Chapter 71. Common Object Reference

71.1.2.1. AlertDeploymentContainer

Field Name	Required	Nullable	Type	Description	Format
image			StorageContainerImage
name			String

71.1.2.2. AlertEnforcement

Field Name	Required	Nullable	Type	Description	Format
action			StorageEnforcementAction		UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,
message			String

71.1.2.3. AlertEntityType

Enum Values
UNSET
DEPLOYMENT
CONTAINER_IMAGE
RESOURCE

71.1.2.4. AlertGroupAlertCounts

Field Name	Required	Nullable	Type	Description	Format
severity			StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
count			String		int64

71.1.2.5. AlertProcessViolation

Field Name	Required	Nullable	Type	Description	Format
message			String
processes			List of StorageProcessIndicator

71.1.2.6. AlertResourceResourceType

Enum Values
UNKNOWN
SECRETS
CONFIGMAPS
CLUSTER_ROLES
CLUSTER_ROLE_BINDINGS
NETWORK_POLICIES
SECURITY_CONTEXT_CONSTRAINTS
EGRESS_FIREWALLS

71.1.2.7. AlertServiceResolveAlertBody

Field Name	Required	Nullable	Type	Description	Format
whitelist			Boolean
addToBaseline			Boolean

71.1.2.8. AlertServiceSnoozeAlertBody

Field Name	Required	Nullable	Type	Description	Format
snoozeTill			Date		date-time

71.1.2.9. AlertViolation

Field Name	Type	Description	Format
message	String
keyValueAttrs	ViolationKeyValueAttrs
networkFlowInfo	ViolationNetworkFlowInfo
type	AlertViolationType		GENERIC, K8S_EVENT, NETWORK_FLOW, NETWORK_POLICY,
time	Date	Indicates violation time. This field differs from top-level field 'time' which represents last time the alert occurred in case of multiple occurrences of the policy alert. As of 55.0, this field is set only for kubernetes event violations, but may not be limited to it in future.	date-time

71.1.2.10. AlertViolationType

Enum Values
GENERIC
K8S_EVENT
NETWORK_FLOW
NETWORK_POLICY

71.1.2.11. AuthMachineToMachineConfigMapping

Mappings map an identity token’s claim values to a specific role within Central.

Field Name	Type	Description
key	String	A key within the identity token’s claim value to use.
valueExpression	String	A regular expression that will be evaluated against values of the identity token claim identified by the specified key. This regular expressions is in RE2 format, see more here: https://github.com/google/re2/wiki/Syntax.
role	String	The role which should be issued when the key and value match for a particular identity token.

71.1.2.12. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field Name	Required	Nullable	Type	Description	Format
attributeKey			String
attributeValue			String

71.1.2.13. AuthProviderServicePutAuthProviderBody

Next Tag: 15.

Field Name	Type	Description	Format
name	String
type	String
uiEndpoint	String
enabled	Boolean
config	Map of `string`	Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - "issuer": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - "client_id": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - "client_secret": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - "do_not_use_client_secret": set to "true" if you want to create a configuration with only a client ID and no client secret. - "mode": the OIDC callback mode, choosing from "fragment", "post", or "query". - "disable_offline_access_scope": set to "true" if no offline tokens shall be issued. - "extra_scopes": a space-delimited string of additional scopes to request in addition to "openid profile email" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - "keys": the trusted certificates PEM encoded. SAML: - "sp_issuer": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - "idp_metadata_url": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - "idp_issuer": the IdP issuer. - "idp_cert_pem": the cert PEM encoded for the IdP endpoint. - "idp_sso_url": the IdP SSO URL. - "idp_nameid_format": the IdP name ID format. IAP: - "audience": the audience to use.
loginUrl	String	The login URL will be provided by the backend, and may not be specified in a request.
validated	Boolean
extraUiEndpoints	List of `string`	UI endpoints which to allow in addition to `ui_endpoint`. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.
active	Boolean
requiredAttributes	List of AuthProviderRequiredAttribute
traits	StorageTraits
claimMappings	Map of `string`	Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by "." symbol. For example, if IdP token payload looks like: { "a": { "b" : "c", "d": true, "e": [ "val1", "val2", "val3" ], "f": [ true, false, false ], "g": 123.0, "h": [ 1, 2, 3] } } then "a.b" would be a valid key and "a.z" is not. We support the following types of claims: * string(path "a.b") * bool(path "a.d") * string array(path "a.e") * bool array (path "a.f.") We do NOT support the following types of claims: * complex claims(path "a") * float/integer claims(path "a.g") * float/integer array claims(path "a.h") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is "groups", claim would be found in "external_user.Attributes.groups" in token. Note: we only support this feature for OIDC auth provider.
lastUpdated	Date	Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).	date-time

71.1.2.14. AuthProviderServiceUpdateAuthProviderBody

Field Name	Required	Nullable	Type	Description	Format
name			String
enabled			Boolean

71.1.2.15. AuthServiceUpdateAuthMachineToMachineConfigBody

Field Name	Required	Nullable	Type	Description	Format
config			AuthServiceUpdateAuthMachineToMachineConfigBody

71.1.2.16. AuthServiceUpdateAuthMachineToMachineConfigBodyConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field Name	Type	Description	Format
type	V1AuthMachineToMachineConfigType		GENERIC, GITHUB_ACTIONS, KUBE_SERVICE_ACCOUNT,
tokenExpirationDuration	String	Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.
mappings	List of AuthMachineToMachineConfigMapping	At least one mapping is required to resolve to a valid role for the access token to be successfully generated.
issuer	String	The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

71.1.2.17. AuthorizationTraceResponseResponseStatus

Enum Values
UNKNOWN_STATUS
SUCCESS
FAILURE

71.1.2.18. AuthorizationTraceResponseTrace

Field Name	Required	Nullable	Type	Description	Format
scopeCheckerType			String
builtIn			TraceBuiltInAuthorizer

71.1.2.19. AuthorizationTraceResponseUserRole

Field Name	Required	Nullable	Type	Description	Format
name			String
permissions			Map of StorageAccess
accessScopeName			String
accessScope			SimpleAccessScopeRules

71.1.2.20. AvailableProviderTypesResponseAuthProviderType

Field Name	Required	Nullable	Type	Description	Format
type			String
suggestedAttributes			List of `string`

71.1.2.21. BannerConfigSize

Enum Values
UNSET
SMALL
MEDIUM
LARGE

71.1.2.22. CRSRevokeResponseCRSRevocationError

Field Name	Required	Nullable	Type	Description	Format
id			String
error			String

71.1.2.23. CVSSV2AccessComplexity

Enum Values
ACCESS_HIGH
ACCESS_MEDIUM
ACCESS_LOW

71.1.2.24. CVSSV2Authentication

Enum Values
AUTH_MULTIPLE
AUTH_SINGLE
AUTH_NONE

71.1.2.25. CVSSV3Complexity

Enum Values
COMPLEXITY_LOW
COMPLEXITY_HIGH

71.1.2.26. CVSSV3Privileges

Enum Values
PRIVILEGE_NONE
PRIVILEGE_LOW
PRIVILEGE_HIGH

71.1.2.27. CVSSV3UserInteraction

Enum Values
UI_NONE
UI_REQUIRED

71.1.2.28. CentralServicesCapabilitiesCapabilityStatus

CapabilityAvailable: CapabilityAvailable means that UI and APIs should be available for users to use. This does not automatically mean that the functionality is 100% available and any calls to APIs will result in successful execution. Rather it means that users should be allowed to leverage the functionality as opposed to CapabilityDisabled when functionality should be blocked.
CapabilityDisabled: CapabilityDisabled means the corresponding UI should be disabled and attempts to use related APIs should lead to errors.

Enum Values
CapabilityAvailable
CapabilityDisabled

71.1.2.29. CentralTelemetryConfig

Field Name	Required	Nullable	Type	Description	Format
userId			String
endpoint			String
storageKeyV1			String

71.1.2.30. CloudSourcesServiceUpdateCloudSourceBody

Field Name	Required	Nullable	Type	Description	Format
cloudSource			CloudSourcesServiceUpdateCloudSourceBody
updateCredentials			Boolean	If true, cloud_source must include valid credentials. If false, the resource must already exist and credentials in cloud_source are ignored.

71.1.2.31. CloudSourcesServiceUpdateCloudSourceBodyCloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field Name	Type	Format
name	String
type	V1CloudSourceType	TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,
credentials	V1CloudSourceCredentials
skipTestIntegration	Boolean
paladinCloud	V1PaladinCloudConfig
ocm	V1OCMConfig

71.1.2.32. ClusterAlertsAlertEvents

Field Name	Required	Nullable	Type	Description	Format
severity			StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
events			List of V1AlertEvent

71.1.2.33. ClusterHealthStatusHealthStatusLabel

UNAVAILABLE: Only collector can have unavailable status

Enum Values
UNINITIALIZED
UNAVAILABLE
UNHEALTHY
DEGRADED
HEALTHY

71.1.2.34. ClusterScanStatusSuiteStatus

Additional scan status gathered from ComplianceSuite

Field Name	Type	Format
phase	String
result	String
errorMessage	String
lastTransitionTime	Date	date-time

71.1.2.35. ClusterUpgradeStatusUpgradability

SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.

Enum Values
UNSET
UP_TO_DATE
MANUAL_UPGRADE_REQUIRED
AUTO_UPGRADE_POSSIBLE
SENSOR_VERSION_HIGHER

71.1.2.36. ClusterUpgradeStatusUpgradeProcessStatus

Field Name	Type	Format
active	Boolean
id	String
targetVersion	String
upgraderImage	String
initiatedAt	Date	date-time
progress	StorageUpgradeProgress
type	UpgradeProcessStatusUpgradeProcessType	UPGRADE, CERT_ROTATION,

71.1.2.37. ClustersServicePutClusterBody

Field Name	Type	Description	Format
name	String
type	StorageClusterType		GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,
labels	Map of `string`
mainImage	String
collectorImage	String
centralApiEndpoint	String
runtimeSupport	Boolean
collectionMethod	StorageCollectionMethod		UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,
admissionController	Boolean
admissionControllerUpdates	Boolean
admissionControllerEvents	Boolean
status	StorageClusterStatus
dynamicConfig	StorageDynamicClusterConfig
tolerationsConfig	StorageTolerationsConfig
priority	String		int64
healthStatus	StorageClusterHealthStatus
slimCollector	Boolean
helmConfig	StorageCompleteClusterConfig
mostRecentSensorId	StorageSensorDeploymentIdentification
auditLogState	Map of StorageAuditLogFileState	For internal use only.
initBundleId	String
managedBy	StorageManagerType		MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

71.1.2.38. CollectionServiceUpdateCollectionBody

Field Name	Required	Nullable	Type	Description	Format
name			String
description			String
resourceSelectors			List of StorageResourceSelector
embeddedCollectionIds			List of `string`

71.1.2.39. ComplianceAggregationAggregationKey

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
scope			StorageComplianceAggregationScope		UNKNOWN, STANDARD, CLUSTER, CATEGORY, CONTROL, NAMESPACE, NODE, DEPLOYMENT, CHECK,
id			String

71.1.2.40. ComplianceResultValueEvidence

Field Name	Type	Format
state	StorageComplianceState	COMPLIANCE_STATE_UNKNOWN, COMPLIANCE_STATE_SKIP, COMPLIANCE_STATE_NOTE, COMPLIANCE_STATE_SUCCESS, COMPLIANCE_STATE_FAILURE, COMPLIANCE_STATE_ERROR,
message	String
messageId	Integer	int32

71.1.2.41. ComplianceRuleFix

Field Name	Required	Nullable	Type	Description	Format
platform			String
disruption			String

71.1.2.42. ComplianceRunResultsEntityResults

Field Name	Required	Nullable	Type	Description	Format
controlResults			Map of StorageComplianceResultValue

71.1.2.43. ComplianceScanConfigurationServiceUpdateComplianceScanConfigurationBody

Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
scanName			String
scanConfig			V2BaseComplianceScanConfigurationSettings
clusters			List of `string`

71.1.2.44. ComplianceServiceUpdateComplianceStandardConfigBody

Field Name	Required	Nullable	Type	Description	Format
hideScanResults			Boolean

71.1.2.45. ComputeEffectiveAccessScopeRequestDetail

Enum Values
STANDARD
MINIMAL
HIGH

71.1.2.46. ComputeEffectiveAccessScopeRequestPayload

Field Name	Required	Nullable	Type	Description	Format
simpleRules			SimpleAccessScopeRules

71.1.2.47. ContainerConfigEnvironmentConfig

Field Name	Type	Format
key	String
value	String
envVarSource	EnvironmentConfigEnvVarSource	UNSET, RAW, SECRET_KEY, CONFIG_MAP_KEY, FIELD, RESOURCE_FIELD, UNKNOWN,

71.1.2.48. ContainerNameAndBaselineStatusBaselineStatus

NOT_GENERATED: In current implementation, this is a temporary condition.

Enum Values
INVALID
NOT_GENERATED
UNLOCKED
LOCKED

71.1.2.49. CosignPublicKeyVerificationPublicKey

Field Name	Required	Nullable	Type	Description	Format
name			String
publicKeyPemEnc			String

71.1.2.50. DBExportManifestEncodingType

The encoding of the file data in the restore body, usually for compression purposes.

Enum Values
UNKNOWN
UNCOMPREESSED
DEFLATED

71.1.2.51. DBRestoreProcessStatusResumeInfo

Field Name	Required	Nullable	Type	Description	Format
pos			String		int64

71.1.2.52. DBRestoreRequestHeaderLocalFileInfo

LocalFileInfo provides information about the file on the local machine of the user initiating the restore process, in order to provide information to other users about ongoing restore processes.

Field Name	Required	Nullable	Type	Description	Format
path			String	The full path of the file.
bytesSize			String	The size of the file, in bytes. 0 if unknown.	int64

71.1.2.53. DatabaseStatusDatabaseType

Enum Values
Hidden
RocksDB
PostgresDB

71.1.2.54. DelegatedRegistryConfigDelegatedRegistry

Field Name	Required	Nullable	Type	Description	Format
path			String
clusterId			String

71.1.2.55. DelegatedRegistryConfigEnabledFor

NONE: Scan all images via central services except for images from the OCP integrated registry - ALL: Scan all images via the secured clusters - SPECIFIC: Scan images that match registries or are from the OCP integrated registry via the secured clusters otherwise scan via central services

Enum Values
NONE
ALL
SPECIFIC

71.1.2.56. DeployDetectionResponseRun

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
alerts			List of StorageAlert

71.1.2.57. DeploymentLabelsResponseLabelValues

Field Name	Required	Nullable	Type	Description	Format
values			List of `string`

71.1.2.58. DeploymentListenPort

Field Name	Required	Nullable	Type	Description	Format
port			Long		int64
l4protocol			StorageL4Protocol		L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

71.1.2.59. DiscoveredClusterMetadataType

Enum Values
UNSPECIFIED
AKS
ARO
EKS
GKE
OCP
OSD
ROSA

71.1.2.60. ECRConfigAuthorizationData

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

71.1.2.61. EmailAuthMethod

Enum Values
DISABLED
PLAIN
LOGIN

71.1.2.62. EmbeddedVulnerabilityVulnerabilityType

Enum Values
UNKNOWN_VULNERABILITY
IMAGE_VULNERABILITY
K8S_VULNERABILITY
ISTIO_VULNERABILITY
NODE_VULNERABILITY
OPENSHIFT_VULNERABILITY

71.1.2.63. EnvironmentConfigEnvVarSource

For any update to EnvVarSource, please also update 'ui/src/messages/common.js'

Enum Values
UNSET
RAW
SECRET_KEY
CONFIG_MAP_KEY
FIELD
RESOURCE_FIELD
UNKNOWN

71.1.2.64. EnvironmentList

Field Name	Required	Nullable	Type	Description	Format
environments			List of V4Environment

71.1.2.65. ExceptionExpiryExpiryType

Enum Values
TIME
ALL_CVE_FIXABLE
ANY_CVE_FIXABLE

71.1.2.66. ExternalBackupServicePutExternalBackupBody

Next available tag: 10

Field Name	Type	Format
name	String
type	String
schedule	StorageSchedule
backupsToKeep	Integer	int32
s3	StorageS3Config
gcs	StorageGCSConfig
s3compatible	StorageS3Compatible
includeCertificates	Boolean

71.1.2.67. ExternalBackupServiceUpdateExternalBackupBody

Field Name	Required	Nullable	Type	Description	Format
externalBackup			NextAvailableTag10
updatePassword			Boolean	When false, use the stored credentials of an existing external backup configuration given its ID.

71.1.2.68. GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode

NONE: Do not delete any existing network policies.
GENERATED_ONLY: Delete any existing auto-generated network policies.
ALL: Delete all existing network policies in the respective namespace.

Enum Values
UNKNOWN
NONE
GENERATED_ONLY
ALL

71.1.2.69. GetAlertTimeseriesResponseClusterAlerts

Field Name	Required	Nullable	Type	Description	Format
cluster			String
severities			List of ClusterAlertsAlertEvents

71.1.2.70. GetAlertsCountsRequestRequestGroup

Enum Values
UNSET
CATEGORY
CLUSTER

71.1.2.71. GetAlertsCountsResponseAlertGroup

Field Name	Required	Nullable	Type	Description	Format
group			String
counts			List of AlertGroupAlertCounts

71.1.2.72. GetLoginAuthProvidersResponseLoginAuthProvider

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
loginUrl			String

71.1.2.73. GetSensorUpgradeConfigResponseSensorAutoUpgradeFeatureStatus

Enum Values
NOT_SUPPORTED
SUPPORTED

71.1.2.74. GetSensorUpgradeConfigResponseUpgradeConfig

Field Name	Required	Nullable	Type	Description	Format
enableAutoUpgrade			Boolean
autoUpgradeFeature			GetSensorUpgradeConfigResponseSensorAutoUpgradeFeatureStatus		NOT_SUPPORTED, SUPPORTED,

71.1.2.75. GooglerpcStatus

Field Name	Type	Format
code	Integer	int32
message	String
details	List of ProtobufAny

71.1.2.76. ImageIntegrationServicePutImageIntegrationBody

Next Tag: 25

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

71.1.2.77. ImageIntegrationServiceUpdateImageIntegrationBody

Field Name	Required	Nullable	Type	Description	Format
config			NextTag25
updatePassword			Boolean	When false, use the stored credentials of an existing image integration given its ID.

71.1.2.78. ImagePullSecretRegistry

Field Name	Required	Nullable	Type	Description	Format
name			String
username			String

71.1.2.79. InitBundleMetaImpactedCluster

Field Name	Required	Nullable	Type	Description	Format
name			String
id			String

71.1.2.80. InitBundleRevokeResponseInitBundleRevocationError

Field Name	Required	Nullable	Type	Description	Format
id			String
error			String
impactedClusters			List of InitBundleMetaImpactedCluster

71.1.2.81. JiraPriorityMapping

Field Name	Required	Nullable	Type	Description	Format
severity			StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
priorityName			String

71.1.2.82. KeyValueAttrsKeyValueAttr

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

71.1.2.83. ListAlertCommonEntityInfo

Fields common to all entities that an alert might belong to.

Field Name	Type	Format
clusterName	String
namespace	String
clusterId	String
namespaceId	String
resourceType	StorageListAlertResourceType	DEPLOYMENT, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, EGRESS_FIREWALLS,

71.1.2.84. ListAlertPolicyDevFields

Field Name	Required	Nullable	Type	Description	Format
SORTName			String

71.1.2.85. ListAlertResourceEntity

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.86. ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo

Field Name	Required	Nullable	Type	Description	Format
deployment			StorageListDeployment
baselineStatuses			List of StorageContainerNameAndBaselineStatus

71.1.2.87. MetadataLicenseStatus

Enum Values
NONE
INVALID
EXPIRED
RESTARTING
VALID

71.1.2.88. MetadataProviderType

Enum Values
PROVIDER_TYPE_UNSPECIFIED
PROVIDER_TYPE_AWS
PROVIDER_TYPE_GCP
PROVIDER_TYPE_AZURE

71.1.2.89. MicrosoftSentinelClientCertAuthConfig

client certificate which is used for authentication

Field Name	Required	Nullable	Type	Description	Format
clientCert			String	PEM encoded ASN.1 DER format.
privateKey			String	PEM encoded PKCS #8, ASN.1 DER format.

71.1.2.90. MicrosoftSentinelDataCollectionRuleConfig

DataCollectionRuleConfig contains information about the data collection rule which is a config per notifier type.

Field Name	Required	Nullable	Type	Description	Format
streamName			String
dataCollectionRuleId			String
enabled			Boolean

71.1.2.91. NetworkBaselineServiceGetNetworkBaselineStatusForFlowsBody

Field Name	Required	Nullable	Type	Description	Format
peers			List of V1NetworkBaselineStatusPeer

71.1.2.92. NetworkBaselineServiceModifyBaselineStatusForPeersBody

Field Name	Required	Nullable	Type	Description	Format
peers			List of V1NetworkBaselinePeerStatus

71.1.2.93. NetworkEntityInfoExternalSource

Update normalizeDupNameExtSrcs(…) in central/networkgraph/aggregator/aggregator.go whenever this message is updated.

