policyv1

package
v0.0.0-...-1a28f28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ActionType_name = map[int32]string{
		0: "ACTION_TYPE_UNSPECIFIED",
		1: "ACTION_TYPE_ALLOW",
		2: "ACTION_TYPE_DENY",
		3: "ACTION_TYPE_WARN",
	}
	ActionType_value = map[string]int32{
		"ACTION_TYPE_UNSPECIFIED": 0,
		"ACTION_TYPE_ALLOW":       1,
		"ACTION_TYPE_DENY":        2,
		"ACTION_TYPE_WARN":        3,
	}
)

Enum value maps for ActionType.

View Source 
var File_deputy_policy_v1_policy_proto protoreflect.FileDescriptor
View Source 
var File_deputy_policy_v1_service_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Action 

type Action struct {

	// Type is the action type (allow, deny, warn).
	Type ActionType `protobuf:"varint,1,opt,name=type,proto3,enum=deputy.policy.v1.ActionType" json:"type,omitempty"`
	// PolicyName is the name of the policy that triggered this action.
	PolicyName string `protobuf:"bytes,2,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
	// RuleName is the name of the specific rule within the policy.
	RuleName string `protobuf:"bytes,3,opt,name=rule_name,json=ruleName,proto3" json:"rule_name,omitempty"`
	// Reason explains why this action was triggered.
	Reason string `protobuf:"bytes,4,opt,name=reason,proto3" json:"reason,omitempty"`
	// Remediation suggests how to resolve the issue.
	Remediation string `protobuf:"bytes,5,opt,name=remediation,proto3" json:"remediation,omitempty"`
	// Entrypoint is the policy entrypoint that evaluated this action.
	Entrypoint string `protobuf:"bytes,6,opt,name=entrypoint,proto3" json:"entrypoint,omitempty"`
	// contains filtered or unexported fields
}

Action captures a single policy evaluation result.

func (*Action) Descriptor deprecated 

func (*Action) Descriptor() ([]byte, []int)

Deprecated: Use Action.ProtoReflect.Descriptor instead.

func (*Action) GetEntrypoint 

func (x *Action) GetEntrypoint() string

func (*Action) GetPolicyName 

func (x *Action) GetPolicyName() string

func (*Action) GetReason 

func (x *Action) GetReason() string

func (*Action) GetRemediation 

func (x *Action) GetRemediation() string

func (*Action) GetRuleName 

func (x *Action) GetRuleName() string

func (*Action) GetType 

func (x *Action) GetType() ActionType

func (*Action) ProtoMessage 

func (*Action) ProtoMessage()

func (*Action) ProtoReflect 

func (x *Action) ProtoReflect() protoreflect.Message

func (*Action) Reset 

func (x *Action) Reset()

func (*Action) String 

func (x *Action) String() string

type ActionType 

type ActionType int32

ActionType represents a policy evaluation outcome. 

const (
	// Unspecified action.
	ActionType_ACTION_TYPE_UNSPECIFIED ActionType = 0
	// Explicitly allow the operation.
	ActionType_ACTION_TYPE_ALLOW ActionType = 1
	// Deny the operation.
	ActionType_ACTION_TYPE_DENY ActionType = 2
	// Allow but emit a warning.
	ActionType_ACTION_TYPE_WARN ActionType = 3
)

func (ActionType) Descriptor 

func (ActionType) Descriptor() protoreflect.EnumDescriptor

func (ActionType) Enum 

func (x ActionType) Enum() *ActionType

func (ActionType) EnumDescriptor deprecated 

func (ActionType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ActionType.Descriptor instead.

func (ActionType) Number 

func (x ActionType) Number() protoreflect.EnumNumber

func (ActionType) String 

func (x ActionType) String() string

func (ActionType) Type 

func (ActionType) Type() protoreflect.EnumType

type ContainerConfigDiff 

type ContainerConfigDiff struct {
	UserChanged       bool     `protobuf:"varint,1,opt,name=user_changed,json=userChanged,proto3" json:"user_changed,omitempty"`
	BaseUser          string   `protobuf:"bytes,2,opt,name=base_user,json=baseUser,proto3" json:"base_user,omitempty"`
	TargetUser        string   `protobuf:"bytes,3,opt,name=target_user,json=targetUser,proto3" json:"target_user,omitempty"`
	RootChanged       bool     `protobuf:"varint,4,opt,name=root_changed,json=rootChanged,proto3" json:"root_changed,omitempty"`
	BaseIsRoot        bool     `protobuf:"varint,5,opt,name=base_is_root,json=baseIsRoot,proto3" json:"base_is_root,omitempty"`
	TargetIsRoot      bool     `protobuf:"varint,6,opt,name=target_is_root,json=targetIsRoot,proto3" json:"target_is_root,omitempty"`
	PortsChanged      bool     `protobuf:"varint,7,opt,name=ports_changed,json=portsChanged,proto3" json:"ports_changed,omitempty"`
	PortsAdded        []string `protobuf:"bytes,8,rep,name=ports_added,json=portsAdded,proto3" json:"ports_added,omitempty"`
	PortsRemoved      []string `protobuf:"bytes,9,rep,name=ports_removed,json=portsRemoved,proto3" json:"ports_removed,omitempty"`
	EntrypointChanged bool     `protobuf:"varint,10,opt,name=entrypoint_changed,json=entrypointChanged,proto3" json:"entrypoint_changed,omitempty"`
	BaseEntrypoint    []string `protobuf:"bytes,11,rep,name=base_entrypoint,json=baseEntrypoint,proto3" json:"base_entrypoint,omitempty"`
	TargetEntrypoint  []string `protobuf:"bytes,12,rep,name=target_entrypoint,json=targetEntrypoint,proto3" json:"target_entrypoint,omitempty"`
	// contains filtered or unexported fields
}

ContainerConfigDiff describes configuration differences between images.

func (*ContainerConfigDiff) Descriptor deprecated 

func (*ContainerConfigDiff) Descriptor() ([]byte, []int)

Deprecated: Use ContainerConfigDiff.ProtoReflect.Descriptor instead.

func (*ContainerConfigDiff) GetBaseEntrypoint 

func (x *ContainerConfigDiff) GetBaseEntrypoint() []string

func (*ContainerConfigDiff) GetBaseIsRoot 

func (x *ContainerConfigDiff) GetBaseIsRoot() bool

func (*ContainerConfigDiff) GetBaseUser 

func (x *ContainerConfigDiff) GetBaseUser() string

func (*ContainerConfigDiff) GetEntrypointChanged 

func (x *ContainerConfigDiff) GetEntrypointChanged() bool

func (*ContainerConfigDiff) GetPortsAdded 

func (x *ContainerConfigDiff) GetPortsAdded() []string

func (*ContainerConfigDiff) GetPortsChanged 

func (x *ContainerConfigDiff) GetPortsChanged() bool

func (*ContainerConfigDiff) GetPortsRemoved 

func (x *ContainerConfigDiff) GetPortsRemoved() []string

func (*ContainerConfigDiff) GetRootChanged 

func (x *ContainerConfigDiff) GetRootChanged() bool

func (*ContainerConfigDiff) GetTargetEntrypoint 

func (x *ContainerConfigDiff) GetTargetEntrypoint() []string

func (*ContainerConfigDiff) GetTargetIsRoot 

func (x *ContainerConfigDiff) GetTargetIsRoot() bool

func (*ContainerConfigDiff) GetTargetUser 

func (x *ContainerConfigDiff) GetTargetUser() string

func (*ContainerConfigDiff) GetUserChanged 

func (x *ContainerConfigDiff) GetUserChanged() bool

func (*ContainerConfigDiff) ProtoMessage 

func (*ContainerConfigDiff) ProtoMessage()

func (*ContainerConfigDiff) ProtoReflect 

func (x *ContainerConfigDiff) ProtoReflect() protoreflect.Message

func (*ContainerConfigDiff) Reset 

func (x *ContainerConfigDiff) Reset()

func (*ContainerConfigDiff) String 

func (x *ContainerConfigDiff) String() string

type ContainerDiffChangePolicyInput 

type ContainerDiffChangePolicyInput struct {
	Change *ContainerPackageChange `protobuf:"bytes,1,opt,name=change,proto3" json:"change,omitempty"`
	Env    *Environment            `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ContainerDiffChangePolicyInput is the input for the container_diff_change entrypoint.

func (*ContainerDiffChangePolicyInput) Descriptor deprecated 

func (*ContainerDiffChangePolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ContainerDiffChangePolicyInput.ProtoReflect.Descriptor instead.

func (*ContainerDiffChangePolicyInput) GetChange 

func (x *ContainerDiffChangePolicyInput) GetChange() *ContainerPackageChange

func (*ContainerDiffChangePolicyInput) GetEnv 

func (x *ContainerDiffChangePolicyInput) GetEnv() *Environment

func (*ContainerDiffChangePolicyInput) ProtoMessage 

func (*ContainerDiffChangePolicyInput) ProtoMessage()

func (*ContainerDiffChangePolicyInput) ProtoReflect 

func (x *ContainerDiffChangePolicyInput) ProtoReflect() protoreflect.Message

func (*ContainerDiffChangePolicyInput) Reset 

func (x *ContainerDiffChangePolicyInput) Reset()

func (*ContainerDiffChangePolicyInput) String 

func (x *ContainerDiffChangePolicyInput) String() string

type ContainerDiffConfigPolicyInput 

type ContainerDiffConfigPolicyInput struct {
	ConfigDiff *ContainerConfigDiff `protobuf:"bytes,1,opt,name=config_diff,json=configDiff,proto3" json:"config_diff,omitempty"`
	Env        *Environment         `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ContainerDiffConfigPolicyInput is the input for container_diff_config entrypoint.

func (*ContainerDiffConfigPolicyInput) Descriptor deprecated 

func (*ContainerDiffConfigPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ContainerDiffConfigPolicyInput.ProtoReflect.Descriptor instead.

func (*ContainerDiffConfigPolicyInput) GetConfigDiff 

func (x *ContainerDiffConfigPolicyInput) GetConfigDiff() *ContainerConfigDiff

func (*ContainerDiffConfigPolicyInput) GetEnv 

func (x *ContainerDiffConfigPolicyInput) GetEnv() *Environment

func (*ContainerDiffConfigPolicyInput) ProtoMessage 

func (*ContainerDiffConfigPolicyInput) ProtoMessage()

func (*ContainerDiffConfigPolicyInput) ProtoReflect 

func (x *ContainerDiffConfigPolicyInput) ProtoReflect() protoreflect.Message

func (*ContainerDiffConfigPolicyInput) Reset 

func (x *ContainerDiffConfigPolicyInput) Reset()

func (*ContainerDiffConfigPolicyInput) String 

func (x *ContainerDiffConfigPolicyInput) String() string

type ContainerDiffLayerPolicyInput 

type ContainerDiffLayerPolicyInput struct {
	LayerChange *LayerChange `protobuf:"bytes,1,opt,name=layer_change,json=layerChange,proto3" json:"layer_change,omitempty"`
	Env         *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ContainerDiffLayerPolicyInput is the input for the container_diff_layer entrypoint.

func (*ContainerDiffLayerPolicyInput) Descriptor deprecated 

func (*ContainerDiffLayerPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ContainerDiffLayerPolicyInput.ProtoReflect.Descriptor instead.

func (*ContainerDiffLayerPolicyInput) GetEnv 

func (x *ContainerDiffLayerPolicyInput) GetEnv() *Environment

func (*ContainerDiffLayerPolicyInput) GetLayerChange 

func (x *ContainerDiffLayerPolicyInput) GetLayerChange() *LayerChange

func (*ContainerDiffLayerPolicyInput) ProtoMessage 

func (*ContainerDiffLayerPolicyInput) ProtoMessage()

func (*ContainerDiffLayerPolicyInput) ProtoReflect 

func (x *ContainerDiffLayerPolicyInput) ProtoReflect() protoreflect.Message

func (*ContainerDiffLayerPolicyInput) Reset 

func (x *ContainerDiffLayerPolicyInput) Reset()

func (*ContainerDiffLayerPolicyInput) String 

func (x *ContainerDiffLayerPolicyInput) String() string

type ContainerDiffReportPolicyInput 

type ContainerDiffReportPolicyInput struct {

	// PackageChanges lists all package changes between images.
	PackageChanges []*ContainerPackageChange `protobuf:"bytes,1,rep,name=package_changes,json=packageChanges,proto3" json:"package_changes,omitempty"`
	// VulnerabilityChanges lists vulnerability changes.
	VulnerabilityChanges []*ContainerVulnerabilityChange `protobuf:"bytes,2,rep,name=vulnerability_changes,json=vulnerabilityChanges,proto3" json:"vulnerability_changes,omitempty"`
	// ConfigChanges describes configuration differences.
	ConfigChanges *ContainerConfigDiff `protobuf:"bytes,3,opt,name=config_changes,json=configChanges,proto3" json:"config_changes,omitempty"`
	// BaseImage describes the baseline image.
	BaseImage *ContainerImageRef `protobuf:"bytes,4,opt,name=base_image,json=baseImage,proto3" json:"base_image,omitempty"`
	// TargetImage describes the target image.
	TargetImage *ContainerImageRef `protobuf:"bytes,5,opt,name=target_image,json=targetImage,proto3" json:"target_image,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,6,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ContainerDiffReportPolicyInput is the input for the container_diff_report entrypoint.

func (*ContainerDiffReportPolicyInput) Descriptor deprecated 

func (*ContainerDiffReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ContainerDiffReportPolicyInput.ProtoReflect.Descriptor instead.

func (*ContainerDiffReportPolicyInput) GetBaseImage 

func (x *ContainerDiffReportPolicyInput) GetBaseImage() *ContainerImageRef

func (*ContainerDiffReportPolicyInput) GetConfigChanges 

func (x *ContainerDiffReportPolicyInput) GetConfigChanges() *ContainerConfigDiff

func (*ContainerDiffReportPolicyInput) GetEnv 

func (x *ContainerDiffReportPolicyInput) GetEnv() *Environment

func (*ContainerDiffReportPolicyInput) GetPackageChanges 

func (x *ContainerDiffReportPolicyInput) GetPackageChanges() []*ContainerPackageChange

func (*ContainerDiffReportPolicyInput) GetTargetImage 

func (x *ContainerDiffReportPolicyInput) GetTargetImage() *ContainerImageRef

func (*ContainerDiffReportPolicyInput) GetVulnerabilityChanges 

func (x *ContainerDiffReportPolicyInput) GetVulnerabilityChanges() []*ContainerVulnerabilityChange

func (*ContainerDiffReportPolicyInput) ProtoMessage 

func (*ContainerDiffReportPolicyInput) ProtoMessage()

func (*ContainerDiffReportPolicyInput) ProtoReflect 

func (x *ContainerDiffReportPolicyInput) ProtoReflect() protoreflect.Message

func (*ContainerDiffReportPolicyInput) Reset 

func (x *ContainerDiffReportPolicyInput) Reset()

func (*ContainerDiffReportPolicyInput) String 

func (x *ContainerDiffReportPolicyInput) String() string

type ContainerDiffVulnerabilityPolicyInput 

type ContainerDiffVulnerabilityPolicyInput struct {
	VulnerabilityChange *ContainerVulnerabilityChange `protobuf:"bytes,1,opt,name=vulnerability_change,json=vulnerabilityChange,proto3" json:"vulnerability_change,omitempty"`
	Env                 *Environment                  `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ContainerDiffVulnerabilityPolicyInput is the input for container_diff_vulnerability.

func (*ContainerDiffVulnerabilityPolicyInput) Descriptor deprecated 

func (*ContainerDiffVulnerabilityPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ContainerDiffVulnerabilityPolicyInput.ProtoReflect.Descriptor instead.

