: Float + epssSum: Float + epssAvg: Float + cisa_kevMin: String + cisa_kevMax: String +} + +input VulnerabilityFilter { + id: StringHashFilter + parent: StringExactFilter_StringRegExpFilter + ratings: Severity_exact + createdAt: DateTimeFilter + cvss: FloatFilter + priority: StringExactFilter_StringRegExpFilter + epss: FloatFilter + cisa_kev: StringExactFilter_StringRegExpFilter + has: [VulnerabilityHasFilter] + and: [VulnerabilityFilter] + or: [VulnerabilityFilter] + not: VulnerabilityFilter +} + +enum VulnerabilityHasFilter { + id + parent + ratings + cwes + summary + detail + recommendation + published + modified + createdAt + cvss + priority + epss + cisa_kev + affects +} + +input VulnerabilityOrder { + asc: VulnerabilityOrderable + desc: VulnerabilityOrderable + then: VulnerabilityOrder +} + +enum VulnerabilityOrderable { + id + parent + summary + detail + recommendation + published + modified + createdAt + cvss + priority + epss + cisa_kev +} + +input VulnerabilityPatch { + parent: String + ratings: Severity + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + epss: Float + cisa_kev: String + affects: [ComponentRef!] +} + +input VulnerabilityRef { + id: String + parent: String + ratings: Severity + cwes: [CWERef!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime + cvss: Float + priority: String + epss: Float + cisa_kev: String + affects: [ComponentRef!] +} + +input WithinFilter { + polygon: PolygonRef! +} + diff --git a/august2024august2024v2/scoring.go b/august2024august2024v2/scoring.go new file mode 100644 index 0000000..c60ef1f --- /dev/null +++ b/august2024august2024v2/scoring.go @@ -0,0 +1,338 @@ +package august2024august2024v2 + +import ( + "context" + "fmt" + "math" + "strings" + "upgradationScript/logger" + + "github.com/Khan/genqlient/graphql" +) + +func calculateScoring(prodDgraphClient graphql.Client) error { + + ctx := context.Background() + + prodArtifactScanDataIds, err := GetArtifactScanDataId(ctx, prodDgraphClient) + if err != nil { + return fmt.Errorf("error: could'nt query prod artifact scan data id: %s", err.Error()) + } + + if prodArtifactScanDataIds == nil || len(prodArtifactScanDataIds.QueryArtifactScanData) == 0 { + logger.Logger.Info("No record of artifact scan data found in db to perform artifactRiskScore calculation") + return nil + } + + logger.Sl.Debugf("----------Number of artifact scan data to perform artifactRiskScore calculation are %d -----------", len(prodArtifactScanDataIds.QueryArtifactScanData)) + + for iter, eachArtifactScanData := range prodArtifactScanDataIds.QueryArtifactScanData { + + logger.Sl.Debug("----------------------------------------------") + logger.Sl.Debugf("calculating score for artifact scan data id: %s current iteration: %d", eachArtifactScanData.Id, iter) + + logger.Sl.Debug("creating artifact risk id") + updateResp, err := UpdateArtifactScanData(ctx, prodDgraphClient, eachArtifactScanData.Id) + if err != nil { + return fmt.Errorf("error: UpdateArtifactScanData: artifact scan data id: %s err: %s", eachArtifactScanData.Id, err.Error()) + } + + eachArtifactScanData.ArtifactRisk = (*GetArtifactScanDataIdQueryArtifactScanDataArtifactRisk)(updateResp.UpdateArtifactScanData.ArtifactScanData[0].ArtifactRisk) + + logger.Sl.Debug("created artifact risk id", eachArtifactScanData.ArtifactRisk.Id) + + scoring := Scoring{ + Policy: make(map[string][]PolicyDetail), + } + + uniquePolicyIdMap := make(map[string]bool) + + artifactRunHistories, err := QueryArtifactScanDataRunHistory(context.Background(), prodDgraphClient, eachArtifactScanData.Id) + if err != nil { + return fmt.Errorf("error: QueryArtifactScanDataRunHistory: artifact scan data id: %s err: %s", eachArtifactScanData.Id, err.Error()) + } + + if len(artifactRunHistories.QueryArtifactScanData) == 0 { + logger.Sl.Debugf("Skipping iteration of scandata id: %s as runhistory record not found", eachArtifactScanData.Id) + continue + } + + logger.Sl.Debugf("---Total run histories found for this scan_data: %d---", len(artifactRunHistories.QueryArtifactScanData[0].ArtifactRunHistory)) + + for _, val := range artifactRunHistories.QueryArtifactScanData[0].ArtifactRunHistory { + + if uniquePolicyIdMap[val.PolicyId] { + continue + } + + if val.Status == RunHistoryStatusException { + continue + } + + stage := strings.ToLower(val.Stage) + + severity := val.PolicyEnforcements.Severity + if val.SecurityIssue != nil { + severity = val.SecurityIssue.Severity + } + + policyDetail := PolicyDetail{ + PolicyName: val.PolicyName, + Stage: stage, + Severity: string(severity), + Status: Fail, + } + + if val.Pass != nil && *val.Pass { + policyDetail.Status = Pass + } + + scoring.Policy[stage] = append(scoring.Policy[stage], policyDetail) + uniquePolicyIdMap[val.PolicyId] = true + } + + if scoring.Policy == nil { + logger.Sl.Debug("No Policy To Calculate Score") + continue + } + + stageCount := 0 + totalScore := 0 + updateImageRisk := true + // step1: loop and find score for stages available + for stage, policiesDetail := range scoring.Policy { + + logger.Sl.Debugf("computation level at policy and stage: %s", stage) + + policyStatusCount := PolicyStatusCount{} + + // step 1a : calculating severity based policy counts + for _, policyDetail := range policiesDetail { + policyStatusCount = ProcessPolicyData(policyDetail, policyStatusCount) + } + + if policyStatusCount.CriticalCount != policyStatusCount.CriticalPassCount { + stageScore := 0 + riskStatus := RiskStatusApocalypserisk + updateImageRisk = false + + if err := setArtifactRisk(ctx, prodDgraphClient, stage, *eachArtifactScanData.ArtifactRisk.Id, stageScore, &riskStatus); err != nil { + return fmt.Errorf("setArtifactRisk: scanDataId: %s riskStatus: %s err: %s", eachArtifactScanData.Id, RiskStatusApocalypserisk, err.Error()) + } + + logger.Sl.Debugf("critical policy failed for stage: %s setting riskStatus as Apocalypserisk", stage) + continue + } + + stageScore := calculateStageScore(policyStatusCount) + logger.Sl.Debugf("calculated stage: %s score: %d", stage, stageScore) + + if err := setArtifactRisk(ctx, prodDgraphClient, stage, *eachArtifactScanData.ArtifactRisk.Id, stageScore, nil); err != nil { + return fmt.Errorf("setArtifactRisk: scanDataId: %s while setting stage score err: %s", eachArtifactScanData.Id, err.Error()) + } + + } + + if !updateImageRisk { + logger.Sl.Debug("artifactRisk is already set to Apocalypserisk skipping for calculation of total score") + continue + } + + artifactRisk, err := getArtifactRiskScoreDetails(ctx, prodDgraphClient, *eachArtifactScanData.ArtifactRisk.Id) + if err != nil { + return fmt.Errorf("%s", err.Error()) + + } + + if artifactRisk == nil { + return fmt.Errorf("artifactRisk status details are not present while executing getArtifactRiskScoreDetails scan data id %s", eachArtifactScanData.Id) + } + + if artifactRisk.BuildAlertsScore != nil { + stageCount++ + totalScore += *artifactRisk.BuildAlertsScore + } + + if artifactRisk.SourceCodeAlertsScore != nil { + stageCount++ + totalScore += *artifactRisk.SourceCodeAlertsScore + } + + if artifactRisk.ArtifactAlertsScore != nil { + stageCount++ + totalScore += *artifactRisk.ArtifactAlertsScore + } + + if artifactRisk.DeploymentAlertsScore != nil { + stageCount++ + totalScore += *artifactRisk.DeploymentAlertsScore + } + + if updateImageRisk && stageCount != 0 { + logger.Sl.Debugf("total_score: %d and stageCount: %d for iteration: %d", totalScore, stageCount, iter) + + finalScore := totalScore / stageCount + + imageRiskStatus := CalculateImageStatus(finalScore) + + logger.Sl.Debugf("image_risk_status dervied from score: %s", imageRiskStatus) + + if err := setArtifactRisk(ctx, prodDgraphClient, ImageRisk, *eachArtifactScanData.ArtifactRisk.Id, 0, &imageRiskStatus); err != nil { + return fmt.Errorf("setArtifactRisk: scanDataId: %s while setting stage score err: %s", eachArtifactScanData.Id, err.Error()) + + } + + } + logger.Sl.Debugf("score calculation Iteration %d completed", iter) + } + + logger.Logger.Debug("---------------------------------------------") + + logger.Logger.Info("------------Scoring Calculation COMPLETE-------------------------") + + return nil +} + +func ProcessPolicyData(policyDetail PolicyDetail, policyStatusCount PolicyStatusCount) PolicyStatusCount { + + if strings.ToLower(policyDetail.Severity) == Low { + policyStatusCount.LowCount++ + } + if strings.ToLower(policyDetail.Severity) == Medium { + policyStatusCount.MediumCount++ + } + if strings.ToLower(policyDetail.Severity) == Critical { + policyStatusCount.CriticalCount++ + } + if strings.ToLower(policyDetail.Severity) == High { + policyStatusCount.HighCount++ + } + + if strings.ToLower(policyDetail.Status) != Pass { + return policyStatusCount + } + + if strings.ToLower(policyDetail.Severity) == Low { + policyStatusCount.LowPassCount++ + } + if strings.ToLower(policyDetail.Severity) == Medium { + policyStatusCount.MediumPassCount++ + } + if strings.ToLower(policyDetail.Severity) == Critical { + policyStatusCount.CriticalPassCount++ + } + if strings.ToLower(policyDetail.Severity) == High { + policyStatusCount.HighPassCount++ + } + + return policyStatusCount +} + +func calculateStageScore(policyStatusCount PolicyStatusCount) int { + + lowScore := 0 + mediumScore := 0 + highScore := 0 + criticalScore := 0 + scoreCarryOn := 0 + + if policyStatusCount.LowCount > 0 { + lowScore = policyStatusCount.LowCount + scoreCarryOn + scoreCarryOn = lowScore + } + + if policyStatusCount.MediumCount > 0 { + mediumScore = int(math.Ceil(float64(policyStatusCount.MediumCount)*1.25)) + scoreCarryOn + scoreCarryOn = mediumScore + } + + if policyStatusCount.HighCount > 0 { + highScore = int(math.Ceil(float64(policyStatusCount.HighCount)*1.5)) + scoreCarryOn + scoreCarryOn = highScore + } + + if policyStatusCount.CriticalCount > 0 { + criticalScore = (policyStatusCount.CriticalCount * 2) + scoreCarryOn + } + + totalScore := lowScore + mediumScore + highScore + criticalScore + + passScore := 0.0 + if policyStatusCount.LowPassCount > 0 { + perPolicyScore := float64(lowScore) / float64(policyStatusCount.LowCount) + passScore += math.Ceil(perPolicyScore * float64(policyStatusCount.LowPassCount)) + } + + if policyStatusCount.MediumPassCount > 0 { + perPolicyScore := float64(mediumScore) / float64(policyStatusCount.MediumCount) + passScore += math.Ceil(perPolicyScore * float64(policyStatusCount.MediumPassCount)) + } + + if policyStatusCount.HighPassCount > 0 { + perPolicyScore := float64(highScore) / float64(policyStatusCount.HighCount) + passScore += math.Ceil(perPolicyScore * float64(policyStatusCount.HighPassCount)) + + } + + if