Field Name	Type	Description
name	String
cidr	String
default	Boolean	`default` indicates whether the external source is user-generated or system-generated.
discovered	Boolean	`discovered` indicates whether the external source is harvested from monitored traffic.

71.1.2.94. NetworkFlowInfoEntity

Field Name	Type	Format
name	String
entityType	StorageNetworkEntityInfoType	UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,
deploymentNamespace	String
deploymentType	String
port	Integer	int32

71.1.2.95. NetworkGraphServiceCreateExternalNetworkEntityBody

Field Name	Required	Nullable	Type	Description	Format
entity			NetworkEntityInfoExternalSource

71.1.2.96. NetworkGraphServicePatchExternalNetworkEntityBody

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.97. NetworkPolicyServiceApplyNetworkPolicyYamlForDeploymentBody

Field Name	Required	Nullable	Type	Description	Format
modification			StorageNetworkPolicyModification

71.1.2.98. NetworkPolicyServiceGetBaselineGeneratedNetworkPolicyForDeploymentBody

Field Name	Required	Nullable	Type	Description	Format
deleteExisting			GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode		UNKNOWN, NONE, GENERATED_ONLY, ALL,
includePorts			Boolean

71.1.2.99. NextAvailableTag10

Next available tag: 10

Field Name	Type	Format
name	String
type	String
schedule	StorageSchedule
backupsToKeep	Integer	int32
s3	StorageS3Config
gcs	StorageGCSConfig
s3compatible	StorageS3Compatible
includeCertificates	Boolean

71.1.2.100. NextTag21

Next Tag: 21

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
uiEndpoint			String
labelKey			String
labelDefault			String
jira			StorageJira
email			StorageEmail
cscc			StorageCSCC
splunk			StorageSplunk
pagerduty			StoragePagerDuty
generic			StorageGeneric
sumologic			StorageSumoLogic
awsSecurityHub			StorageAWSSecurityHub
syslog			StorageSyslog
microsoftSentinel			StorageMicrosoftSentinel
notifierSecret			String
traits			StorageTraits

71.1.2.101. NextTag25

Next Tag: 25

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

71.1.2.102. NodeScanScanner

Enum Values
SCANNER
SCANNER_V4

71.1.2.103. NotifierServicePutNotifierBody

Next Tag: 21

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
uiEndpoint			String
labelKey			String
labelDefault			String
jira			StorageJira
email			StorageEmail
cscc			StorageCSCC
splunk			StorageSplunk
pagerduty			StoragePagerDuty
generic			StorageGeneric
sumologic			StorageSumoLogic
awsSecurityHub			StorageAWSSecurityHub
syslog			StorageSyslog
microsoftSentinel			StorageMicrosoftSentinel
notifierSecret			String
traits			StorageTraits

71.1.2.104. NotifierServiceUpdateNotifierBody

Field Name	Required	Nullable	Type	Description	Format
notifier			NextTag21
updatePassword			Boolean	When false, use the stored credentials of an existing notifier configuration given its ID.

71.1.2.105. PodContainerInstanceList

Field Name	Required	Nullable	Type	Description	Format
instances			List of StorageContainerInstance

71.1.2.106. PolicyMitreAttackVectors

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

71.1.2.107. PolicyServiceEnableDisablePolicyNotificationBody

Field Name	Required	Nullable	Type	Description	Format
notifierIds			List of `string`
disable			Boolean

71.1.2.108. PolicyServicePatchPolicyBody

Field Name	Required	Nullable	Type	Description	Format
disabled			Boolean

71.1.2.109. PolicyServicePutPolicyBody

Next tag: 28

Field Name	Type	Description	Format
name	String	Name of the policy. Must be unique.
description	String	Free-form text description of this policy.
rationale	String
remediation	String	Describes how to remediate a violation of this policy.
disabled	Boolean	Toggles whether or not this policy will be executing and actively firing alerts.
categories	List of `string`	List of categories that this policy falls under. Category names must already exist in Central.
lifecycleStages	List of StorageLifecycleStage	Describes which policy lifecylce stages this policy applies to. Choices are DEPLOY, BUILD, and RUNTIME.
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion	Define deployments or images that should be excluded from this policy.
scope	List of StorageScope	Defines clusters, namespaces, and deployments that should be included in this policy. No scopes defined includes everything.
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates. Lists the enforcement actions to take when a violation from this policy is identified. Possible value are UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, and. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT.
notifiers	List of `string`	List of IDs of the notifiers that should be triggered when a violation from this policy is identified. IDs should be in the form of a UUID and are found through the Central API.
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection	PolicySections define the violation criteria for this policy.
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.
source	StoragePolicySource		IMPERATIVE, DECLARATIVE,

71.1.2.110. PortConfigExposureInfo

Field Name	Type	Format
level	PortConfigExposureLevel	UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,
serviceName	String
serviceId	String
serviceClusterIp	String
servicePort	Integer	int32
nodePort	Integer	int32
externalIps	List of `string`
externalHostnames	List of `string`

71.1.2.111. PortConfigExposureLevel

Enum Values
UNSET
EXTERNAL
NODE
INTERNAL
HOST
ROUTE

71.1.2.112. ProcessListeningOnPortEndpoint

Field Name	Required	Nullable	Type	Description	Format
port			Long		int64
protocol			StorageL4Protocol		L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

71.1.2.113. ProcessSignalLineageInfo

Field Name	Required	Nullable	Type	Description	Format
parentUid			Long		int64
parentExecFilePath			String

71.1.2.114. ProtobufAny

Field Name	Required	Nullable	Type	Description	Format
@type			String

71.1.2.115. QuayConfigRobotAccount

Robot account is Quay’s named tokens that can be granted permissions on multiple repositories under an organization. It’s Quay’s recommended authentication model when possible (i.e. registry integration)

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

71.1.2.116. ReportConfigurationReportType

Enum Values
VULNERABILITY

71.1.2.117. ReportConfigurationServiceUpdateReportConfigurationBody

Field Name	Required	Nullable	Type	Description	Format
reportConfig			StorageReportConfiguration

71.1.2.118. ReportLastRunStatusRunStatus

Enum Values
SUCCESS
FAILURE

71.1.2.119. ReportServiceUpdateReportConfigurationBody

Field Name	Type	Format
name	String
description	String
type	ReportConfigurationReportType	VULNERABILITY,
vulnReportFilters	V2VulnerabilityReportFilters
schedule	V2ReportSchedule
resourceScope	V2ResourceScope
notifiers	List of V2NotifierConfiguration

71.1.2.120. RequestExpiryExpiryType

Enum Values
TIME
ALL_CVE_FIXABLE
ANY_CVE_FIXABLE

71.1.2.121. ResourceCollectionEmbeddedResourceCollection

Field Name	Required	Nullable	Type	Description	Format
id			String

71.1.2.122. ResultFactor

Field Name	Required	Nullable	Type	Description	Format
message			String
url			String

71.1.2.123. RoleServicePutPermissionSetBody

This encodes a set of permissions for StackRox resources.

Field Name	Type	Description
name	String	`name` and `description` are provided by the user and can be changed.
description	String
resourceToAccess	Map of StorageAccess
traits	StorageTraits

71.1.2.124. RoleServicePutSimpleAccessScopeBody

Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.

Field Name	Type	Description
name	String	`name` and `description` are provided by the user and can be changed.
description	String
rules	SimpleAccessScopeRules
traits	StorageTraits

71.1.2.125. RoleServiceUpdateRoleBody

A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.

Field Name	Type	Description	Format
description	String
permissionSetId	String	The associated PermissionSet and AccessScope for this Role.
accessScopeId	String
globalAccess	StorageAccess		NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS,
resourceToAccess	Map of StorageAccess	Deprecated 2021-04-20 in favor of `permission_set_id`.
traits	StorageTraits

71.1.2.126. RpcStatus

Field Name	Type	Format
code	Integer	int32
message	String
details	List of ProtobufAny

71.1.2.127. ScannerV1Components

Field Name	Required	Nullable	Type	Description	Format
namespace			String
osComponents			List of ScannerV1OSComponent
rhelComponents			List of ScannerV1RHELComponent
languageComponents			List of ScannerV1LanguageComponent
rhelContentSets			List of `string`

71.1.2.128. ScannerV1Executable

Field Name	Required	Nullable	Type	Description	Format
path			String
requiredFeatures			List of ScannerV1FeatureNameVersion

71.1.2.129. ScannerV1FeatureNameVersion

Field Name	Required	Nullable	Type	Description	Format
name			String
version			String

71.1.2.130. ScannerV1JavaComponent

Field Name	Required	Nullable	Type	Description	Format
implementationVersion			String
mavenVersion			String
origins			List of `string`
specificationVersion			String
bundleName			String

71.1.2.131. ScannerV1LanguageComponent

Field Name	Type	Format
type	ScannerV1SourceType	UNSET_SOURCE_TYPE, JAVA, PYTHON, NPM, GEM, DOTNETCORERUNTIME,
name	String
version	String
location	String
java	ScannerV1JavaComponent
python	ScannerV1PythonComponent
addedBy	String

71.1.2.132. ScannerV1Note

Enum Values
OS_CVES_UNAVAILABLE
OS_CVES_STALE
LANGUAGE_CVES_UNAVAILABLE
CERTIFIED_RHEL_SCAN_UNAVAILABLE

71.1.2.133. ScannerV1OSComponent

Field Name	Required	Nullable	Type	Description	Format
name			String
namespace			String
version			String
addedBy			String
executables			List of ScannerV1Executable

71.1.2.134. ScannerV1PythonComponent

Field Name	Required	Nullable	Type	Description	Format
homepage			String
authorEmail			String
downloadUrl			String
summary			String
description			String

71.1.2.135. ScannerV1RHELComponent

Field Name	Type	Format
id	String	int64
name	String
namespace	String
version	String
arch	String
module	String
cpes	List of `string`
addedBy	String
executables	List of ScannerV1Executable

71.1.2.136. ScannerV1SourceType

Enum Values
UNSET_SOURCE_TYPE
JAVA
PYTHON
NPM
GEM
DOTNETCORERUNTIME

71.1.2.137. ScheduleDaysOfMonth

1 for 1st, 2 for 2nd …. 31 for 31st

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.138. ScheduleDaysOfWeek

Sunday = 0, Monday = 1, …. Saturday = 6

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.139. ScheduleIntervalType

Enum Values
UNSET
DAILY
WEEKLY
MONTHLY

71.1.2.140. ScheduleWeeklyInterval

Field Name	Required	Nullable	Type	Description	Format
day			Integer		int32

71.1.2.141. ScopeImage

Field Name	Required	Nullable	Type	Description	Format
registry			String
remote			String
tag			String

71.1.2.142. SearchResponseCount

Field Name	Required	Nullable	Type	Description	Format
category			V1SearchCategory		SEARCH_UNSET, ALERTS, IMAGES, IMAGE_COMPONENTS, IMAGE_VULN_EDGE, IMAGE_COMPONENT_EDGE, POLICIES, DEPLOYMENTS, ACTIVE_COMPONENT, PODS, SECRETS, PROCESS_INDICATORS, COMPLIANCE, CLUSTERS, NAMESPACES, NODES, NODE_COMPONENTS, NODE_VULN_EDGE, NODE_COMPONENT_EDGE, NODE_COMPONENT_CVE_EDGE, COMPLIANCE_STANDARD, COMPLIANCE_CONTROL_GROUP, COMPLIANCE_CONTROL, SERVICE_ACCOUNTS, ROLES, ROLEBINDINGS, REPORT_CONFIGURATIONS, PROCESS_BASELINES, SUBJECTS, RISKS, VULNERABILITIES, CLUSTER_VULNERABILITIES, IMAGE_VULNERABILITIES, NODE_VULNERABILITIES, COMPONENT_VULN_EDGE, CLUSTER_VULN_EDGE, NETWORK_ENTITY, VULN_REQUEST, NETWORK_BASELINE, NETWORK_POLICIES, PROCESS_BASELINE_RESULTS, COMPLIANCE_METADATA, COMPLIANCE_RESULTS, COMPLIANCE_DOMAIN, CLUSTER_HEALTH, POLICY_CATEGORIES, IMAGE_INTEGRATIONS, COLLECTIONS, POLICY_CATEGORY_EDGE, PROCESS_LISTENING_ON_PORT, API_TOKEN, REPORT_METADATA, REPORT_SNAPSHOT, COMPLIANCE_INTEGRATIONS, COMPLIANCE_SCAN_CONFIG, COMPLIANCE_SCAN, COMPLIANCE_CHECK_RESULTS, BLOB, ADMINISTRATION_EVENTS, COMPLIANCE_SCAN_CONFIG_STATUS, ADMINISTRATION_USAGE, COMPLIANCE_PROFILES, COMPLIANCE_RULES, COMPLIANCE_SCAN_SETTING_BINDINGS, COMPLIANCE_SUITES, CLOUD_SOURCES, DISCOVERED_CLUSTERS, COMPLIANCE_REMEDIATIONS, COMPLIANCE_BENCHMARKS, AUTH_PROVIDERS, COMPLIANCE_REPORT_SNAPSHOT,
count			String		int64

71.1.2.143. SearchResultMatches

Field Name	Required	Nullable	Type	Description	Format
values			List of `string`

71.1.2.144. SeccompProfileProfileType

Enum Values
UNCONFINED
RUNTIME_DEFAULT
LOCALHOST

71.1.2.145. SecurityContextSELinux

Field Name	Required	Nullable	Type	Description	Format
user			String
role			String
type			String
level			String

71.1.2.146. SecurityContextSeccompProfile

Field Name	Required	Nullable	Type	Description	Format
type			SeccompProfileProfileType		UNCONFINED, RUNTIME_DEFAULT, LOCALHOST,
localhostProfile			String

71.1.2.147. SignatureIntegrationServicePutSignatureIntegrationBody

Field Name	Required	Nullable	Type	Description	Format
name			String
cosign			StorageCosignPublicKeyVerification
cosignCertificates			List of StorageCosignCertificateVerification

71.1.2.148. SimpleAccessScopeRules

Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.

Field Name	Required	Nullable	Type	Description	Format
includedClusters			List of `string`
includedNamespaces			List of SimpleAccessScopeRulesNamespace
clusterLabelSelectors			List of StorageSetBasedLabelSelector
namespaceLabelSelectors			List of StorageSetBasedLabelSelector

71.1.2.149. SimpleAccessScopeRulesNamespace

Field Name	Required	Nullable	Type	Description	Format
clusterName			String	Both fields must be set.
namespaceName			String

71.1.2.150. StorageAWSProviderMetadata

Field Name	Required	Nullable	Type	Description	Format
accountId			String

71.1.2.151. StorageAWSSecurityHub

Field Name	Required	Nullable	Type	Description	Format
region			String
credentials			StorageAWSSecurityHubCredentials
accountId			String

71.1.2.152. StorageAWSSecurityHubCredentials

Field Name	Required	Nullable	Type	Description	Format
accessKeyId			String
secretAccessKey			String
stsEnabled			Boolean

71.1.2.153. StorageAccess

Enum Values
NO_ACCESS
READ_ACCESS
READ_WRITE_ACCESS

71.1.2.154. StorageAdministrationEventsConfig

Field Name	Required	Nullable	Type	Description	Format
retentionDurationDays			Long		int64

71.1.2.155. StorageAdmissionControlHealthInfo

AdmissionControlHealthInfo carries data about admission control deployment but does not include admission control health status derived from this data. Aggregated admission control health status is not included because it is derived in central and not in the component that first reports AdmissionControlHealthInfo (sensor).

The following fields are made optional/nullable because there can be errors when trying to obtain them and the default value of 0 might be confusing with the actual value 0. In case an error happens when trying to obtain a certain field, it will be absent (instead of having the default value).

Field Name	Type	Description	Format
totalDesiredPods	Integer		int32
totalReadyPods	Integer		int32
statusErrors	List of `string`	Collection of errors that occurred while trying to obtain admission control health info.

71.1.2.156. StorageAdmissionControllerConfig

Field Name	Type	Format
enabled	Boolean
timeoutSeconds	Integer	int32
scanInline	Boolean
disableBypass	Boolean
enforceOnUpdates	Boolean

71.1.2.157. StorageAlert

Next available tag: 24

Field Name	Type	Description	Format
id	String
policy	StoragePolicy
lifecycleStage	StorageLifecycleStage		DEPLOY, BUILD, RUNTIME,
clusterId	String
clusterName	String
namespace	String
namespaceId	String
deployment	StorageAlertDeployment
image	StorageContainerImage
resource	StorageAlertResource
violations	List of AlertViolation	For run-time phase alert, a maximum of 40 violations are retained.
processViolation	AlertProcessViolation
enforcement	AlertEnforcement
time	Date		date-time
firstOccurred	Date		date-time
resolvedAt	Date	The time at which the alert was resolved. Only set if ViolationState is RESOLVED.	date-time
state	StorageViolationState		ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,
snoozeTill	Date		date-time
platformComponent	Boolean
entityType	AlertEntityType		UNSET, DEPLOYMENT, CONTAINER_IMAGE, RESOURCE,

71.1.2.158. StorageAlertDeployment

Field Name	Type	Description
id	String
name	String
type	String
namespace	String	This field has to be duplicated in Alert for scope management and search.
namespaceId	String	This field has to be duplicated in Alert for scope management and search.
labels	Map of `string`
clusterId	String	This field has to be duplicated in Alert for scope management and search.
clusterName	String	This field has to be duplicated in Alert for scope management and search.
containers	List of AlertDeploymentContainer
annotations	Map of `string`
inactive	Boolean

71.1.2.159. StorageAlertResource

Represents an alert on a kubernetes resource other than a deployment (configmaps, secrets, etc.)

Field Name	Type	Description	Format
resourceType	AlertResourceResourceType		UNKNOWN, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, EGRESS_FIREWALLS,
name	String
clusterId	String	This field has to be duplicated in Alert for scope management and search.
clusterName	String	This field has to be duplicated in Alert for scope management and search.
namespace	String	This field has to be duplicated in Alert for scope management and search.
namespaceId	String	This field has to be duplicated in Alert for scope management and search.

71.1.2.160. StorageAlertRetentionConfig

Field Name	Type	Description	Format
resolvedDeployRetentionDurationDays	Integer		int32
deletedRuntimeRetentionDurationDays	Integer	This runtime alert retention configuration takes precedence after `allRuntimeRetentionDurationDays`.	int32
allRuntimeRetentionDurationDays	Integer	This runtime alert retention configuration has highest precedence. All runtime alerts, including attempted alerts and deleted deployment alerts, are deleted even if respective retention is longer.	int32
attemptedDeployRetentionDurationDays	Integer		int32
attemptedRuntimeRetentionDurationDays	Integer	This runtime alert retention configuration has lowest precedence.	int32

71.1.2.161. StorageApprover

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.162. StorageAuditLogFileState

AuditLogFileState tracks the last audit log event timestamp and ID that was collected by Compliance For internal use only

Field Name	Required	Nullable	Type	Description	Format
collectLogsSince			Date		date-time
lastAuditId			String

71.1.2.163. StorageAuthProvider

Next Tag: 15.