func (*ContainerDiffVulnerabilityPolicyInput) GetEnv 

func (x *ContainerDiffVulnerabilityPolicyInput) GetEnv() *Environment

func (*ContainerDiffVulnerabilityPolicyInput) GetVulnerabilityChange 

func (x *ContainerDiffVulnerabilityPolicyInput) GetVulnerabilityChange() *ContainerVulnerabilityChange

func (*ContainerDiffVulnerabilityPolicyInput) ProtoMessage 

func (*ContainerDiffVulnerabilityPolicyInput) ProtoMessage()

func (*ContainerDiffVulnerabilityPolicyInput) ProtoReflect 

func (x *ContainerDiffVulnerabilityPolicyInput) ProtoReflect() protoreflect.Message

func (*ContainerDiffVulnerabilityPolicyInput) Reset 

func (x *ContainerDiffVulnerabilityPolicyInput) Reset()

func (*ContainerDiffVulnerabilityPolicyInput) String 

func (x *ContainerDiffVulnerabilityPolicyInput) String() string

type ContainerImageRef 

type ContainerImageRef struct {
	Reference  string `protobuf:"bytes,1,opt,name=reference,proto3" json:"reference,omitempty"`
	Registry   string `protobuf:"bytes,2,opt,name=registry,proto3" json:"registry,omitempty"`
	Repository string `protobuf:"bytes,3,opt,name=repository,proto3" json:"repository,omitempty"`
	Tag        string `protobuf:"bytes,4,opt,name=tag,proto3" json:"tag,omitempty"`
	Digest     string `protobuf:"bytes,5,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

ContainerImageRef identifies a container image.

func (*ContainerImageRef) Descriptor deprecated 

func (*ContainerImageRef) Descriptor() ([]byte, []int)

Deprecated: Use ContainerImageRef.ProtoReflect.Descriptor instead.

func (*ContainerImageRef) GetDigest 

func (x *ContainerImageRef) GetDigest() string

func (*ContainerImageRef) GetReference 

func (x *ContainerImageRef) GetReference() string

func (*ContainerImageRef) GetRegistry 

func (x *ContainerImageRef) GetRegistry() string

func (*ContainerImageRef) GetRepository 

func (x *ContainerImageRef) GetRepository() string

func (*ContainerImageRef) GetTag 

func (x *ContainerImageRef) GetTag() string

func (*ContainerImageRef) ProtoMessage 

func (*ContainerImageRef) ProtoMessage()

func (*ContainerImageRef) ProtoReflect 

func (x *ContainerImageRef) ProtoReflect() protoreflect.Message

func (*ContainerImageRef) Reset 

func (x *ContainerImageRef) Reset()

func (*ContainerImageRef) String 

func (x *ContainerImageRef) String() string

type ContainerPackageChange 

type ContainerPackageChange struct {
	Name               string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	Ecosystem          string            `protobuf:"bytes,2,opt,name=ecosystem,proto3" json:"ecosystem,omitempty"`
	ChangeKind         string            `protobuf:"bytes,3,opt,name=change_kind,json=changeKind,proto3" json:"change_kind,omitempty"`
	BaseVersion        string            `protobuf:"bytes,4,opt,name=base_version,json=baseVersion,proto3" json:"base_version,omitempty"`
	TargetVersion      string            `protobuf:"bytes,5,opt,name=target_version,json=targetVersion,proto3" json:"target_version,omitempty"`
	IsDirect           bool              `protobuf:"varint,6,opt,name=is_direct,json=isDirect,proto3" json:"is_direct,omitempty"`
	BaseLayerDetails   *v13.LayerDetails `protobuf:"bytes,7,opt,name=base_layer_details,json=baseLayerDetails,proto3" json:"base_layer_details,omitempty"`
	TargetLayerDetails *v13.LayerDetails `protobuf:"bytes,8,opt,name=target_layer_details,json=targetLayerDetails,proto3" json:"target_layer_details,omitempty"`
	// contains filtered or unexported fields
}

ContainerPackageChange represents a package change between container images.

func (*ContainerPackageChange) Descriptor deprecated 

func (*ContainerPackageChange) Descriptor() ([]byte, []int)

Deprecated: Use ContainerPackageChange.ProtoReflect.Descriptor instead.

func (*ContainerPackageChange) GetBaseLayerDetails 

func (x *ContainerPackageChange) GetBaseLayerDetails() *v13.LayerDetails

func (*ContainerPackageChange) GetBaseVersion 

func (x *ContainerPackageChange) GetBaseVersion() string

func (*ContainerPackageChange) GetChangeKind 

func (x *ContainerPackageChange) GetChangeKind() string

func (*ContainerPackageChange) GetEcosystem 

func (x *ContainerPackageChange) GetEcosystem() string

func (*ContainerPackageChange) GetIsDirect 

func (x *ContainerPackageChange) GetIsDirect() bool

func (*ContainerPackageChange) GetName 

func (x *ContainerPackageChange) GetName() string

func (*ContainerPackageChange) GetTargetLayerDetails 

func (x *ContainerPackageChange) GetTargetLayerDetails() *v13.LayerDetails

func (*ContainerPackageChange) GetTargetVersion 

func (x *ContainerPackageChange) GetTargetVersion() string

func (*ContainerPackageChange) ProtoMessage 

func (*ContainerPackageChange) ProtoMessage()

func (*ContainerPackageChange) ProtoReflect 

func (x *ContainerPackageChange) ProtoReflect() protoreflect.Message

func (*ContainerPackageChange) Reset 

func (x *ContainerPackageChange) Reset()

func (*ContainerPackageChange) String 

func (x *ContainerPackageChange) String() string

type ContainerVulnerabilityChange 

type ContainerVulnerabilityChange struct {
	Id            string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	ChangeKind    string   `protobuf:"bytes,2,opt,name=change_kind,json=changeKind,proto3" json:"change_kind,omitempty"`
	Severity      string   `protobuf:"bytes,3,opt,name=severity,proto3" json:"severity,omitempty"`
	PackageName   string   `protobuf:"bytes,4,opt,name=package_name,json=packageName,proto3" json:"package_name,omitempty"`
	Ecosystem     string   `protobuf:"bytes,5,opt,name=ecosystem,proto3" json:"ecosystem,omitempty"`
	BaseVersion   string   `protobuf:"bytes,6,opt,name=base_version,json=baseVersion,proto3" json:"base_version,omitempty"`
	TargetVersion string   `protobuf:"bytes,7,opt,name=target_version,json=targetVersion,proto3" json:"target_version,omitempty"`
	FixedVersions []string `protobuf:"bytes,8,rep,name=fixed_versions,json=fixedVersions,proto3" json:"fixed_versions,omitempty"`
	Summary       string   `protobuf:"bytes,9,opt,name=summary,proto3" json:"summary,omitempty"`
	// contains filtered or unexported fields
}

ContainerVulnerabilityChange represents a vulnerability change between images.

func (*ContainerVulnerabilityChange) Descriptor deprecated 

func (*ContainerVulnerabilityChange) Descriptor() ([]byte, []int)

Deprecated: Use ContainerVulnerabilityChange.ProtoReflect.Descriptor instead.

func (*ContainerVulnerabilityChange) GetBaseVersion 

func (x *ContainerVulnerabilityChange) GetBaseVersion() string

func (*ContainerVulnerabilityChange) GetChangeKind 

func (x *ContainerVulnerabilityChange) GetChangeKind() string

func (*ContainerVulnerabilityChange) GetEcosystem 

func (x *ContainerVulnerabilityChange) GetEcosystem() string

func (*ContainerVulnerabilityChange) GetFixedVersions 

func (x *ContainerVulnerabilityChange) GetFixedVersions() []string

func (*ContainerVulnerabilityChange) GetId 

func (x *ContainerVulnerabilityChange) GetId() string

func (*ContainerVulnerabilityChange) GetPackageName 

func (x *ContainerVulnerabilityChange) GetPackageName() string

func (*ContainerVulnerabilityChange) GetSeverity 

func (x *ContainerVulnerabilityChange) GetSeverity() string

func (*ContainerVulnerabilityChange) GetSummary 

func (x *ContainerVulnerabilityChange) GetSummary() string

func (*ContainerVulnerabilityChange) GetTargetVersion 

func (x *ContainerVulnerabilityChange) GetTargetVersion() string

func (*ContainerVulnerabilityChange) ProtoMessage 

func (*ContainerVulnerabilityChange) ProtoMessage()

func (*ContainerVulnerabilityChange) ProtoReflect 

func (x *ContainerVulnerabilityChange) ProtoReflect() protoreflect.Message

func (*ContainerVulnerabilityChange) Reset 

func (x *ContainerVulnerabilityChange) Reset()

func (*ContainerVulnerabilityChange) String 

func (x *ContainerVulnerabilityChange) String() string

type DependencyChange 

type DependencyChange struct {

	// Pkg is the changed package.
	Pkg *v11.Package `protobuf:"bytes,1,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// ChangeKind is the type of change (added, removed, upgraded, downgraded).
	ChangeKind string `protobuf:"bytes,2,opt,name=change_kind,json=changeKind,proto3" json:"change_kind,omitempty"`
	// BaseVersion is the version in the base target.
	BaseVersion string `protobuf:"bytes,3,opt,name=base_version,json=baseVersion,proto3" json:"base_version,omitempty"`
	// TargetVersion is the version in the target.
	TargetVersion string `protobuf:"bytes,4,opt,name=target_version,json=targetVersion,proto3" json:"target_version,omitempty"`
	// IsDirect indicates if this is a direct dependency.
	IsDirect bool `protobuf:"varint,5,opt,name=is_direct,json=isDirect,proto3" json:"is_direct,omitempty"`
	// contains filtered or unexported fields
}

DependencyChange represents a single dependency change for diff policies.

func (*DependencyChange) Descriptor deprecated 

func (*DependencyChange) Descriptor() ([]byte, []int)

Deprecated: Use DependencyChange.ProtoReflect.Descriptor instead.

func (*DependencyChange) GetBaseVersion 

func (x *DependencyChange) GetBaseVersion() string

func (*DependencyChange) GetChangeKind 

func (x *DependencyChange) GetChangeKind() string

func (*DependencyChange) GetIsDirect 

func (x *DependencyChange) GetIsDirect() bool

func (*DependencyChange) GetPkg 

func (x *DependencyChange) GetPkg() *v11.Package

func (*DependencyChange) GetTargetVersion 

func (x *DependencyChange) GetTargetVersion() string

func (*DependencyChange) ProtoMessage 

func (*DependencyChange) ProtoMessage()

func (*DependencyChange) ProtoReflect 

func (x *DependencyChange) ProtoReflect() protoreflect.Message

func (*DependencyChange) Reset 

func (x *DependencyChange) Reset()

func (*DependencyChange) String 

func (x *DependencyChange) String() string

type DiffDependencyChangePolicyInput 

type DiffDependencyChangePolicyInput struct {

	// Change is the current dependency change.
	Change *DependencyChange `protobuf:"bytes,1,opt,name=change,proto3" json:"change,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

DiffDependencyChangePolicyInput is the input for the diff_dependency_change entrypoint. Evaluated once per dependency change.

func (*DiffDependencyChangePolicyInput) Descriptor deprecated 

func (*DiffDependencyChangePolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use DiffDependencyChangePolicyInput.ProtoReflect.Descriptor instead.

func (*DiffDependencyChangePolicyInput) GetChange 

func (x *DiffDependencyChangePolicyInput) GetChange() *DependencyChange

func (*DiffDependencyChangePolicyInput) GetEnv 

func (x *DiffDependencyChangePolicyInput) GetEnv() *Environment

func (*DiffDependencyChangePolicyInput) ProtoMessage 

func (*DiffDependencyChangePolicyInput) ProtoMessage()

func (*DiffDependencyChangePolicyInput) ProtoReflect 

func (x *DiffDependencyChangePolicyInput) ProtoReflect() protoreflect.Message

func (*DiffDependencyChangePolicyInput) Reset 

func (x *DiffDependencyChangePolicyInput) Reset()

func (*DiffDependencyChangePolicyInput) String 

func (x *DiffDependencyChangePolicyInput) String() string

type DiffReportPolicyInput 

type DiffReportPolicyInput struct {

	// Changes lists all dependency changes between refs.
	Changes []*DependencyChange `protobuf:"bytes,1,rep,name=changes,proto3" json:"changes,omitempty"`
	// BaseTarget is the baseline (older) target.
	BaseTarget *v12.Target `protobuf:"bytes,2,opt,name=base_target,json=baseTarget,proto3" json:"base_target,omitempty"`
	// TargetTarget is the target (newer) being compared.
	TargetTarget *v12.Target `protobuf:"bytes,3,opt,name=target_target,json=targetTarget,proto3" json:"target_target,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

DiffReportPolicyInput is the input for the diff_report entrypoint. Evaluated once after a git diff completes.

func (*DiffReportPolicyInput) Descriptor deprecated 

func (*DiffReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use DiffReportPolicyInput.ProtoReflect.Descriptor instead.

func (*DiffReportPolicyInput) GetBaseTarget 

func (x *DiffReportPolicyInput) GetBaseTarget() *v12.Target

func (*DiffReportPolicyInput) GetChanges 

func (x *DiffReportPolicyInput) GetChanges() []*DependencyChange

func (*DiffReportPolicyInput) GetEnv 

func (x *DiffReportPolicyInput) GetEnv() *Environment

func (*DiffReportPolicyInput) GetTargetTarget 

func (x *DiffReportPolicyInput) GetTargetTarget() *v12.Target

func (*DiffReportPolicyInput) ProtoMessage 

func (*DiffReportPolicyInput) ProtoMessage()

func (*DiffReportPolicyInput) ProtoReflect 

func (x *DiffReportPolicyInput) ProtoReflect() protoreflect.Message

func (*DiffReportPolicyInput) Reset 

func (x *DiffReportPolicyInput) Reset()

func (*DiffReportPolicyInput) String 

func (x *DiffReportPolicyInput) String() string

type DiffVulnerabilityPolicyInput 

type DiffVulnerabilityPolicyInput struct {

	// Vulnerability is the vulnerability finding.
	Vulnerability *v1.Finding `protobuf:"bytes,1,opt,name=vulnerability,proto3" json:"vulnerability,omitempty"`
	// ChangeKind indicates if this is "added" or "removed".
	ChangeKind string `protobuf:"bytes,2,opt,name=change_kind,json=changeKind,proto3" json:"change_kind,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

DiffVulnerabilityPolicyInput is the input for the diff_vulnerability entrypoint. Evaluated for each vulnerability that changed between refs.

func (*DiffVulnerabilityPolicyInput) Descriptor deprecated 

func (*DiffVulnerabilityPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use DiffVulnerabilityPolicyInput.ProtoReflect.Descriptor instead.

func (*DiffVulnerabilityPolicyInput) GetChangeKind 

func (x *DiffVulnerabilityPolicyInput) GetChangeKind() string

func (*DiffVulnerabilityPolicyInput) GetEnv 

func (x *DiffVulnerabilityPolicyInput) GetEnv() *Environment

func (*DiffVulnerabilityPolicyInput) GetVulnerability 

func (x *DiffVulnerabilityPolicyInput) GetVulnerability() *v1.Finding

func (*DiffVulnerabilityPolicyInput) ProtoMessage 

func (*DiffVulnerabilityPolicyInput) ProtoMessage()

func (*DiffVulnerabilityPolicyInput) ProtoReflect 

func (x *DiffVulnerabilityPolicyInput) ProtoReflect() protoreflect.Message

func (*DiffVulnerabilityPolicyInput) Reset 

func (x *DiffVulnerabilityPolicyInput) Reset()

func (*DiffVulnerabilityPolicyInput) String 

func (x *DiffVulnerabilityPolicyInput) String() string

type DockerfileAnalysis 

type DockerfileAnalysis struct {
	StageCount          int32    `protobuf:"varint,1,opt,name=stage_count,json=stageCount,proto3" json:"stage_count,omitempty"`
	HasMultiStage       bool     `protobuf:"varint,2,opt,name=has_multi_stage,json=hasMultiStage,proto3" json:"has_multi_stage,omitempty"`
	BuilderStageCount   int32    `protobuf:"varint,3,opt,name=builder_stage_count,json=builderStageCount,proto3" json:"builder_stage_count,omitempty"`
	FinalStageIsRoot    bool     `protobuf:"varint,4,opt,name=final_stage_is_root,json=finalStageIsRoot,proto3" json:"final_stage_is_root,omitempty"`
	FinalStageIsScratch bool     `protobuf:"varint,5,opt,name=final_stage_is_scratch,json=finalStageIsScratch,proto3" json:"final_stage_is_scratch,omitempty"`
	SensitiveEnvVars    []string `protobuf:"bytes,6,rep,name=sensitive_env_vars,json=sensitiveEnvVars,proto3" json:"sensitive_env_vars,omitempty"`
	HasAddUrl           bool     `protobuf:"varint,7,opt,name=has_add_url,json=hasAddUrl,proto3" json:"has_add_url,omitempty"`
	// contains filtered or unexported fields
}

