diff --git a/docs/dyn/securitycenter_v1.folders.sources.findings.html b/docs/dyn/securitycenter_v1.folders.sources.findings.html
index 0f94527f446..d4dee8254c9 100644
--- a/docs/dyn/securitycenter_v1.folders.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.folders.sources.findings.html
@@ -213,6 +213,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
@@ -289,6 +311,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
updateMask: string, The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask.
@@ -330,6 +374,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
@@ -385,6 +451,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
diff --git a/docs/dyn/securitycenter_v1.organizations.sources.findings.html b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
index f9f7580de23..4beea9031f7 100644
--- a/docs/dyn/securitycenter_v1.organizations.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
@@ -146,6 +146,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
findingId: string, Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.
@@ -187,6 +209,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
@@ -299,6 +343,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
@@ -375,6 +441,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
updateMask: string, The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask.
@@ -416,6 +504,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
@@ -471,6 +581,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
diff --git a/docs/dyn/securitycenter_v1.organizations.sources.html b/docs/dyn/securitycenter_v1.organizations.sources.html
index 690929eb5bc..16bf2685333 100644
--- a/docs/dyn/securitycenter_v1.organizations.sources.html
+++ b/docs/dyn/securitycenter_v1.organizations.sources.html
@@ -189,7 +189,7 @@ Method Details
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -308,7 +308,7 @@ Method Details
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -350,7 +350,7 @@ Method Details
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
diff --git a/docs/dyn/securitycenter_v1.projects.sources.findings.html b/docs/dyn/securitycenter_v1.projects.sources.findings.html
index d25a8dd50b4..487329d1eed 100644
--- a/docs/dyn/securitycenter_v1.projects.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.projects.sources.findings.html
@@ -213,6 +213,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
@@ -289,6 +311,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
updateMask: string, The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask.
@@ -330,6 +374,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
@@ -385,6 +451,28 @@ Method Details
"a_key": "",
},
"state": "A String", # The state of the finding.
+ "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+ "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+ "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+ "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+ "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+ "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+ "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+ "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+ },
+ "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+ { # Additional Links
+ "source": "A String", # Source of the reference e.g. NVD
+ "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+ },
+ ],
+ },
+ },
}
diff --git a/docs/dyn/securitycenter_v1beta1.organizations.sources.html b/docs/dyn/securitycenter_v1beta1.organizations.sources.html
index 841428a979e..d8d16d5a4bd 100644
--- a/docs/dyn/securitycenter_v1beta1.organizations.sources.html
+++ b/docs/dyn/securitycenter_v1beta1.organizations.sources.html
@@ -186,7 +186,7 @@ Method Details
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -302,7 +302,7 @@ Method Details
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -344,7 +344,7 @@ Method Details
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
index da7c4bbdc9a..d12d8571d42 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
@@ -3,7 +3,7 @@
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
- "description": "See, edit, configure, and delete your Google Cloud Platform data"
+ "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
}
}
}
@@ -1816,7 +1816,7 @@
}
}
},
- "revision": "20210805",
+ "revision": "20210820",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Asset": {
@@ -1968,6 +1968,164 @@
},
"type": "object"
},
+ "Cve": {
+ "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org",
+ "id": "Cve",
+ "properties": {
+ "cvssv3": {
+ "$ref": "Cvssv3",
+ "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document"
+ },
+ "id": {
+ "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527",
+ "type": "string"
+ },
+ "references": {
+ "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527",
+ "items": {
+ "$ref": "Reference"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "Cvssv3": {
+ "description": "Common Vulnerability Scoring System version 3.",
+ "id": "Cvssv3",
+ "properties": {
+ "attackComplexity": {
+ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",
+ "enum": [
+ "ATTACK_COMPLEXITY_UNSPECIFIED",
+ "ATTACK_COMPLEXITY_LOW",
+ "ATTACK_COMPLEXITY_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.",
+ "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected."