Field Name	Type	Description	Format
id	String
name	String
type	String
uiEndpoint	String
enabled	Boolean
config	Map of `string`	Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - "issuer": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - "client_id": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - "client_secret": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - "do_not_use_client_secret": set to "true" if you want to create a configuration with only a client ID and no client secret. - "mode": the OIDC callback mode, choosing from "fragment", "post", or "query". - "disable_offline_access_scope": set to "true" if no offline tokens shall be issued. - "extra_scopes": a space-delimited string of additional scopes to request in addition to "openid profile email" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - "keys": the trusted certificates PEM encoded. SAML: - "sp_issuer": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - "idp_metadata_url": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - "idp_issuer": the IdP issuer. - "idp_cert_pem": the cert PEM encoded for the IdP endpoint. - "idp_sso_url": the IdP SSO URL. - "idp_nameid_format": the IdP name ID format. IAP: - "audience": the audience to use.
loginUrl	String	The login URL will be provided by the backend, and may not be specified in a request.
validated	Boolean
extraUiEndpoints	List of `string`	UI endpoints which to allow in addition to `ui_endpoint`. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.
active	Boolean
requiredAttributes	List of AuthProviderRequiredAttribute
traits	StorageTraits
claimMappings	Map of `string`	Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by "." symbol. For example, if IdP token payload looks like: { "a": { "b" : "c", "d": true, "e": [ "val1", "val2", "val3" ], "f": [ true, false, false ], "g": 123.0, "h": [ 1, 2, 3] } } then "a.b" would be a valid key and "a.z" is not. We support the following types of claims: * string(path "a.b") * bool(path "a.d") * string array(path "a.e") * bool array (path "a.f.") We do NOT support the following types of claims: * complex claims(path "a") * float/integer claims(path "a.g") * float/integer array claims(path "a.h") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is "groups", claim would be found in "external_user.Attributes.groups" in token. Note: we only support this feature for OIDC auth provider.
lastUpdated	Date	Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).	date-time

71.1.2.164. StorageAzureConfig

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

71.1.2.165. StorageAzureProviderMetadata

Field Name	Required	Nullable	Type	Description	Format
subscriptionId			String

71.1.2.166. StorageBackupInfo

Field Name	Type	Format
backupLastRunAt	Date	date-time
status	StorageOperationStatus	FAIL, PASS,
requestor	StorageSlimUser

71.1.2.167. StorageBannerConfig

Field Name	Type	Format
enabled	Boolean
text	String
size	BannerConfigSize	UNSET, SMALL, MEDIUM, LARGE,
color	String
backgroundColor	String

71.1.2.168. StorageBaselineElement

Field Name	Required	Nullable	Type	Description	Format
element			StorageBaselineItem
auto			Boolean

71.1.2.169. StorageBaselineItem

Field Name	Required	Nullable	Type	Description	Format
processName			String

71.1.2.170. StorageBooleanOperator

Enum Values
OR
AND

71.1.2.171. StorageCSCC

Field Name	Type	Description
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
sourceId	String
wifEnabled	Boolean

71.1.2.172. StorageCVEInfo

Field Name	Type	Description	Format
cve	String
summary	String
link	String
publishedOn	Date	This indicates the timestamp when the cve was first published in the cve feeds.	date-time
createdAt	Date	Time when the CVE was first seen in the system.	date-time
lastModified	Date		date-time
scoreVersion	StorageCVEInfoScoreVersion		V2, V3, UNKNOWN,
cvssV2	StorageCVSSV2
cvssV3	StorageCVSSV3
references	List of StorageCVEInfoReference
cvssMetrics	List of StorageCVSSScore

71.1.2.173. StorageCVEInfoReference

Field Name	Required	Nullable	Type	Description	Format
URI			String
tags			List of `string`

71.1.2.174. StorageCVEInfoScoreVersion

ScoreVersion can be deprecated ROX-26066

V2: No unset for automatic backwards compatibility

Enum Values
V2
V3
UNKNOWN

71.1.2.175. StorageCVSSScore

Field Name	Type	Format
source	StorageSource	SOURCE_UNKNOWN, SOURCE_RED_HAT, SOURCE_OSV, SOURCE_NVD,
url	String
cvssv2	StorageCVSSV2
cvssv3	StorageCVSSV3

71.1.2.176. StorageCVSSV2

Field Name	Type	Format
vector	String
attackVector	StorageCVSSV2AttackVector	ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,
accessComplexity	CVSSV2AccessComplexity	ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,
authentication	CVSSV2Authentication	AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,
confidentiality	StorageCVSSV2Impact	IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,
integrity	StorageCVSSV2Impact	IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,
availability	StorageCVSSV2Impact	IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,
exploitabilityScore	Float	float
impactScore	Float	float
score	Float	float
severity	StorageCVSSV2Severity	UNKNOWN, LOW, MEDIUM, HIGH,

71.1.2.177. StorageCVSSV2AttackVector

Enum Values
ATTACK_LOCAL
ATTACK_ADJACENT
ATTACK_NETWORK

71.1.2.178. StorageCVSSV2Impact

Enum Values
IMPACT_NONE
IMPACT_PARTIAL
IMPACT_COMPLETE

71.1.2.179. StorageCVSSV2Severity

Enum Values
UNKNOWN
LOW
MEDIUM
HIGH

71.1.2.180. StorageCVSSV3

Field Name	Type	Format
vector	String
exploitabilityScore	Float	float
impactScore	Float	float
attackVector	StorageCVSSV3AttackVector	ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,
attackComplexity	CVSSV3Complexity	COMPLEXITY_LOW, COMPLEXITY_HIGH,
privilegesRequired	CVSSV3Privileges	PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,
userInteraction	CVSSV3UserInteraction	UI_NONE, UI_REQUIRED,
scope	StorageCVSSV3Scope	UNCHANGED, CHANGED,
confidentiality	StorageCVSSV3Impact	IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,
integrity	StorageCVSSV3Impact	IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,
availability	StorageCVSSV3Impact	IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,
score	Float	float
severity	StorageCVSSV3Severity	UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

71.1.2.181. StorageCVSSV3AttackVector

Enum Values
ATTACK_LOCAL
ATTACK_ADJACENT
ATTACK_NETWORK
ATTACK_PHYSICAL

71.1.2.182. StorageCVSSV3Impact

Enum Values
IMPACT_NONE
IMPACT_LOW
IMPACT_HIGH

71.1.2.183. StorageCVSSV3Scope

Enum Values
UNCHANGED
CHANGED

71.1.2.184. StorageCVSSV3Severity

Enum Values
UNKNOWN
NONE
LOW
MEDIUM
HIGH
CRITICAL

71.1.2.185. StorageCert

Field Name	Type	Format
subject	StorageCertName
issuer	StorageCertName
sans	List of `string`
startDate	Date	date-time
endDate	Date	date-time
algorithm	String

71.1.2.186. StorageCertName

Field Name	Required	Nullable	Type	Description	Format
commonName			String
country			String
organization			String
organizationUnit			String
locality			String
province			String
streetAddress			String
postalCode			String
names			List of `string`

71.1.2.187. StorageClairConfig

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

71.1.2.188. StorageClairV4Config

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

71.1.2.189. StorageClairifyConfig

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

71.1.2.190. StorageCluster

Field Name	Type	Description	Format
id	String
name	String
type	StorageClusterType		GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,
labels	Map of `string`
mainImage	String
collectorImage	String
centralApiEndpoint	String
runtimeSupport	Boolean
collectionMethod	StorageCollectionMethod		UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,
admissionController	Boolean
admissionControllerUpdates	Boolean
admissionControllerEvents	Boolean
status	StorageClusterStatus
dynamicConfig	StorageDynamicClusterConfig
tolerationsConfig	StorageTolerationsConfig
priority	String		int64
healthStatus	StorageClusterHealthStatus
slimCollector	Boolean
helmConfig	StorageCompleteClusterConfig
mostRecentSensorId	StorageSensorDeploymentIdentification
auditLogState	Map of StorageAuditLogFileState	For internal use only.
initBundleId	String
managedBy	StorageManagerType		MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

71.1.2.191. StorageClusterCertExpiryStatus

Field Name	Required	Nullable	Type	Description	Format
sensorCertExpiry			Date		date-time
sensorCertNotBefore			Date		date-time

71.1.2.192. StorageClusterHealthStatus

Field Name	Type	Format
id	String
collectorHealthInfo	StorageCollectorHealthInfo
admissionControlHealthInfo	StorageAdmissionControlHealthInfo
scannerHealthInfo	StorageScannerHealthInfo
sensorHealthStatus	ClusterHealthStatusHealthStatusLabel	UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,
collectorHealthStatus	ClusterHealthStatusHealthStatusLabel	UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,
overallHealthStatus	ClusterHealthStatusHealthStatusLabel	UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,
admissionControlHealthStatus	ClusterHealthStatusHealthStatusLabel	UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,
scannerHealthStatus	ClusterHealthStatusHealthStatusLabel	UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,
lastContact	Date	date-time
healthInfoComplete	Boolean

71.1.2.193. StorageClusterMetadata

ClusterMetadata contains metadata information about the cluster infrastructure.

Field Name	Type	Description	Format
type	StorageClusterMetadataType		UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,
name	String	Name represents the name under which the cluster is registered with the cloud provider. In case of self managed OpenShift it is the name chosen by the OpenShift installer.
id	String	Id represents a unique ID under which the cluster is registered with the cloud provider. Not all cluster types have an id. For all OpenShift clusters, this is the Red Hat `cluster_id` registered with OCM.

71.1.2.194. StorageClusterMetadataType

Enum Values
UNSPECIFIED
AKS
ARO
EKS
GKE
OCP
OSD
ROSA

71.1.2.195. StorageClusterStatus

Field Name	Type	Description	Format
sensorVersion	String
DEPRECATEDLastContact	Date	This field has been deprecated starting release 49.0. Use healthStatus.lastContact instead.	date-time
providerMetadata	StorageProviderMetadata
orchestratorMetadata	StorageOrchestratorMetadata
upgradeStatus	StorageClusterUpgradeStatus
certExpiryStatus	StorageClusterCertExpiryStatus

71.1.2.196. StorageClusterType

Enum Values
GENERIC_CLUSTER
KUBERNETES_CLUSTER
OPENSHIFT_CLUSTER
OPENSHIFT4_CLUSTER

71.1.2.197. StorageClusterUpgradeStatus

Field Name	Type	Format
upgradability	ClusterUpgradeStatusUpgradability	UNSET, UP_TO_DATE, MANUAL_UPGRADE_REQUIRED, AUTO_UPGRADE_POSSIBLE, SENSOR_VERSION_HIGHER,
upgradabilityStatusReason	String
mostRecentProcess	ClusterUpgradeStatusUpgradeProcessStatus

71.1.2.198. StorageCollectionMethod

Enum Values
UNSET_COLLECTION
NO_COLLECTION
KERNEL_MODULE
EBPF
CORE_BPF

71.1.2.199. StorageCollectorHealthInfo

CollectorHealthInfo carries data about collector deployment but does not include collector health status derived from this data. Aggregated collector health status is not included because it is derived in central and not in the component that first reports CollectorHealthInfo (sensor).

Field Name	Type	Description	Format
version	String
totalDesiredPods	Integer		int32
totalReadyPods	Integer		int32
totalRegisteredNodes	Integer		int32
statusErrors	List of `string`	Collection of errors that occurred while trying to obtain collector health info.

71.1.2.200. StorageCompleteClusterConfig

Encodes a complete cluster configuration minus ID/Name identifiers including static and dynamic settings.

Field Name	Required	Nullable	Type	Description	Format
dynamicConfig			StorageDynamicClusterConfig
staticConfig			StorageStaticClusterConfig
configFingerprint			String
clusterLabels			Map of `string`

71.1.2.201. StorageComplianceAggregationResponse

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
results			List of StorageComplianceAggregationResult
sources			List of StorageComplianceAggregationSource
errorMessage			String

71.1.2.202. StorageComplianceAggregationResult

Next available tag: 5

Field Name	Type	Format
aggregationKeys	List of ComplianceAggregationAggregationKey
unit	StorageComplianceAggregationScope	UNKNOWN, STANDARD, CLUSTER, CATEGORY, CONTROL, NAMESPACE, NODE, DEPLOYMENT, CHECK,
numPassing	Integer	int32
numFailing	Integer	int32
numSkipped	Integer	int32

71.1.2.203. StorageComplianceAggregationScope

Enum Values
UNKNOWN
STANDARD
CLUSTER
CATEGORY
CONTROL
NAMESPACE
NODE
DEPLOYMENT
CHECK

71.1.2.204. StorageComplianceAggregationSource

Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
standardId			String
successfulRun			StorageComplianceRunMetadata
failedRuns			List of StorageComplianceRunMetadata

71.1.2.205. StorageComplianceDomain

Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
id			String
cluster			StorageComplianceDomainCluster
nodes			Map of StorageComplianceDomainNode
deployments			Map of StorageComplianceDomainDeployment

71.1.2.206. StorageComplianceDomainCluster

These must mirror the tags exactly in cluster.proto for backwards compatibility

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.207. StorageComplianceDomainDeployment

This must mirror the tags exactly in deployment.proto for backwards compatibility

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
namespace			String
namespaceId			String
clusterId			String
clusterName			String

71.1.2.208. StorageComplianceDomainNode

These must mirror the tags exactly in node.proto for backwards compatibility

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
clusterId			String
clusterName			String

71.1.2.209. StorageComplianceResultValue

Field Name	Required	Nullable	Type	Description	Format
evidence			List of ComplianceResultValueEvidence
overallState			StorageComplianceState		COMPLIANCE_STATE_UNKNOWN, COMPLIANCE_STATE_SKIP, COMPLIANCE_STATE_NOTE, COMPLIANCE_STATE_SUCCESS, COMPLIANCE_STATE_FAILURE, COMPLIANCE_STATE_ERROR,

71.1.2.210. StorageComplianceRunMetadata

Next available tag: 5

Field Name	Type	Format
runId	String
standardId	String
clusterId	String
startTimestamp	Date	date-time
finishTimestamp	Date	date-time
success	Boolean
errorMessage	String
domainId	String

71.1.2.211. StorageComplianceRunResults

Next available tag: 6

Field Name	Required	Nullable	Type	Description	Format
domain			StorageComplianceDomain
runMetadata			StorageComplianceRunMetadata
clusterResults			ComplianceRunResultsEntityResults
nodeResults			Map of ComplianceRunResultsEntityResults
deploymentResults			Map of ComplianceRunResultsEntityResults
machineConfigResults			Map of ComplianceRunResultsEntityResults

71.1.2.212. StorageComplianceState

Enum Values
COMPLIANCE_STATE_UNKNOWN
COMPLIANCE_STATE_SKIP
COMPLIANCE_STATE_NOTE
COMPLIANCE_STATE_SUCCESS
COMPLIANCE_STATE_FAILURE
COMPLIANCE_STATE_ERROR

71.1.2.213. StorageConfig

Field Name	Required	Nullable	Type	Description	Format
publicConfig			StoragePublicConfig
privateConfig			StoragePrivateConfig

71.1.2.214. StorageContainer

Field Name	Required	Nullable	Type	Description	Format
id			String
config			StorageContainerConfig
image			StorageContainerImage
securityContext			StorageSecurityContext
volumes			List of StorageVolume
ports			List of StoragePortConfig
secrets			List of StorageEmbeddedSecret
resources			StorageResources
name			String
livenessProbe			StorageLivenessProbe
readinessProbe			StorageReadinessProbe

71.1.2.215. StorageContainerConfig

Field Name	Type	Format
env	List of ContainerConfigEnvironmentConfig
command	List of `string`
args	List of `string`
directory	String
user	String
uid	String	int64
appArmorProfile	String

71.1.2.216. StorageContainerImage

Next tag: 12

Field Name	Required	Nullable	Type	Description	Format
id			String
name			StorageImageName
notPullable			Boolean
isClusterLocal			Boolean

71.1.2.217. StorageContainerInstance

ContainerInstanceID allows to uniquely identify a container within a cluster.

Field Name	Type	Description	Format
instanceId	StorageContainerInstanceID
containingPodId	String	The pod containing this container instance (kubernetes only).
containerName	String	Container name.
containerIps	List of `string`	The IP addresses of this container.
started	Date		date-time
imageDigest	String
finished	Date	The finish time of the container, if it finished.	date-time
exitCode	Integer	The exit code of the container. Only valid when finished is populated.	int32
terminationReason	String	The reason for the container’s termination, if it finished.

71.1.2.218. StorageContainerInstanceID

Field Name	Type	Description	Format
containerRuntime	StorageContainerRuntime		UNKNOWN_CONTAINER_RUNTIME, DOCKER_CONTAINER_RUNTIME, CRIO_CONTAINER_RUNTIME,
id	String	The ID of the container, specific to the given runtime.
node	String	The node on which this container runs.

71.1.2.219. StorageContainerNameAndBaselineStatus

ContainerNameAndBaselineStatus represents a cached result of process evaluation on a specific container name.

Field Name	Type	Format
containerName	String
baselineStatus	ContainerNameAndBaselineStatusBaselineStatus	INVALID, NOT_GENERATED, UNLOCKED, LOCKED,
anomalousProcessesExecuted	Boolean

71.1.2.220. StorageContainerRuntime

Enum Values
UNKNOWN_CONTAINER_RUNTIME
DOCKER_CONTAINER_RUNTIME
CRIO_CONTAINER_RUNTIME

71.1.2.221. StorageContainerRuntimeInfo

Field Name	Required	Nullable	Type	Description	Format
type			StorageContainerRuntime		UNKNOWN_CONTAINER_RUNTIME, DOCKER_CONTAINER_RUNTIME, CRIO_CONTAINER_RUNTIME,
version			String

71.1.2.222. StorageCosignCertificateVerification

Holds all verification data for verifying certificates attached to cosign signatures. If only the certificate is given, the Fulcio trusted root chain will be assumed and verified against. If only the chain is given, this will be used over the Fulcio trusted root chain for verification. If no certificate or chain is given, the Fulcio trusted root chain will be assumed and verified against.

Field Name	Type	Description
certificatePemEnc	String	PEM encoded certificate to use for verification.
certificateChainPemEnc	String	PEM encoded certificate chain to use for verification.
certificateOidcIssuer	String	Certificate OIDC issuer to verify against. This supports regular expressions following the RE2 syntax: https://github.com/google/re2/wiki/Syntax. In case the certificate does not specify an OIDC issuer, you may use '.*' as the OIDC issuer. However, it is recommended to use Fulcio compatible certificates according to the specification: https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md.
certificateIdentity	String	Certificate identity to verify against. This supports regular expressions following the RE2 syntax: https://github.com/google/re2/wiki/Syntax. In case the certificate does not specify an identity, you may use '.*' as the identity. However, it is recommended to use Fulcio compatible certificates according to the specification: https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md.

71.1.2.223. StorageCosignPublicKeyVerification

Field Name	Required	Nullable	Type	Description	Format
publicKeys			List of CosignPublicKeyVerificationPublicKey

71.1.2.224. StorageCosignSignature

Field Name	Type	Format
rawSignature	byte[]	byte
signaturePayload	byte[]	byte
certPem	byte[]	byte
certChainPem	byte[]	byte

71.1.2.225. StorageDataSource

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
mirror			String

71.1.2.226. StorageDayOption

Field Name	Required	Nullable	Type	Description	Format
numDays			Long		int64
enabled			Boolean

71.1.2.227. StorageDeclarativeConfigHealth

Field Name	Type	Description	Format
id	String
name	String
status	StorageDeclarativeConfigHealthStatus		UNHEALTHY, HEALTHY,
errorMessage	String
resourceName	String
resourceType	StorageDeclarativeConfigHealthResourceType		CONFIG_MAP, ACCESS_SCOPE, PERMISSION_SET, ROLE, AUTH_PROVIDER, GROUP, NOTIFIER,
lastTimestamp	Date	Timestamp when the current status was set.	date-time

71.1.2.228. StorageDeclarativeConfigHealthResourceType

Enum Values
CONFIG_MAP
ACCESS_SCOPE
PERMISSION_SET
ROLE
AUTH_PROVIDER
GROUP
NOTIFIER

71.1.2.229. StorageDeclarativeConfigHealthStatus

Enum Values
UNHEALTHY
HEALTHY

71.1.2.230. StorageDecommissionedClusterRetentionConfig

next available tag: 5

Field Name	Type	Format
retentionDurationDays	Integer	int32
ignoreClusterLabels	Map of `string`
lastUpdated	Date	date-time
createdAt	Date	date-time

71.1.2.231. StorageDeferralRequest

Field Name	Required	Nullable	Type	Description	Format
expiry			StorageRequestExpiry

71.1.2.232. StorageDeferralUpdate

Field Name	Required	Nullable	Type	Description	Format
CVEs			List of `string`
expiry			StorageRequestExpiry

71.1.2.233. StorageDeployment

Next available tag: 36

Field Name	Type	Format
id	String
name	String
hash	String	uint64
type	String
namespace	String
namespaceId	String
orchestratorComponent	Boolean
replicas	String	int64
labels	Map of `string`
podLabels	Map of `string`
labelSelector	StorageLabelSelector
created	Date	date-time
clusterId	String
clusterName	String
containers	List of StorageContainer
annotations	Map of `string`
priority	String	int64
inactive	Boolean
imagePullSecrets	List of `string`
serviceAccount	String
serviceAccountPermissionLevel	StoragePermissionLevel	UNSET, NONE, DEFAULT, ELEVATED_IN_NAMESPACE, ELEVATED_CLUSTER_WIDE, CLUSTER_ADMIN,
automountServiceAccountToken	Boolean
hostNetwork	Boolean
hostPid	Boolean
hostIpc	Boolean
runtimeClass	String
tolerations	List of StorageToleration
ports	List of StoragePortConfig
stateTimestamp	String	int64
riskScore	Float	float
platformComponent	Boolean

71.1.2.234. StorageDockerConfig

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

71.1.2.235. StorageDynamicClusterConfig

The difference between Static and Dynamic cluster config is that Dynamic values are sent over the Central to Sensor gRPC connection. This has the benefit of allowing for "hot reloading" of values without restarting Secured cluster components.

Field Name	Required	Nullable	Type	Description	Format
admissionControllerConfig			StorageAdmissionControllerConfig
registryOverride			String
disableAuditLogs			Boolean

71.1.2.236. StorageECRConfig

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

71.1.2.237. StorageEffectiveAccessScope

EffectiveAccessScope describes which clusters and namespaces are "in scope" given current state. Basically, if AccessScope is applied to the currently known clusters and namespaces, the result is EffectiveAccessScope.