DockerfileAnalysis contains static analysis results.

func (*DockerfileAnalysis) Descriptor deprecated 

func (*DockerfileAnalysis) Descriptor() ([]byte, []int)

Deprecated: Use DockerfileAnalysis.ProtoReflect.Descriptor instead.

func (*DockerfileAnalysis) GetBuilderStageCount 

func (x *DockerfileAnalysis) GetBuilderStageCount() int32

func (*DockerfileAnalysis) GetFinalStageIsRoot 

func (x *DockerfileAnalysis) GetFinalStageIsRoot() bool

func (*DockerfileAnalysis) GetFinalStageIsScratch 

func (x *DockerfileAnalysis) GetFinalStageIsScratch() bool

func (*DockerfileAnalysis) GetHasAddUrl 

func (x *DockerfileAnalysis) GetHasAddUrl() bool

func (*DockerfileAnalysis) GetHasMultiStage 

func (x *DockerfileAnalysis) GetHasMultiStage() bool

func (*DockerfileAnalysis) GetSensitiveEnvVars 

func (x *DockerfileAnalysis) GetSensitiveEnvVars() []string

func (*DockerfileAnalysis) GetStageCount 

func (x *DockerfileAnalysis) GetStageCount() int32

func (*DockerfileAnalysis) ProtoMessage 

func (*DockerfileAnalysis) ProtoMessage()

func (*DockerfileAnalysis) ProtoReflect 

func (x *DockerfileAnalysis) ProtoReflect() protoreflect.Message

func (*DockerfileAnalysis) Reset 

func (x *DockerfileAnalysis) Reset()

func (*DockerfileAnalysis) String 

func (x *DockerfileAnalysis) String() string

type DockerfileInfo 

type DockerfileInfo struct {
	Path       string             `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
	Stages     []*DockerfileStage `protobuf:"bytes,2,rep,name=stages,proto3" json:"stages,omitempty"`
	FinalStage *DockerfileStage   `protobuf:"bytes,3,opt,name=final_stage,json=finalStage,proto3" json:"final_stage,omitempty"`
	Args       map[string]string  `` /* 135-byte string literal not displayed */
	// contains filtered or unexported fields
}

DockerfileInfo contains parsed Dockerfile data.

func (*DockerfileInfo) Descriptor deprecated 

func (*DockerfileInfo) Descriptor() ([]byte, []int)

Deprecated: Use DockerfileInfo.ProtoReflect.Descriptor instead.

func (*DockerfileInfo) GetArgs 

func (x *DockerfileInfo) GetArgs() map[string]string

func (*DockerfileInfo) GetFinalStage 

func (x *DockerfileInfo) GetFinalStage() *DockerfileStage

func (*DockerfileInfo) GetPath 

func (x *DockerfileInfo) GetPath() string

func (*DockerfileInfo) GetStages 

func (x *DockerfileInfo) GetStages() []*DockerfileStage

func (*DockerfileInfo) ProtoMessage 

func (*DockerfileInfo) ProtoMessage()

func (*DockerfileInfo) ProtoReflect 

func (x *DockerfileInfo) ProtoReflect() protoreflect.Message

func (*DockerfileInfo) Reset 

func (x *DockerfileInfo) Reset()

func (*DockerfileInfo) String 

func (x *DockerfileInfo) String() string

type DockerfileReportPolicyInput 

type DockerfileReportPolicyInput struct {

	// Dockerfile contains the parsed Dockerfile data.
	Dockerfile *DockerfileInfo `protobuf:"bytes,1,opt,name=dockerfile,proto3" json:"dockerfile,omitempty"`
	// DockerfileAnalysis contains static analysis results.
	DockerfileAnalysis *DockerfileAnalysis `protobuf:"bytes,2,opt,name=dockerfile_analysis,json=dockerfileAnalysis,proto3" json:"dockerfile_analysis,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

DockerfileReportPolicyInput is the input for the dockerfile_report entrypoint.

func (*DockerfileReportPolicyInput) Descriptor deprecated 

func (*DockerfileReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use DockerfileReportPolicyInput.ProtoReflect.Descriptor instead.

func (*DockerfileReportPolicyInput) GetDockerfile 

func (x *DockerfileReportPolicyInput) GetDockerfile() *DockerfileInfo

func (*DockerfileReportPolicyInput) GetDockerfileAnalysis 

func (x *DockerfileReportPolicyInput) GetDockerfileAnalysis() *DockerfileAnalysis

func (*DockerfileReportPolicyInput) GetEnv 

func (x *DockerfileReportPolicyInput) GetEnv() *Environment

func (*DockerfileReportPolicyInput) ProtoMessage 

func (*DockerfileReportPolicyInput) ProtoMessage()

func (*DockerfileReportPolicyInput) ProtoReflect 

func (x *DockerfileReportPolicyInput) ProtoReflect() protoreflect.Message

func (*DockerfileReportPolicyInput) Reset 

func (x *DockerfileReportPolicyInput) Reset()

func (*DockerfileReportPolicyInput) String 

func (x *DockerfileReportPolicyInput) String() string

type DockerfileStage 

type DockerfileStage struct {
	Index             int32             `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	Name              string            `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	BaseImage         string            `protobuf:"bytes,3,opt,name=base_image,json=baseImage,proto3" json:"base_image,omitempty"`
	BaseImageResolved *ImageReference   `protobuf:"bytes,4,opt,name=base_image_resolved,json=baseImageResolved,proto3" json:"base_image_resolved,omitempty"`
	Platform          string            `protobuf:"bytes,5,opt,name=platform,proto3" json:"platform,omitempty"`
	IsScratch         bool              `protobuf:"varint,6,opt,name=is_scratch,json=isScratch,proto3" json:"is_scratch,omitempty"`
	IsBuilderStage    bool              `protobuf:"varint,7,opt,name=is_builder_stage,json=isBuilderStage,proto3" json:"is_builder_stage,omitempty"`
	User              string            `protobuf:"bytes,8,opt,name=user,proto3" json:"user,omitempty"`
	IsRoot            bool              `protobuf:"varint,9,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"`
	Workdir           string            `protobuf:"bytes,10,opt,name=workdir,proto3" json:"workdir,omitempty"`
	EnvVars           map[string]string `` /* 157-byte string literal not displayed */
	SensitiveEnv      []string          `protobuf:"bytes,12,rep,name=sensitive_env,json=sensitiveEnv,proto3" json:"sensitive_env,omitempty"`
	ExposedPorts      []string          `protobuf:"bytes,13,rep,name=exposed_ports,json=exposedPorts,proto3" json:"exposed_ports,omitempty"`
	Labels            map[string]string `` /* 140-byte string literal not displayed */
	// contains filtered or unexported fields
}

DockerfileStage represents a single build stage.

func (*DockerfileStage) Descriptor deprecated 

func (*DockerfileStage) Descriptor() ([]byte, []int)

Deprecated: Use DockerfileStage.ProtoReflect.Descriptor instead.

func (*DockerfileStage) GetBaseImage 

func (x *DockerfileStage) GetBaseImage() string

func (*DockerfileStage) GetBaseImageResolved 

func (x *DockerfileStage) GetBaseImageResolved() *ImageReference

func (*DockerfileStage) GetEnvVars 

func (x *DockerfileStage) GetEnvVars() map[string]string

func (*DockerfileStage) GetExposedPorts 

func (x *DockerfileStage) GetExposedPorts() []string

func (*DockerfileStage) GetIndex 

func (x *DockerfileStage) GetIndex() int32

func (*DockerfileStage) GetIsBuilderStage 

func (x *DockerfileStage) GetIsBuilderStage() bool

func (*DockerfileStage) GetIsRoot 

func (x *DockerfileStage) GetIsRoot() bool

func (*DockerfileStage) GetIsScratch 

func (x *DockerfileStage) GetIsScratch() bool

func (*DockerfileStage) GetLabels 

func (x *DockerfileStage) GetLabels() map[string]string

func (*DockerfileStage) GetName 

func (x *DockerfileStage) GetName() string

func (*DockerfileStage) GetPlatform 

func (x *DockerfileStage) GetPlatform() string

func (*DockerfileStage) GetSensitiveEnv 

func (x *DockerfileStage) GetSensitiveEnv() []string

func (*DockerfileStage) GetUser 

func (x *DockerfileStage) GetUser() string

func (*DockerfileStage) GetWorkdir 

func (x *DockerfileStage) GetWorkdir() string

func (*DockerfileStage) ProtoMessage 

func (*DockerfileStage) ProtoMessage()

func (*DockerfileStage) ProtoReflect 

func (x *DockerfileStage) ProtoReflect() protoreflect.Message

func (*DockerfileStage) Reset 

func (x *DockerfileStage) Reset()

func (*DockerfileStage) String 

func (x *DockerfileStage) String() string

type DockerfileStagePolicyInput 

type DockerfileStagePolicyInput struct {
	Stage      *DockerfileStage `protobuf:"bytes,1,opt,name=stage,proto3" json:"stage,omitempty"`
	Dockerfile *DockerfileInfo  `protobuf:"bytes,2,opt,name=dockerfile,proto3" json:"dockerfile,omitempty"`
	Env        *Environment     `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

DockerfileStagePolicyInput is the input for the dockerfile_stage entrypoint.

func (*DockerfileStagePolicyInput) Descriptor deprecated 

func (*DockerfileStagePolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use DockerfileStagePolicyInput.ProtoReflect.Descriptor instead.

func (*DockerfileStagePolicyInput) GetDockerfile 

func (x *DockerfileStagePolicyInput) GetDockerfile() *DockerfileInfo

func (*DockerfileStagePolicyInput) GetEnv 

func (x *DockerfileStagePolicyInput) GetEnv() *Environment

func (*DockerfileStagePolicyInput) GetStage 

func (x *DockerfileStagePolicyInput) GetStage() *DockerfileStage

func (*DockerfileStagePolicyInput) ProtoMessage 

func (*DockerfileStagePolicyInput) ProtoMessage()

func (*DockerfileStagePolicyInput) ProtoReflect 

func (x *DockerfileStagePolicyInput) ProtoReflect() protoreflect.Message

func (*DockerfileStagePolicyInput) Reset 

func (x *DockerfileStagePolicyInput) Reset()

func (*DockerfileStagePolicyInput) String 

func (x *DockerfileStagePolicyInput) String() string

type EntrypointInfo 

type EntrypointInfo struct {

	// Name is the entrypoint identifier (e.g., "scan_vulnerability").
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Category groups related entrypoints (e.g., "scan", "proxy", "graph").
	Category string `protobuf:"bytes,2,opt,name=category,proto3" json:"category,omitempty"`
	// Description explains when this entrypoint is evaluated.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// Variables available in CEL expressions at this entrypoint.
	Variables []*VariableInfo `protobuf:"bytes,4,rep,name=variables,proto3" json:"variables,omitempty"`
	// Helpers lists custom functions available at this entrypoint.
	Helpers []string `protobuf:"bytes,5,rep,name=helpers,proto3" json:"helpers,omitempty"`
	// contains filtered or unexported fields
}

EntrypointInfo describes a policy entrypoint.

func (*EntrypointInfo) Descriptor deprecated 

func (*EntrypointInfo) Descriptor() ([]byte, []int)

Deprecated: Use EntrypointInfo.ProtoReflect.Descriptor instead.

func (*EntrypointInfo) GetCategory 

func (x *EntrypointInfo) GetCategory() string

func (*EntrypointInfo) GetDescription 

func (x *EntrypointInfo) GetDescription() string

func (*EntrypointInfo) GetHelpers 

func (x *EntrypointInfo) GetHelpers() []string

func (*EntrypointInfo) GetName 

func (x *EntrypointInfo) GetName() string

func (*EntrypointInfo) GetVariables 

func (x *EntrypointInfo) GetVariables() []*VariableInfo

func (*EntrypointInfo) ProtoMessage 

func (*EntrypointInfo) ProtoMessage()

func (*EntrypointInfo) ProtoReflect 

func (x *EntrypointInfo) ProtoReflect() protoreflect.Message

func (*EntrypointInfo) Reset 

func (x *EntrypointInfo) Reset()

func (*EntrypointInfo) String 

func (x *EntrypointInfo) String() string

type Environment 

type Environment struct {

	// Command is the deputy command being executed (e.g., "scan", "proxy").
	Command string `protobuf:"bytes,1,opt,name=command,proto3" json:"command,omitempty"`
	// Entrypoint is the policy entrypoint being evaluated.
	Entrypoint string `protobuf:"bytes,2,opt,name=entrypoint,proto3" json:"entrypoint,omitempty"`
	// contains filtered or unexported fields
}

Environment provides context about the execution environment.

func (*Environment) Descriptor deprecated 

func (*Environment) Descriptor() ([]byte, []int)

Deprecated: Use Environment.ProtoReflect.Descriptor instead.

func (*Environment) GetCommand 

func (x *Environment) GetCommand() string

func (*Environment) GetEntrypoint 

func (x *Environment) GetEntrypoint() string

func (*Environment) ProtoMessage 

func (*Environment) ProtoMessage()

func (*Environment) ProtoReflect 

func (x *Environment) ProtoReflect() protoreflect.Message

func (*Environment) Reset 

func (x *Environment) Reset()

func (*Environment) String 

func (x *Environment) String() string

type EvaluateRequest 

type EvaluateRequest struct {

	// Policies to evaluate. Can be inline YAML or file paths.
	// When using file paths, the service must be in local mode.
	Policies []*PolicySource `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
	// Input for evaluation - exactly one must be set.
	//
	// Types that are valid to be assigned to Input:
	//
	//	*EvaluateRequest_ScanVulnerability
	//	*EvaluateRequest_ScanReport
	//	*EvaluateRequest_GoArtifactRequest
	//	*EvaluateRequest_NpmArtifactRequest
	//	*EvaluateRequest_PypiArtifactRequest
	//	*EvaluateRequest_OciArtifactRequest
	//	*EvaluateRequest_CustomPayload
	Input isEvaluateRequest_Input `protobuf_oneof:"input"`
	// Entrypoints to evaluate. If empty, evaluates all matching entrypoints.
	Entrypoints []string `protobuf:"bytes,20,rep,name=entrypoints,proto3" json:"entrypoints,omitempty"`
	// contains filtered or unexported fields
}

EvaluateRequest specifies the policies and input for evaluation.

func (*EvaluateRequest) Descriptor deprecated 

func (*EvaluateRequest) Descriptor() ([]byte, []int)

Deprecated: Use EvaluateRequest.ProtoReflect.Descriptor instead.