policyStatusCount.CriticalPassCount > 0 { + perPolicyScore := float64(criticalScore) / float64(policyStatusCount.CriticalCount) + passScore += math.Ceil(perPolicyScore * float64(policyStatusCount.CriticalPassCount)) + } + + finalScore := int((passScore / float64(totalScore)) * 100) + return finalScore +} + +func setArtifactRisk(ctx context.Context, prodDgraphClient graphql.Client, stage, riskId string, score int, riskStatus *RiskStatus) error { + + artifactRisk, err := getArtifactRiskScoreDetails(ctx, prodDgraphClient, riskId) + if err != nil { + return fmt.Errorf("%s", err.Error()) + } + + if riskStatus == nil { + scanning := RiskStatusScanning + riskStatus = &scanning + if string(artifactRisk.ArtifactRiskStatus) != "" { + riskStatus = &artifactRisk.ArtifactRiskStatus + } + } + + logger.Sl.Debugf("updating these values in db stage: %s score: %d risk_status: %s", stage, score, riskStatus) + + switch stage { + case SOURCE: + return updateArtifactScoreStatus(ctx, prodDgraphClient, riskId, &score, artifactRisk.BuildAlertsScore, artifactRisk.ArtifactAlertsScore, artifactRisk.DeploymentAlertsScore, *riskStatus) + case BUILD: + return updateArtifactScoreStatus(ctx, prodDgraphClient, riskId, artifactRisk.SourceCodeAlertsScore, &score, artifactRisk.ArtifactAlertsScore, artifactRisk.DeploymentAlertsScore, *riskStatus) + case ARTIFACT: + return updateArtifactScoreStatus(ctx, prodDgraphClient, riskId, artifactRisk.SourceCodeAlertsScore, artifactRisk.BuildAlertsScore, &score, artifactRisk.DeploymentAlertsScore, *riskStatus) + case DEPLOY: + return updateArtifactScoreStatus(ctx, prodDgraphClient, riskId, artifactRisk.SourceCodeAlertsScore, artifactRisk.BuildAlertsScore, artifactRisk.ArtifactAlertsScore, &score, *riskStatus) + case ImageRisk: + return updateArtifactScoreStatus(ctx, prodDgraphClient, riskId, artifactRisk.SourceCodeAlertsScore, artifactRisk.BuildAlertsScore, artifactRisk.ArtifactAlertsScore, artifactRisk.DeploymentAlertsScore, *riskStatus) + } + + return nil +} + +func getArtifactRiskScoreDetails(ctx context.Context, prodDgraphClient graphql.Client, artifactRiskId string) (*GetArtifactRiskGetArtifactRisk, error) { + + data, err := GetArtifactRisk(ctx, prodDgraphClient, &artifactRiskId) + if err != nil { + return nil, fmt.Errorf("error: GetArtifactRisk: artifactRiskId: %s: %s", artifactRiskId, err.Error()) + } + + return data.GetArtifactRisk, nil +} + +func updateArtifactScoreStatus(ctx context.Context, prodDgraphClient graphql.Client, riskId string, sourceCodeAlertsScore *int, buildAlertsScore *int, artifactAlertsScore *int, deploymentAlertsScore *int, imageRiskStatus RiskStatus) error { + + _, err := UpdateArtifactScanDataRiskScoreAndStatus(ctx, prodDgraphClient, &riskId, imageRiskStatus, sourceCodeAlertsScore, buildAlertsScore, artifactAlertsScore, deploymentAlertsScore) + if err != nil { + return fmt.Errorf("error: UpdateArtifactScanDataRiskScoreAndStatus: RiskId: %s buildAlertsScore: %v sourceCodeAlertsScore: %v artifactAlertsScore: %v deploymentAlertsScore: %v imageRiskStatus: %v : %s", riskId, convIntPointerToString(buildAlertsScore), convIntPointerToString(sourceCodeAlertsScore), convIntPointerToString(artifactAlertsScore), convIntPointerToString(deploymentAlertsScore), imageRiskStatus, err.Error()) + } + + return nil + +} diff --git a/august2024august2024v2/upgradeSteps.go b/august2024august2024v2/upgradeSteps.go new file mode 100644 index 0000000..65a5206 --- /dev/null +++ b/august2024august2024v2/upgradeSteps.go @@ -0,0 +1,27 @@ +package august2024august2024v2 + +import ( + "fmt" + graphqlfunc "upgradationScript/graphqlFunc" + "upgradationScript/logger" + "upgradationScript/schemas" + + "github.com/Khan/genqlient/graphql" +) + +func UpgradeToAugust2024v2(prodGraphUrl, prodToken string, prodDgraphClient graphql.Client) error { + + logger.Logger.Info("--------------Starting Artifact Score Calculation------------------") + + if err := graphqlfunc.UpdateSchema(prodGraphUrl, prodToken, []byte(schemas.August2024Version2)); err != nil { + return fmt.Errorf("UpgradeToAugust2024v2: UpdateSchema: %s", err.Error()) + } + + if err := calculateScoring(prodDgraphClient); err != nil { + return fmt.Errorf("UpgradeToAugust2024v2: calculateScoring: %s", err.Error()) + } + + logger.Logger.Info("--------------Completed UpgradeToAugust2024v2------------------") + + return nil +} diff --git a/august2024august2024v2/utils.go b/august2024august2024v2/utils.go new file mode 100644 index 0000000..23a8d26 --- /dev/null +++ b/august2024august2024v2/utils.go @@ -0,0 +1,22 @@ +package august2024august2024v2 + +import ( + "fmt" +) + +func CalculateImageStatus(finalScore int) RiskStatus { + if finalScore < HighStatusValue { + return RiskStatusHighrisk + } else if finalScore >= LowStatusValue { + return RiskStatusLowrisk + } + return RiskStatusMediumrisk + +} + +func convIntPointerToString(value *int) string { + if value != nil { + return fmt.Sprint(*value) + } + return "" +} diff --git a/common/schemaHelpers.go b/common/schemaHelpers.go index 13e6b4c..b26c6f4 100644 --- a/common/schemaHelpers.go +++ b/common/schemaHelpers.go @@ -13,22 +13,25 @@ const ( June2024Version2 July2024Version August2024Version + August2024Version2 ) var SchemasString = map[SchemaOrder]string{ - April2024Version: schemas.April2024Schema, - June2024Version: schemas.June2024Schema, - June2024Version2: schemas.June2024Version2, - July2024Version: schemas.July2024Schema, - August2024Version: schemas.August2024Schema, + April2024Version: schemas.April2024Schema, + June2024Version: schemas.June2024Schema, + June2024Version2: schemas.June2024Version2, + July2024Version: schemas.July2024Schema, + August2024Version: schemas.August2024Schema, + August2024Version2: schemas.August2024Version2, } var schemaOrderMap = map[string]SchemaOrder{ - "April2024": April2024Version, - "June2024": June2024Version, - "June2024V2": June2024Version2, - "July2024": July2024Version, - "August2024": August2024Version, + "April2024": April2024Version, + "June2024": June2024Version, + "June2024V2": June2024Version2, + "July2024": July2024Version, + "August2024": August2024Version, + "August2024V2": August2024Version2, } func (e SchemaOrder) NameOfSchema() string { diff --git a/common/upgradeSteps.go b/common/upgradeSteps.go index 85e7874..03869c3 100644 --- a/common/upgradeSteps.go +++ b/common/upgradeSteps.go @@ -6,6 +6,7 @@ import ( "strings" "upgradationScript/april2024june2024" + "upgradationScript/august2024august2024v2" featuretable "upgradationScript/featureTable" graphqlfunc "upgradationScript/graphqlFunc" "upgradationScript/july2024august2024" @@ -55,7 +56,7 @@ func StartUpgrade() error { for i := range totalUpgradeSteps(schemaVersion) { - logger.Sl.Infof("STEP %d of upgradin schema", i) + logger.Sl.Infof("STEP %d of upgrading schema", i) if err := beginProcessOfUpgrade(upgradeSchemaBasedOnStep(schemaVersion, i)); err != nil { return fmt.Errorf("StartUpgrade: beginProcessOfUpgrade: %s", err.Error()) @@ -102,6 +103,9 @@ func beginProcessOfUpgrade(upgradeTo SchemaOrder) error { expGraphqlClient := graphqlfunc.NewClient(Conf.ExpGraphQLAddr, Conf.ExpDgraphToken) return july2024august2024.UpgradeToAugust2024(Conf.ProdGraphQLAddr, Conf.ProdDgraphToken, Conf.ExpGraphQLAddr, Conf.RemoteDgraphRestoreUrl, prodGraphqlClient, expGraphqlClient) + + case August2024Version2: + return august2024august2024v2.UpgradeToAugust2024v2(Conf.ProdGraphQLAddr, Conf.ProdDgraphToken, prodGraphqlClient) } logger.Sl.Debugf("no upgrade steps for %s", upgradeTo.NameOfSchema()) diff --git a/graphqlFunc/adminQueries.go b/graphqlFunc/adminQueries.go index f761ea8..0ac9318 100644 --- a/graphqlFunc/adminQueries.go +++ b/graphqlFunc/adminQueries.go @@ -237,6 +237,8 @@ func UpdateSchema(url, authToken string, schema []byte) error { return fmt.Errorf("submit returned errors") } + time.Sleep(10 * time.Second) + return nil } diff --git a/july2024august2024/jiraDetails.go b/july2024august2024/jiraDetails.go index dcc058e..5a02205 100644 --- a/july2024august2024/jiraDetails.go +++ b/july2024august2024/jiraDetails.go @@ -21,12 +21,7 @@ func performJiraDetailsTransition(prodDgraphClient, expDgraphClient graphql.Clie return fmt.Errorf("error: could'nt query old prod jira url from run history to initiate transition: %s", err.Error()) } - if prodArtifactScanDataFiles == nil { - logger.Logger.Info("No record for runhistory found in db while excetuing performJiraDetailsTransition") - return nil - } - - if len(prodArtifactScanDataFiles.QueryRunHistory) == 0 { + if prodArtifactScanDataFiles == nil || len(prodArtifactScanDataFiles.QueryRunHistory) == 0 { logger.Logger.Info("No record for runhistory found in db while excetuing performJiraDetailsTransition") return nil } diff --git a/july2024august2024/july2024/queries.graphql b/july2024august2024/july2024/queries.graphql index d32f4fb..09cc881 100644 --- a/july2024august2024/july2024/queries.graphql +++ b/july2024august2024/july2024/queries.graphql @@ -2,6 +2,12 @@ query GetAttachedJiraUrl { queryRunHistory @cascade{ id JiraUrl + policyEnforcements { + enforcedOrg { + id + name + } + } } } @@ -26,4 +32,4 @@ query QueryIntegratorsForOrgByTypeIfConnected( } } } -} \ No newline at end of file +} diff --git a/july2024august2024/july2024/schema-generated.go b/july2024august2024/july2024/schema-generated.go index c5392e2..badc855 100644 --- a/july2024august2024/july2024/schema-generated.go +++ b/july2024august2024/july2024/schema-generated.go @@ -10,8 +10,9 @@ import ( // GetAttachedJiraUrlQueryRunHistory includes the requested fields of the GraphQL type RunHistory. type GetAttachedJiraUrlQueryRunHistory struct { - Id *string `json:"id"` - JiraUrl string `json:"JiraUrl"` + Id *string `json:"id"` + JiraUrl string `json:"JiraUrl"` + PolicyEnforcements *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement `json:"policyEnforcements"` } // GetId returns GetAttachedJiraUrlQueryRunHistory.Id, and is useful for accessing the field via an interface. @@ -20,6 +21,38 @@ func (v *GetAttachedJiraUrlQueryRunHistory) GetId() *string { return v.Id } // GetJiraUrl returns GetAttachedJiraUrlQueryRunHistory.JiraUrl, and is useful for accessing the field via an interface. func (v *GetAttachedJiraUrlQueryRunHistory) GetJiraUrl() string { return v.JiraUrl } +// GetPolicyEnforcements returns GetAttachedJiraUrlQueryRunHistory.PolicyEnforcements, and is useful for accessing the field via an interface. +func (v *GetAttachedJiraUrlQueryRunHistory) GetPolicyEnforcements() *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement { + return v.PolicyEnforcements +} + +// GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement includes the requested fields of the GraphQL type PolicyEnforcement. +type GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement struct { + EnforcedOrg *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization `json:"enforcedOrg"` +} + +// GetEnforcedOrg returns GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement.EnforcedOrg, and is useful for accessing the field via an interface. +func (v *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcement) GetEnforcedOrg() *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization { + return v.EnforcedOrg +} + +// GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization includes the requested fields of the GraphQL type Organization. +type GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization struct { + // id is randomly assigned + Id string `json:"id"` + Name string `json:"name"` +} + +// GetId returns GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization.Id, and is useful for accessing the field via an interface. +func (v *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization) GetId() string { + return v.Id +} + +// GetName returns GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization.Name, and is useful for accessing the field via an interface. +func (v *GetAttachedJiraUrlQueryRunHistoryPolicyEnforcementsPolicyEnforcementEnforcedOrgOrganization) GetName() string { + return v.Name +} + // GetAttachedJiraUrlResponse is returned by GetAttachedJiraUrl on success. type GetAttachedJiraUrlResponse struct { QueryRunHistory []*GetAttachedJiraUrlQueryRunHistory `json:"queryRunHistory"` @@ -146,6 +179,12 @@ query GetAttachedJiraUrl { queryRunHistory @cascade { id JiraUrl + policyEnforcements { + enforcedOrg { + id + name + } + } } } ` diff --git a/schemas/august2024v2.go b/schemas/august2024v2.go new file mode 100644 index 0000000..ded5b0f --- /dev/null +++ b/schemas/august2024v2.go @@ -0,0 +1,777 @@ +package schemas + +const August2024Version2 = ` +type SchemaVersion { + version: String! +} + +interface RBAC { + roles: [Role!] +} + +enum RolePermission { + admin + write + read +} + +type Role { + "id is randomly assigned" + id: String! @id + "group should be a URI format that includes a scope or realm" + group: String! @search(by: [hash]) + permission: RolePermission! @search(by: [hash]) +} + +""" +KeyValue is a generic key/value pair, used as an attribute list or similar. +""" +type KeyValue { + id: String! @id + name: String! @search(by: [exact, regexp]) + value: String! @search(by: [exact, regexp]) + createdAt: DateTime! @search +} + + +type Organization implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryOrganization @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact]) + roles: [Role!] + teams: [Team!] @hasInverse(field: organization) + environments: [DeploymentTarget!] @hasInverse(field: organization) + policies: [PolicyDefinition!] @hasInverse(field: ownerOrg) + policyEnforcements: [PolicyEnforcement!] + integrators: [Integrator!] @hasInverse(field: organization) + featureModes: [FeatureMode!] @hasInverse(field: organization) +} + +""" +Environment can be things like dev, prod, staging etc. +""" +type Environment { + id: String! @id + organization: Organization! + purpose: String! @search(by: [exact,regexp]) +} + +""" +DeploymentTarget describes a single place that things can be deployed into, +such as an AWS account or a Kubernetes cluster. +""" +type DeploymentTarget + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryDeploymentTarget @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact, regexp]) + "this would be the ip/server address of the target environment" + ip: String! @search(by: [exact]) + account: String + "this would be something like aws, gcp etc" + targetType: String + "this would be something like us-east-1 etc" + region: String + kubescapeServiceConnected: String + isFirewall: Boolean + organization: Organization! @hasInverse(field: environments) + defaultEnvironment: Environment! +} + + +type Team implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryTeam @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryTeam @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact]) + roles: [Role!] + organization: Organization! @hasInverse(field: teams) + applications: [Application!] + labels: [KeyValue!] + policies: [PolicyDefinition!] @hasInverse(field: ownerTeam) + policyEnforcements: [PolicyEnforcement!] + exceptions: [ExceptionAffects!] @hasInverse(field: affectsTeam) +} + +type Application implements RBAC + @withSubscription + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryApplication @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryApplication @cascade { team { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, + ) +{ + "id is randomly assigned" + id: String! @id + name: String! @search(by: [exact, regexp]) + roles: [Role!] + environments: [ApplicationEnvironment!] @hasInverse(field: application) + team: Team! @hasInverse(field: applications) + policies: [PolicyDefinition!] @hasInverse(field: ownerApplication) + policyEnforcements: [PolicyEnforcement!] @hasInverse(field: enforcedApplication) + metadata: [KeyValue!] +} + + +""" +ApplicationEnvironment is