EffectiveAccessScope represents a tree with nodes marked as included and excluded. If a node is included, all its child nodes are included.

Field Name	Required	Nullable	Type	Description	Format
clusters			List of StorageEffectiveAccessScopeCluster

71.1.2.238. StorageEffectiveAccessScopeCluster

Field Name	Type	Format
id	String
name	String
state	StorageEffectiveAccessScopeState	UNKNOWN, INCLUDED, EXCLUDED, PARTIAL,
labels	Map of `string`
namespaces	List of StorageEffectiveAccessScopeNamespace

71.1.2.239. StorageEffectiveAccessScopeNamespace

Field Name	Type	Format
id	String
name	String
state	StorageEffectiveAccessScopeState	UNKNOWN, INCLUDED, EXCLUDED, PARTIAL,
labels	Map of `string`

71.1.2.240. StorageEffectiveAccessScopeState

Enum Values
UNKNOWN
INCLUDED
EXCLUDED
PARTIAL

71.1.2.241. StorageEmail

Field Name	Type	Description	Format
server	String
sender	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
disableTLS	Boolean
DEPRECATEDUseStartTLS	Boolean
from	String
startTLSAuthMethod	EmailAuthMethod		DISABLED, PLAIN, LOGIN,
allowUnauthenticatedSmtp	Boolean

71.1.2.242. StorageEmailNotifierConfiguration

Field Name	Required	Nullable	Type	Description	Format
notifierId			String
mailingLists			List of `string`
customSubject			String
customBody			String

71.1.2.243. StorageEmbeddedImageScanComponent

Next Tag: 13

Field Name	Type	Description	Format
name	String
version	String
license	StorageLicense
vulns	List of StorageEmbeddedVulnerability
layerIndex	Integer		int32
priority	String		int64
source	StorageSourceType		OS, PYTHON, JAVA, RUBY, NODEJS, GO, DOTNETCORERUNTIME, INFRASTRUCTURE,
location	String
topCvss	Float		float
riskScore	Float		float
fixedBy	String	Component version that fixes all the fixable vulnerabilities in this component.
executables	List of StorageEmbeddedImageScanComponentExecutable

71.1.2.244. StorageEmbeddedImageScanComponentExecutable

Field Name	Required	Nullable	Type	Description	Format
path			String
dependencies			List of `string`

71.1.2.245. StorageEmbeddedNodeScanComponent

Field Name	Type	Format
name	String
version	String
vulns	List of StorageEmbeddedVulnerability
vulnerabilities	List of StorageNodeVulnerability
priority	String	int64
topCvss	Float	float
riskScore	Float	float

71.1.2.246. StorageEmbeddedSecret

Field Name	Required	Nullable	Type	Description	Format
name			String
path			String

71.1.2.247. StorageEmbeddedVulnerability

Next Tag: 22

Field Name	Type	Description	Format
cve	String
cvss	Float		float
summary	String
link	String
fixedBy	String
scoreVersion	StorageEmbeddedVulnerabilityScoreVersion		V2, V3,
cvssV2	StorageCVSSV2
cvssV3	StorageCVSSV3
publishedOn	Date		date-time
lastModified	Date		date-time
vulnerabilityType	EmbeddedVulnerabilityVulnerabilityType		UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,
vulnerabilityTypes	List of EmbeddedVulnerabilityVulnerabilityType
suppressed	Boolean
suppressActivation	Date		date-time
suppressExpiry	Date		date-time
firstSystemOccurrence	Date	Time when the CVE was first seen, for this specific distro, in the system.	date-time
firstImageOccurrence	Date	Time when the CVE was first seen in this image.	date-time
severity	StorageVulnerabilitySeverity		UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,
state	StorageVulnerabilityState		OBSERVED, DEFERRED, FALSE_POSITIVE,
cvssMetrics	List of StorageCVSSScore
nvdCvss	Float		float

71.1.2.248. StorageEmbeddedVulnerabilityScoreVersion

ScoreVersion can be deprecated ROX-26066

V2: No unset for automatic backwards compatibility

Enum Values
V2
V3

71.1.2.249. StorageEnforcementAction

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

71.1.2.250. StorageEventSource

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

71.1.2.251. StorageExclusion

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

71.1.2.252. StorageExclusionDeployment

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

71.1.2.253. StorageExclusionImage

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.254. StorageExportPoliciesResponse

ExportPoliciesResponse is used by the API but it is defined in storage because we expect customers to store them. We do backwards-compatibility checks on objects in the storge folder and those checks should be applied to this object

Field Name	Required	Nullable	Type	Description	Format
policies			List of StoragePolicy

71.1.2.255. StorageExternalBackup

Next available tag: 10

Field Name	Type	Format
id	String
name	String
type	String
schedule	StorageSchedule
backupsToKeep	Integer	int32
s3	StorageS3Config
gcs	StorageGCSConfig
s3compatible	StorageS3Compatible
includeCertificates	Boolean

71.1.2.256. StorageFalsePositiveUpdate

Field Name	Required	Nullable	Type	Description	Format
CVEs			List of `string`

71.1.2.257. StorageGCSConfig

Field Name	Type	Description
bucket	String
serviceAccount	String	The service account for the storage integration. The server will mask the value of this credential in responses and logs.
objectPrefix	String
useWorkloadId	Boolean

71.1.2.258. StorageGeneric

Field Name	Type	Description
endpoint	String
skipTLSVerify	Boolean
caCert	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
headers	List of StorageKeyValuePair
extraFields	List of StorageKeyValuePair
auditLoggingEnabled	Boolean

71.1.2.259. StorageGoogleConfig

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

71.1.2.260. StorageGoogleProviderMetadata

Field Name	Required	Nullable	Type	Description	Format
project			String
clusterName			String	Deprecated in favor of providerMetadata.cluster.name.

71.1.2.261. StorageGroup

Group is a GroupProperties : Role mapping.

Field Name	Required	Nullable	Type	Description	Format
props			StorageGroupProperties
roleName			String	This is the name of the role that will apply to users in this group.

71.1.2.262. StorageGroupProperties

GroupProperties defines the properties of a group. Groups apply to users when their properties match. For instance: - If GroupProperties has only an auth_provider_id, then that group applies to all users logged in with that auth provider. - If GroupProperties in addition has a claim key, then it applies to all users with that auth provider and the claim key, etc. Note: Changes to GroupProperties may require changes to v1.DeleteGroupRequest.

Field Name	Type	Description
id	String	Unique identifier for group properties and respectively the group.
traits	StorageTraits
authProviderId	String
key	String
value	String

71.1.2.263. StorageIBMRegistryConfig

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

71.1.2.264. StorageIPBlock

Field Name	Required	Nullable	Type	Description	Format
cidr			String
except			List of `string`

71.1.2.265. StorageImage

Next Tag: 19

Field Name	Type	Description	Format
id	String
name	StorageImageName
names	List of StorageImageName	This should deprecate the ImageName field long-term, allowing images with the same digest to be associated with different locations. TODO(dhaus): For now, this message will be without search tags due to duplicated search tags otherwise.
metadata	StorageImageMetadata
scan	StorageImageScan
signatureVerificationData	StorageImageSignatureVerificationData
signature	StorageImageSignature
components	Integer		int32
cves	Integer		int32
fixableCves	Integer		int32
lastUpdated	Date		date-time
notPullable	Boolean
isClusterLocal	Boolean
priority	String		int64
riskScore	Float		float
topCvss	Float		float
notes	List of StorageImageNote

71.1.2.266. StorageImageIntegration

Next Tag: 25

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

71.1.2.267. StorageImageIntegrationCategory

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

71.1.2.268. StorageImageIntegrationSource

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

71.1.2.269. StorageImageLayer

Field Name	Type	Format
instruction	String
value	String
created	Date	date-time
author	String
empty	Boolean

71.1.2.270. StorageImageMetadata

If any fields of ImageMetadata are modified including subfields, please check pkg/images/enricher/metadata.go to ensure that those changes will be automatically picked up Next Tag: 6

Field Name	Type	Format
v1	StorageV1Metadata
v2	StorageV2Metadata
layerShas	List of `string`
dataSource	StorageDataSource
version	String	uint64

71.1.2.271. StorageImageName

Field Name	Required	Nullable	Type	Description	Format
registry			String
remote			String
tag			String
fullName			String

71.1.2.272. StorageImageNote

Enum Values
MISSING_METADATA
MISSING_SCAN_DATA
MISSING_SIGNATURE
MISSING_SIGNATURE_VERIFICATION_DATA

71.1.2.273. StorageImagePullSecret

Field Name	Required	Nullable	Type	Description	Format
registries			List of ImagePullSecretRegistry

71.1.2.274. StorageImageScan

Next tag: 8

Field Name	Type	Format
scannerVersion	String
scanTime	Date	date-time
components	List of StorageEmbeddedImageScanComponent
operatingSystem	String
dataSource	StorageDataSource
notes	List of StorageImageScanNote
hash	String	uint64

71.1.2.275. StorageImageScanNote

Enum Values
UNSET
OS_UNAVAILABLE
PARTIAL_SCAN_DATA
OS_CVES_UNAVAILABLE
OS_CVES_STALE
LANGUAGE_CVES_UNAVAILABLE
CERTIFIED_RHEL_SCAN_UNAVAILABLE

71.1.2.276. StorageImageSignature

Field Name	Required	Nullable	Type	Description	Format
signatures			List of StorageSignature
fetched			Date		date-time

71.1.2.277. StorageImageSignatureVerificationData

Field Name	Required	Nullable	Type	Description	Format
results			List of StorageImageSignatureVerificationResult

71.1.2.278. StorageImageSignatureVerificationResult

Next Tag: 6

Field Name	Type	Description	Format
verificationTime	Date		date-time
verifierId	String	verifier_id correlates to the ID of the signature integration used to verify the signature.
status	StorageImageSignatureVerificationResultStatus		UNSET, VERIFIED, FAILED_VERIFICATION, INVALID_SIGNATURE_ALGO, CORRUPTED_SIGNATURE, GENERIC_ERROR,
description	String	description is set in the case of an error with the specific error’s message. Otherwise, this will not be set.
verifiedImageReferences	List of `string`	The full image names that are verified by this specific signature integration ID.

71.1.2.279. StorageImageSignatureVerificationResultStatus

Status represents the status of the result.

VERIFIED: VERIFIED is set when the signature’s verification was successful.
FAILED_VERIFICATION: FAILED_VERIFICATION is set when the signature’s verification failed.
INVALID_SIGNATURE_ALGO: INVALID_SIGNATURE_ALGO is set when the signature’s algorithm is invalid and unsupported.
CORRUPTED_SIGNATURE: CORRUPTED_SIGNATURE is set when the raw signature is corrupted, i.e. wrong base64 encoding.
GENERIC_ERROR: GENERIC_ERROR is set when an error occurred during verification that cannot be associated with a specific status.

Enum Values
UNSET
VERIFIED
FAILED_VERIFICATION
INVALID_SIGNATURE_ALGO
CORRUPTED_SIGNATURE
GENERIC_ERROR

71.1.2.280. StorageIntegrationHealth

Field Name	Type	Format
id	String
name	String
type	StorageIntegrationHealthType	UNKNOWN, IMAGE_INTEGRATION, NOTIFIER, BACKUP, DECLARATIVE_CONFIG,
status	StorageIntegrationHealthStatus	UNINITIALIZED, UNHEALTHY, HEALTHY,
errorMessage	String
lastTimestamp	Date	date-time

71.1.2.281. StorageIntegrationHealthStatus

Enum Values
UNINITIALIZED
UNHEALTHY
HEALTHY

71.1.2.282. StorageIntegrationHealthType

Enum Values
UNKNOWN
IMAGE_INTEGRATION
NOTIFIER
BACKUP
DECLARATIVE_CONFIG

71.1.2.283. StorageJira

Field Name	Type	Description
url	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
issueType	String
priorityMappings	List of JiraPriorityMapping
defaultFieldsJson	String
disablePriority	Boolean

71.1.2.284. StorageK8sRole

Properties of an individual k8s Role or ClusterRole. ////////////////////////////////////////

Field Name	Type	Format
id	String
name	String
namespace	String
clusterId	String
clusterName	String
clusterRole	Boolean
labels	Map of `string`
annotations	Map of `string`
createdAt	Date	date-time
rules	List of StoragePolicyRule

71.1.2.285. StorageK8sRoleBinding

Properties of an individual k8s RoleBinding or ClusterRoleBinding. ////////////////////////////////////////

Field Name	Type	Description	Format
id	String
name	String
namespace	String
clusterId	String
clusterName	String
clusterRole	Boolean	ClusterRole specifies whether the binding binds a cluster role. However, it cannot be used to determine whether the binding is a cluster role binding. This can be done in conjunction with the namespace. If the namespace is empty and cluster role is true, the binding is a cluster role binding.
labels	Map of `string`
annotations	Map of `string`
createdAt	Date		date-time
subjects	List of StorageSubject
roleId	String

71.1.2.286. StorageKeyValuePair

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

71.1.2.287. StorageL4Protocol

Enum Values
L4_PROTOCOL_UNKNOWN
L4_PROTOCOL_TCP
L4_PROTOCOL_UDP
L4_PROTOCOL_ICMP
L4_PROTOCOL_RAW
L4_PROTOCOL_SCTP
L4_PROTOCOL_ANY

71.1.2.288. StorageLabelSelector

Label selector components are joined with logical AND, see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
matchLabels			Map of `string`	This is actually a oneof, but we can’t make it one due to backwards compatibility constraints.
requirements			List of StorageLabelSelectorRequirement

71.1.2.289. StorageLabelSelectorOperator

Enum Values
UNKNOWN
IN
NOT_IN
EXISTS
NOT_EXISTS

71.1.2.290. StorageLabelSelectorRequirement

Next available tag: 4

Field Name	Type	Format
key	String
op	StorageLabelSelectorOperator	UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,
values	List of `string`

71.1.2.291. StorageLicense

Field Name	Required	Nullable	Type	Description	Format
name			String
type			String
url			String

71.1.2.292. StorageLifecycleStage

Enum Values
DEPLOY
BUILD
RUNTIME

71.1.2.293. StorageListAlert

Field Name	Type	Format
id	String
lifecycleStage	StorageLifecycleStage	DEPLOY, BUILD, RUNTIME,
time	Date	date-time
policy	StorageListAlertPolicy
state	StorageViolationState	ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,
enforcementCount	Integer	int32
enforcementAction	StorageEnforcementAction	UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,
commonEntityInfo	ListAlertCommonEntityInfo
deployment	StorageListAlertDeployment
resource	ListAlertResourceEntity

71.1.2.294. StorageListAlertDeployment

Field Name	Type	Description
id	String
name	String
clusterName	String	This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release. This field has moved to CommonEntityInfo
namespace	String	This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release. This field has moved to CommonEntityInfo
clusterId	String	This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release. This field has moved to CommonEntityInfo
inactive	Boolean
namespaceId	String	This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release. This field has moved to CommonEntityInfo
deploymentType	String

71.1.2.295. StorageListAlertPolicy

Field Name	Type	Format
id	String
name	String
severity	StorageSeverity	UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
description	String
categories	List of `string`
developerInternalFields	ListAlertPolicyDevFields

71.1.2.296. StorageListAlertResourceType

A special ListAlert-only enumeration of all resource types. Unlike Alert.Resource.ResourceType this also includes deployment as a type This must be kept in sync with Alert.Resource.ResourceType (excluding the deployment value)

Enum Values
DEPLOYMENT
SECRETS
CONFIGMAPS
CLUSTER_ROLES
CLUSTER_ROLE_BINDINGS
NETWORK_POLICIES
SECURITY_CONTEXT_CONSTRAINTS
EGRESS_FIREWALLS

71.1.2.297. StorageListDeployment

Next available tag: 9

Field Name	Type	Format
id	String
hash	String	uint64
name	String
cluster	String
clusterId	String
namespace	String
created	Date	date-time
priority	String	int64

71.1.2.298. StorageListImage

Field Name	Type	Format
id	String
name	String
components	Integer	int32
cves	Integer	int32
fixableCves	Integer	int32
created	Date	date-time
lastUpdated	Date	date-time
priority	String	int64

71.1.2.299. StorageListPolicy

Field Name	Type	Format
id	String
name	String
description	String
severity	StorageSeverity	UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
disabled	Boolean
lifecycleStages	List of StorageLifecycleStage
notifiers	List of `string`
lastUpdated	Date	date-time
eventSource	StorageEventSource	NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
isDefault	Boolean
source	StoragePolicySource	IMPERATIVE, DECLARATIVE,

71.1.2.300. StorageListSecret

Field Name	Type	Format
id	String
name	String
clusterId	String
clusterName	String
namespace	String
types	List of StorageSecretType
createdAt	Date	date-time

71.1.2.301. StorageLivenessProbe

Field Name	Required	Nullable	Type	Description	Format
defined			Boolean

71.1.2.302. StorageLoginNotice

Field Name	Required	Nullable	Type	Description	Format
enabled			Boolean
text			String

71.1.2.303. StorageManagerType

Enum Values
MANAGER_TYPE_UNKNOWN
MANAGER_TYPE_MANUAL
MANAGER_TYPE_HELM_CHART
MANAGER_TYPE_KUBERNETES_OPERATOR

71.1.2.304. StorageMatchType

Enum Values
EXACT
REGEX

71.1.2.305. StorageMicrosoftSentinel

Field Name	Type	Description
logIngestionEndpoint	String	log_ingestion_endpoint is the log ingestion endpoint.
directoryTenantId	String	directory_tenant_id contains the ID of the Microsoft Directory ID of the selected tenant.
applicationClientId	String	application_client_id contains the ID of the application ID of the service principal.
secret	String	secret contains the client secret.
alertDcrConfig	MicrosoftSentinelDataCollectionRuleConfig
auditLogDcrConfig	MicrosoftSentinelDataCollectionRuleConfig
clientCertAuthConfig	MicrosoftSentinelClientCertAuthConfig

71.1.2.306. StorageMitreAttackVector

Field Name	Required	Nullable	Type	Description	Format
tactic			StorageMitreTactic
techniques			List of StorageMitreTechnique

71.1.2.307. StorageMitreTactic

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
description			String

71.1.2.308. StorageMitreTechnique

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
description			String

71.1.2.309. StorageNamespaceMetadata

Field Name	Type	Format
id	String
name	String
clusterId	String
clusterName	String
labels	Map of `string`
creationTime	Date	date-time
priority	String	int64
annotations	Map of `string`

71.1.2.310. StorageNetworkBaseline

NetworkBaseline represents a network baseline of a deployment. It contains all the baseline peers and their respective connections. next available tag: 8

Field Name	Type	Description	Format
deploymentId	String	This is the ID of the baseline.
clusterId	String
namespace	String
peers	List of StorageNetworkBaselinePeer
forbiddenPeers	List of StorageNetworkBaselinePeer	A list of peers that will never be added to the baseline. For now, this contains peers that the user has manually removed. This is used to ensure we don’t add it back in the event we see the flow again.
observationPeriodEnd	Date		date-time
locked	Boolean
deploymentName	String

71.1.2.311. StorageNetworkBaselineConnectionProperties

NetworkBaselineConnectionProperties represents information about a baseline connection next available tag: 4

Field Name	Type	Format
ingress	Boolean
port	Long	int64
protocol	StorageL4Protocol	L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

71.1.2.312. StorageNetworkBaselinePeer

NetworkBaselinePeer represents a baseline peer. next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
entity			StorageNetworkEntity
properties			List of StorageNetworkBaselineConnectionProperties

71.1.2.313. StorageNetworkEntity

Field Name	Required	Nullable	Type	Description	Format
info			StorageNetworkEntityInfo
scope			StorageNetworkEntityScope

71.1.2.314. StorageNetworkEntityInfo

Field Name	Type	Format
type	StorageNetworkEntityInfoType	UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,
id	String
deployment	StorageNetworkEntityInfoDeployment
externalSource	NetworkEntityInfoExternalSource

71.1.2.315. StorageNetworkEntityInfoDeployment

Field Name	Required	Nullable	Type	Description	Format
name			String
namespace			String
cluster			String
listenPorts			List of DeploymentListenPort

71.1.2.316. StorageNetworkEntityInfoType

INTERNAL_ENTITIES: INTERNAL_ENTITIES is for grouping all internal entities under a single network graph node

Enum Values
UNKNOWN_TYPE
DEPLOYMENT
INTERNET
LISTEN_ENDPOINT
EXTERNAL_SOURCE
INTERNAL_ENTITIES

71.1.2.317. StorageNetworkEntityScope

Field Name	Required	Nullable	Type	Description	Format
clusterId			String

71.1.2.318. StorageNetworkFlow

Field Name	Type	Format
props	StorageNetworkFlowProperties
lastSeenTimestamp	Date	date-time
clusterId	String