func (*EvaluateRequest) GetCustomPayload 

func (x *EvaluateRequest) GetCustomPayload() []byte

func (*EvaluateRequest) GetEntrypoints 

func (x *EvaluateRequest) GetEntrypoints() []string

func (*EvaluateRequest) GetGoArtifactRequest 

func (x *EvaluateRequest) GetGoArtifactRequest() *GoArtifactRequestPolicyInput

func (*EvaluateRequest) GetInput 

func (x *EvaluateRequest) GetInput() isEvaluateRequest_Input

func (*EvaluateRequest) GetNpmArtifactRequest 

func (x *EvaluateRequest) GetNpmArtifactRequest() *NpmArtifactRequestPolicyInput

func (*EvaluateRequest) GetOciArtifactRequest 

func (x *EvaluateRequest) GetOciArtifactRequest() *OciArtifactRequestPolicyInput

func (*EvaluateRequest) GetPolicies 

func (x *EvaluateRequest) GetPolicies() []*PolicySource

func (*EvaluateRequest) GetPypiArtifactRequest 

func (x *EvaluateRequest) GetPypiArtifactRequest() *PypiArtifactRequestPolicyInput

func (*EvaluateRequest) GetScanReport 

func (x *EvaluateRequest) GetScanReport() *ScanReportPolicyInput

func (*EvaluateRequest) GetScanVulnerability 

func (x *EvaluateRequest) GetScanVulnerability() *ScanVulnerabilityPolicyInput

func (*EvaluateRequest) ProtoMessage 

func (*EvaluateRequest) ProtoMessage()

func (*EvaluateRequest) ProtoReflect 

func (x *EvaluateRequest) ProtoReflect() protoreflect.Message

func (*EvaluateRequest) Reset 

func (x *EvaluateRequest) Reset()

func (*EvaluateRequest) String 

func (x *EvaluateRequest) String() string

type EvaluateRequest_CustomPayload 

type EvaluateRequest_CustomPayload struct {
	// Generic payload for custom entrypoints.
	CustomPayload []byte `protobuf:"bytes,99,opt,name=custom_payload,json=customPayload,proto3,oneof"`
}

type EvaluateRequest_GoArtifactRequest 

type EvaluateRequest_GoArtifactRequest struct {
	// GoArtifactRequest input for Go proxy evaluation.
	GoArtifactRequest *GoArtifactRequestPolicyInput `protobuf:"bytes,12,opt,name=go_artifact_request,json=goArtifactRequest,proto3,oneof"`
}

type EvaluateRequest_NpmArtifactRequest 

type EvaluateRequest_NpmArtifactRequest struct {
	// NpmArtifactRequest input for npm proxy evaluation.
	NpmArtifactRequest *NpmArtifactRequestPolicyInput `protobuf:"bytes,13,opt,name=npm_artifact_request,json=npmArtifactRequest,proto3,oneof"`
}

type EvaluateRequest_OciArtifactRequest 

type EvaluateRequest_OciArtifactRequest struct {
	// OciArtifactRequest input for OCI proxy evaluation.
	OciArtifactRequest *OciArtifactRequestPolicyInput `protobuf:"bytes,15,opt,name=oci_artifact_request,json=ociArtifactRequest,proto3,oneof"`
}

type EvaluateRequest_PypiArtifactRequest 

type EvaluateRequest_PypiArtifactRequest struct {
	// PypiArtifactRequest input for PyPI proxy evaluation.
	PypiArtifactRequest *PypiArtifactRequestPolicyInput `protobuf:"bytes,14,opt,name=pypi_artifact_request,json=pypiArtifactRequest,proto3,oneof"`
}

type EvaluateRequest_ScanReport 

type EvaluateRequest_ScanReport struct {
	// ScanReport input for report-level evaluation.
	ScanReport *ScanReportPolicyInput `protobuf:"bytes,11,opt,name=scan_report,json=scanReport,proto3,oneof"`
}

type EvaluateRequest_ScanVulnerability 

type EvaluateRequest_ScanVulnerability struct {
	// ScanVulnerability input for per-vulnerability evaluation.
	ScanVulnerability *ScanVulnerabilityPolicyInput `protobuf:"bytes,10,opt,name=scan_vulnerability,json=scanVulnerability,proto3,oneof"`
}

type EvaluateResponse 

type EvaluateResponse struct {

	// Actions triggered by policy evaluation.
	Actions []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// Overall outcome based on triggered actions.
	// DENY if any deny action, WARN if any warn action, ALLOW otherwise.
	Outcome ActionType `protobuf:"varint,2,opt,name=outcome,proto3,enum=deputy.policy.v1.ActionType" json:"outcome,omitempty"`
	// Errors encountered during evaluation (syntax errors, missing vars, etc).
	Errors []*PolicyError `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
	// contains filtered or unexported fields
}

EvaluateResponse contains all policy evaluation results.

func (*EvaluateResponse) Descriptor deprecated 

func (*EvaluateResponse) Descriptor() ([]byte, []int)

Deprecated: Use EvaluateResponse.ProtoReflect.Descriptor instead.

func (*EvaluateResponse) GetActions 

func (x *EvaluateResponse) GetActions() []*Action

func (*EvaluateResponse) GetErrors 

func (x *EvaluateResponse) GetErrors() []*PolicyError

func (*EvaluateResponse) GetOutcome 

func (x *EvaluateResponse) GetOutcome() ActionType

func (*EvaluateResponse) ProtoMessage 

func (*EvaluateResponse) ProtoMessage()

func (*EvaluateResponse) ProtoReflect 

func (x *EvaluateResponse) ProtoReflect() protoreflect.Message

func (*EvaluateResponse) Reset 

func (x *EvaluateResponse) Reset()

func (*EvaluateResponse) String 

func (x *EvaluateResponse) String() string

type FieldInfo 

type FieldInfo struct {

	// Name is the field path (e.g., "advisory.severity.level").
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Type is the field type.
	Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
	// Description explains what the field contains.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// contains filtered or unexported fields
}

FieldInfo describes a field within a variable.

func (*FieldInfo) Descriptor deprecated 

func (*FieldInfo) Descriptor() ([]byte, []int)

Deprecated: Use FieldInfo.ProtoReflect.Descriptor instead.

func (*FieldInfo) GetDescription 

func (x *FieldInfo) GetDescription() string

func (*FieldInfo) GetName 

func (x *FieldInfo) GetName() string

func (*FieldInfo) GetType 

func (x *FieldInfo) GetType() string

func (*FieldInfo) ProtoMessage 

func (*FieldInfo) ProtoMessage()

func (*FieldInfo) ProtoReflect 

func (x *FieldInfo) ProtoReflect() protoreflect.Message

func (*FieldInfo) Reset 

func (x *FieldInfo) Reset()

func (*FieldInfo) String 

func (x *FieldInfo) String() string

type FixPlanPolicyInput 

type FixPlanPolicyInput struct {

	// Commands are the remediation steps.
	Commands []*RemediationCommand `protobuf:"bytes,1,rep,name=commands,proto3" json:"commands,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was analyzed.
	Target *v12.Target `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

FixPlanPolicyInput is the input for the fix_plan entrypoint.

func (*FixPlanPolicyInput) Descriptor deprecated 

func (*FixPlanPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use FixPlanPolicyInput.ProtoReflect.Descriptor instead.

func (*FixPlanPolicyInput) GetCommands 

func (x *FixPlanPolicyInput) GetCommands() []*RemediationCommand

func (*FixPlanPolicyInput) GetEnv 

func (x *FixPlanPolicyInput) GetEnv() *Environment

func (*FixPlanPolicyInput) GetTarget 

func (x *FixPlanPolicyInput) GetTarget() *v12.Target

func (*FixPlanPolicyInput) ProtoMessage 

func (*FixPlanPolicyInput) ProtoMessage()

func (*FixPlanPolicyInput) ProtoReflect 

func (x *FixPlanPolicyInput) ProtoReflect() protoreflect.Message

func (*FixPlanPolicyInput) Reset 

func (x *FixPlanPolicyInput) Reset()

func (*FixPlanPolicyInput) String 

func (x *FixPlanPolicyInput) String() string

type FixPlanStepPolicyInput 

type FixPlanStepPolicyInput struct {
	Step *RemediationCommand `protobuf:"bytes,1,opt,name=step,proto3" json:"step,omitempty"`
	Env  *Environment        `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

FixPlanStepPolicyInput is the input for the fix_plan_step entrypoint.

func (*FixPlanStepPolicyInput) Descriptor deprecated 

func (*FixPlanStepPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use FixPlanStepPolicyInput.ProtoReflect.Descriptor instead.

func (*FixPlanStepPolicyInput) GetEnv 

func (x *FixPlanStepPolicyInput) GetEnv() *Environment

func (*FixPlanStepPolicyInput) GetStep 

func (x *FixPlanStepPolicyInput) GetStep() *RemediationCommand

func (*FixPlanStepPolicyInput) ProtoMessage 

func (*FixPlanStepPolicyInput) ProtoMessage()

func (*FixPlanStepPolicyInput) ProtoReflect 

func (x *FixPlanStepPolicyInput) ProtoReflect() protoreflect.Message

func (*FixPlanStepPolicyInput) Reset 

func (x *FixPlanStepPolicyInput) Reset()

func (*FixPlanStepPolicyInput) String 

func (x *FixPlanStepPolicyInput) String() string

type GoArtifactRequestPolicyInput 

type GoArtifactRequestPolicyInput struct {

	// Request contains the package request details.
	Request *ProxyRequest `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	// Jwt contains verified JWT claims (if authenticated).
	Jwt *JWTClaims `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Vulnerabilities associated with the requested package.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,4,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Pkg is the requested package (synthesized from request).
	Pkg *v11.Package `protobuf:"bytes,5,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// contains filtered or unexported fields
}

GoArtifactRequestPolicyInput is the input for the go_artifact_request entrypoint. Evaluated when the proxy handles a Go module request.

func (*GoArtifactRequestPolicyInput) Descriptor deprecated 

func (*GoArtifactRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use GoArtifactRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*GoArtifactRequestPolicyInput) GetEnv 

func (x *GoArtifactRequestPolicyInput) GetEnv() *Environment

func (*GoArtifactRequestPolicyInput) GetJwt 

func (x *GoArtifactRequestPolicyInput) GetJwt() *JWTClaims

func (*GoArtifactRequestPolicyInput) GetPkg 

func (x *GoArtifactRequestPolicyInput) GetPkg() *v11.Package

func (*GoArtifactRequestPolicyInput) GetRequest 

func (x *GoArtifactRequestPolicyInput) GetRequest() *ProxyRequest

func (*GoArtifactRequestPolicyInput) GetVulnerabilities 

func (x *GoArtifactRequestPolicyInput) GetVulnerabilities() []*v1.Finding

func (*GoArtifactRequestPolicyInput) ProtoMessage 

func (*GoArtifactRequestPolicyInput) ProtoMessage()

func (*GoArtifactRequestPolicyInput) ProtoReflect 

func (x *GoArtifactRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*GoArtifactRequestPolicyInput) Reset 

func (x *GoArtifactRequestPolicyInput) Reset()

func (*GoArtifactRequestPolicyInput) String 

func (x *GoArtifactRequestPolicyInput) String() string

type GraphEdge 

type GraphEdge struct {
	From       string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"`
	To         string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"`
	Constraint string `protobuf:"bytes,3,opt,name=constraint,proto3" json:"constraint,omitempty"`
	Scope      string `protobuf:"bytes,4,opt,name=scope,proto3" json:"scope,omitempty"`
	// contains filtered or unexported fields
}

GraphEdge represents a dependency relationship.

func (*GraphEdge) Descriptor deprecated 

func (*GraphEdge) Descriptor() ([]byte, []int)

Deprecated: Use GraphEdge.ProtoReflect.Descriptor instead.

func (*GraphEdge) GetConstraint 

func (x *GraphEdge) GetConstraint() string

func (*GraphEdge) GetFrom 

func (x *GraphEdge) GetFrom() string

func (*GraphEdge) GetScope 

func (x *GraphEdge) GetScope() string

func (*GraphEdge) GetTo 

func (x *GraphEdge) GetTo() string

func (*GraphEdge) ProtoMessage 

func (*GraphEdge) ProtoMessage()

func (*GraphEdge) ProtoReflect 

func (x *GraphEdge) ProtoReflect() protoreflect.Message

func (*GraphEdge) Reset 

func (x *GraphEdge) Reset()

func (*GraphEdge) String 

func (x *GraphEdge) String() string

type GraphEdgePolicyInput 

type GraphEdgePolicyInput struct {
	Edge     *GraphEdge   `protobuf:"bytes,1,opt,name=edge,proto3" json:"edge,omitempty"`
	FromNode *GraphNode   `protobuf:"bytes,2,opt,name=from_node,json=fromNode,proto3" json:"from_node,omitempty"`
	ToNode   *GraphNode   `protobuf:"bytes,3,opt,name=to_node,json=toNode,proto3" json:"to_node,omitempty"`
	Env      *Environment `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

GraphEdgePolicyInput is the input for the graph_edge entrypoint.

func (*GraphEdgePolicyInput) Descriptor deprecated 

func (*GraphEdgePolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use GraphEdgePolicyInput.ProtoReflect.Descriptor instead.

func (*GraphEdgePolicyInput) GetEdge 

func (x *GraphEdgePolicyInput) GetEdge() *GraphEdge

func (*GraphEdgePolicyInput) GetEnv 

func (x *GraphEdgePolicyInput) GetEnv() *Environment

func (*GraphEdgePolicyInput) GetFromNode 

func (x *GraphEdgePolicyInput) GetFromNode() *GraphNode

func (*GraphEdgePolicyInput) GetToNode 

func (x *GraphEdgePolicyInput) GetToNode() *GraphNode

func (*GraphEdgePolicyInput) ProtoMessage 

func (*GraphEdgePolicyInput) ProtoMessage()

func (*GraphEdgePolicyInput) ProtoReflect 

func (x *GraphEdgePolicyInput) ProtoReflect() protoreflect.Message

func (*GraphEdgePolicyInput) Reset 

func (x *GraphEdgePolicyInput) Reset()

func (*GraphEdgePolicyInput) String 

func (x *GraphEdgePolicyInput) String() string

type GraphNode 

type GraphNode struct {
	Purl            string        `protobuf:"bytes,1,opt,name=purl,proto3" json:"purl,omitempty"`
	Name            string        `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Version         string        `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	Ecosystem       string        `protobuf:"bytes,4,opt,name=ecosystem,proto3" json:"ecosystem,omitempty"`
	Direct          bool          `protobuf:"varint,5,opt,name=direct,proto3" json:"direct,omitempty"`
	Depth           int32         `protobuf:"varint,6,opt,name=depth,proto3" json:"depth,omitempty"`
	Locations       []string      `protobuf:"bytes,7,rep,name=locations,proto3" json:"locations,omitempty"`
	Vulnerabilities []*v1.Finding `protobuf:"bytes,8,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// contains filtered or unexported fields
}

GraphNode represents a package in the dependency graph for policy evaluation.

func (*GraphNode) Descriptor deprecated 

func (*GraphNode) Descriptor() ([]byte, []int)

Deprecated: Use GraphNode.ProtoReflect.Descriptor instead.

func (*GraphNode) GetDepth 

func (x *GraphNode) GetDepth() int32

func (*GraphNode) GetDirect 

func (x *GraphNode) GetDirect() bool

func (*GraphNode) GetEcosystem 

func (x *GraphNode) GetEcosystem() string

func (*GraphNode) GetLocations 

func (x *GraphNode) GetLocations() []string

func (*GraphNode) GetName 

func (x *GraphNode) GetName() string

func (*GraphNode) GetPurl 

func (x *GraphNode) GetPurl() string

func (*GraphNode) GetVersion 

func (x *GraphNode) GetVersion() string

func (*GraphNode) GetVulnerabilities 

func (x *GraphNode) GetVulnerabilities() []*v1.Finding

func (*GraphNode) ProtoMessage 

func (*GraphNode) ProtoMessage()

func (*GraphNode) ProtoReflect 

func (x *GraphNode) ProtoReflect() protoreflect.Message

func (*GraphNode) Reset 

func (x *GraphNode) Reset()

func (*GraphNode) String 

func (x *GraphNode) String() string

type GraphNodePolicyInput 

type GraphNodePolicyInput struct {
	Node *GraphNode   `protobuf:"bytes,1,opt,name=node,proto3" json:"node,omitempty"`
	Env  *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