+ ],
+ "type": "string"
+ },
+ "attackVector": {
+ "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.",
+ "enum": [
+ "ATTACK_VECTOR_UNSPECIFIED",
+ "ATTACK_VECTOR_NETWORK",
+ "ATTACK_VECTOR_ADJACENT",
+ "ATTACK_VECTOR_LOCAL",
+ "ATTACK_VECTOR_PHYSICAL"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.",
+ "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.",
+ "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.",
+ "The attack requires the attacker to physically touch or manipulate the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "availabilityImpact": {
+ "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "baseScore": {
+ "description": "The base score is a function of the base metric scores.",
+ "format": "double",
+ "type": "number"
+ },
+ "confidentialityImpact": {
+ "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "integrityImpact": {
+ "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "privilegesRequired": {
+ "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.",
+ "enum": [
+ "PRIVILEGES_REQUIRED_UNSPECIFIED",
+ "PRIVILEGES_REQUIRED_NONE",
+ "PRIVILEGES_REQUIRED_LOW",
+ "PRIVILEGES_REQUIRED_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.",
+ "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.",
+ "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files."
+ ],
+ "type": "string"
+ },
+ "scope": {
+ "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.",
+ "enum": [
+ "SCOPE_UNSPECIFIED",
+ "SCOPE_UNCHANGED",
+ "SCOPE_CHANGED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "An exploited vulnerability can only affect resources managed by the same security authority.",
+ "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "userInteraction": {
+ "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.",
+ "enum": [
+ "USER_INTERACTION_UNSPECIFIED",
+ "USER_INTERACTION_NONE",
+ "USER_INTERACTION_REQUIRED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable system can be exploited without interaction from any user.",
+ "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited."
+ ],
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
@@ -2100,6 +2258,10 @@
"The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active."
],
"type": "string"
+ },
+ "vulnerability": {
+ "$ref": "Vulnerability",
+ "description": "Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
}
},
"type": "object"
@@ -2192,6 +2354,10 @@
"projectDisplayName": {
"description": "The human readable name of project that the resource belongs to.",
"type": "string"
+ },
+ "type": {
+ "description": "The full resource type of the resource.",
+ "type": "string"
}
},
"type": "object"
@@ -2885,7 +3051,7 @@
"type": "object"
},
"Policy": {
- "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+ "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -2915,6 +3081,21 @@
},
"type": "object"
},
+ "Reference": {
+ "description": "Additional Links",
+ "id": "Reference",
+ "properties": {
+ "source": {
+ "description": "Source of the reference e.g. NVD",
+ "type": "string"
+ },
+ "uri": {
+ "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"Resource": {
"description": "Information related to the Google Cloud resource that is associated with this finding.",
"id": "Resource",
@@ -3156,6 +3337,17 @@
}
},
"type": "object"
+ },
+ "Vulnerability": {
+ "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.",
+ "id": "Vulnerability",
+ "properties": {
+ "cve": {
+ "$ref": "Cve",
+ "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
+ }
+ },
+ "type": "object"
}
},
"servicePath": "",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
index 0acfba63db8..0371e676b41 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
@@ -3,7 +3,7 @@
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
- "description": "See, edit, configure, and delete your Google Cloud Platform data"
+ "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
}
}
}
@@ -896,7 +896,7 @@
}
}
},
- "revision": "20210805",
+ "revision": "20210820",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Asset": {
@@ -1039,6 +1039,164 @@
"properties": {},
"type": "object"
},
+ "Cve": {
+ "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org",
+ "id": "Cve",
+ "properties": {
+ "cvssv3": {
+ "$ref": "Cvssv3",
+ "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document"
+ },
+ "id": {
+ "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527",
+ "type": "string"
+ },
+ "references": {
+ "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527",
+ "items": {
+ "$ref": "Reference"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "Cvssv3": {
+ "description": "Common Vulnerability Scoring System version 3.",
+ "id": "Cvssv3",
+ "properties": {
+ "attackComplexity": {
+ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",
+ "enum": [
+ "ATTACK_COMPLEXITY_UNSPECIFIED",
+ "ATTACK_COMPLEXITY_LOW",
+ "ATTACK_COMPLEXITY_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.",
+ "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected."