71.1.2.319. StorageNetworkFlowProperties

Field Name	Type	Description	Format
srcEntity	StorageNetworkEntityInfo
dstEntity	StorageNetworkEntityInfo
dstPort	Long	may be 0 if not applicable (e.g., icmp).	int64
l4protocol	StorageL4Protocol		L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

71.1.2.320. StorageNetworkGraphConfig

Field Name	Required	Nullable	Type	Description	Format
id			String
hideDefaultExternalSrcs			Boolean

71.1.2.321. StorageNetworkPolicy

Field Name	Type	Format
id	String
name	String
clusterId	String
clusterName	String
namespace	String
labels	Map of `string`
annotations	Map of `string`
spec	StorageNetworkPolicySpec
yaml	String
apiVersion	String
created	Date	date-time

71.1.2.322. StorageNetworkPolicyApplicationUndoRecord

Field Name	Type	Format
clusterId	String
user	String
applyTimestamp	Date	date-time
originalModification	StorageNetworkPolicyModification
undoModification	StorageNetworkPolicyModification

71.1.2.323. StorageNetworkPolicyEgressRule

Field Name	Required	Nullable	Type	Description	Format
ports			List of StorageNetworkPolicyPort
to			List of StorageNetworkPolicyPeer

71.1.2.324. StorageNetworkPolicyIngressRule

Field Name	Required	Nullable	Type	Description	Format
ports			List of StorageNetworkPolicyPort
from			List of StorageNetworkPolicyPeer

71.1.2.325. StorageNetworkPolicyModification

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
applyYaml			String
toDelete			List of StorageNetworkPolicyReference

71.1.2.326. StorageNetworkPolicyPeer

Field Name	Required	Nullable	Type	Description	Format
podSelector			StorageLabelSelector
namespaceSelector			StorageLabelSelector
ipBlock			StorageIPBlock

71.1.2.327. StorageNetworkPolicyPort

Field Name	Type	Format
protocol	StorageProtocol	UNSET_PROTOCOL, TCP_PROTOCOL, UDP_PROTOCOL, SCTP_PROTOCOL,
port	Integer	int32
portName	String

71.1.2.328. StorageNetworkPolicyReference

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
namespace			String
name			String

71.1.2.329. StorageNetworkPolicySpec

Field Name	Required	Nullable	Type	Description	Format
podSelector			StorageLabelSelector
ingress			List of StorageNetworkPolicyIngressRule
egress			List of StorageNetworkPolicyEgressRule
policyTypes			List of StorageNetworkPolicyType

71.1.2.330. StorageNetworkPolicyType

Enum Values
UNSET_NETWORK_POLICY_TYPE
INGRESS_NETWORK_POLICY_TYPE
EGRESS_NETWORK_POLICY_TYPE

71.1.2.331. StorageNode

Node represents information about a node in the cluster. next available tag: 28

Field Name	Type	Description	Format
id	String	A unique ID identifying this node.
name	String	The (host)name of the node. Might or might not be the same as ID.
taints	List of StorageTaint
clusterId	String
clusterName	String
labels	Map of `string`
annotations	Map of `string`
joinedAt	Date		date-time
internalIpAddresses	List of `string`
externalIpAddresses	List of `string`
containerRuntimeVersion	String	Use container_runtime.version
containerRuntime	StorageContainerRuntimeInfo
kernelVersion	String
operatingSystem	String	From NodeInfo. Operating system reported by the node (ex: linux).
osImage	String	From NodeInfo. OS image reported by the node from /etc/os-release.
kubeletVersion	String
kubeProxyVersion	String
lastUpdated	Date		date-time
k8sUpdated	Date	Time we received an update from Kubernetes.	date-time
scan	StorageNodeScan
components	Integer		int32
cves	Integer		int32
fixableCves	Integer		int32
priority	String		int64
riskScore	Float		float
topCvss	Float		float
notes	List of StorageNodeNote

71.1.2.332. StorageNodeNote

Enum Values
MISSING_SCAN_DATA

71.1.2.333. StorageNodeScan

Next tag: 5

Field Name	Type	Format
scanTime	Date	date-time
operatingSystem	String
components	List of StorageEmbeddedNodeScanComponent
notes	List of StorageNodeScanNote
scannerVersion	NodeScanScanner	SCANNER, SCANNER_V4,

71.1.2.334. StorageNodeScanNote

Enum Values
UNSET
UNSUPPORTED
KERNEL_UNSUPPORTED
CERTIFIED_RHEL_CVES_UNAVAILABLE

71.1.2.335. StorageNodeVulnerability

Field Name	Type	Format
cveBaseInfo	StorageCVEInfo
cvss	Float	float
severity	StorageVulnerabilitySeverity	UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,
fixedBy	String
snoozed	Boolean
snoozeStart	Date	date-time
snoozeExpiry	Date	date-time

71.1.2.336. StorageNotifier

Next Tag: 21

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
uiEndpoint			String
labelKey			String
labelDefault			String
jira			StorageJira
email			StorageEmail
cscc			StorageCSCC
splunk			StorageSplunk
pagerduty			StoragePagerDuty
generic			StorageGeneric
sumologic			StorageSumoLogic
awsSecurityHub			StorageAWSSecurityHub
syslog			StorageSyslog
microsoftSentinel			StorageMicrosoftSentinel
notifierSecret			String
traits			StorageTraits

71.1.2.337. StorageNotifierConfiguration

Field Name	Required	Nullable	Type	Description	Format
emailConfig			StorageEmailNotifierConfiguration
id			String

71.1.2.338. StorageOperationStatus

Enum Values
FAIL
PASS

71.1.2.339. StorageOrchestratorMetadata

Field Name	Type	Format
version	String
openshiftVersion	String
buildDate	Date	date-time
apiVersions	List of `string`

71.1.2.340. StoragePagerDuty

Field Name	Required	Nullable	Type	Description	Format
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

71.1.2.341. StoragePermissionLevel

For any update to PermissionLevel, also update: - pkg/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js

Enum Values
UNSET
NONE
DEFAULT
ELEVATED_IN_NAMESPACE
ELEVATED_CLUSTER_WIDE
CLUSTER_ADMIN

71.1.2.342. StoragePermissionSet

This encodes a set of permissions for StackRox resources.

Field Name	Type	Description
id	String	id is generated and cannot be changed.
name	String	`name` and `description` are provided by the user and can be changed.
description	String
resourceToAccess	Map of StorageAccess
traits	StorageTraits

71.1.2.343. StoragePod

Pod represents information for a currently running pod or deleted pod in an active deployment.

Field Name	Type	Description	Format
id	String
name	String
deploymentId	String
namespace	String
clusterId	String
liveInstances	List of StorageContainerInstance
terminatedInstances	List of PodContainerInstanceList	Must be a list of lists, so we can perform search queries (does not work for maps that aren’t <string, string>) There is one bucket (list) per container name.
started	Date	Time Kubernetes reports the pod was created.	date-time

71.1.2.344. StoragePolicy

Next tag: 28

Field Name	Type	Description	Format
id	String
name	String	Name of the policy. Must be unique.
description	String	Free-form text description of this policy.
rationale	String
remediation	String	Describes how to remediate a violation of this policy.
disabled	Boolean	Toggles whether or not this policy will be executing and actively firing alerts.
categories	List of `string`	List of categories that this policy falls under. Category names must already exist in Central.
lifecycleStages	List of StorageLifecycleStage	Describes which policy lifecylce stages this policy applies to. Choices are DEPLOY, BUILD, and RUNTIME.
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion	Define deployments or images that should be excluded from this policy.
scope	List of StorageScope	Defines clusters, namespaces, and deployments that should be included in this policy. No scopes defined includes everything.
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates. Lists the enforcement actions to take when a violation from this policy is identified. Possible value are UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, and. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT.
notifiers	List of `string`	List of IDs of the notifiers that should be triggered when a violation from this policy is identified. IDs should be in the form of a UUID and are found through the Central API.
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection	PolicySections define the violation criteria for this policy.
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.
source	StoragePolicySource		IMPERATIVE, DECLARATIVE,

71.1.2.345. StoragePolicyGroup

Field Name	Type	Description	Format
fieldName	String	Defines which field on a deployment or image this PolicyGroup evaluates. See https://docs.openshift.com/acs/operating/manage-security-policies.html#policy-criteria_manage-security-policies for a complete list of possible values.
booleanOperator	StorageBooleanOperator		OR, AND,
negate	Boolean	Determines if the evaluation of this PolicyGroup is negated. Default to false.
values	List of StoragePolicyValue

71.1.2.346. StoragePolicyRule

Properties of an individual rules that grant permissions to resources. ////////////////////////////////////////

Field Name	Required	Nullable	Type	Description	Format
verbs			List of `string`
apiGroups			List of `string`
resources			List of `string`
nonResourceUrls			List of `string`
resourceNames			List of `string`

71.1.2.347. StoragePolicySection

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup	The set of policies groups that make up this section. Each group can be considered an individual criterion.

71.1.2.348. StoragePolicySource

Enum Values
IMPERATIVE
DECLARATIVE

71.1.2.349. StoragePolicyValue

Field Name	Required	Nullable	Type	Description	Format
value			String

71.1.2.350. StoragePortConfig

Next Available Tag: 6

Field Name	Type	Format
name	String
containerPort	Integer	int32
protocol	String
exposure	PortConfigExposureLevel	UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,
exposedPort	Integer	int32
exposureInfos	List of PortConfigExposureInfo

71.1.2.351. StoragePrivateConfig

next available tag:9

Field Name	Type	Format
DEPRECATEDAlertRetentionDurationDays	Integer	int32
alertConfig	StorageAlertRetentionConfig
imageRetentionDurationDays	Integer	int32
expiredVulnReqRetentionDurationDays	Integer	int32
decommissionedClusterRetention	StorageDecommissionedClusterRetentionConfig
reportRetentionConfig	StorageReportRetentionConfig
vulnerabilityExceptionConfig	StorageVulnerabilityExceptionConfig
administrationEventsConfig	StorageAdministrationEventsConfig

71.1.2.352. StorageProcessBaseline

Field Name	Type	Format
id	String
key	StorageProcessBaselineKey
elements	List of StorageBaselineElement
elementGraveyard	List of StorageBaselineElement
created	Date	date-time
userLockedTimestamp	Date	date-time
stackRoxLockedTimestamp	Date	date-time
lastUpdate	Date	date-time

71.1.2.353. StorageProcessBaselineKey

Field Name	Type	Description
deploymentId	String	The idea is for the keys to be flexible. Only certain combinations of these will be supported.
containerName	String
clusterId	String
namespace	String

71.1.2.354. StorageProcessIndicator

Next available tag: 13

Field Name	Type	Format
id	String
deploymentId	String
containerName	String
podId	String
podUid	String
signal	StorageProcessSignal
clusterId	String
namespace	String
containerStartTime	Date	date-time
imageId	String

71.1.2.355. StorageProcessListeningOnPort

The API returns an array of these

Field Name	Type	Format
endpoint	ProcessListeningOnPortEndpoint
deploymentId	String
containerName	String
podId	String
podUid	String
signal	StorageProcessSignal
clusterId	String
namespace	String
containerStartTime	Date	date-time
imageId	String

71.1.2.356. StorageProcessSignal

Field Name	Type	Description	Format
id	String	A unique UUID for identifying the message We have this here instead of at the top level because we want to have each message to be self contained.
containerId	String
time	Date		date-time
name	String
args	String
execFilePath	String
pid	Long		int64
uid	Long		int64
gid	Long		int64
lineage	List of `string`
scraped	Boolean
lineageInfo	List of ProcessSignalLineageInfo

71.1.2.357. StorageProtocol

Enum Values
UNSET_PROTOCOL
TCP_PROTOCOL
UDP_PROTOCOL
SCTP_PROTOCOL

71.1.2.358. StorageProviderMetadata

Field Name	Required	Nullable	Type	Description	Format
region			String
zone			String
google			StorageGoogleProviderMetadata
aws			StorageAWSProviderMetadata
azure			StorageAzureProviderMetadata
verified			Boolean
cluster			StorageClusterMetadata

71.1.2.359. StoragePublicConfig

Field Name	Required	Nullable	Type	Description	Format
loginNotice			StorageLoginNotice
header			StorageBannerConfig
footer			StorageBannerConfig
telemetry			StorageTelemetryConfiguration

71.1.2.360. StorageQuayConfig

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

71.1.2.361. StorageReadinessProbe

Field Name	Required	Nullable	Type	Description	Format
defined			Boolean

71.1.2.362. StorageReportConfiguration

Field Name	Type	Format
id	String
name	String
description	String
type	ReportConfigurationReportType	VULNERABILITY,
vulnReportFilters	StorageVulnerabilityReportFilters
scopeId	String
emailConfig	StorageEmailNotifierConfiguration
schedule	StorageSchedule
lastRunStatus	StorageReportLastRunStatus
lastSuccessfulRunTime	Date	date-time
resourceScope	StorageResourceScope
notifiers	List of StorageNotifierConfiguration
creator	StorageSlimUser
version	Integer	int32

71.1.2.363. StorageReportLastRunStatus

Field Name	Type	Format
reportStatus	ReportLastRunStatusRunStatus	SUCCESS, FAILURE,
lastRunTime	Date	date-time
errorMsg	String

71.1.2.364. StorageReportRetentionConfig

next available tag: 4

Field Name	Type	Format
historyRetentionDurationDays	Long	int64
downloadableReportRetentionDays	Long	int64
downloadableReportGlobalRetentionBytes	Long	int64

71.1.2.365. StorageRequestComment

Field Name	Type	Format
id	String
message	String
user	StorageSlimUser
createdAt	Date	date-time

71.1.2.366. StorageRequestExpiry

Field Name	Type	Description	Format
expiresWhenFixed	Boolean	Indicates that this request expires when the associated vulnerability is fixed.
expiresOn	Date	Indicates the timestamp when this request expires.	date-time
expiryType	RequestExpiryExpiryType		TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,

71.1.2.367. StorageRequestStatus

Indicates the status of a request. Requests canceled by the user before they are acted upon by the approver are not tracked/persisted (with the exception of audit logs if it is turned on).

PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.
APPROVED: Indicates that the request has been approved by the approver.
DENIED: Indicates that the request has been denied by the approver.
APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values
PENDING
APPROVED
DENIED
APPROVED_PENDING_UPDATE

71.1.2.368. StorageRequester

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.369. StorageResourceCollection

Field Name	Type	Description	Format
id	String
name	String
description	String
createdAt	Date		date-time
lastUpdated	Date		date-time
createdBy	StorageSlimUser
updatedBy	StorageSlimUser
resourceSelectors	List of StorageResourceSelector	`resource_selectors` resolve as disjunction (OR) with each-other and with selectors from `embedded_collections`. For MVP, the size of resource_selectors will at most be 1 from UX standpoint.
embeddedCollections	List of ResourceCollectionEmbeddedResourceCollection

71.1.2.370. StorageResourceScope

Field Name	Required	Nullable	Type	Description	Format
collectionId			String

71.1.2.371. StorageResourceSelector

Field Name	Required	Nullable	Type	Description	Format
rules			List of StorageSelectorRule	`rules` resolve as a conjunction (AND).

71.1.2.372. StorageResources

Field Name	Type	Format
cpuCoresRequest	Float	float
cpuCoresLimit	Float	float
memoryMbRequest	Float	float
memoryMbLimit	Float	float

71.1.2.373. StorageRisk

Field Name	Type	Format
id	String
subject	StorageRiskSubject
score	Float	float
results	List of StorageRiskResult

71.1.2.374. StorageRiskResult

Field Name	Type	Format
name	String
factors	List of ResultFactor
score	Float	float

71.1.2.375. StorageRiskSubject

Field Name	Type	Format
id	String
namespace	String
clusterId	String
type	StorageRiskSubjectType	UNKNOWN, DEPLOYMENT, NAMESPACE, CLUSTER, NODE, NODE_COMPONENT, IMAGE, IMAGE_COMPONENT, SERVICEACCOUNT,

71.1.2.376. StorageRiskSubjectType

Next tag: 9

Enum Values
UNKNOWN
DEPLOYMENT
NAMESPACE
CLUSTER
NODE
NODE_COMPONENT
IMAGE
IMAGE_COMPONENT
SERVICEACCOUNT

71.1.2.377. StorageRole

A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.

Field Name	Type	Description	Format
name	String	`name` and `description` are provided by the user and can be changed.
description	String
permissionSetId	String	The associated PermissionSet and AccessScope for this Role.
accessScopeId	String
globalAccess	StorageAccess		NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS,
resourceToAccess	Map of StorageAccess	Deprecated 2021-04-20 in favor of `permission_set_id`.
traits	StorageTraits

71.1.2.378. StorageRuleValue

Field Name	Required	Nullable	Type	Description	Format
value			String
matchType			StorageMatchType		EXACT, REGEX,

71.1.2.379. StorageS3Compatible

S3Compatible configures the backup integration with an S3 compatible storage provider. S3 compatible is intended for non-AWS providers. For AWS S3 use S3Config.

Field Name	Type	Description	Format
bucket	String
accessKeyId	String	The access key ID to use. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key to use. The server will mask the value of this credential in responses and logs.
region	String
objectPrefix	String
endpoint	String
urlStyle	StorageS3URLStyle		S3_URL_STYLE_UNSPECIFIED, S3_URL_STYLE_VIRTUAL_HOSTED, S3_URL_STYLE_PATH,

71.1.2.380. StorageS3Config

S3Config configures the backup integration with AWS S3.

Field Name	Type	Description
bucket	String
useIam	Boolean
accessKeyId	String	The access key ID for the storage integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the storage integration. The server will mask the value of this credential in responses and logs.
region	String
objectPrefix	String
endpoint	String

71.1.2.381. StorageS3URLStyle

Enum Values
S3_URL_STYLE_UNSPECIFIED
S3_URL_STYLE_VIRTUAL_HOSTED
S3_URL_STYLE_PATH

71.1.2.382. StorageScannerHealthInfo

ScannerHealthInfo represents health info of a scanner instance that is deployed on a secured cluster (so called "local scanner"). When the scanner is deployed on a central cluster, the following message is NOT used. ScannerHealthInfo carries data about scanner deployment but does not include scanner health status derived from this data. Aggregated scanner health status is not included because it is derived in central and not in the component that first reports ScannerHealthInfo (sensor).

The following fields are made optional/nullable because there can be errors when trying to obtain them and the default value of 0 might be confusing with the actual value 0. In case an error happens when trying to obtain a certain field, it will be absent (instead of having the default value).

Field Name	Type	Description	Format
totalDesiredAnalyzerPods	Integer		int32
totalReadyAnalyzerPods	Integer		int32
totalDesiredDbPods	Integer		int32
totalReadyDbPods	Integer		int32
statusErrors	List of `string`	Collection of errors that occurred while trying to obtain scanner health info.

71.1.2.383. StorageScannerV4Config

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

71.1.2.384. StorageSchedule

Field Name	Type	Format
intervalType	ScheduleIntervalType	UNSET, DAILY, WEEKLY, MONTHLY,
hour	Integer	int32
minute	Integer	int32
weekly	ScheduleWeeklyInterval
daysOfWeek	ScheduleDaysOfWeek
daysOfMonth	ScheduleDaysOfMonth

71.1.2.385. StorageScope

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

71.1.2.386. StorageScopeLabel

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

71.1.2.387. StorageSecret

Flat secret object. Any properties of an individual secret. (regardless of time, scope, or context) ////////////////////////////////////////

Field Name	Type	Description	Format
id	String
name	String
clusterId	String
clusterName	String
namespace	String
type	String
labels	Map of `string`
annotations	Map of `string`
createdAt	Date		date-time
files	List of StorageSecretDataFile	Metadata about the secrets. The secret need not be a file, but rather may be an arbitrary value.
relationship	StorageSecretRelationship

71.1.2.388. StorageSecretContainerRelationship

Secrets can be mounted in a path in a container. Next Tag: 3

Field Name	Required	Nullable	Type	Description	Format
id			String	Id of the container the secret is mounted in.
path			String	Path is a container specific mounting directory.

71.1.2.389. StorageSecretDataFile

Metadata about secret. Additional information is presented for a certificate file and imagePullSecret, but the "file" may also represent some arbitrary value.

Field Name	Type	Format
name	String
type	StorageSecretType	UNDETERMINED, PUBLIC_CERTIFICATE, CERTIFICATE_REQUEST, PRIVACY_ENHANCED_MESSAGE, OPENSSH_PRIVATE_KEY, PGP_PRIVATE_KEY, EC_PRIVATE_KEY, RSA_PRIVATE_KEY, DSA_PRIVATE_KEY, CERT_PRIVATE_KEY, ENCRYPTED_PRIVATE_KEY, IMAGE_PULL_SECRET,
cert	StorageCert
imagePullSecret	StorageImagePullSecret

71.1.2.390. StorageSecretDeploymentRelationship

Secrets can be used by a deployment. Next Tag: 3

Field Name	Required	Nullable	Type	Description	Format
id			String	Id of the deployment using the secret within a container.
name			String	Name of the deployment.