GraphNodePolicyInput is the input for the graph_node entrypoint.

func (*GraphNodePolicyInput) Descriptor deprecated 

func (*GraphNodePolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use GraphNodePolicyInput.ProtoReflect.Descriptor instead.

func (*GraphNodePolicyInput) GetEnv 

func (x *GraphNodePolicyInput) GetEnv() *Environment

func (*GraphNodePolicyInput) GetNode 

func (x *GraphNodePolicyInput) GetNode() *GraphNode

func (*GraphNodePolicyInput) ProtoMessage 

func (*GraphNodePolicyInput) ProtoMessage()

func (*GraphNodePolicyInput) ProtoReflect 

func (x *GraphNodePolicyInput) ProtoReflect() protoreflect.Message

func (*GraphNodePolicyInput) Reset 

func (x *GraphNodePolicyInput) Reset()

func (*GraphNodePolicyInput) String 

func (x *GraphNodePolicyInput) String() string

type GraphReportPolicyInput 

type GraphReportPolicyInput struct {

	// Nodes are all packages in the dependency graph.
	Nodes []*GraphNode `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
	// Edges are dependency relationships.
	Edges []*GraphEdge `protobuf:"bytes,2,rep,name=edges,proto3" json:"edges,omitempty"`
	// Roots are PURLs of direct dependencies.
	Roots []string `protobuf:"bytes,3,rep,name=roots,proto3" json:"roots,omitempty"`
	// Stats summarizes the graph.
	Stats *GraphStats `protobuf:"bytes,4,opt,name=stats,proto3" json:"stats,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,5,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was analyzed.
	Target *v12.Target `protobuf:"bytes,6,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

GraphReportPolicyInput is the input for the graph_report entrypoint.

func (*GraphReportPolicyInput) Descriptor deprecated 

func (*GraphReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use GraphReportPolicyInput.ProtoReflect.Descriptor instead.

func (*GraphReportPolicyInput) GetEdges 

func (x *GraphReportPolicyInput) GetEdges() []*GraphEdge

func (*GraphReportPolicyInput) GetEnv 

func (x *GraphReportPolicyInput) GetEnv() *Environment

func (*GraphReportPolicyInput) GetNodes 

func (x *GraphReportPolicyInput) GetNodes() []*GraphNode

func (*GraphReportPolicyInput) GetRoots 

func (x *GraphReportPolicyInput) GetRoots() []string

func (*GraphReportPolicyInput) GetStats 

func (x *GraphReportPolicyInput) GetStats() *GraphStats

func (*GraphReportPolicyInput) GetTarget 

func (x *GraphReportPolicyInput) GetTarget() *v12.Target

func (*GraphReportPolicyInput) ProtoMessage 

func (*GraphReportPolicyInput) ProtoMessage()

func (*GraphReportPolicyInput) ProtoReflect 

func (x *GraphReportPolicyInput) ProtoReflect() protoreflect.Message

func (*GraphReportPolicyInput) Reset 

func (x *GraphReportPolicyInput) Reset()

func (*GraphReportPolicyInput) String 

func (x *GraphReportPolicyInput) String() string

type GraphStats 

type GraphStats struct {
	TotalNodes      int32            `protobuf:"varint,1,opt,name=total_nodes,json=totalNodes,proto3" json:"total_nodes,omitempty"`
	DirectNodes     int32            `protobuf:"varint,2,opt,name=direct_nodes,json=directNodes,proto3" json:"direct_nodes,omitempty"`
	TransitiveNodes int32            `protobuf:"varint,3,opt,name=transitive_nodes,json=transitiveNodes,proto3" json:"transitive_nodes,omitempty"`
	MaxDepth        int32            `protobuf:"varint,4,opt,name=max_depth,json=maxDepth,proto3" json:"max_depth,omitempty"`
	VulnerableNodes int32            `protobuf:"varint,5,opt,name=vulnerable_nodes,json=vulnerableNodes,proto3" json:"vulnerable_nodes,omitempty"`
	Ecosystems      map[string]int32 `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

GraphStats provides statistics about a dependency graph.

func (*GraphStats) Descriptor deprecated 

func (*GraphStats) Descriptor() ([]byte, []int)

Deprecated: Use GraphStats.ProtoReflect.Descriptor instead.

func (*GraphStats) GetDirectNodes 

func (x *GraphStats) GetDirectNodes() int32

func (*GraphStats) GetEcosystems 

func (x *GraphStats) GetEcosystems() map[string]int32

func (*GraphStats) GetMaxDepth 

func (x *GraphStats) GetMaxDepth() int32

func (*GraphStats) GetTotalNodes 

func (x *GraphStats) GetTotalNodes() int32

func (*GraphStats) GetTransitiveNodes 

func (x *GraphStats) GetTransitiveNodes() int32

func (*GraphStats) GetVulnerableNodes 

func (x *GraphStats) GetVulnerableNodes() int32

func (*GraphStats) ProtoMessage 

func (*GraphStats) ProtoMessage()

func (*GraphStats) ProtoReflect 

func (x *GraphStats) ProtoReflect() protoreflect.Message

func (*GraphStats) Reset 

func (x *GraphStats) Reset()

func (*GraphStats) String 

func (x *GraphStats) String() string

type ImageReference 

type ImageReference struct {
	Registry   string `protobuf:"bytes,1,opt,name=registry,proto3" json:"registry,omitempty"`
	Repository string `protobuf:"bytes,2,opt,name=repository,proto3" json:"repository,omitempty"`
	Tag        string `protobuf:"bytes,3,opt,name=tag,proto3" json:"tag,omitempty"`
	Digest     string `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

ImageReference is a parsed container image reference.

func (*ImageReference) Descriptor deprecated 

func (*ImageReference) Descriptor() ([]byte, []int)

Deprecated: Use ImageReference.ProtoReflect.Descriptor instead.

func (*ImageReference) GetDigest 

func (x *ImageReference) GetDigest() string

func (*ImageReference) GetRegistry 

func (x *ImageReference) GetRegistry() string

func (*ImageReference) GetRepository 

func (x *ImageReference) GetRepository() string

func (*ImageReference) GetTag 

func (x *ImageReference) GetTag() string

func (*ImageReference) ProtoMessage 

func (*ImageReference) ProtoMessage()

func (*ImageReference) ProtoReflect 

func (x *ImageReference) ProtoReflect() protoreflect.Message

func (*ImageReference) Reset 

func (x *ImageReference) Reset()

func (*ImageReference) String 

func (x *ImageReference) String() string

type JWTClaims 

type JWTClaims struct {

	// Anonymous is true if no token was provided.
	Anonymous bool `protobuf:"varint,1,opt,name=anonymous,proto3" json:"anonymous,omitempty"`
	// Sub is the subject (user/service ID).
	Sub string `protobuf:"bytes,2,opt,name=sub,proto3" json:"sub,omitempty"`
	// Iss is the token issuer.
	Iss string `protobuf:"bytes,3,opt,name=iss,proto3" json:"iss,omitempty"`
	// Aud contains the audiences.
	Aud []string `protobuf:"bytes,4,rep,name=aud,proto3" json:"aud,omitempty"`
	// Exp is the expiration timestamp (Unix).
	Exp int64 `protobuf:"varint,5,opt,name=exp,proto3" json:"exp,omitempty"`
	// Iat is the issued-at timestamp (Unix).
	Iat int64 `protobuf:"varint,6,opt,name=iat,proto3" json:"iat,omitempty"`
	// Nbf is the not-before timestamp (Unix).
	Nbf int64 `protobuf:"varint,7,opt,name=nbf,proto3" json:"nbf,omitempty"`
	// Jti is the JWT ID.
	Jti string `protobuf:"bytes,8,opt,name=jti,proto3" json:"jti,omitempty"`
	// CustomClaims contains any additional claims from the token.
	CustomClaims map[string]string `` /* 171-byte string literal not displayed */
	// contains filtered or unexported fields
}

JWTClaims contains verified JWT claims from authenticated requests.

func (*JWTClaims) Descriptor deprecated 

func (*JWTClaims) Descriptor() ([]byte, []int)

Deprecated: Use JWTClaims.ProtoReflect.Descriptor instead.

func (*JWTClaims) GetAnonymous 

func (x *JWTClaims) GetAnonymous() bool

func (*JWTClaims) GetAud 

func (x *JWTClaims) GetAud() []string

func (*JWTClaims) GetCustomClaims 

func (x *JWTClaims) GetCustomClaims() map[string]string

func (*JWTClaims) GetExp 

func (x *JWTClaims) GetExp() int64

func (*JWTClaims) GetIat 

func (x *JWTClaims) GetIat() int64

func (*JWTClaims) GetIss 

func (x *JWTClaims) GetIss() string

func (*JWTClaims) GetJti 

func (x *JWTClaims) GetJti() string

func (*JWTClaims) GetNbf 

func (x *JWTClaims) GetNbf() int64

func (*JWTClaims) GetSub 

func (x *JWTClaims) GetSub() string

func (*JWTClaims) ProtoMessage 

func (*JWTClaims) ProtoMessage()

func (*JWTClaims) ProtoReflect 

func (x *JWTClaims) ProtoReflect() protoreflect.Message

func (*JWTClaims) Reset 

func (x *JWTClaims) Reset()

func (*JWTClaims) String 

func (x *JWTClaims) String() string

type LayerChange 

type LayerChange struct {
	Index         int32  `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	ChangeKind    string `protobuf:"bytes,2,opt,name=change_kind,json=changeKind,proto3" json:"change_kind,omitempty"`
	BaseCommand   string `protobuf:"bytes,3,opt,name=base_command,json=baseCommand,proto3" json:"base_command,omitempty"`
	TargetCommand string `protobuf:"bytes,4,opt,name=target_command,json=targetCommand,proto3" json:"target_command,omitempty"`
	// contains filtered or unexported fields
}

LayerChange represents a layer change between container images.

func (*LayerChange) Descriptor deprecated 

func (*LayerChange) Descriptor() ([]byte, []int)

Deprecated: Use LayerChange.ProtoReflect.Descriptor instead.

func (*LayerChange) GetBaseCommand 

func (x *LayerChange) GetBaseCommand() string

func (*LayerChange) GetChangeKind 

func (x *LayerChange) GetChangeKind() string

func (*LayerChange) GetIndex 

func (x *LayerChange) GetIndex() int32

func (*LayerChange) GetTargetCommand 

func (x *LayerChange) GetTargetCommand() string

func (*LayerChange) ProtoMessage 

func (*LayerChange) ProtoMessage()

func (*LayerChange) ProtoReflect 

func (x *LayerChange) ProtoReflect() protoreflect.Message

func (*LayerChange) Reset 

func (x *LayerChange) Reset()

func (*LayerChange) String 

func (x *LayerChange) String() string

type ListEntrypointsRequest 

type ListEntrypointsRequest struct {

	// Category filters to specific entrypoint categories.
	// Empty returns all entrypoints.
	Category string `protobuf:"bytes,1,opt,name=category,proto3" json:"category,omitempty"`
	// contains filtered or unexported fields
}

ListEntrypointsRequest requests available entrypoints.

func (*ListEntrypointsRequest) Descriptor deprecated 

func (*ListEntrypointsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListEntrypointsRequest.ProtoReflect.Descriptor instead.

func (*ListEntrypointsRequest) GetCategory 

func (x *ListEntrypointsRequest) GetCategory() string

func (*ListEntrypointsRequest) ProtoMessage 

func (*ListEntrypointsRequest) ProtoMessage()

func (*ListEntrypointsRequest) ProtoReflect 

func (x *ListEntrypointsRequest) ProtoReflect() protoreflect.Message

func (*ListEntrypointsRequest) Reset 

func (x *ListEntrypointsRequest) Reset()

func (*ListEntrypointsRequest) String 

func (x *ListEntrypointsRequest) String() string

type ListEntrypointsResponse 

type ListEntrypointsResponse struct {

	// Entrypoints lists all available policy entrypoints.
	Entrypoints []*EntrypointInfo `protobuf:"bytes,1,rep,name=entrypoints,proto3" json:"entrypoints,omitempty"`
	// contains filtered or unexported fields
}

ListEntrypointsResponse lists all available entrypoints.

func (*ListEntrypointsResponse) Descriptor deprecated 

func (*ListEntrypointsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListEntrypointsResponse.ProtoReflect.Descriptor instead.

func (*ListEntrypointsResponse) GetEntrypoints 

func (x *ListEntrypointsResponse) GetEntrypoints() []*EntrypointInfo

func (*ListEntrypointsResponse) ProtoMessage 

func (*ListEntrypointsResponse) ProtoMessage()

func (*ListEntrypointsResponse) ProtoReflect 

func (x *ListEntrypointsResponse) ProtoReflect() protoreflect.Message

func (*ListEntrypointsResponse) Reset 

func (x *ListEntrypointsResponse) Reset()

func (*ListEntrypointsResponse) String 

func (x *ListEntrypointsResponse) String() string

type NpmArtifactRequestPolicyInput 

type NpmArtifactRequestPolicyInput struct {

	// Request contains the package request details.
	Request *ProxyRequest `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	// Jwt contains verified JWT claims (if authenticated).
	Jwt *JWTClaims `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Vulnerabilities associated with the requested package.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,4,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Pkg is the requested package (synthesized from request).
	Pkg *v11.Package `protobuf:"bytes,5,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// contains filtered or unexported fields
}

NpmArtifactRequestPolicyInput is the input for the npm_artifact_request entrypoint. Evaluated when the proxy handles an npm package request.

func (*NpmArtifactRequestPolicyInput) Descriptor deprecated 

func (*NpmArtifactRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use NpmArtifactRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*NpmArtifactRequestPolicyInput) GetEnv 

func (x *NpmArtifactRequestPolicyInput) GetEnv() *Environment

func (*NpmArtifactRequestPolicyInput) GetJwt 

func (x *NpmArtifactRequestPolicyInput) GetJwt() *JWTClaims

func (*NpmArtifactRequestPolicyInput) GetPkg 

func (x *NpmArtifactRequestPolicyInput) GetPkg() *v11.Package

func (*NpmArtifactRequestPolicyInput) GetRequest 

func (x *NpmArtifactRequestPolicyInput) GetRequest() *ProxyRequest

func (*NpmArtifactRequestPolicyInput) GetVulnerabilities 

func (x *NpmArtifactRequestPolicyInput) GetVulnerabilities() []*v1.Finding

func (*NpmArtifactRequestPolicyInput) ProtoMessage 

func (*NpmArtifactRequestPolicyInput) ProtoMessage()

func (*NpmArtifactRequestPolicyInput) ProtoReflect 

func (x *NpmArtifactRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*NpmArtifactRequestPolicyInput) Reset 

func (x *NpmArtifactRequestPolicyInput) Reset()

func (*NpmArtifactRequestPolicyInput) String 

func (x *NpmArtifactRequestPolicyInput) String() string

type OciArtifactRequestPolicyInput 

type OciArtifactRequestPolicyInput struct {

	// Request contains the image request details.
	Request *ProxyRequest `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	// Jwt contains verified JWT claims (if authenticated).
	Jwt *JWTClaims `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Vulnerabilities found in the container image.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,4,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Image contains the container image configuration and metadata.
	Image *v13.ImageInfo `protobuf:"bytes,5,opt,name=image,proto3" json:"image,omitempty"`
	// contains filtered or unexported fields
}

OciArtifactRequestPolicyInput is the input for the oci_artifact_request entrypoint. Evaluated when the proxy handles an OCI registry request.