a running instance of an application down to the level of a namespace or its non k8s equivalent. +""" +type ApplicationEnvironment @withSubscription { + "id is randomly assigned" + id: String! @id + "environment denotes whether it is dev, prod, staging, non-prod etc" + environment: Environment + application: Application! + deploymentTarget: DeploymentTarget! + namespace: String! @search(by:[exact, regexp]) + "toolsUsed is a comma-separated string that contains all the tools(source, build, artifact, deploy etc) for an app env" + toolsUsed: [String!] + deployments: [ApplicationDeployment!] @hasInverse(field: applicationEnvironment) + riskStatus: ApplicationRiskStatus @hasInverse(field: applicationEnvironment) + metadata: [KeyValue!] +} + +""" +RiskStatus tells us what risk a current application instance or a deployment is at. +""" +enum RiskStatus { + lowrisk + mediumrisk + highrisk + apocalypserisk + scanning +} + +""" +ApplicationRiskStatus tells us about the risk status and alerts for different stages for an application environment. +""" +type ApplicationRiskStatus { + id: ID! + riskStatus: RiskStatus @search(by: [exact,regexp]) + sourceCodeAlerts: Int + buildAlerts: Int + artifactAlerts: Int + deploymentAlerts: Int + createdAt: DateTime! + updatedAt: DateTime! + applicationEnvironment: ApplicationEnvironment! +} + + +""" +DeploymentStage is an enum denoting the stage of the deployment. . +""" +enum DeploymentStage { + "deployment is discovered from the events" + discovered + "scanning is under process" + scanning + "deployment is known to have passed the deployment firewall and the deployment(ie the artifact) is live" + current + "deployment becomes a past deployment because another fresh deployment has happened" + previous + "deployment is blocked by the firewall" + blocked +} + +""" +ApplicationDeployment tells us about the the artifact deployed along with its associated details. +""" +type ApplicationDeployment { + "id is randomly assigned" + id: String! @id + "artifact that is deployed" + artifact: [Artifact!] @hasInverse(field: artifactDeployment) + applicationEnvironment: ApplicationEnvironment! + deployedAt: DateTime @search + "deploymentStage is an enum and can be discovered, current, previous or blocked" + deploymentStage: DeploymentStage! @search(by: [exact]) + "source is argo, spinnaker etc" + source: String! + "component would be a service" + component: String! @search(by: [exact, regexp]) + "user who deployed the artifact" + deployedBy: String + "toolsUsed contains tools of different stages of source, build, artifact and deploy along with some different tools" + toolsUsed: ToolsUsed! + "deploymentRisk is the risk status of the deployment" + deploymentRisk: ApplicationDeploymentRisk @hasInverse(field: applicationDeployment) + "policyRunHistory is the policy execution history for this deployment" + policyRunHistory: [RunHistory!] @hasInverse(field: applicationDeployment) + deploymentTags: [KeyValue!] +} + +type ToolsUsed { + id: ID! + source: String + build: String + artifact: String + deploy: String + sbom: String @search(by: [exact, regexp]) + misc: [String!] +} + +""" +ApplicationDeploymentRisk tells us about the risk status and alerts for different stages for an application deployment. +""" +type ApplicationDeploymentRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + deploymentRiskStatus: RiskStatus @search(by: [exact,regexp]) + applicationDeployment: ApplicationDeployment! @hasInverse(field: deploymentRisk) +} + + +type Integrator + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegrator @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + id: String! @id + organization: Organization! + type: String! @search(by: [exact]) + category: String! @search(by: [exact]) + status: String! @search(by: [exact]) + integratorConfigs: [IntegratorConfigs!] + featureConfigs: [FeatureMode!] @hasInverse(field: integrator) + createdAt: DateTime! + updatedAt: DateTime! +} + +type IntegratorConfigs @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]}, + delete: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryIntegratorConfigs @cascade { integrator { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}}"}, + ]} + ) { + id: ID! + name: String! @search(by: [exact]) + configs: [IntegratorKeyValues!] + integrator: Integrator! @hasInverse(field: integratorConfigs) +} + +type IntegratorKeyValues { + key: String! @search(by: [exact]) + value: String! @search(by: [exact]) + encrypt: Boolean! +} + + +type FeatureMode + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { teams { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { teams { applications { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryFeatureMode @cascade { organization { roles(filter: {group: {in: $groups}, permission: {in: [admin]}}) { __typename }}}}"}, + ]}, + delete: + { rule: "{$type: {eq: \"internal-account/v1\"}}" } + ) +{ + id: String! @id + organization: Organization! + key: String! @search(by: [exact]) + value: String! @search(by: [exact]) + category: String! @search(by: [exact]) + createdAt: DateTime! + updatedAt: DateTime! + integrator: Integrator! @hasInverse(field: featureConfigs) +} + + + +""" +Tag tells us about the tags that are linked to policies and other components. +""" +type Tag { + id: String! @id @search(by:[exact]) + tagName: String! @search(by:[exact]) + tagValue: String! @search(by:[exact,regexp]) + tagDescription: String + createdBy: String @search(by:[exact]) + createdAt: DateTime! + updatedAt: DateTime! + policies: [PolicyEnforcement!] @hasInverse(field: tags) +} + +type PolicyDefinition { + id: String! @id + ownerOrg: Organization! + ownerTeam: Team + ownerApplication: Application + createdAt: DateTime! + updatedAt: DateTime! + policyName: String! @search(by: [exact]) + category: String! @search(by: [exact]) + stage: String! @search(by: [exact]) + description: String! @search(by: [exact]) + scheduledPolicy: Boolean! @search + script: String! @search(by: [exact]) + variables: String @search(by: [exact]) + conditionName: String @search(by: [exact]) + suggestion: String @search(by: [exact]) +} + +type PolicyEnforcement { + id: ID! + policy: PolicyDefinition! + #It should be either of the three or else if node is shared it will make changes to 2 different destination, how to enforce that? + enforcedOrg: Organization @hasInverse(field: policyEnforcements) + enforcedTeam: Team @hasInverse(field: policyEnforcements) + enforcedApplication: Application @hasInverse(field: policyEnforcements) + status: Boolean! @search + forceApply: Boolean @search + severity: Severity! + datasourceTool: String! @search(by: [exact]) + action: String! @search(by: [exact]) + conditionValue: String @search(by: [exact]) + environments: [Environment!] + tags: [Tag!] @hasInverse(field: policies) + createdAt: DateTime! + updatedAt: DateTime! +} + +type Jira { + id: ID! + jiraId: String! @search(by: [exact, regexp]) + url: String! + status: String! @search(by: [exact, regexp]) + createdAt: DateTime! + updatedAt: DateTime! + affectsIndividualComponent: RunHistory @hasInverse(field: AttachedJira) + affectsSecurityissue: SecurityIssue @hasInverse(field: AttachedJira) +} + +type RunHistory { + id: ID! + policyId: String! @search(by: [exact]) + applicationDeployment: ApplicationDeployment @hasInverse(field: policyRunHistory) + artifactScan: ArtifactScanData @hasInverse(field: artifactRunHistory) + PolicyName: String! @search(by: [exact,regexp]) + Stage: String! @search(by: [exact,regexp]) + Artifact: String! @search(by: [exact]) + ArtifactTag: String! @search(by: [exact]) + ArtifactSha: String! @search(by: [exact,regexp]) + ArtifactNameTag: String! @search(by: [exact,regexp]) + DatasourceTool: String! @search(by: [exact,regexp]) + CreatedAt: DateTime! @search + UpdatedAt: DateTime! @search + DeployedAt: DateTime! @search + Hash: String + Pass: Boolean! @search + MetaData: String + FileApi: String + AttachedJira: Jira @hasInverse(field: affectsIndividualComponent) + Status: String! @search(by: [exact]) + exception: ExceptionAffects @hasInverse(field: runHistories) + scheduledPolicy: Boolean! @search + policyEnforcements: PolicyEnforcement! + securityIssue: SecurityIssue @hasInverse(field: Affects) +} + +type SecurityIssue { + id: ID! + AlertTitle: String @search(by: [exact,regexp]) + AlertMessage: String @search(by: [exact]) + Suggestions: String @search(by: [exact]) + Severity: Severity! @search(by: [exact,regexp]) + SeverityInt: Int! @search + CreatedAt: DateTime! @search + UpdatedAt: DateTime! @search + Action: String! @search(by: [exact,regexp]) + Reason: String @search(by: [exact]) + Error: String @search(by: [exact]) + AttachedJira: Jira @hasInverse(field: affectsSecurityissue) + Affects: [RunHistory!] @hasInverse(field: securityIssue) +} + + +""" +BuildTool contains data from build tool events. +""" +type BuildTool { + "id is randomly assigned" + id: String! @id + "buildId is a unique job id, run id for a job/pipeline/action" + buildId: String! @search(by: [exact,regexp]) + "tool is jenkins etc" + tool: String! @search(by: [exact]) + "buildName is the name of the job/pipeline/action" + buildName: String! @search(by: [exact, regexp]) + buildUrl: String! @search(by: [exact]) + artifactType: String @search(by: [exact]) + "artifact would be something like nginx without the tag" + artifact: String! @search(by: [exact]) + "artifactTag would be the tag of the artifact" + artifactTag: String! @search(by: [exact]) + "digest is the sha of the artifact" + digest: String! @search(by: [exact]) + "buildDigest is the sha of the artifact as sent from the build tool" + buildDigest: String @search(by: [exact]) + "artifactNode links a BuildTool node to an artifact" + artifactNode: Artifact @hasInverse(field: buildDetails) + "buildTime is the time at which the artifact was built" + buildTime: DateTime + "buildUser is the user that built the artifact" + buildUser: String + "sourceCodeTool links a BuildTool node to the source details" + sourceCodeTool: SourceCodeTool @hasInverse(field: buildTool) + "commitMetaData links a BuildTool node to the git commit based details" + commitMetaData: [CommitMetaData!] @hasInverse(field: buildTool) + createdAt: DateTime! +} + +""" +SourceCodeTool contains the source details about the artifact that was built. +""" +type SourceCodeTool { + "id is randomly assigned" + id: String! @id + createdAt: DateTime! + "scm is the scm tool github/gitlab etc" + scm: String! + "repository is the git remote repository" + repository: String! @search(by: [exact,regexp]) + "branch is the git branch