+ ],
+ "type": "string"
+ },
+ "attackVector": {
+ "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.",
+ "enum": [
+ "ATTACK_VECTOR_UNSPECIFIED",
+ "ATTACK_VECTOR_NETWORK",
+ "ATTACK_VECTOR_ADJACENT",
+ "ATTACK_VECTOR_LOCAL",
+ "ATTACK_VECTOR_PHYSICAL"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.",
+ "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.",
+ "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.",
+ "The attack requires the attacker to physically touch or manipulate the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "availabilityImpact": {
+ "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "baseScore": {
+ "description": "The base score is a function of the base metric scores.",
+ "format": "double",
+ "type": "number"
+ },
+ "confidentialityImpact": {
+ "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "integrityImpact": {
+ "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "privilegesRequired": {
+ "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.",
+ "enum": [
+ "PRIVILEGES_REQUIRED_UNSPECIFIED",
+ "PRIVILEGES_REQUIRED_NONE",
+ "PRIVILEGES_REQUIRED_LOW",
+ "PRIVILEGES_REQUIRED_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.",
+ "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.",
+ "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files."
+ ],
+ "type": "string"
+ },
+ "scope": {
+ "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.",
+ "enum": [
+ "SCOPE_UNSPECIFIED",
+ "SCOPE_UNCHANGED",
+ "SCOPE_CHANGED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "An exploited vulnerability can only affect resources managed by the same security authority.",
+ "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "userInteraction": {
+ "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.",
+ "enum": [
+ "USER_INTERACTION_UNSPECIFIED",
+ "USER_INTERACTION_NONE",
+ "USER_INTERACTION_REQUIRED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable system can be exploited without interaction from any user.",
+ "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited."
+ ],
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
@@ -1171,6 +1329,10 @@
"The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active."
],
"type": "string"
+ },
+ "vulnerability": {
+ "$ref": "Vulnerability",
+ "description": "Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
}
},
"type": "object"
@@ -1263,6 +1425,10 @@
"projectDisplayName": {
"description": "The human readable name of project that the resource belongs to.",
"type": "string"
+ },
+ "type": {
+ "description": "The full resource type of the resource.",
+ "type": "string"
}
},
"type": "object"
@@ -1933,7 +2099,7 @@
"type": "object"
},
"Policy": {
- "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+ "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1963,6 +2129,21 @@
},
"type": "object"
},
+ "Reference": {
+ "description": "Additional Links",
+ "id": "Reference",
+ "properties": {
+ "source": {
+ "description": "Source of the reference e.g. NVD",
+ "type": "string"
+ },
+ "uri": {
+ "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"RunAssetDiscoveryRequest": {
"description": "Request message for running asset discovery for an organization.",
"id": "RunAssetDiscoveryRequest",
@@ -2136,6 +2317,17 @@
}
},
"type": "object"
+ },
+ "Vulnerability": {
+ "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.",
+ "id": "Vulnerability",
+ "properties": {
+ "cve": {
+ "$ref": "Cve",
+ "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
+ }
+ },
+ "type": "object"
}
},
"servicePath": "",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
index db2c87bffed..1e3dc3adab2 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
@@ -3,7 +3,7 @@
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
- "description": "See, edit, configure, and delete your Google Cloud Platform data"
+ "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
}
}
}
@@ -1328,7 +1328,7 @@
}
}
},
- "revision": "20210805",
+ "revision": "20210820",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Config": {
@@ -1407,6 +1407,164 @@
},
"type": "object"
},
+ "Cve": {
+ "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org",
+ "id": "Cve",
+ "properties": {
+ "cvssv3": {
+ "$ref": "Cvssv3",
+ "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document"
+ },
+ "id": {
+ "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527",
+ "type": "string"
+ },
+ "references": {
+ "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527",
+ "items": {
+ "$ref": "Reference"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "Cvssv3": {
+ "description": "Common Vulnerability Scoring System version 3.",
+ "id": "Cvssv3",
+ "properties": {
+ "attackComplexity": {
+ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",
+ "enum": [
+ "ATTACK_COMPLEXITY_UNSPECIFIED",
+ "ATTACK_COMPLEXITY_LOW",
+ "ATTACK_COMPLEXITY_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.",
+ "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected."