func (*OciArtifactRequestPolicyInput) Descriptor deprecated 

func (*OciArtifactRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use OciArtifactRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*OciArtifactRequestPolicyInput) GetEnv 

func (x *OciArtifactRequestPolicyInput) GetEnv() *Environment

func (*OciArtifactRequestPolicyInput) GetImage 

func (x *OciArtifactRequestPolicyInput) GetImage() *v13.ImageInfo

func (*OciArtifactRequestPolicyInput) GetJwt 

func (x *OciArtifactRequestPolicyInput) GetJwt() *JWTClaims

func (*OciArtifactRequestPolicyInput) GetRequest 

func (x *OciArtifactRequestPolicyInput) GetRequest() *ProxyRequest

func (*OciArtifactRequestPolicyInput) GetVulnerabilities 

func (x *OciArtifactRequestPolicyInput) GetVulnerabilities() []*v1.Finding

func (*OciArtifactRequestPolicyInput) ProtoMessage 

func (*OciArtifactRequestPolicyInput) ProtoMessage()

func (*OciArtifactRequestPolicyInput) ProtoReflect 

func (x *OciArtifactRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*OciArtifactRequestPolicyInput) Reset 

func (x *OciArtifactRequestPolicyInput) Reset()

func (*OciArtifactRequestPolicyInput) String 

func (x *OciArtifactRequestPolicyInput) String() string

type PolicyError 

type PolicyError struct {

	// PolicyName is the name of the policy with the error.
	PolicyName string `protobuf:"bytes,1,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
	// RuleName is the rule with the error (if applicable).
	RuleName string `protobuf:"bytes,2,opt,name=rule_name,json=ruleName,proto3" json:"rule_name,omitempty"`
	// Message describes the error.
	Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
	// Line number in policy source (if known).
	Line int32 `protobuf:"varint,4,opt,name=line,proto3" json:"line,omitempty"`
	// Column in policy source (if known).
	Column int32 `protobuf:"varint,5,opt,name=column,proto3" json:"column,omitempty"`
	// contains filtered or unexported fields
}

PolicyError describes an error encountered during policy processing.

func (*PolicyError) Descriptor deprecated 

func (*PolicyError) Descriptor() ([]byte, []int)

Deprecated: Use PolicyError.ProtoReflect.Descriptor instead.

func (*PolicyError) GetColumn 

func (x *PolicyError) GetColumn() int32

func (*PolicyError) GetLine 

func (x *PolicyError) GetLine() int32

func (*PolicyError) GetMessage 

func (x *PolicyError) GetMessage() string

func (*PolicyError) GetPolicyName 

func (x *PolicyError) GetPolicyName() string

func (*PolicyError) GetRuleName 

func (x *PolicyError) GetRuleName() string

func (*PolicyError) ProtoMessage 

func (*PolicyError) ProtoMessage()

func (*PolicyError) ProtoReflect 

func (x *PolicyError) ProtoReflect() protoreflect.Message

func (*PolicyError) Reset 

func (x *PolicyError) Reset()

func (*PolicyError) String 

func (x *PolicyError) String() string

type PolicySource 

type PolicySource struct {

	// Types that are valid to be assigned to Source:
	//
	//	*PolicySource_Inline
	//	*PolicySource_Path
	//	*PolicySource_Url
	Source isPolicySource_Source `protobuf_oneof:"source"`
	// contains filtered or unexported fields
}

PolicySource specifies where to load a policy from.

func (*PolicySource) Descriptor deprecated 

func (*PolicySource) Descriptor() ([]byte, []int)

Deprecated: Use PolicySource.ProtoReflect.Descriptor instead.

func (*PolicySource) GetInline 

func (x *PolicySource) GetInline() string

func (*PolicySource) GetPath 

func (x *PolicySource) GetPath() string

func (*PolicySource) GetSource 

func (x *PolicySource) GetSource() isPolicySource_Source

func (*PolicySource) GetUrl 

func (x *PolicySource) GetUrl() string

func (*PolicySource) ProtoMessage 

func (*PolicySource) ProtoMessage()

func (*PolicySource) ProtoReflect 

func (x *PolicySource) ProtoReflect() protoreflect.Message

func (*PolicySource) Reset 

func (x *PolicySource) Reset()

func (*PolicySource) String 

func (x *PolicySource) String() string

type PolicySource_Inline 

type PolicySource_Inline struct {
	// Inline YAML policy content.
	Inline string `protobuf:"bytes,1,opt,name=inline,proto3,oneof"`
}

type PolicySource_Path 

type PolicySource_Path struct {
	// File path to policy YAML (local mode only).
	Path string `protobuf:"bytes,2,opt,name=path,proto3,oneof"`
}

type PolicySource_Url 

type PolicySource_Url struct {
	// URL to fetch policy from (remote-accessible only).
	Url string `protobuf:"bytes,3,opt,name=url,proto3,oneof"`
}

type PolicySummary 

type PolicySummary struct {

	// Name of the policy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Description of the policy.
	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
	// Entrypoints this policy applies to.
	Entrypoints []string `protobuf:"bytes,3,rep,name=entrypoints,proto3" json:"entrypoints,omitempty"`
	// RuleCount is the number of rules in the policy.
	RuleCount int32 `protobuf:"varint,4,opt,name=rule_count,json=ruleCount,proto3" json:"rule_count,omitempty"`
	// Variables defined in the policy.
	Variables []string `protobuf:"bytes,5,rep,name=variables,proto3" json:"variables,omitempty"`
	// contains filtered or unexported fields
}

PolicySummary describes a validated policy.

func (*PolicySummary) Descriptor deprecated 

func (*PolicySummary) Descriptor() ([]byte, []int)

Deprecated: Use PolicySummary.ProtoReflect.Descriptor instead.

func (*PolicySummary) GetDescription 

func (x *PolicySummary) GetDescription() string

func (*PolicySummary) GetEntrypoints 

func (x *PolicySummary) GetEntrypoints() []string

func (*PolicySummary) GetName 

func (x *PolicySummary) GetName() string

func (*PolicySummary) GetRuleCount 

func (x *PolicySummary) GetRuleCount() int32

func (*PolicySummary) GetVariables 

func (x *PolicySummary) GetVariables() []string

func (*PolicySummary) ProtoMessage 

func (*PolicySummary) ProtoMessage()

func (*PolicySummary) ProtoReflect 

func (x *PolicySummary) ProtoReflect() protoreflect.Message

func (*PolicySummary) Reset 

func (x *PolicySummary) Reset()

func (*PolicySummary) String 

func (x *PolicySummary) String() string

type ProxyRequest 

type ProxyRequest struct {

	// Package is the name of the package being requested.
	Package string `protobuf:"bytes,1,opt,name=package,proto3" json:"package,omitempty"`
	// Module is the Go module path (for Go ecosystem).
	Module string `protobuf:"bytes,2,opt,name=module,proto3" json:"module,omitempty"`
	// Version is the version being requested.
	Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// Ecosystem identifies the package ecosystem.
	Ecosystem string `protobuf:"bytes,4,opt,name=ecosystem,proto3" json:"ecosystem,omitempty"`
	// Operation describes what's being requested (e.g., "download", "info").
	Operation string `protobuf:"bytes,5,opt,name=operation,proto3" json:"operation,omitempty"`
	// contains filtered or unexported fields
}

ProxyRequest contains information about a package being requested through the proxy.

func (*ProxyRequest) Descriptor deprecated 

func (*ProxyRequest) Descriptor() ([]byte, []int)

Deprecated: Use ProxyRequest.ProtoReflect.Descriptor instead.

func (*ProxyRequest) GetEcosystem 

func (x *ProxyRequest) GetEcosystem() string

func (*ProxyRequest) GetModule 

func (x *ProxyRequest) GetModule() string

func (*ProxyRequest) GetOperation 

func (x *ProxyRequest) GetOperation() string

func (*ProxyRequest) GetPackage 

func (x *ProxyRequest) GetPackage() string

func (*ProxyRequest) GetVersion 

func (x *ProxyRequest) GetVersion() string

func (*ProxyRequest) ProtoMessage 

func (*ProxyRequest) ProtoMessage()

func (*ProxyRequest) ProtoReflect 

func (x *ProxyRequest) ProtoReflect() protoreflect.Message

func (*ProxyRequest) Reset 

func (x *ProxyRequest) Reset()

func (*ProxyRequest) String 

func (x *ProxyRequest) String() string

type PypiArtifactRequestPolicyInput 

type PypiArtifactRequestPolicyInput struct {

	// Request contains the package request details.
	Request *ProxyRequest `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	// Jwt contains verified JWT claims (if authenticated).
	Jwt *JWTClaims `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Vulnerabilities associated with the requested package.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,4,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Pkg is the requested package (synthesized from request).
	Pkg *v11.Package `protobuf:"bytes,5,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// contains filtered or unexported fields
}

PypiArtifactRequestPolicyInput is the input for the pypi_artifact_request entrypoint. Evaluated when the proxy handles a PyPI package request.

func (*PypiArtifactRequestPolicyInput) Descriptor deprecated 

func (*PypiArtifactRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use PypiArtifactRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*PypiArtifactRequestPolicyInput) GetEnv 

func (x *PypiArtifactRequestPolicyInput) GetEnv() *Environment

func (*PypiArtifactRequestPolicyInput) GetJwt 

func (x *PypiArtifactRequestPolicyInput) GetJwt() *JWTClaims

func (*PypiArtifactRequestPolicyInput) GetPkg 

func (x *PypiArtifactRequestPolicyInput) GetPkg() *v11.Package

func (*PypiArtifactRequestPolicyInput) GetRequest 

func (x *PypiArtifactRequestPolicyInput) GetRequest() *ProxyRequest

func (*PypiArtifactRequestPolicyInput) GetVulnerabilities 

func (x *PypiArtifactRequestPolicyInput) GetVulnerabilities() []*v1.Finding

func (*PypiArtifactRequestPolicyInput) ProtoMessage 

func (*PypiArtifactRequestPolicyInput) ProtoMessage()

func (*PypiArtifactRequestPolicyInput) ProtoReflect 

func (x *PypiArtifactRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*PypiArtifactRequestPolicyInput) Reset 

func (x *PypiArtifactRequestPolicyInput) Reset()

func (*PypiArtifactRequestPolicyInput) String 

func (x *PypiArtifactRequestPolicyInput) String() string

type RemediationCommand 

type RemediationCommand struct {
	Manager    string `protobuf:"bytes,1,opt,name=manager,proto3" json:"manager,omitempty"`
	Command    string `protobuf:"bytes,2,opt,name=command,proto3" json:"command,omitempty"`
	Path       string `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
	Hint       string `protobuf:"bytes,4,opt,name=hint,proto3" json:"hint,omitempty"`
	IsDirect   bool   `protobuf:"varint,5,opt,name=is_direct,json=isDirect,proto3" json:"is_direct,omitempty"`
	Executable bool   `protobuf:"varint,6,opt,name=executable,proto3" json:"executable,omitempty"`
	// contains filtered or unexported fields
}

RemediationCommand represents an actionable remediation step.

func (*RemediationCommand) Descriptor deprecated 

func (*RemediationCommand) Descriptor() ([]byte, []int)

Deprecated: Use RemediationCommand.ProtoReflect.Descriptor instead.

func (*RemediationCommand) GetCommand 

func (x *RemediationCommand) GetCommand() string

func (*RemediationCommand) GetExecutable 

func (x *RemediationCommand) GetExecutable() bool

func (*RemediationCommand) GetHint 

func (x *RemediationCommand) GetHint() string

func (*RemediationCommand) GetIsDirect 

func (x *RemediationCommand) GetIsDirect() bool

func (*RemediationCommand) GetManager 

func (x *RemediationCommand) GetManager() string

func (*RemediationCommand) GetPath 

func (x *RemediationCommand) GetPath() string

func (*RemediationCommand) ProtoMessage 

func (*RemediationCommand) ProtoMessage()

func (*RemediationCommand) ProtoReflect 

func (x *RemediationCommand) ProtoReflect() protoreflect.Message

func (*RemediationCommand) Reset 

func (x *RemediationCommand) Reset()

func (*RemediationCommand) String 

func (x *RemediationCommand) String() string

type RubygemsArtifactRequestPolicyInput 

type RubygemsArtifactRequestPolicyInput struct {

	// Request contains the package request details.
	Request *ProxyRequest `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	// Jwt contains verified JWT claims (if authenticated).
	Jwt *JWTClaims `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Vulnerabilities associated with the requested package.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,4,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Pkg is the requested package (synthesized from request).
	Pkg *v11.Package `protobuf:"bytes,5,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// contains filtered or unexported fields
}

RubygemsArtifactRequestPolicyInput is the input for the rubygems_artifact_request entrypoint. Evaluated when the proxy handles a RubyGems package request.

func (*RubygemsArtifactRequestPolicyInput) Descriptor deprecated 

func (*RubygemsArtifactRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use RubygemsArtifactRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*RubygemsArtifactRequestPolicyInput) GetEnv 

func (x *RubygemsArtifactRequestPolicyInput) GetEnv() *Environment

func (*RubygemsArtifactRequestPolicyInput) GetJwt 

func (x *RubygemsArtifactRequestPolicyInput) GetJwt() *JWTClaims

func (*RubygemsArtifactRequestPolicyInput) GetPkg 

func (x *RubygemsArtifactRequestPolicyInput) GetPkg() *v11.Package

func (*RubygemsArtifactRequestPolicyInput) GetRequest 

func (x *RubygemsArtifactRequestPolicyInput) GetRequest() *ProxyRequest

func (*RubygemsArtifactRequestPolicyInput) GetVulnerabilities 

func (x *RubygemsArtifactRequestPolicyInput) GetVulnerabilities() []*v1.Finding

func (*RubygemsArtifactRequestPolicyInput) ProtoMessage 

func (*RubygemsArtifactRequestPolicyInput) ProtoMessage()

func (*RubygemsArtifactRequestPolicyInput) ProtoReflect 

func (x *RubygemsArtifactRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*RubygemsArtifactRequestPolicyInput) Reset 

func (x *RubygemsArtifactRequestPolicyInput) Reset()

func (*RubygemsArtifactRequestPolicyInput) String 

func (x *RubygemsArtifactRequestPolicyInput) String() string

type SbomComponentPolicyInput 

type SbomComponentPolicyInput struct {

	// Pkg is the current component (aliased as "pkg" for CEL consistency).
	Pkg *v11.Package `protobuf:"bytes,1,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was analyzed.
	Target *v12.Target `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

SbomComponentPolicyInput is the input for the sbom_component entrypoint. Evaluated once per component in the SBOM.

func (*SbomComponentPolicyInput) Descriptor deprecated 

func (*SbomComponentPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use SbomComponentPolicyInput.ProtoReflect.Descriptor instead.

func (*SbomComponentPolicyInput) GetEnv 

func (x *SbomComponentPolicyInput) GetEnv() *Environment

func (*SbomComponentPolicyInput) GetPkg 

func (x *SbomComponentPolicyInput) GetPkg() *v11.Package

func (*SbomComponentPolicyInput) GetTarget 

func (x *SbomComponentPolicyInput) GetTarget() *v12.Target

func (*SbomComponentPolicyInput) ProtoMessage 

func (*SbomComponentPolicyInput) ProtoMessage()

func (*SbomComponentPolicyInput) ProtoReflect 

func (x *SbomComponentPolicyInput) ProtoReflect() protoreflect.Message

func (*SbomComponentPolicyInput) Reset 

func (x *SbomComponentPolicyInput) Reset()

func (*SbomComponentPolicyInput) String 

func (x *SbomComponentPolicyInput) String() string

type SbomReportPolicyInput 

type SbomReportPolicyInput struct {

	// Components is the list of all SBOM components.
	Components []*v11.Package `protobuf:"bytes,1,rep,name=components,proto3" json:"components,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was analyzed.
	Target *v12.Target `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

SbomReportPolicyInput is the input for the sbom_report entrypoint. Evaluated once after SBOM generation completes.

func (*SbomReportPolicyInput) Descriptor deprecated 

func (*SbomReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use SbomReportPolicyInput.ProtoReflect.Descriptor instead.