on which the artifact was built" + branch: String! + "headCommit is the checkout out head commit" + headCommit: String + "diffCommits is a comma separated string of the commits between the previous built artifact and the current" + diffCommits: String + licenseName: String + visibility: String + workflowName: String + "parentRepo is populated in case the git repo is a fork" + parentRepo: String + buildTool: BuildTool! +} + +""" +CommitMetaData contains the git commit related details of the source repository . +""" +type CommitMetaData { + "id is randomly assigned" + id: ID! + "commit is a git commit that was used to build an artifact" + commit: String + repository: String + "commitSign tells us whether the commit is signed" + commitSign: Boolean + noOfReviewersConf: Int + reviewerList: [String!] + approverList: [String!] + buildTool: BuildTool! @hasInverse(field: commitMetaData) +} + +type Artifact { + id: String! @id + artifactType: String! @search(by: [exact]) + artifactName: String! @search(by: [exact, regexp]) + artifactTag: String! @search(by: [exact, regexp]) + artifactSha: String! @search(by: [exact]) + scanData: [ArtifactScanData!] + artifactDeployment: [ApplicationDeployment!] @hasInverse(field: artifact) + buildDetails: BuildTool @hasInverse(field: artifactNode) +} + +type ArtifactScanData { + id: String! @id + artifactSha: String! @search(by: [exact]) + tool: String! @search(by: [exact]) + artifactDetails: Artifact @hasInverse(field: scanData) + lastScannedAt: DateTime + createdAt: DateTime + vulnTrackingId: String + vulnScanState: String @search(by: [exact]) + components: [Component!] + vulnCriticalCount: Int @search + vulnHighCount: Int @search + vulnMediumCount: Int @search + vulnLowCount: Int @search + vulnInfoCount: Int @search + vulnUnknownCount: Int @search + vulnNoneCount: Int @search + vulnTotalCount: Int @search + scanFile: [ScanFileResult!] + artifactRisk: ArtifactRisk @hasInverse(field: artifactScanResult) + artifactRunHistory: [RunHistory!] @hasInverse(field: artifactScan) + artifactTags: [KeyValue!] +} + +type ArtifactRisk { + id: ID! + sourceCodeAlertsScore: Int + buildAlertsScore: Int + artifactAlertsScore: Int + deploymentAlertsScore: Int + artifactRiskStatus: RiskStatus @search(by: [exact,regexp]) + artifactScanResult: ArtifactScanData! @hasInverse(field: artifactRisk) +} + +type ScanFileResult { + id: ID! + name: String! @search(by: [exact, regexp]) + url: String! +} + +type Component { + id: String! @id + type: String! + name: String! @search(by: [exact, regexp]) + version: String! @search(by: [exact, regexp]) + licenses: [String!] + purl: String @search(by: [exact]) + cpe: String @search(by: [exact]) + scannedAt: DateTime + vulnerabilities: [Vulnerability!] @hasInverse(field: affects) + artifacts: [ArtifactScanData!] @hasInverse(field: components) +} + +enum Severity { + critical + high + medium + low + info + none + unknown +} + +type Vulnerability { + id: String! @id + parent: String! @search(by: [exact, regexp]) + ratings: Severity @search(by: [exact]) + cwes: [CWE!] + summary: String + detail: String + recommendation: String + published: DateTime + modified: DateTime + createdAt: DateTime @search + cvss: Float @search + priority: String @search(by: [exact, regexp]) + epss: Float @search + cisa_kev: String @search(by: [exact, regexp]) + affects: [Component!] @hasInverse(field: vulnerabilities) +} + +type CWE { + id: String! @id + name: String! + description: String +} + +type Exception implements RBAC + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]}, + delete:{ + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryException @cascade { affects { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}}"}, + ]} + ) +{ + id: ID! + type: String! @search(by: [exact, regexp]) + name: String! @search(by: [exact, regexp]) + affects: [ExceptionAffects!] + createdAt: DateTime! @search + updatedAt: DateTime! @search +} + +type ExceptionAffects implements RBAC + @auth( + query: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}"}, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write,read]}}) { __typename }}}}"}, + ]}, + add: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]}, + update: { + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]}, + delete:{ + or: [ + { rule: "{$type: {eq: \"internal-account/v1\"}}" }, +{ rule: "query($groups: [String!]) { queryExceptionAffects @cascade { affectsTeam { roles(filter: {group: {in: $groups}, permission: {in: [admin,write]}}) { __typename }}}}"}, + ]} + ) +{ + id: ID! + createdBy: String! @search(by: [exact, regexp]) + affectsTeam: Team! @hasInverse(field: exceptions) + affectsApplication: Application + affectsServices: [String!] @search(by: [exact, regexp]) + validUpTo: DateTime! @search + createdAt: DateTime! @search + updatedAt: DateTime! @search + reason: String! @search(by: [exact, regexp]) + status: String! @search(by: [exact, regexp]) + exception: Exception! @hasInverse(field: affects) + runHistories: [RunHistory!] @hasInverse(field: exception) +} + +# Dgraph.Allow-Origin "http://localhost:4200" +# Dgraph.Authorization {"VerificationKey":"","Header":"X-OpsMx-Auth","jwkurl":"http://token-machine:8050/jwk","Namespace":"ssd.opsmx.io","Algo":"","Audience":["ssd.opsmx.io"],"ClosedByDefault":false} + +`