+ ],
+ "type": "string"
+ },
+ "attackVector": {
+ "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.",
+ "enum": [
+ "ATTACK_VECTOR_UNSPECIFIED",
+ "ATTACK_VECTOR_NETWORK",
+ "ATTACK_VECTOR_ADJACENT",
+ "ATTACK_VECTOR_LOCAL",
+ "ATTACK_VECTOR_PHYSICAL"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.",
+ "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.",
+ "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.",
+ "The attack requires the attacker to physically touch or manipulate the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "availabilityImpact": {
+ "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "baseScore": {
+ "description": "The base score is a function of the base metric scores.",
+ "format": "double",
+ "type": "number"
+ },
+ "confidentialityImpact": {
+ "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "integrityImpact": {
+ "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.",
+ "enum": [
+ "IMPACT_UNSPECIFIED",
+ "IMPACT_HIGH",
+ "IMPACT_LOW",
+ "IMPACT_NONE"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "High impact.",
+ "Low impact.",
+ "No impact."
+ ],
+ "type": "string"
+ },
+ "privilegesRequired": {
+ "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.",
+ "enum": [
+ "PRIVILEGES_REQUIRED_UNSPECIFIED",
+ "PRIVILEGES_REQUIRED_NONE",
+ "PRIVILEGES_REQUIRED_LOW",
+ "PRIVILEGES_REQUIRED_HIGH"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.",
+ "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.",
+ "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files."
+ ],
+ "type": "string"
+ },
+ "scope": {
+ "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.",
+ "enum": [
+ "SCOPE_UNSPECIFIED",
+ "SCOPE_UNCHANGED",
+ "SCOPE_CHANGED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "An exploited vulnerability can only affect resources managed by the same security authority.",
+ "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component."
+ ],
+ "type": "string"
+ },
+ "userInteraction": {
+ "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.",
+ "enum": [
+ "USER_INTERACTION_UNSPECIFIED",
+ "USER_INTERACTION_NONE",
+ "USER_INTERACTION_REQUIRED"
+ ],
+ "enumDescriptions": [
+ "Invalid value.",
+ "The vulnerable system can be exploited without interaction from any user.",
+ "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited."
+ ],
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"Details": {
"description": "Details of a subscription.",
"id": "Details",
@@ -1585,6 +1743,10 @@
"The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active."
],
"type": "string"
+ },
+ "vulnerability": {
+ "$ref": "Vulnerability",
+ "description": "Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
}
},
"type": "object"
@@ -1654,6 +1816,10 @@
"projectDisplayName": {
"description": "The human readable name of project that the resource belongs to.",
"type": "string"
+ },
+ "type": {
+ "description": "The full resource type of the resource.",
+ "type": "string"
}
},
"type": "object"
@@ -1939,6 +2105,21 @@
},
"type": "object"
},
+ "Reference": {
+ "description": "Additional Links",
+ "id": "Reference",
+ "properties": {
+ "source": {
+ "description": "Source of the reference e.g. NVD",
+ "type": "string"
+ },
+ "uri": {
+ "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"SecurityCenterSettings": {
"description": "Resource capturing the settings for Security Center.",
"id": "SecurityCenterSettings",
@@ -2054,6 +2235,17 @@
},
"type": "object"
},
+ "Vulnerability": {
+ "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.",
+ "id": "Vulnerability",
+ "properties": {
+ "cve": {
+ "$ref": "Cve",
+ "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)"
+ }
+ },
+ "type": "object"
+ },
"WebSecurityScannerSettings": {
"description": "Resource capturing the settings for the Web Security Scanner service.",
"id": "WebSecurityScannerSettings",