71.1.2.391. StorageSecretRelationship

The combined relationships that belong to the secret. Next Tag: 6

Field Name	Type	Description
id	String
containerRelationships	List of StorageSecretContainerRelationship
deploymentRelationships	List of StorageSecretDeploymentRelationship	Deployment id to relationship.

71.1.2.392. StorageSecretType

Enum Values
UNDETERMINED
PUBLIC_CERTIFICATE
CERTIFICATE_REQUEST
PRIVACY_ENHANCED_MESSAGE
OPENSSH_PRIVATE_KEY
PGP_PRIVATE_KEY
EC_PRIVATE_KEY
RSA_PRIVATE_KEY
DSA_PRIVATE_KEY
CERT_PRIVATE_KEY
ENCRYPTED_PRIVATE_KEY
IMAGE_PULL_SECRET

71.1.2.393. StorageSecurityContext

Field Name	Required	Nullable	Type	Description	Format
privileged			Boolean
selinux			SecurityContextSELinux
dropCapabilities			List of `string`
addCapabilities			List of `string`
readOnlyRootFilesystem			Boolean
seccompProfile			SecurityContextSeccompProfile
allowPrivilegeEscalation			Boolean

71.1.2.394. StorageSelectorRule

Field Name	Type	Description	Format
fieldName	String
operator	StorageBooleanOperator		OR, AND,
values	List of StorageRuleValue	`values` resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

71.1.2.395. StorageSensorDeploymentIdentification

StackRoxDeploymentIdentification aims at uniquely identifying a StackRox Sensor deployment. It is used to determine whether a sensor connection comes from a sensor pod that has restarted or was recreated (possibly after a network partition), or from a deployment in a different namespace or cluster.

Field Name	Required	Nullable	Type	Description	Format
systemNamespaceId			String
defaultNamespaceId			String
appNamespace			String
appNamespaceId			String
appServiceaccountId			String
k8sNodeName			String

71.1.2.396. StorageSensorUpgradeConfig

SensorUpgradeConfig encapsulates configuration relevant to sensor auto-upgrades.

Field Name	Required	Nullable	Type	Description	Format
enableAutoUpgrade			Boolean	Whether to automatically trigger upgrades for out-of-date sensors.

71.1.2.397. StorageServiceAccount

Any properties of an individual service account. (regardless of time, scope, or context) ////////////////////////////////////////

Field Name	Type	Format
id	String
name	String
namespace	String
clusterName	String
clusterId	String
labels	Map of `string`
annotations	Map of `string`
createdAt	Date	date-time
automountToken	Boolean
secrets	List of `string`
imagePullSecrets	List of `string`

71.1.2.398. StorageServiceIdentity

Field Name	Type	Format
serialStr	String
serial	String	int64
id	String
type	StorageServiceType	UNKNOWN_SERVICE, SENSOR_SERVICE, CENTRAL_SERVICE, CENTRAL_DB_SERVICE, REMOTE_SERVICE, COLLECTOR_SERVICE, MONITORING_UI_SERVICE, MONITORING_DB_SERVICE, MONITORING_CLIENT_SERVICE, BENCHMARK_SERVICE, SCANNER_SERVICE, SCANNER_DB_SERVICE, ADMISSION_CONTROL_SERVICE, SCANNER_V4_INDEXER_SERVICE, SCANNER_V4_MATCHER_SERVICE, SCANNER_V4_DB_SERVICE, SCANNER_V4_SERVICE, REGISTRANT_SERVICE,
initBundleId	String

71.1.2.399. StorageServiceType

Next available tag: 18

SCANNER_V4_SERVICE: This is used when Scanner V4 is run in combo-mode.

Enum Values
UNKNOWN_SERVICE
SENSOR_SERVICE
CENTRAL_SERVICE
CENTRAL_DB_SERVICE
REMOTE_SERVICE
COLLECTOR_SERVICE
MONITORING_UI_SERVICE
MONITORING_DB_SERVICE
MONITORING_CLIENT_SERVICE
BENCHMARK_SERVICE
SCANNER_SERVICE
SCANNER_DB_SERVICE
ADMISSION_CONTROL_SERVICE
SCANNER_V4_INDEXER_SERVICE
SCANNER_V4_MATCHER_SERVICE
SCANNER_V4_DB_SERVICE
SCANNER_V4_SERVICE
REGISTRANT_SERVICE

71.1.2.400. StorageSetBasedLabelSelector

SetBasedLabelSelector only allows set-based label requirements.

Next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
requirements			List of StorageSetBasedLabelSelectorRequirement

71.1.2.401. StorageSetBasedLabelSelectorOperator

Enum Values
UNKNOWN
IN
NOT_IN
EXISTS
NOT_EXISTS

71.1.2.402. StorageSetBasedLabelSelectorRequirement

Next available tag: 4

Field Name	Type	Format
key	String
op	StorageSetBasedLabelSelectorOperator	UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,
values	List of `string`

71.1.2.403. StorageSeverity

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

71.1.2.404. StorageSignature

Field Name	Required	Nullable	Type	Description	Format
cosign			StorageCosignSignature

71.1.2.405. StorageSignatureIntegration

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
cosign			StorageCosignPublicKeyVerification
cosignCertificates			List of StorageCosignCertificateVerification

71.1.2.406. StorageSimpleAccessScope

Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.

Field Name	Type	Description
id	String	`id` is generated and cannot be changed.
name	String	`name` and `description` are provided by the user and can be changed.
description	String
rules	SimpleAccessScopeRules
traits	StorageTraits

71.1.2.407. StorageSlimUser

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.408. StorageSource

Enum Values
SOURCE_UNKNOWN
SOURCE_RED_HAT
SOURCE_OSV
SOURCE_NVD

71.1.2.409. StorageSourceType

Enum Values
OS
PYTHON
JAVA
RUBY
NODEJS
GO
DOTNETCORERUNTIME
INFRASTRUCTURE

71.1.2.410. StorageSplunk

Field Name	Type	Description	Format
httpToken	String	The HTTP token for the integration. The server will mask the value of this credential in responses and logs.
httpEndpoint	String
insecure	Boolean
truncate	String		int64
auditLoggingEnabled	Boolean
derivedSourceType	Boolean
sourceTypes	Map of `string`

71.1.2.411. StorageStaticClusterConfig

The difference between Static and Dynamic cluster config is that Static values are not sent over the Central to Sensor gRPC connection. They are used, for example, to generate manifests that can be used to set up the Secured Cluster’s k8s components. They are not dynamically reloaded.

Field Name	Type	Format
type	StorageClusterType	GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,
mainImage	String
centralApiEndpoint	String
collectionMethod	StorageCollectionMethod	UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,
collectorImage	String
admissionController	Boolean
admissionControllerUpdates	Boolean
tolerationsConfig	StorageTolerationsConfig
slimCollector	Boolean
admissionControllerEvents	Boolean

71.1.2.412. StorageSubject

Properties of an individual subjects who are granted roles via role bindings. ////////////////////////////////////////

Field Name	Type	Format
id	String
kind	StorageSubjectKind	UNSET_KIND, SERVICE_ACCOUNT, USER, GROUP,
name	String
namespace	String
clusterId	String
clusterName	String

71.1.2.413. StorageSubjectKind

Enum Values
UNSET_KIND
SERVICE_ACCOUNT
USER
GROUP

71.1.2.414. StorageSumoLogic

Field Name	Required	Nullable	Type	Description	Format
httpSourceAddress			String
skipTLSVerify			Boolean

71.1.2.415. StorageSyslog

Field Name	Type	Format
localFacility	SyslogLocalFacility	LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7,
tcpConfig	SyslogTCPConfig
extraFields	List of StorageKeyValuePair
messageFormat	SyslogMessageFormat	LEGACY, CEF,

71.1.2.416. StorageTaint

Field Name	Type	Format
key	String
value	String
taintEffect	StorageTaintEffect	UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

71.1.2.417. StorageTaintEffect

Enum Values
UNKNOWN_TAINT_EFFECT
NO_SCHEDULE_TAINT_EFFECT
PREFER_NO_SCHEDULE_TAINT_EFFECT
NO_EXECUTE_TAINT_EFFECT

71.1.2.418. StorageTelemetryConfiguration

Field Name	Required	Nullable	Type	Description	Format
enabled			Boolean
lastSetTime			Date		date-time

71.1.2.419. StorageTokenMetadata

Next available tag: 8

Field Name	Type	Format
id	String
name	String
roles	List of `string`
issuedAt	Date	date-time
expiration	Date	date-time
revoked	Boolean
role	String

71.1.2.420. StorageToleration

Field Name	Type	Format
key	String
operator	StorageTolerationOperator	TOLERATION_OPERATION_UNKNOWN, TOLERATION_OPERATOR_EXISTS, TOLERATION_OPERATOR_EQUAL,
value	String
taintEffect	StorageTaintEffect	UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

71.1.2.421. StorageTolerationOperator

Enum Values
TOLERATION_OPERATION_UNKNOWN
TOLERATION_OPERATOR_EXISTS
TOLERATION_OPERATOR_EQUAL

71.1.2.422. StorageTolerationsConfig

Field Name	Required	Nullable	Type	Description	Format
disabled			Boolean

71.1.2.423. StorageTraits

Field Name	Type	Format
mutabilityMode	TraitsMutabilityMode	ALLOW_MUTATE, ALLOW_MUTATE_FORCED,
visibility	TraitsVisibility	VISIBLE, HIDDEN,
origin	TraitsOrigin	IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

71.1.2.424. StorageUpgradeProgress

Field Name	Type	Format
upgradeState	UpgradeProgressUpgradeState	UPGRADE_INITIALIZING, UPGRADER_LAUNCHING, UPGRADER_LAUNCHED, PRE_FLIGHT_CHECKS_COMPLETE, UPGRADE_OPERATIONS_DONE, UPGRADE_COMPLETE, UPGRADE_INITIALIZATION_ERROR, PRE_FLIGHT_CHECKS_FAILED, UPGRADE_ERROR_ROLLING_BACK, UPGRADE_ERROR_ROLLED_BACK, UPGRADE_ERROR_ROLLBACK_FAILED, UPGRADE_ERROR_UNKNOWN, UPGRADE_TIMED_OUT,
upgradeStatusDetail	String
since	Date	date-time

71.1.2.425. StorageUser

User is an object that allows us to track the roles a user is tied to, and how they logged in.

Field Name	Required	Nullable	Type	Description	Format
id			String
authProviderId			String
attributes			List of StorageUserAttribute
idpToken			String

71.1.2.426. StorageUserAttribute

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

71.1.2.427. StorageUserInfo

Field Name	Required	Nullable	Type	Description	Format
username			String
friendlyName			String
permissions			UserInfoResourceToAccess
roles			List of StorageUserInfoRole

71.1.2.428. StorageUserInfoRole

Role is wire compatible with the old format of storage.Role and hence only includes role name and associated permissions.

Field Name	Required	Nullable	Type	Description	Format
name			String
resourceToAccess			Map of StorageAccess

71.1.2.429. StorageV1Metadata

Field Name	Type	Format
digest	String
created	Date	date-time
author	String
layers	List of StorageImageLayer
user	String
command	List of `string`
entrypoint	List of `string`
volumes	List of `string`
labels	Map of `string`

71.1.2.430. StorageV2Metadata

Field Name	Required	Nullable	Type	Description	Format
digest			String

71.1.2.431. StorageViolationState

Enum Values
ACTIVE
SNOOZED
RESOLVED
ATTEMPTED

71.1.2.432. StorageVolume

Field Name	Type	Format
name	String
source	String
destination	String
readOnly	Boolean
type	String
mountPropagation	VolumeMountPropagation	NONE, HOST_TO_CONTAINER, BIDIRECTIONAL,

71.1.2.433. StorageVulnerabilityExceptionConfig

Field Name	Required	Nullable	Type	Description	Format
expiryOptions			StorageVulnerabilityExceptionConfigExpiryOptions

71.1.2.434. StorageVulnerabilityExceptionConfigExpiryOptions

Field Name	Required	Nullable	Type	Description	Format
dayOptions			List of StorageDayOption
fixableCveOptions			StorageVulnerabilityExceptionConfigFixableCVEOptions
customDate			Boolean
indefinite			Boolean

71.1.2.435. StorageVulnerabilityExceptionConfigFixableCVEOptions

Field Name	Required	Nullable	Type	Description	Format
allFixable			Boolean
anyFixable			Boolean

71.1.2.436. StorageVulnerabilityReportFilters

Field Name	Type	Format
fixability	VulnerabilityReportFiltersFixability	BOTH, FIXABLE, NOT_FIXABLE,
sinceLastReport	Boolean
severities	List of StorageVulnerabilitySeverity
imageTypes	List of VulnerabilityReportFiltersImageType
allVuln	Boolean
sinceLastSentScheduledReport	Boolean
sinceStartDate	Date	date-time
accessScopeRules	List of SimpleAccessScopeRules
includeNvdCvss	Boolean

71.1.2.437. StorageVulnerabilityRequest

Next available tag: 30 VulnerabilityRequest encapsulates a request such as deferral request and false-positive request.

Field Name	Type	Description	Format
id	String
name	String
targetState	StorageVulnerabilityState		OBSERVED, DEFERRED, FALSE_POSITIVE,
status	StorageRequestStatus		PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,
expired	Boolean	Indicates if this request is a historical request that is no longer in effect due to deferral expiry, cancellation, or restarting cve observation.
requestor	StorageSlimUser
approvers	List of StorageSlimUser
createdAt	Date		date-time
lastUpdated	Date		date-time
comments	List of StorageRequestComment
scope	StorageVulnerabilityRequestScope
requesterV2	StorageRequester
approversV2	List of StorageApprover
deferralReq	StorageDeferralRequest
fpRequest	Object
cves	VulnerabilityRequestCVEs
updatedDeferralReq	StorageDeferralRequest
deferralUpdate	StorageDeferralUpdate
falsePositiveUpdate	StorageFalsePositiveUpdate

71.1.2.438. StorageVulnerabilityRequestScope

Field Name	Required	Nullable	Type	Description	Format
imageScope			VulnerabilityRequestScopeImage
globalScope			Object

71.1.2.439. StorageVulnerabilitySeverity

Enum Values
UNKNOWN_VULNERABILITY_SEVERITY
LOW_VULNERABILITY_SEVERITY
MODERATE_VULNERABILITY_SEVERITY
IMPORTANT_VULNERABILITY_SEVERITY
CRITICAL_VULNERABILITY_SEVERITY

71.1.2.440. StorageVulnerabilityState

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

OBSERVED: [Default state]

Enum Values
OBSERVED
DEFERRED
FALSE_POSITIVE

71.1.2.441. StorageWatchedImage

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.442. SyslogLocalFacility

Enum Values
LOCAL0
LOCAL1
LOCAL2
LOCAL3
LOCAL4
LOCAL5
LOCAL6
LOCAL7

71.1.2.443. SyslogMessageFormat

Enum Values
LEGACY
CEF

71.1.2.444. SyslogTCPConfig

Field Name	Type	Format
hostname	String
port	Integer	int32
skipTlsVerify	Boolean
useTls	Boolean

71.1.2.445. TraceBuiltInAuthorizer

Field Name	Type	Format
clustersTotalNum	Integer	int32
namespacesTotalNum	Integer	int32
deniedAuthzDecisions	Map of `integer`	int32
allowedAuthzDecisions	Map of `integer`	int32
effectiveAccessScopes	Map of `string`

71.1.2.446. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values
ALLOW_MUTATE
ALLOW_MUTATE_FORCED

71.1.2.447. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values
IMPERATIVE
DEFAULT
DECLARATIVE
DECLARATIVE_ORPHANED

71.1.2.448. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values
VISIBLE
HIDDEN

71.1.2.449. UpgradeProcessStatusUpgradeProcessType

UPGRADE: UPGRADE represents a sensor version upgrade.
CERT_ROTATION: CERT_ROTATION represents an upgrade process that only rotates the TLS certs used by the cluster, without changing anything else.

Enum Values
UPGRADE
CERT_ROTATION

71.1.2.450. UpgradeProgressUpgradeState

UPGRADER_LAUNCHING: In-progress states.
UPGRADE_COMPLETE: The success state. PLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS AND ALL ERROR STATES BELOW THIS.
UPGRADE_INITIALIZATION_ERROR: Error states.

Enum Values
UPGRADE_INITIALIZING
UPGRADER_LAUNCHING
UPGRADER_LAUNCHED
PRE_FLIGHT_CHECKS_COMPLETE
UPGRADE_OPERATIONS_DONE
UPGRADE_COMPLETE
UPGRADE_INITIALIZATION_ERROR
PRE_FLIGHT_CHECKS_FAILED
UPGRADE_ERROR_ROLLING_BACK
UPGRADE_ERROR_ROLLED_BACK
UPGRADE_ERROR_ROLLBACK_FAILED
UPGRADE_ERROR_UNKNOWN
UPGRADE_TIMED_OUT

71.1.2.451. UserInfoResourceToAccess

ResourceToAccess represents a collection of permissions. It is wire compatible with the old format of storage.Role and replaces it in places where only aggregated permissions are required.

Field Name	Required	Nullable	Type	Description	Format
resourceToAccess			Map of StorageAccess

71.1.2.452. V1AddAuthMachineToMachineConfigRequest

Field Name	Required	Nullable	Type	Description	Format
config			V1AuthMachineToMachineConfig

71.1.2.453. V1AddAuthMachineToMachineConfigResponse

Field Name	Required	Nullable	Type	Description	Format
config			V1AuthMachineToMachineConfig

71.1.2.454. V1AdministrationEvent

AdministrationEvents are administrative events emitted by Central. They are used to create transparency for users for asynchronous, background tasks. Events are part of Central’s system health view.

Field Name	Type	Description	Format
id	String	UUID of the event.
type	V1AdministrationEventType		ADMINISTRATION_EVENT_TYPE_UNKNOWN, ADMINISTRATION_EVENT_TYPE_GENERIC, ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE,
level	V1AdministrationEventLevel		ADMINISTRATION_EVENT_LEVEL_UNKNOWN, ADMINISTRATION_EVENT_LEVEL_INFO, ADMINISTRATION_EVENT_LEVEL_SUCCESS, ADMINISTRATION_EVENT_LEVEL_WARNING, ADMINISTRATION_EVENT_LEVEL_ERROR,
message	String	Message associated with the event. The message may include detailed information for this particular event.
hint	String	Hint associated with the event. The hint may include different information based on the type of event. It can include instructions to resolve an event, or informational hints.
domain	String	Domain associated with the event. An event’s domain outlines the feature domain where the event was created from. As an example, this might be "Image Scanning". In case of events that cannot be tied to a specific domain, this will be "General".
resource	V1AdministrationEventResource
numOccurrences	String	Occurrences associated with the event. When events may occur multiple times, the occurrences track the amount.	int64
lastOccurredAt	Date	Specifies the time when the event has last occurred.	date-time
createdAt	Date	Specifies the time when the event has been created.	date-time

71.1.2.455. V1AdministrationEventLevel

AdministrationEventLevel exposes the different levels of events.

Enum Values
ADMINISTRATION_EVENT_LEVEL_UNKNOWN
ADMINISTRATION_EVENT_LEVEL_INFO
ADMINISTRATION_EVENT_LEVEL_SUCCESS
ADMINISTRATION_EVENT_LEVEL_WARNING
ADMINISTRATION_EVENT_LEVEL_ERROR

71.1.2.456. V1AdministrationEventResource

Resource holds all information about the resource associated with the event.

Field Name	Type	Description
type	String	Resource type associated with the event. An event may refer to an underlying resource such as a particular image. In that case, the resource type will be filled here.
id	String	Resource ID associated with the event. If an event refers to an underlying resource, the resource ID identifies the underlying resource. The resource ID is not guaranteed to be set, depending on the context of the administration event.
name	String	Resource name associated with the event. If an event refers to an underlying resource, the resource name identifies the underlying resource. The resource name is not guaranteed to be set, depending on the context of the administration event.

71.1.2.457. V1AdministrationEventType

AdministrationEventType exposes the different types of events.

Enum Values
ADMINISTRATION_EVENT_TYPE_UNKNOWN
ADMINISTRATION_EVENT_TYPE_GENERIC
ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE

71.1.2.458. V1AdministrationEventsFilter

Field Name	Type	Description	Format
from	Date	Matches events with last_occurred_at after a specific timestamp, i.e. the lower boundary.	date-time
until	Date	Matches events with last_occurred_at before a specific timestamp, i.e. the upper boundary.	date-time
domain	List of `string`	Matches events from a specific domain.
resourceType	List of `string`	Matches events associated with a specific resource type.
type	List of V1AdministrationEventType	Matches events based on their type.
level	List of V1AdministrationEventLevel	Matches events based on their level.