func (*SbomReportPolicyInput) GetComponents 

func (x *SbomReportPolicyInput) GetComponents() []*v11.Package

func (*SbomReportPolicyInput) GetEnv 

func (x *SbomReportPolicyInput) GetEnv() *Environment

func (*SbomReportPolicyInput) GetTarget 

func (x *SbomReportPolicyInput) GetTarget() *v12.Target

func (*SbomReportPolicyInput) ProtoMessage 

func (*SbomReportPolicyInput) ProtoMessage()

func (*SbomReportPolicyInput) ProtoReflect 

func (x *SbomReportPolicyInput) ProtoReflect() protoreflect.Message

func (*SbomReportPolicyInput) Reset 

func (x *SbomReportPolicyInput) Reset()

func (*SbomReportPolicyInput) String 

func (x *SbomReportPolicyInput) String() string

type ScanReportPolicyInput 

type ScanReportPolicyInput struct {

	// Vulnerabilities is the list of all findings.
	Vulnerabilities []*v1.Finding `protobuf:"bytes,1,rep,name=vulnerabilities,proto3" json:"vulnerabilities,omitempty"`
	// Packages is the list of all scanned packages.
	Packages []*v11.Package `protobuf:"bytes,2,rep,name=packages,proto3" json:"packages,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was scanned.
	Target *v12.Target `protobuf:"bytes,4,opt,name=target,proto3" json:"target,omitempty"`
	// Stats summarizes vulnerability counts by severity.
	Stats *v1.Stats `protobuf:"bytes,5,opt,name=stats,proto3" json:"stats,omitempty"`
	// Image contains container image info when scanning images.
	Image *v13.ImageInfo `protobuf:"bytes,6,opt,name=image,proto3" json:"image,omitempty"`
	// contains filtered or unexported fields
}

ScanReportPolicyInput is the input for the scan_report entrypoint. Evaluated once after a scan completes with the full report.

func (*ScanReportPolicyInput) Descriptor deprecated 

func (*ScanReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ScanReportPolicyInput.ProtoReflect.Descriptor instead.

func (*ScanReportPolicyInput) GetEnv 

func (x *ScanReportPolicyInput) GetEnv() *Environment

func (*ScanReportPolicyInput) GetImage 

func (x *ScanReportPolicyInput) GetImage() *v13.ImageInfo

func (*ScanReportPolicyInput) GetPackages 

func (x *ScanReportPolicyInput) GetPackages() []*v11.Package

func (*ScanReportPolicyInput) GetStats 

func (x *ScanReportPolicyInput) GetStats() *v1.Stats

func (*ScanReportPolicyInput) GetTarget 

func (x *ScanReportPolicyInput) GetTarget() *v12.Target

func (*ScanReportPolicyInput) GetVulnerabilities 

func (x *ScanReportPolicyInput) GetVulnerabilities() []*v1.Finding

func (*ScanReportPolicyInput) ProtoMessage 

func (*ScanReportPolicyInput) ProtoMessage()

func (*ScanReportPolicyInput) ProtoReflect 

func (x *ScanReportPolicyInput) ProtoReflect() protoreflect.Message

func (*ScanReportPolicyInput) Reset 

func (x *ScanReportPolicyInput) Reset()

func (*ScanReportPolicyInput) String 

func (x *ScanReportPolicyInput) String() string

type ScanVulnerabilityPolicyInput 

type ScanVulnerabilityPolicyInput struct {

	// Vulnerability is the current vulnerability being evaluated.
	Vulnerability *v1.Finding `protobuf:"bytes,1,opt,name=vulnerability,proto3" json:"vulnerability,omitempty"`
	// Pkg is the affected package (synthesized from vulnerability.package).
	Pkg *v11.Package `protobuf:"bytes,2,opt,name=pkg,proto3" json:"pkg,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was scanned.
	Target *v12.Target `protobuf:"bytes,4,opt,name=target,proto3" json:"target,omitempty"`
	// Image contains container image info when scanning images.
	Image *v13.ImageInfo `protobuf:"bytes,5,opt,name=image,proto3" json:"image,omitempty"`
	// contains filtered or unexported fields
}

ScanVulnerabilityPolicyInput is the input for the scan_vulnerability entrypoint. Evaluated once per vulnerability finding during a scan.

func (*ScanVulnerabilityPolicyInput) Descriptor deprecated 

func (*ScanVulnerabilityPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ScanVulnerabilityPolicyInput.ProtoReflect.Descriptor instead.

func (*ScanVulnerabilityPolicyInput) GetEnv 

func (x *ScanVulnerabilityPolicyInput) GetEnv() *Environment

func (*ScanVulnerabilityPolicyInput) GetImage 

func (x *ScanVulnerabilityPolicyInput) GetImage() *v13.ImageInfo

func (*ScanVulnerabilityPolicyInput) GetPkg 

func (x *ScanVulnerabilityPolicyInput) GetPkg() *v11.Package

func (*ScanVulnerabilityPolicyInput) GetTarget 

func (x *ScanVulnerabilityPolicyInput) GetTarget() *v12.Target

func (*ScanVulnerabilityPolicyInput) GetVulnerability 

func (x *ScanVulnerabilityPolicyInput) GetVulnerability() *v1.Finding

func (*ScanVulnerabilityPolicyInput) ProtoMessage 

func (*ScanVulnerabilityPolicyInput) ProtoMessage()

func (*ScanVulnerabilityPolicyInput) ProtoReflect 

func (x *ScanVulnerabilityPolicyInput) ProtoReflect() protoreflect.Message

func (*ScanVulnerabilityPolicyInput) Reset 

func (x *ScanVulnerabilityPolicyInput) Reset()

func (*ScanVulnerabilityPolicyInput) String 

func (x *ScanVulnerabilityPolicyInput) String() string

type SecretFinding 

type SecretFinding struct {

	// Type identifies the kind of secret (e.g., "github_token", "aws_key").
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// Description provides human-readable context.
	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
	// File is the source file path.
	File string `protobuf:"bytes,3,opt,name=file,proto3" json:"file,omitempty"`
	// Line number (1-indexed).
	Line int32 `protobuf:"varint,4,opt,name=line,proto3" json:"line,omitempty"`
	// Confidence indicates detection certainty (0.0-1.0).
	Confidence float32 `protobuf:"fixed32,5,opt,name=confidence,proto3" json:"confidence,omitempty"`
	// Redacted is a safe representation for display.
	Redacted string `protobuf:"bytes,6,opt,name=redacted,proto3" json:"redacted,omitempty"`
	// Verified indicates if the secret was validated as active.
	Verified bool `protobuf:"varint,7,opt,name=verified,proto3" json:"verified,omitempty"`
	// Source indicates where the secret was found (file, env, layer, etc.).
	Source string `protobuf:"bytes,8,opt,name=source,proto3" json:"source,omitempty"`
	// contains filtered or unexported fields
}

SecretFinding represents a detected secret for policy evaluation. This mirrors deputy.secrets.v1.Finding but is defined here to avoid cycles.

func (*SecretFinding) Descriptor deprecated 

func (*SecretFinding) Descriptor() ([]byte, []int)

Deprecated: Use SecretFinding.ProtoReflect.Descriptor instead.

func (*SecretFinding) GetConfidence 

func (x *SecretFinding) GetConfidence() float32

func (*SecretFinding) GetDescription 

func (x *SecretFinding) GetDescription() string

func (*SecretFinding) GetFile 

func (x *SecretFinding) GetFile() string

func (*SecretFinding) GetLine 

func (x *SecretFinding) GetLine() int32

func (*SecretFinding) GetRedacted 

func (x *SecretFinding) GetRedacted() string

func (*SecretFinding) GetSource 

func (x *SecretFinding) GetSource() string

func (*SecretFinding) GetType 

func (x *SecretFinding) GetType() string

func (*SecretFinding) GetVerified 

func (x *SecretFinding) GetVerified() bool

func (*SecretFinding) ProtoMessage 

func (*SecretFinding) ProtoMessage()

func (*SecretFinding) ProtoReflect 

func (x *SecretFinding) ProtoReflect() protoreflect.Message

func (*SecretFinding) Reset 

func (x *SecretFinding) Reset()

func (*SecretFinding) String 

func (x *SecretFinding) String() string

type SecretStats 

type SecretStats struct {

	// Total secrets found.
	Total int32 `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"`
	// HighConfidenceCount is findings with confidence >= 0.9.
	HighConfidenceCount int32 `protobuf:"varint,2,opt,name=high_confidence_count,json=highConfidenceCount,proto3" json:"high_confidence_count,omitempty"`
	// VerifiedCount is findings that were verified as valid/active.
	VerifiedCount int32 `protobuf:"varint,3,opt,name=verified_count,json=verifiedCount,proto3" json:"verified_count,omitempty"`
	// FilesScanned is the number of files analyzed.
	FilesScanned int32 `protobuf:"varint,4,opt,name=files_scanned,json=filesScanned,proto3" json:"files_scanned,omitempty"`
	// contains filtered or unexported fields
}

SecretStats summarizes a secrets scan for policy evaluation.

func (*SecretStats) Descriptor deprecated 

func (*SecretStats) Descriptor() ([]byte, []int)

Deprecated: Use SecretStats.ProtoReflect.Descriptor instead.

func (*SecretStats) GetFilesScanned 

func (x *SecretStats) GetFilesScanned() int32

func (*SecretStats) GetHighConfidenceCount 

func (x *SecretStats) GetHighConfidenceCount() int32

func (*SecretStats) GetTotal 

func (x *SecretStats) GetTotal() int32

func (*SecretStats) GetVerifiedCount 

func (x *SecretStats) GetVerifiedCount() int32

func (*SecretStats) ProtoMessage 

func (*SecretStats) ProtoMessage()

func (*SecretStats) ProtoReflect 

func (x *SecretStats) ProtoReflect() protoreflect.Message

func (*SecretStats) Reset 

func (x *SecretStats) Reset()

func (*SecretStats) String 

func (x *SecretStats) String() string

type SecretsFindingPolicyInput 

type SecretsFindingPolicyInput struct {

	// Finding is the current secret finding.
	Finding *SecretFinding `protobuf:"bytes,1,opt,name=finding,proto3" json:"finding,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

SecretsFindingPolicyInput is the input for the secrets_finding entrypoint.

func (*SecretsFindingPolicyInput) Descriptor deprecated 

func (*SecretsFindingPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use SecretsFindingPolicyInput.ProtoReflect.Descriptor instead.

func (*SecretsFindingPolicyInput) GetEnv 

func (x *SecretsFindingPolicyInput) GetEnv() *Environment

func (*SecretsFindingPolicyInput) GetFinding 

func (x *SecretsFindingPolicyInput) GetFinding() *SecretFinding

func (*SecretsFindingPolicyInput) ProtoMessage 

func (*SecretsFindingPolicyInput) ProtoMessage()

func (*SecretsFindingPolicyInput) ProtoReflect 

func (x *SecretsFindingPolicyInput) ProtoReflect() protoreflect.Message

func (*SecretsFindingPolicyInput) Reset 

func (x *SecretsFindingPolicyInput) Reset()

func (*SecretsFindingPolicyInput) String 

func (x *SecretsFindingPolicyInput) String() string

type SecretsReportPolicyInput 

type SecretsReportPolicyInput struct {

	// Findings is the list of all secret findings.
	Findings []*SecretFinding `protobuf:"bytes,1,rep,name=findings,proto3" json:"findings,omitempty"`
	// Stats summarizes the scan.
	Stats *SecretStats `protobuf:"bytes,2,opt,name=stats,proto3" json:"stats,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was scanned.
	Target *v12.Target `protobuf:"bytes,4,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

SecretsReportPolicyInput is the input for the secrets_report entrypoint.

func (*SecretsReportPolicyInput) Descriptor deprecated 

func (*SecretsReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use SecretsReportPolicyInput.ProtoReflect.Descriptor instead.

func (*SecretsReportPolicyInput) GetEnv 

func (x *SecretsReportPolicyInput) GetEnv() *Environment

func (*SecretsReportPolicyInput) GetFindings 

func (x *SecretsReportPolicyInput) GetFindings() []*SecretFinding

func (*SecretsReportPolicyInput) GetStats 

func (x *SecretsReportPolicyInput) GetStats() *SecretStats

func (*SecretsReportPolicyInput) GetTarget 

func (x *SecretsReportPolicyInput) GetTarget() *v12.Target

func (*SecretsReportPolicyInput) ProtoMessage 

func (*SecretsReportPolicyInput) ProtoMessage()

func (*SecretsReportPolicyInput) ProtoReflect 

func (x *SecretsReportPolicyInput) ProtoReflect() protoreflect.Message

func (*SecretsReportPolicyInput) Reset 

func (x *SecretsReportPolicyInput) Reset()

func (*SecretsReportPolicyInput) String 

func (x *SecretsReportPolicyInput) String() string

type ServiceDiffRequestPolicyInput 

type ServiceDiffRequestPolicyInput struct {
	Jwt          *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request      *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	BaseTarget   *v12.Target     `protobuf:"bytes,3,opt,name=base_target,json=baseTarget,proto3" json:"base_target,omitempty"`
	TargetTarget *v12.Target     `protobuf:"bytes,4,opt,name=target_target,json=targetTarget,proto3" json:"target_target,omitempty"`
	Env          *Environment    `protobuf:"bytes,5,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceDiffRequestPolicyInput is the input for service_diff_request entrypoint.

func (*ServiceDiffRequestPolicyInput) Descriptor deprecated 

func (*ServiceDiffRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceDiffRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceDiffRequestPolicyInput) GetBaseTarget 

func (x *ServiceDiffRequestPolicyInput) GetBaseTarget() *v12.Target

func (*ServiceDiffRequestPolicyInput) GetEnv 

func (x *ServiceDiffRequestPolicyInput) GetEnv() *Environment

func (*ServiceDiffRequestPolicyInput) GetJwt 

func (x *ServiceDiffRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceDiffRequestPolicyInput) GetRequest 

func (x *ServiceDiffRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceDiffRequestPolicyInput) GetTargetTarget 

func (x *ServiceDiffRequestPolicyInput) GetTargetTarget() *v12.Target

func (*ServiceDiffRequestPolicyInput) ProtoMessage 

func (*ServiceDiffRequestPolicyInput) ProtoMessage()

func (*ServiceDiffRequestPolicyInput) ProtoReflect 

func (x *ServiceDiffRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceDiffRequestPolicyInput) Reset 

func (x *ServiceDiffRequestPolicyInput) Reset()

func (*ServiceDiffRequestPolicyInput) String 

func (x *ServiceDiffRequestPolicyInput) String() string

type ServiceGraphRequestPolicyInput 

type ServiceGraphRequestPolicyInput struct {
	Jwt     *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Target  *v12.Target     `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	Env     *Environment    `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceGraphRequestPolicyInput is the input for service_graph_request entrypoint.

func (*ServiceGraphRequestPolicyInput) Descriptor deprecated 

func (*ServiceGraphRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceGraphRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceGraphRequestPolicyInput) GetEnv 

func (x *ServiceGraphRequestPolicyInput) GetEnv() *Environment

func (*ServiceGraphRequestPolicyInput) GetJwt 

func (x *ServiceGraphRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceGraphRequestPolicyInput) GetRequest 

func (x *ServiceGraphRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceGraphRequestPolicyInput) GetTarget 

func (x *ServiceGraphRequestPolicyInput) GetTarget() *v12.Target

func (*ServiceGraphRequestPolicyInput) ProtoMessage 

func (*ServiceGraphRequestPolicyInput) ProtoMessage()

func (*ServiceGraphRequestPolicyInput) ProtoReflect 

func (x *ServiceGraphRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceGraphRequestPolicyInput) Reset 

func (x *ServiceGraphRequestPolicyInput) Reset()

func (*ServiceGraphRequestPolicyInput) String 

func (x *ServiceGraphRequestPolicyInput) String() string

type ServiceListRequestPolicyInput 

type ServiceListRequestPolicyInput struct {
	Jwt     *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Target  *v12.Target     `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	Env     *Environment    `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceListRequestPolicyInput is the input for service_list_request entrypoint.