71.1.2.459. V1AggregateBy

Field Name	Required	Nullable	Type	Description	Format
aggrFunc			V1Aggregation		UNSET, COUNT, MIN, MAX,
distinct			Boolean

71.1.2.460. V1Aggregation

Enum Values
UNSET
COUNT
MIN
MAX

71.1.2.461. V1AlertEvent

Field Name	Type	Format
time	String	int64
type	V1Type	CREATED, REMOVED,
id	String

71.1.2.462. V1ApproveVulnRequestResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.463. V1AuthMachineToMachineConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field Name	Type	Description	Format
id	String	UUID of the config. Note that when adding a machine to machine config, this field should not be set.
type	V1AuthMachineToMachineConfigType		GENERIC, GITHUB_ACTIONS, KUBE_SERVICE_ACCOUNT,
tokenExpirationDuration	String	Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.
mappings	List of AuthMachineToMachineConfigMapping	At least one mapping is required to resolve to a valid role for the access token to be successfully generated.
issuer	String	The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

71.1.2.464. V1AuthMachineToMachineConfigType

The type of the auth machine to machine config. Currently supports GitHub actions or any other generic OIDC provider to use for verifying and exchanging the token.

Enum Values
GENERIC
GITHUB_ACTIONS
KUBE_SERVICE_ACCOUNT

71.1.2.465. V1AuthStatus

Field Name	Type	Description	Format
userId	String
serviceId	StorageServiceIdentity
expires	Date		date-time
refreshUrl	String
authProvider	StorageAuthProvider
userInfo	StorageUserInfo
userAttributes	List of V1UserAttribute
idpToken	String	Token returned to ACS by the underlying identity provider. This field is set only in a few, specific contexts. Do not rely on this field being present in the response.

71.1.2.466. V1Authorities

Field Name	Required	Nullable	Type	Description	Format
authorities			List of V1Authority

71.1.2.467. V1Authority

Field Name	Required	Nullable	Type	Description	Format
certificatePem			byte[]		byte

71.1.2.468. V1AuthorizationTraceResponse

Field Name	Type	Format
arrivedAt	Date	date-time
processedAt	Date	date-time
request	V1AuthorizationTraceResponseRequest
response	V1AuthorizationTraceResponseResponse
user	V1AuthorizationTraceResponseUser
trace	AuthorizationTraceResponseTrace

71.1.2.469. V1AuthorizationTraceResponseRequest

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
method			String

71.1.2.470. V1AuthorizationTraceResponseResponse

Field Name	Required	Nullable	Type	Description	Format
status			AuthorizationTraceResponseResponseStatus		UNKNOWN_STATUS, SUCCESS, FAILURE,
error			String

71.1.2.471. V1AuthorizationTraceResponseUser

Field Name	Required	Nullable	Type	Description	Format
username			String
friendlyName			String
aggregatedPermissions			Map of StorageAccess
roles			List of AuthorizationTraceResponseUserRole

71.1.2.472. V1AutocompleteResponse

Field Name	Required	Nullable	Type	Description	Format
values			List of `string`

71.1.2.473. V1AvailableProviderTypesResponse

Field Name	Required	Nullable	Type	Description	Format
authProviderTypes			List of AvailableProviderTypesResponseAuthProviderType

71.1.2.474. V1BuildDetectionRequest

Field Name	Type	Description
image	StorageContainerImage
imageName	String
noExternalMetadata	Boolean
sendNotifications	Boolean
force	Boolean
policyCategories	List of `string`
cluster	String	Cluster to delegate scan to, may be the cluster’s name or ID.

71.1.2.475. V1BuildDetectionResponse

Field Name	Required	Nullable	Type	Description	Format
alerts			List of StorageAlert

71.1.2.476. V1CRSGenRequest

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.477. V1CRSGenResponse

Field Name	Required	Nullable	Type	Description	Format
meta			V1CRSMeta
crs			byte[]		byte

71.1.2.478. V1CRSMeta

Field Name	Type	Format
id	String
name	String
createdAt	Date	date-time
createdBy	StorageUser
expiresAt	Date	date-time

71.1.2.479. V1CRSMetasResponse

Field Name	Required	Nullable	Type	Description	Format
items			List of V1CRSMeta

71.1.2.480. V1CRSRevokeRequest

Field Name	Required	Nullable	Type	Description	Format
ids			List of `string`

71.1.2.481. V1CRSRevokeResponse

Field Name	Required	Nullable	Type	Description	Format
crsRevocationErrors			List of CRSRevokeResponseCRSRevocationError
revokedIds			List of `string`

71.1.2.482. V1CentralServicesCapabilities

Provides availability of certain functionality of Central Services in the current configuration. The initial intended use is to disable certain functionality that does not make sense in the Cloud Service context.

Field Name	Type	Format
centralScanningCanUseContainerIamRoleForEcr	CentralServicesCapabilitiesCapabilityStatus	CapabilityAvailable, CapabilityDisabled,
centralCanUseCloudBackupIntegrations	CentralServicesCapabilitiesCapabilityStatus	CapabilityAvailable, CapabilityDisabled,
centralCanDisplayDeclarativeConfigHealth	CentralServicesCapabilitiesCapabilityStatus	CapabilityAvailable, CapabilityDisabled,
centralCanUpdateCert	CentralServicesCapabilitiesCapabilityStatus	CapabilityAvailable, CapabilityDisabled,
centralCanUseAcscsEmailIntegration	CentralServicesCapabilitiesCapabilityStatus	CapabilityAvailable, CapabilityDisabled,

71.1.2.483. V1CentralUpgradeStatus

Field Name	Type	Description	Format
version	String
forceRollbackTo	String	The version of previous clone in Central. This is the version we can force rollback to.
canRollbackAfterUpgrade	Boolean	If true, we can rollback to the current version if an upgrade failed.
spaceRequiredForRollbackAfterUpgrade	String		int64
spaceAvailableForRollbackAfterUpgrade	String		int64

71.1.2.484. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field Name	Type	Format
id	String
name	String
type	V1CloudSourceType	TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,
credentials	V1CloudSourceCredentials
skipTestIntegration	Boolean
paladinCloud	V1PaladinCloudConfig
ocm	V1OCMConfig

71.1.2.485. V1CloudSourceCredentials

Field Name	Type	Description
secret	String	Used for single-valued authentication via long-lived tokens.
clientId	String	Used for client authentication in combination with client_secret.
clientSecret	String	Used for client authentication in combination with client_id.

71.1.2.486. V1CloudSourceType

Enum Values
TYPE_UNSPECIFIED
TYPE_PALADIN_CLOUD
TYPE_OCM

71.1.2.487. V1CloudSourcesFilter

Field Name	Required	Nullable	Type	Description	Format
names			List of `string`	Matches cloud sources based on their name.
types			List of V1CloudSourceType	Matches cloud sources based on their type.

71.1.2.488. V1ClusterDefaultsResponse

Field Name	Required	Nullable	Type	Description	Format
mainImageRepository			String
collectorImageRepository			String
kernelSupportAvailable			Boolean

71.1.2.489. V1ClusterResponse

Field Name	Required	Nullable	Type	Description	Format
cluster			StorageCluster
clusterRetentionInfo			V1DecommissionedClusterRetentionInfo

71.1.2.490. V1ClustersList

Field Name	Required	Nullable	Type	Description	Format
clusters			List of StorageCluster
clusterIdToRetentionInfo			Map of V1DecommissionedClusterRetentionInfo

71.1.2.491. V1CollectionDeploymentMatchOptions

Field Name	Required	Nullable	Type	Description	Format
withMatches			Boolean
filterQuery			V1RawQuery

71.1.2.492. V1ComplianceControl

Field Name	Required	Nullable	Type	Description	Format
id			String
standardId			String
groupId			String
name			String
description			String
implemented			Boolean
interpretationText			String

71.1.2.493. V1ComplianceControlGroup

Field Name	Type	Format
id	String
standardId	String
name	String
description	String
numImplementedChecks	Integer	int32

71.1.2.494. V1ComplianceRun

Field Name	Type	Format
id	String
clusterId	String
standardId	String
startTime	Date	date-time
finishTime	Date	date-time
state	V1ComplianceRunState	INVALID, READY, STARTED, WAIT_FOR_DATA, EVALUTING_CHECKS, FINISHED,
errorMessage	String

71.1.2.495. V1ComplianceRunSelection

Field Name	Required	Nullable	Type	Description	Format
clusterId			String	The ID of the cluster. "*" means "all clusters".
standardId			String	The ID of the compliance standard. "*" means "all standards".

71.1.2.496. V1ComplianceRunState

Enum Values
INVALID
READY
STARTED
WAIT_FOR_DATA
EVALUTING_CHECKS
FINISHED

71.1.2.497. V1ComplianceStandard

Field Name	Required	Nullable	Type	Description	Format
metadata			V1ComplianceStandardMetadata
groups			List of V1ComplianceControlGroup
controls			List of V1ComplianceControl

71.1.2.498. V1ComplianceStandardMetadata

Field Name	Type	Format
id	String
name	String
description	String
numImplementedChecks	Integer	int32
scopes	List of V1ComplianceStandardMetadataScope
dynamic	Boolean
hideScanResults	Boolean

71.1.2.499. V1ComplianceStandardMetadataScope

Enum Values
UNSET
CLUSTER
NAMESPACE
DEPLOYMENT
NODE

71.1.2.500. V1ConfigureTelemetryRequest

Field Name	Required	Nullable	Type	Description	Format
enabled			Boolean

71.1.2.501. V1CountAdministrationEventsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer	The total number of events after filtering and deduplication.	int32

71.1.2.502. V1CountAlertsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.503. V1CountCloudSourcesResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.504. V1CountDeploymentsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.505. V1CountDiscoveredClustersResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.506. V1CountImagesResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.507. V1CountProcessesResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.508. V1CountReportConfigurationsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.509. V1CountSecretsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.510. V1CreateCloudSourceRequest

Field Name	Required	Nullable	Type	Description	Format
cloudSource			V1CloudSource

71.1.2.511. V1CreateCloudSourceResponse

Field Name	Required	Nullable	Type	Description	Format
cloudSource			V1CloudSource

71.1.2.512. V1CreateCollectionRequest

Field Name	Required	Nullable	Type	Description	Format
name			String
description			String
resourceSelectors			List of StorageResourceSelector
embeddedCollectionIds			List of `string`

71.1.2.513. V1CreateCollectionResponse

Field Name	Required	Nullable	Type	Description	Format
collection			StorageResourceCollection

71.1.2.514. V1CreateServiceIdentityRequest

Field Name	Required	Nullable	Type	Description	Format
id			String
type			StorageServiceType		UNKNOWN_SERVICE, SENSOR_SERVICE, CENTRAL_SERVICE, CENTRAL_DB_SERVICE, REMOTE_SERVICE, COLLECTOR_SERVICE, MONITORING_UI_SERVICE, MONITORING_DB_SERVICE, MONITORING_CLIENT_SERVICE, BENCHMARK_SERVICE, SCANNER_SERVICE, SCANNER_DB_SERVICE, ADMISSION_CONTROL_SERVICE, SCANNER_V4_INDEXER_SERVICE, SCANNER_V4_MATCHER_SERVICE, SCANNER_V4_DB_SERVICE, SCANNER_V4_SERVICE, REGISTRANT_SERVICE,

71.1.2.515. V1CreateServiceIdentityResponse

Field Name	Type	Format
identity	StorageServiceIdentity
certificatePem	byte[]	byte
privateKeyPem	byte[]	byte

71.1.2.516. V1DBExportFormat

DBExportFormat describes a format (= a collection of files) for the database export.

Field Name	Required	Nullable	Type	Description	Format
formatName			String
files			List of V1DBExportFormatFile

71.1.2.517. V1DBExportFormatFile

Field Name	Required	Nullable	Type	Description	Format
name			String
optional			Boolean

71.1.2.518. V1DBExportManifest

A DB export manifest describes the file contents of a restore request. To prevent data loss, a manifest is always interpreted as binding, i.e., the server must ensure that it will read and make use of every file listed in the manifest, otherwise it must reject the request.

Field Name	Required	Nullable	Type	Description	Format
files			List of V1DBExportManifestFile

71.1.2.519. V1DBExportManifestFile

A single file in the restore body.

Field Name	Type	Description	Format
name	String	The name of the file. This may or may not be a (relative) file path and up to the server to interpret. For databases exported as ZIP files, this is the path relative to the root of the archive.
encoding	DBExportManifestEncodingType		UNKNOWN, UNCOMPREESSED, DEFLATED,
encodedSize	String		int64
decodedSize	String		int64
decodedCrc32	Long	The CRC32 (IEEE) checksum of the decoded(!) data.	int64

71.1.2.520. V1DBRestoreProcessMetadata

The metadata of an ongoing or completed restore process. This is the static metadata, which will not change (i.e., it is not a status).

Field Name	Type	Description	Format
id	String	An ID identifying the restore process. Auto-assigned.
header	V1DBRestoreRequestHeader
startTime	Date	The time at which the restore process was started.	date-time
initiatingUserName	String	The user who initiated the database restore process.

71.1.2.521. V1DBRestoreProcessStatus

Field Name	Type	Format
metadata	V1DBRestoreProcessMetadata
attemptId	String
state	V1DBRestoreProcessStatusState	UNKNOWN, NOT_STARTED, IN_PROGRESS, PAUSED, COMPLETED,
resumeInfo	DBRestoreProcessStatusResumeInfo
error	String
bytesRead	String	int64
filesProcessed	String	int64

71.1.2.522. V1DBRestoreProcessStatusState

COMPLETED: successful if error is empty, unsuccessful otherwise

Enum Values
UNKNOWN
NOT_STARTED
IN_PROGRESS
PAUSED
COMPLETED

71.1.2.523. V1DBRestoreRequestHeader

Field Name	Type	Description
formatName	String	The name of the database export format. Mandatory.
manifest	V1DBExportManifest
localFile	DBRestoreRequestHeaderLocalFileInfo

71.1.2.524. V1DatabaseBackupStatus

Field Name	Required	Nullable	Type	Description	Format
backupInfo			StorageBackupInfo

71.1.2.525. V1DatabaseStatus

Field Name	Type	Format
databaseAvailable	Boolean
databaseType	DatabaseStatusDatabaseType	Hidden, RocksDB, PostgresDB,
databaseVersion	String

71.1.2.526. V1DayOption

Field Name	Required	Nullable	Type	Description	Format
numDays			Long		int64
enabled			Boolean

71.1.2.527. V1DecommissionedClusterRetentionInfo

next available tag: 3

Field Name	Required	Nullable	Type	Description	Format
isExcluded			Boolean
daysUntilDeletion			Integer		int32

71.1.2.528. V1DeferVulnRequest

next available tag: 6

Field Name	Type	Description	Format
cve	String	This field indicates the CVEs requested to be deferred.
comment	String
scope	StorageVulnerabilityRequestScope
expiresWhenFixed	Boolean
expiresOn	Date		date-time

71.1.2.529. V1DeferVulnResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.530. V1DelegatedRegistryCluster

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
isValid			Boolean

71.1.2.531. V1DelegatedRegistryClustersResponse

Field Name	Required	Nullable	Type	Description	Format
clusters			List of V1DelegatedRegistryCluster

71.1.2.532. V1DelegatedRegistryConfig

DelegatedRegistryConfig determines if and where scan requests are delegated to, such as kept in central services or sent to particular secured clusters.

Field Name	Type	Description	Format
enabledFor	DelegatedRegistryConfigEnabledFor		NONE, ALL, SPECIFIC,
defaultClusterId	String
registries	List of DelegatedRegistryConfigDelegatedRegistry	If `enabled for` is NONE registries has no effect. If `ALL` registries directs ad-hoc requests to the specified secured clusters if the path matches. If `SPECIFIC` registries directs ad-hoc requests to the specified secured clusters just like with `ALL`, but in addition images that match the specified paths will be scanned locally by the secured clusters (images from the OCP integrated registry are always scanned locally). Images that do not match a path will be scanned via central services

71.1.2.533. V1DeleteAlertsResponse

Field Name	Required	Nullable	Type	Description	Format
numDeleted			Long		int64
dryRun			Boolean

71.1.2.534. V1DeleteImagesResponse

Field Name	Required	Nullable	Type	Description	Format
numDeleted			Long		int64
dryRun			Boolean

71.1.2.535. V1DeleteProcessBaselinesResponse

Field Name	Required	Nullable	Type	Description	Format
numDeleted			Integer		int32
dryRun			Boolean

71.1.2.536. V1DenyVulnRequestResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.537. V1DeployDetectionRemark

Field Name	Required	Nullable	Type	Description	Format
name			String
permissionLevel			String
appliedNetworkPolicies			List of `string`

71.1.2.538. V1DeployDetectionRequest

Field Name	Required	Nullable	Type	Description	Format
deployment			StorageDeployment
noExternalMetadata			Boolean
enforcementOnly			Boolean
clusterId			String

71.1.2.539. V1DeployDetectionResponse

Field Name	Type	Description
runs	List of DeployDetectionResponseRun
ignoredObjectRefs	List of `string`	The reference will be in the format: namespace/name[<group>/<version>, Kind=<kind>].
remarks	List of V1DeployDetectionRemark

71.1.2.540. V1DeployYAMLDetectionRequest

Field Name	Type	Description
yaml	String
noExternalMetadata	Boolean
enforcementOnly	Boolean
force	Boolean
policyCategories	List of `string`
cluster	String	Cluster to delegate scan to, may be the cluster’s name or ID.
namespace	String

71.1.2.541. V1DeploymentLabelsResponse

Field Name	Required	Nullable	Type	Description	Format
labels			Map of DeploymentLabelsResponseLabelValues
values			List of `string`

71.1.2.542. V1DiscoveredCluster

DiscoveredCluster represents a cluster discovered from a cloud source.

Field Name	Type	Description	Format
id	String	UUIDv5 generated deterministically from the tuple (metadata.id, metadata.type, source.id).
metadata	V1DiscoveredClusterMetadata
status	V1DiscoveredClusterStatus		STATUS_UNSPECIFIED, STATUS_SECURED, STATUS_UNSECURED,
source	V1DiscoveredClusterCloudSource

71.1.2.543. V1DiscoveredClusterCloudSource

Field Name	Required	Nullable	Type	Description	Format
id			String

71.1.2.544. V1DiscoveredClusterMetadata

Field Name	Type	Description	Format
id	String	Represents a unique ID under which the cluster is registered with the cloud provider. Matches storage.ClusterMetadata.id for secured clusters.
name	String	Represents the name under which the cluster is registered with the cloud provider. Matches storage.ClusterMetadata.name for secured clusters.
type	DiscoveredClusterMetadataType		UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,
providerType	MetadataProviderType		PROVIDER_TYPE_UNSPECIFIED, PROVIDER_TYPE_AWS, PROVIDER_TYPE_GCP, PROVIDER_TYPE_AZURE,
region	String	The region as reported by the cloud provider.
firstDiscoveredAt	Date	Timestamp at which the cluster was first discovered by the cloud source.	date-time

71.1.2.545. V1DiscoveredClusterStatus

STATUS_UNSPECIFIED: The status of the cluster is unknown. May occur if a secured cluster is missing the metadata for a possible match.
STATUS_SECURED: The discovered cluster was matched with a secured cluster.
STATUS_UNSECURED: The discovered cluster was not matched with a secured cluster.

Enum Values
STATUS_UNSPECIFIED
STATUS_SECURED
STATUS_UNSECURED

71.1.2.546. V1DiscoveredClustersFilter

Field Name	Type	Description
names	List of `string`	Matches discovered clusters of specific names.
types	List of DiscoveredClusterMetadataType	Matches discovered clusters of specific types.
statuses	List of V1DiscoveredClusterStatus	Matches discovered clusters of specific statuses.
sourceIds	List of `string`	Matches discovered clusters of specific cloud source IDs.

71.1.2.547. V1DryRunCollectionRequest

Field Name	Required	Nullable	Type	Description	Format
name			String
id			String
description			String
resourceSelectors			List of StorageResourceSelector
embeddedCollectionIds			List of `string`
options			V1CollectionDeploymentMatchOptions

71.1.2.548. V1DryRunCollectionResponse

Field Name	Required	Nullable	Type	Description	Format
deployments			List of StorageListDeployment

71.1.2.549. V1DryRunJobStatusResponse

Field Name	Required	Nullable	Type	Description	Format
pending			Boolean
result			V1DryRunResponse

71.1.2.550. V1DryRunResponse

Field Name	Required	Nullable	Type	Description	Format
alerts			List of V1DryRunResponseAlert

71.1.2.551. V1DryRunResponseAlert

Field Name	Required	Nullable	Type	Description	Format
deployment			String
violations			List of `string`

71.1.2.552. V1ExchangeAuthMachineToMachineTokenRequest

Field Name	Required	Nullable	Type	Description	Format
idToken			String	Identity token that is supposed to be exchanged.

71.1.2.553. V1ExchangeAuthMachineToMachineTokenResponse

Field Name	Required	Nullable	Type	Description	Format
accessToken			String	The exchanged access token.