func (*ServiceListRequestPolicyInput) Descriptor deprecated 

func (*ServiceListRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceListRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceListRequestPolicyInput) GetEnv 

func (x *ServiceListRequestPolicyInput) GetEnv() *Environment

func (*ServiceListRequestPolicyInput) GetJwt 

func (x *ServiceListRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceListRequestPolicyInput) GetRequest 

func (x *ServiceListRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceListRequestPolicyInput) GetTarget 

func (x *ServiceListRequestPolicyInput) GetTarget() *v12.Target

func (*ServiceListRequestPolicyInput) ProtoMessage 

func (*ServiceListRequestPolicyInput) ProtoMessage()

func (*ServiceListRequestPolicyInput) ProtoReflect 

func (x *ServiceListRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceListRequestPolicyInput) Reset 

func (x *ServiceListRequestPolicyInput) Reset()

func (*ServiceListRequestPolicyInput) String 

func (x *ServiceListRequestPolicyInput) String() string

type ServiceRequest 

type ServiceRequest struct {

	// Procedure is the RPC being called (e.g., "ScanService/Scan").
	Procedure string `protobuf:"bytes,1,opt,name=procedure,proto3" json:"procedure,omitempty"`
	// Target is the target string from the request.
	Target string `protobuf:"bytes,2,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

ServiceRequest contains common fields for service authorization requests.

func (*ServiceRequest) Descriptor deprecated 

func (*ServiceRequest) Descriptor() ([]byte, []int)

Deprecated: Use ServiceRequest.ProtoReflect.Descriptor instead.

func (*ServiceRequest) GetProcedure 

func (x *ServiceRequest) GetProcedure() string

func (*ServiceRequest) GetTarget 

func (x *ServiceRequest) GetTarget() string

func (*ServiceRequest) ProtoMessage 

func (*ServiceRequest) ProtoMessage()

func (*ServiceRequest) ProtoReflect 

func (x *ServiceRequest) ProtoReflect() protoreflect.Message

func (*ServiceRequest) Reset 

func (x *ServiceRequest) Reset()

func (*ServiceRequest) String 

func (x *ServiceRequest) String() string

type ServiceSbomRequestPolicyInput 

type ServiceSbomRequestPolicyInput struct {
	Jwt     *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Target  *v12.Target     `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	Env     *Environment    `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceSbomRequestPolicyInput is the input for service_sbom_request entrypoint.

func (*ServiceSbomRequestPolicyInput) Descriptor deprecated 

func (*ServiceSbomRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceSbomRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceSbomRequestPolicyInput) GetEnv 

func (x *ServiceSbomRequestPolicyInput) GetEnv() *Environment

func (*ServiceSbomRequestPolicyInput) GetJwt 

func (x *ServiceSbomRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceSbomRequestPolicyInput) GetRequest 

func (x *ServiceSbomRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceSbomRequestPolicyInput) GetTarget 

func (x *ServiceSbomRequestPolicyInput) GetTarget() *v12.Target

func (*ServiceSbomRequestPolicyInput) ProtoMessage 

func (*ServiceSbomRequestPolicyInput) ProtoMessage()

func (*ServiceSbomRequestPolicyInput) ProtoReflect 

func (x *ServiceSbomRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceSbomRequestPolicyInput) Reset 

func (x *ServiceSbomRequestPolicyInput) Reset()

func (*ServiceSbomRequestPolicyInput) String 

func (x *ServiceSbomRequestPolicyInput) String() string

type ServiceScanRequestPolicyInput 

type ServiceScanRequestPolicyInput struct {
	Jwt     *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Target  *v12.Target     `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	Env     *Environment    `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceScanRequestPolicyInput is the input for service_scan_request entrypoint.

func (*ServiceScanRequestPolicyInput) Descriptor deprecated 

func (*ServiceScanRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceScanRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceScanRequestPolicyInput) GetEnv 

func (x *ServiceScanRequestPolicyInput) GetEnv() *Environment

func (*ServiceScanRequestPolicyInput) GetJwt 

func (x *ServiceScanRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceScanRequestPolicyInput) GetRequest 

func (x *ServiceScanRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceScanRequestPolicyInput) GetTarget 

func (x *ServiceScanRequestPolicyInput) GetTarget() *v12.Target

func (*ServiceScanRequestPolicyInput) ProtoMessage 

func (*ServiceScanRequestPolicyInput) ProtoMessage()

func (*ServiceScanRequestPolicyInput) ProtoReflect 

func (x *ServiceScanRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceScanRequestPolicyInput) Reset 

func (x *ServiceScanRequestPolicyInput) Reset()

func (*ServiceScanRequestPolicyInput) String 

func (x *ServiceScanRequestPolicyInput) String() string

type ServiceSecretsRequestPolicyInput 

type ServiceSecretsRequestPolicyInput struct {
	Jwt     *JWTClaims      `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	Request *ServiceRequest `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Target  *v12.Target     `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	Env     *Environment    `protobuf:"bytes,4,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

ServiceSecretsRequestPolicyInput is the input for service_secrets_request entrypoint.

func (*ServiceSecretsRequestPolicyInput) Descriptor deprecated 

func (*ServiceSecretsRequestPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use ServiceSecretsRequestPolicyInput.ProtoReflect.Descriptor instead.

func (*ServiceSecretsRequestPolicyInput) GetEnv 

func (x *ServiceSecretsRequestPolicyInput) GetEnv() *Environment

func (*ServiceSecretsRequestPolicyInput) GetJwt 

func (x *ServiceSecretsRequestPolicyInput) GetJwt() *JWTClaims

func (*ServiceSecretsRequestPolicyInput) GetRequest 

func (x *ServiceSecretsRequestPolicyInput) GetRequest() *ServiceRequest

func (*ServiceSecretsRequestPolicyInput) GetTarget 

func (x *ServiceSecretsRequestPolicyInput) GetTarget() *v12.Target

func (*ServiceSecretsRequestPolicyInput) ProtoMessage 

func (*ServiceSecretsRequestPolicyInput) ProtoMessage()

func (*ServiceSecretsRequestPolicyInput) ProtoReflect 

func (x *ServiceSecretsRequestPolicyInput) ProtoReflect() protoreflect.Message

func (*ServiceSecretsRequestPolicyInput) Reset 

func (x *ServiceSecretsRequestPolicyInput) Reset()

func (*ServiceSecretsRequestPolicyInput) String 

func (x *ServiceSecretsRequestPolicyInput) String() string

type TriageClusterPolicyInput 

type TriageClusterPolicyInput struct {
	Cluster *TriagePackageSummary `protobuf:"bytes,1,opt,name=cluster,proto3" json:"cluster,omitempty"`
	Env     *Environment          `protobuf:"bytes,2,opt,name=env,proto3" json:"env,omitempty"`
	// contains filtered or unexported fields
}

TriageClusterPolicyInput is the input for the triage_cluster entrypoint.

func (*TriageClusterPolicyInput) Descriptor deprecated 

func (*TriageClusterPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use TriageClusterPolicyInput.ProtoReflect.Descriptor instead.

func (*TriageClusterPolicyInput) GetCluster 

func (x *TriageClusterPolicyInput) GetCluster() *TriagePackageSummary

func (*TriageClusterPolicyInput) GetEnv 

func (x *TriageClusterPolicyInput) GetEnv() *Environment

func (*TriageClusterPolicyInput) ProtoMessage 

func (*TriageClusterPolicyInput) ProtoMessage()

func (*TriageClusterPolicyInput) ProtoReflect 

func (x *TriageClusterPolicyInput) ProtoReflect() protoreflect.Message

func (*TriageClusterPolicyInput) Reset 

func (x *TriageClusterPolicyInput) Reset()

func (*TriageClusterPolicyInput) String 

func (x *TriageClusterPolicyInput) String() string

type TriagePackageSummary 

type TriagePackageSummary struct {
	Package            string `protobuf:"bytes,1,opt,name=package,proto3" json:"package,omitempty"`
	Version            string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
	Severity           string `protobuf:"bytes,3,opt,name=severity,proto3" json:"severity,omitempty"`
	FixVersion         string `protobuf:"bytes,4,opt,name=fix_version,json=fixVersion,proto3" json:"fix_version,omitempty"`
	IsDirect           bool   `protobuf:"varint,5,opt,name=is_direct,json=isDirect,proto3" json:"is_direct,omitempty"`
	Summary            string `protobuf:"bytes,6,opt,name=summary,proto3" json:"summary,omitempty"`
	VulnerabilityCount int32  `protobuf:"varint,7,opt,name=vulnerability_count,json=vulnerabilityCount,proto3" json:"vulnerability_count,omitempty"`
	// contains filtered or unexported fields
}

TriagePackageSummary represents a package in triage results.

func (*TriagePackageSummary) Descriptor deprecated 

func (*TriagePackageSummary) Descriptor() ([]byte, []int)

Deprecated: Use TriagePackageSummary.ProtoReflect.Descriptor instead.

func (*TriagePackageSummary) GetFixVersion 

func (x *TriagePackageSummary) GetFixVersion() string

func (*TriagePackageSummary) GetIsDirect 

func (x *TriagePackageSummary) GetIsDirect() bool

func (*TriagePackageSummary) GetPackage 

func (x *TriagePackageSummary) GetPackage() string

func (*TriagePackageSummary) GetSeverity 

func (x *TriagePackageSummary) GetSeverity() string

func (*TriagePackageSummary) GetSummary 

func (x *TriagePackageSummary) GetSummary() string

func (*TriagePackageSummary) GetVersion 

func (x *TriagePackageSummary) GetVersion() string

func (*TriagePackageSummary) GetVulnerabilityCount 

func (x *TriagePackageSummary) GetVulnerabilityCount() int32

func (*TriagePackageSummary) ProtoMessage 

func (*TriagePackageSummary) ProtoMessage()

func (*TriagePackageSummary) ProtoReflect 

func (x *TriagePackageSummary) ProtoReflect() protoreflect.Message

func (*TriagePackageSummary) Reset 

func (x *TriagePackageSummary) Reset()

func (*TriagePackageSummary) String 

func (x *TriagePackageSummary) String() string

type TriageReportPolicyInput 

type TriageReportPolicyInput struct {

	// TopPackages are the prioritized packages to address.
	TopPackages []*TriagePackageSummary `protobuf:"bytes,1,rep,name=top_packages,json=topPackages,proto3" json:"top_packages,omitempty"`
	// Stats summarizes vulnerability counts.
	Stats *v1.Stats `protobuf:"bytes,2,opt,name=stats,proto3" json:"stats,omitempty"`
	// Env provides execution environment context.
	Env *Environment `protobuf:"bytes,3,opt,name=env,proto3" json:"env,omitempty"`
	// Target describes what was analyzed.
	Target *v12.Target `protobuf:"bytes,4,opt,name=target,proto3" json:"target,omitempty"`
	// contains filtered or unexported fields
}

TriageReportPolicyInput is the input for the triage_report entrypoint.

func (*TriageReportPolicyInput) Descriptor deprecated 

func (*TriageReportPolicyInput) Descriptor() ([]byte, []int)

Deprecated: Use TriageReportPolicyInput.ProtoReflect.Descriptor instead.

func (*TriageReportPolicyInput) GetEnv 

func (x *TriageReportPolicyInput) GetEnv() *Environment

func (*TriageReportPolicyInput) GetStats 

func (x *TriageReportPolicyInput) GetStats() *v1.Stats

func (*TriageReportPolicyInput) GetTarget 

func (x *TriageReportPolicyInput) GetTarget() *v12.Target

func (*TriageReportPolicyInput) GetTopPackages 

func (x *TriageReportPolicyInput) GetTopPackages() []*TriagePackageSummary

func (*TriageReportPolicyInput) ProtoMessage 

func (*TriageReportPolicyInput) ProtoMessage()

func (*TriageReportPolicyInput) ProtoReflect 

func (x *TriageReportPolicyInput) ProtoReflect() protoreflect.Message

func (*TriageReportPolicyInput) Reset 

func (x *TriageReportPolicyInput) Reset()

func (*TriageReportPolicyInput) String 

func (x *TriageReportPolicyInput) String() string

type ValidateRequest 

type ValidateRequest struct {

	// Policies to validate.
	Policies []*PolicySource `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
	// contains filtered or unexported fields
}

ValidateRequest specifies policies to validate.

func (*ValidateRequest) Descriptor deprecated 

func (*ValidateRequest) Descriptor() ([]byte, []int)

Deprecated: Use ValidateRequest.ProtoReflect.Descriptor instead.

func (*ValidateRequest) GetPolicies 

func (x *ValidateRequest) GetPolicies() []*PolicySource

func (*ValidateRequest) ProtoMessage 

func (*ValidateRequest) ProtoMessage()

func (*ValidateRequest) ProtoReflect 

func (x *ValidateRequest) ProtoReflect() protoreflect.Message

func (*ValidateRequest) Reset 

func (x *ValidateRequest) Reset()

func (*ValidateRequest) String 

func (x *ValidateRequest) String() string

type ValidateResponse 

type ValidateResponse struct {

	// Valid is true if all policies passed validation.
	Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
	// Errors found during validation.
	Errors []*PolicyError `protobuf:"bytes,2,rep,name=errors,proto3" json:"errors,omitempty"`
	// Warnings for non-fatal issues (e.g., deprecated features).
	Warnings []*PolicyError `protobuf:"bytes,3,rep,name=warnings,proto3" json:"warnings,omitempty"`
	// PolicySummaries describes each validated policy.
	Summaries []*PolicySummary `protobuf:"bytes,4,rep,name=summaries,proto3" json:"summaries,omitempty"`
	// contains filtered or unexported fields
}

ValidateResponse contains validation results.

func (*ValidateResponse) Descriptor deprecated 

func (*ValidateResponse) Descriptor() ([]byte, []int)

Deprecated: Use ValidateResponse.ProtoReflect.Descriptor instead.

func (*ValidateResponse) GetErrors 

func (x *ValidateResponse) GetErrors() []*PolicyError

func (*ValidateResponse) GetSummaries 

func (x *ValidateResponse) GetSummaries() []*PolicySummary

func (*ValidateResponse) GetValid 

func (x *ValidateResponse) GetValid() bool

func (*ValidateResponse) GetWarnings 

func (x *ValidateResponse) GetWarnings() []*PolicyError

func (*ValidateResponse) ProtoMessage 

func (*ValidateResponse) ProtoMessage()

func (*ValidateResponse) ProtoReflect 

func (x *ValidateResponse) ProtoReflect() protoreflect.Message

func (*ValidateResponse) Reset 

func (x *ValidateResponse) Reset()

func (*ValidateResponse) String 

func (x *ValidateResponse) String() string

type VariableInfo 

type VariableInfo struct {

	// Name is the variable name in CEL expressions.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Type is the CEL type (e.g., "vulnerability", "list(vulnerability)").
	Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
	// Description explains what the variable contains.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// Fields lists notable sub-fields for complex types.
	Fields []*FieldInfo `protobuf:"bytes,4,rep,name=fields,proto3" json:"fields,omitempty"`
	// contains filtered or unexported fields
}

VariableInfo describes a CEL variable available at an entrypoint.

func (*VariableInfo) Descriptor deprecated 

func (*VariableInfo) Descriptor() ([]byte, []int)

Deprecated: Use VariableInfo.ProtoReflect.Descriptor instead.

func (*VariableInfo) GetDescription 

func (x *VariableInfo) GetDescription() string

func (*VariableInfo) GetFields 

func (x *VariableInfo) GetFields() []*FieldInfo

func (*VariableInfo) GetName 

func (x *VariableInfo) GetName() string

func (*VariableInfo) GetType 

func (x *VariableInfo) GetType() string

func (*VariableInfo) ProtoMessage 

func (*VariableInfo) ProtoMessage()

func (*VariableInfo) ProtoReflect 

func (x *VariableInfo) ProtoReflect() protoreflect.Message

func (*VariableInfo) Reset 

func (x *VariableInfo) Reset()

func (*VariableInfo) String 

func (x *VariableInfo) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.