71.1.2.554. V1ExchangeTokenRequest

Field Name	Type	Description
externalToken	String	The external authentication token. The server will mask the value of this credential in responses and logs.
type	String
state	String

71.1.2.555. V1ExchangeTokenResponse

Field Name	Required	Nullable	Type	Description	Format
token			String
clientState			String
test			Boolean
user			V1AuthStatus

71.1.2.556. V1ExportDeploymentResponse

Field Name	Required	Nullable	Type	Description	Format
deployment			StorageDeployment

71.1.2.557. V1ExportImageResponse

Field Name	Required	Nullable	Type	Description	Format
image			StorageImage

71.1.2.558. V1ExportNodeResponse

Field Name	Required	Nullable	Type	Description	Format
node			StorageNode

71.1.2.559. V1ExportPodResponse

Field Name	Required	Nullable	Type	Description	Format
pod			StoragePod

71.1.2.560. V1ExportPoliciesRequest

Field Name	Required	Nullable	Type	Description	Format
policyIds			List of `string`

71.1.2.561. V1FalsePositiveVulnRequest

Field Name	Type	Description
cve	String	This field indicates the CVE requested to be marked as false-positive.
scope	StorageVulnerabilityRequestScope
comment	String

71.1.2.562. V1FalsePositiveVulnResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.563. V1FeatureFlag

Field Name	Required	Nullable	Type	Description	Format
name			String
envVar			String
enabled			Boolean

71.1.2.564. V1GenerateNetworkPoliciesResponse

Next available tag: 2

Field Name	Required	Nullable	Type	Description	Format
modification			StorageNetworkPolicyModification

71.1.2.565. V1GenerateTokenRequest

Field Name	Type	Format
name	String
role	String
roles	List of `string`
expiration	Date	date-time

71.1.2.566. V1GenerateTokenResponse

Field Name	Required	Nullable	Type	Description	Format
token			String
metadata			StorageTokenMetadata

71.1.2.567. V1GetAPITokensResponse

Field Name	Required	Nullable	Type	Description	Format
tokens			List of StorageTokenMetadata

71.1.2.568. V1GetActiveDBRestoreProcessResponse

Field Name	Required	Nullable	Type	Description	Format
activeStatus			V1DBRestoreProcessStatus

71.1.2.569. V1GetAdministrationEventResponse

Field Name	Required	Nullable	Type	Description	Format
event			V1AdministrationEvent

71.1.2.570. V1GetAlertTimeseriesResponse

Field Name	Required	Nullable	Type	Description	Format
clusters			List of GetAlertTimeseriesResponseClusterAlerts

71.1.2.571. V1GetAlertsCountsResponse

Field Name	Required	Nullable	Type	Description	Format
groups			List of GetAlertsCountsResponseAlertGroup

71.1.2.572. V1GetAlertsGroupResponse

Field Name	Required	Nullable	Type	Description	Format
alertsByPolicies			List of V1GetAlertsGroupResponsePolicyGroup

71.1.2.573. V1GetAlertsGroupResponsePolicyGroup

Field Name	Required	Nullable	Type	Description	Format
policy			StorageListAlertPolicy
numAlerts			String		int64

71.1.2.574. V1GetAllowedPeersFromCurrentPolicyForDeploymentResponse

Field Name	Required	Nullable	Type	Description	Format
allowedPeers			List of V1NetworkBaselineStatusPeer

71.1.2.575. V1GetAuthMachineToMachineConfigResponse

Field Name	Required	Nullable	Type	Description	Format
config			V1AuthMachineToMachineConfig

71.1.2.576. V1GetAuthProvidersResponse

Field Name	Required	Nullable	Type	Description	Format
authProviders			List of StorageAuthProvider

71.1.2.577. V1GetBaselineGeneratedPolicyForDeploymentResponse

Field Name	Required	Nullable	Type	Description	Format
modification			StorageNetworkPolicyModification

71.1.2.578. V1GetCAConfigResponse

Field Name	Required	Nullable	Type	Description	Format
helmValuesBundle			byte[]		byte

71.1.2.579. V1GetCertExpiryComponent

Enum Values
UNKNOWN
CENTRAL
SCANNER
SCANNER_V4

71.1.2.580. V1GetCertExpiryResponse

Field Name	Required	Nullable	Type	Description	Format
expiry			Date		date-time

71.1.2.581. V1GetCloudSourceResponse

Field Name	Required	Nullable	Type	Description	Format
cloudSource			V1CloudSource

71.1.2.582. V1GetClustersForPermissionsResponse

Field Name	Required	Nullable	Type	Description	Format
clusters			List of V1ScopeObject

71.1.2.583. V1GetCollectionCountResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.584. V1GetCollectionResponse

Field Name	Required	Nullable	Type	Description	Format
collection			StorageResourceCollection
deployments			List of StorageListDeployment

71.1.2.585. V1GetComplianceRunResultsResponse

Field Name	Required	Nullable	Type	Description	Format
results			StorageComplianceRunResults
failedRuns			List of StorageComplianceRunMetadata

71.1.2.586. V1GetComplianceRunStatusesResponse

Field Name	Required	Nullable	Type	Description	Format
invalidRunIds			List of `string`
runs			List of V1ComplianceRun

71.1.2.587. V1GetComplianceStandardResponse

Field Name	Required	Nullable	Type	Description	Format
standard			V1ComplianceStandard

71.1.2.588. V1GetComplianceStandardsResponse

Field Name	Required	Nullable	Type	Description	Format
standards			List of V1ComplianceStandardMetadata

71.1.2.589. V1GetDBExportCapabilitiesResponse

Field Name	Required	Nullable	Type	Description	Format
formats			List of V1DBExportFormat
supportedEncodings			List of DBExportManifestEncodingType

71.1.2.590. V1GetDeclarativeConfigHealthsResponse

Field Name	Required	Nullable	Type	Description	Format
healths			List of StorageDeclarativeConfigHealth

71.1.2.591. V1GetDeploymentWithRiskResponse

Field Name	Required	Nullable	Type	Description	Format
deployment			StorageDeployment
risk			StorageRisk

71.1.2.592. V1GetDiffFlowsGroupedFlow

Field Name	Required	Nullable	Type	Description	Format
entity			StorageNetworkEntityInfo
properties			List of StorageNetworkBaselineConnectionProperties

71.1.2.593. V1GetDiffFlowsReconciledFlow

Field Name	Required	Nullable	Type	Description	Format
entity			StorageNetworkEntityInfo
added			List of StorageNetworkBaselineConnectionProperties
removed			List of StorageNetworkBaselineConnectionProperties
unchanged			List of StorageNetworkBaselineConnectionProperties

71.1.2.594. V1GetDiffFlowsResponse

Field Name	Required	Nullable	Type	Description	Format
added			List of V1GetDiffFlowsGroupedFlow
removed			List of V1GetDiffFlowsGroupedFlow
reconciled			List of V1GetDiffFlowsReconciledFlow

71.1.2.595. V1GetDiscoveredClusterResponse

Field Name	Required	Nullable	Type	Description	Format
cluster			V1DiscoveredCluster

71.1.2.596. V1GetExistingProbesResponse

Field Name	Required	Nullable	Type	Description	Format
existingFiles			List of V1ProbeUploadManifestFile

71.1.2.597. V1GetExternalBackupsResponse

Field Name	Required	Nullable	Type	Description	Format
externalBackups			List of StorageExternalBackup

71.1.2.598. V1GetExternalNetworkEntitiesResponse

Field Name	Required	Nullable	Type	Description	Format
entities			List of StorageNetworkEntity

71.1.2.599. V1GetExternalNetworkFlowsResponse

Field Name	Required	Nullable	Type	Description	Format
flows			List of StorageNetworkFlow

71.1.2.600. V1GetFeatureFlagsResponse

Field Name	Required	Nullable	Type	Description	Format
featureFlags			List of V1FeatureFlag

71.1.2.601. V1GetGroupedProcessesResponse

Field Name	Required	Nullable	Type	Description	Format
groups			List of V1ProcessNameGroup

71.1.2.602. V1GetGroupedProcessesWithContainerResponse

Field Name	Required	Nullable	Type	Description	Format
groups			List of V1ProcessNameAndContainerNameGroup

71.1.2.603. V1GetGroupsResponse

API for updating Groups and getting users. Next Available Tag: 2

Field Name	Required	Nullable	Type	Description	Format
groups			List of StorageGroup

71.1.2.604. V1GetImageIntegrationsResponse

Field Name	Required	Nullable	Type	Description	Format
integrations			List of StorageImageIntegration

71.1.2.605. V1GetIntegrationHealthResponse

Field Name	Required	Nullable	Type	Description	Format
integrationHealth			List of StorageIntegrationHealth

71.1.2.606. V1GetLoginAuthProvidersResponse

Field Name	Required	Nullable	Type	Description	Format
authProviders			List of GetLoginAuthProvidersResponseLoginAuthProvider

71.1.2.607. V1GetMitreVectorResponse

Field Name	Required	Nullable	Type	Description	Format
mitreAttackVector			StorageMitreAttackVector

71.1.2.608. V1GetNamespacesForClusterAndPermissionsResponse

Field Name	Required	Nullable	Type	Description	Format
namespaces			List of V1ScopeObject

71.1.2.609. V1GetNamespacesResponse

Field Name	Required	Nullable	Type	Description	Format
namespaces			List of V1Namespace

71.1.2.610. V1GetNotifiersResponse

Field Name	Required	Nullable	Type	Description	Format
notifiers			List of StorageNotifier

71.1.2.611. V1GetPermissionsResponse

GetPermissionsResponse is wire-compatible with the old format of the Role message and represents a collection of aggregated permissions.

Field Name	Required	Nullable	Type	Description	Format
resourceToAccess			Map of StorageAccess

71.1.2.612. V1GetPolicyCategoriesResponse

Field Name	Required	Nullable	Type	Description	Format
categories			List of V1PolicyCategory

71.1.2.613. V1GetPolicyMitreVectorsRequestOptions

Field Name	Required	Nullable	Type	Description	Format
excludePolicy			Boolean	If set to true, policy is excluded from the response.

71.1.2.614. V1GetPolicyMitreVectorsResponse

Field Name	Required	Nullable	Type	Description	Format
policy			StoragePolicy
vectors			List of StorageMitreAttackVector

71.1.2.615. V1GetProcessesListeningOnPortsResponse

Field Name	Required	Nullable	Type	Description	Format
listeningEndpoints			List of StorageProcessListeningOnPort

71.1.2.616. V1GetProcessesResponse

Field Name	Required	Nullable	Type	Description	Format
processes			List of StorageProcessIndicator

71.1.2.617. V1GetRecentComplianceRunsResponse

Field Name	Required	Nullable	Type	Description	Format
complianceRuns			List of V1ComplianceRun

71.1.2.618. V1GetReportConfigurationResponse

Field Name	Required	Nullable	Type	Description	Format
reportConfig			StorageReportConfiguration

71.1.2.619. V1GetReportConfigurationsResponse

Field Name	Required	Nullable	Type	Description	Format
reportConfigs			List of StorageReportConfiguration

71.1.2.620. V1GetResourcesResponse

Field Name	Required	Nullable	Type	Description	Format
resources			List of `string`

71.1.2.621. V1GetRoleBindingResponse

Field Name	Required	Nullable	Type	Description	Format
binding			StorageK8sRoleBinding

71.1.2.622. V1GetRoleResponse

Field Name	Required	Nullable	Type	Description	Format
role			StorageK8sRole

71.1.2.623. V1GetRolesResponse

Field Name	Required	Nullable	Type	Description	Format
roles			List of StorageRole

71.1.2.624. V1GetSensorUpgradeConfigResponse

Field Name	Required	Nullable	Type	Description	Format
config			GetSensorUpgradeConfigResponseUpgradeConfig

71.1.2.625. V1GetServiceAccountResponse

One service account Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
saAndRole			V1ServiceAccountAndRoles

71.1.2.626. V1GetSubjectResponse

Field Name	Required	Nullable	Type	Description	Format
subject			StorageSubject
clusterRoles			List of StorageK8sRole
scopedRoles			List of V1ScopedRoles

71.1.2.627. V1GetUndoModificationForDeploymentResponse

Field Name	Required	Nullable	Type	Description	Format
undoRecord			StorageNetworkPolicyApplicationUndoRecord

71.1.2.628. V1GetUndoModificationResponse

Field Name	Required	Nullable	Type	Description	Format
undoRecord			StorageNetworkPolicyApplicationUndoRecord

71.1.2.629. V1GetUpgradeStatusResponse

Field Name	Required	Nullable	Type	Description	Format
upgradeStatus			V1CentralUpgradeStatus

71.1.2.630. V1GetUsersAttributesResponse

Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
usersAttributes			List of V1UserAttributeTuple

71.1.2.631. V1GetUsersResponse

Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
users			List of StorageUser

71.1.2.632. V1GetVulnerabilityExceptionConfigResponse

Field Name	Required	Nullable	Type	Description	Format
config			V1VulnerabilityExceptionConfig

71.1.2.633. V1GetVulnerabilityRequestResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.634. V1GetWatchedImagesResponse

Field Name	Required	Nullable	Type	Description	Format
watchedImages			List of StorageWatchedImage

71.1.2.635. V1GroupBatchUpdateRequest

GroupBatchUpdateRequest is an in transaction batch update to the groups present. Next Available Tag: 3

Field Name	Type	Description
previousGroups	List of StorageGroup	Previous groups are the groups expected to be present in the store. Performs a diff on the GroupProperties present in previous_groups and required_groups: 1) if in previous_groups but not required_groups, it gets deleted. 2) if in previous_groups and required_groups, it gets updated. 3) if not in previous_groups but in required_groups, it gets added.
requiredGroups	List of StorageGroup	Required groups are the groups we want to mutate the previous groups into.
force	Boolean

71.1.2.636. V1ImportPoliciesMetadata

Field Name	Required	Nullable	Type	Description	Format
overwrite			Boolean

71.1.2.637. V1ImportPoliciesRequest

Field Name	Required	Nullable	Type	Description	Format
metadata			V1ImportPoliciesMetadata
policies			List of StoragePolicy

71.1.2.638. V1ImportPoliciesResponse

Field Name	Required	Nullable	Type	Description	Format
responses			List of V1ImportPolicyResponse
allSucceeded			Boolean

71.1.2.639. V1ImportPolicyError

Field Name	Required	Nullable	Type	Description	Format
message			String
type			String
duplicateName			String
validationError			String

71.1.2.640. V1ImportPolicyResponse

Field Name	Required	Nullable	Type	Description	Format
succeeded			Boolean
policy			StoragePolicy
errors			List of V1ImportPolicyError

71.1.2.641. V1InitBundleGenRequest

Field Name	Required	Nullable	Type	Description	Format
name			String

71.1.2.642. V1InitBundleGenResponse

Field Name	Type	Format
meta	V1InitBundleMeta
helmValuesBundle	byte[]	byte
kubectlBundle	byte[]	byte

71.1.2.643. V1InitBundleMeta

Field Name	Type	Format
id	String
name	String
impactedClusters	List of InitBundleMetaImpactedCluster
createdAt	Date	date-time
createdBy	StorageUser
expiresAt	Date	date-time

71.1.2.644. V1InitBundleMetasResponse

Field Name	Required	Nullable	Type	Description	Format
items			List of V1InitBundleMeta

71.1.2.645. V1InitBundleRevokeRequest

Field Name	Required	Nullable	Type	Description	Format
ids			List of `string`
confirmImpactedClustersIds			List of `string`

71.1.2.646. V1InitBundleRevokeResponse

Field Name	Required	Nullable	Type	Description	Format
initBundleRevocationErrors			List of InitBundleRevokeResponseInitBundleRevocationError
initBundleRevokedIds			List of `string`

71.1.2.647. V1InterruptDBRestoreProcessResponse

Field Name	Required	Nullable	Type	Description	Format
resumeInfo			DBRestoreProcessStatusResumeInfo

71.1.2.648. V1JobId

Field Name	Required	Nullable	Type	Description	Format
jobId			String

71.1.2.649. V1KernelSupportAvailableResponse

Field Name	Required	Nullable	Type	Description	Format
kernelSupportAvailable			Boolean

71.1.2.650. V1ListAdministrationEventsResponse

Field Name	Required	Nullable	Type	Description	Format
events			List of V1AdministrationEvent

71.1.2.651. V1ListAlertsRequest

Field Name	Required	Nullable	Type	Description	Format
query			String
pagination			V1Pagination

71.1.2.652. V1ListAlertsResponse

Field Name	Required	Nullable	Type	Description	Format
alerts			List of StorageListAlert

71.1.2.653. V1ListAllowedTokenRolesResponse

Field Name	Required	Nullable	Type	Description	Format
roleNames			List of `string`

71.1.2.654. V1ListAuthMachineToMachineConfigResponse

Field Name	Required	Nullable	Type	Description	Format
configs			List of V1AuthMachineToMachineConfig

71.1.2.655. V1ListCloudSourcesResponse

Field Name	Required	Nullable	Type	Description	Format
cloudSources			List of V1CloudSource

71.1.2.656. V1ListCollectionSelectorsResponse

Field Name	Required	Nullable	Type	Description	Format
selectors			List of `string`

71.1.2.657. V1ListCollectionsResponse

Field Name	Required	Nullable	Type	Description	Format
collections			List of StorageResourceCollection

71.1.2.658. V1ListDeploymentsResponse

Field Name	Required	Nullable	Type	Description	Format
deployments			List of StorageListDeployment

71.1.2.659. V1ListDeploymentsWithProcessInfoResponse

Field Name	Required	Nullable	Type	Description	Format
deployments			List of ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo

71.1.2.660. V1ListDiscoveredClustersResponse

Field Name	Required	Nullable	Type	Description	Format
clusters			List of V1DiscoveredCluster

71.1.2.661. V1ListImagesResponse

Field Name	Required	Nullable	Type	Description	Format
images			List of StorageListImage

71.1.2.662. V1ListMitreAttackVectorsResponse

Field Name	Required	Nullable	Type	Description	Format
mitreAttackVectors			List of StorageMitreAttackVector

71.1.2.663. V1ListNodesResponse

Field Name	Required	Nullable	Type	Description	Format
nodes			List of StorageNode

71.1.2.664. V1ListPermissionSetsResponse

Field Name	Required	Nullable	Type	Description	Format
permissionSets			List of StoragePermissionSet

71.1.2.665. V1ListPoliciesResponse

Field Name	Required	Nullable	Type	Description	Format
policies			List of StorageListPolicy

71.1.2.666. V1ListRoleBindingsResponse

A list of k8s role bindings (free of scoped information) Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
bindings			List of StorageK8sRoleBinding

71.1.2.667. V1ListRolesResponse

A list of k8s roles (free of scoped information) Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
roles			List of StorageK8sRole

71.1.2.668. V1ListSecretsResponse

A list of secrets with their relationships. Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
secrets			List of StorageListSecret

71.1.2.669. V1ListServiceAccountResponse

A list of service accounts (free of scoped information) Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
saAndRoles			List of V1ServiceAccountAndRoles

71.1.2.670. V1ListSignatureIntegrationsResponse

Field Name	Required	Nullable	Type	Description	Format
integrations			List of StorageSignatureIntegration

71.1.2.671. V1ListSimpleAccessScopesResponse

Field Name	Required	Nullable	Type	Description	Format
accessScopes			List of StorageSimpleAccessScope

71.1.2.672. V1ListSubjectsResponse

A list of k8s subjects (users and groups only, for service accounts, try the service account service) Next Tag: 2

Field Name	Required	Nullable	Type	Description	Format
subjectAndRoles			List of V1SubjectAndRoles

71.1.2.673. V1ListVulnerabilityRequestsResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfos			List of StorageVulnerabilityRequest

71.1.2.674. V1LockProcessBaselinesRequest

Field Name	Required	Nullable	Type	Description	Format
keys			List of StorageProcessBaselineKey
locked			Boolean

71.1.2.675. V1LogLevelRequest

Field Name	Required	Nullable	Type	Description	Format
level			String
modules			List of `string`

71.1.2.676. V1LogLevelResponse

Field Name	Required	Nullable	Type	Description	Format
level			String
moduleLevels			List of V1ModuleLevel

71.1.2.677. V1MaxSecuredUnitsUsageResponse

MaxSecuredUnitsUsageResponse holds the maximum values of the secured nodes and CPU Units (as reported by Kubernetes) with the time at which these values were aggregated, with the aggregation period accuracy (1h).

Field Name	Type	Format
maxNodesAt	Date	date-time
maxNodes	String	int64
maxCpuUnitsAt	Date	date-time
maxCpuUnits	String	int64

71.1.2.678. V1Metadata

Field Name	Type	Format
version	String
buildFlavor	String
releaseBuild	Boolean
licenseStatus	MetadataLicenseStatus	NONE, INVALID, EXPIRED, RESTARTING, VALID,

71.1.2.679. V1ModuleLevel

Field Name	Required	Nullable	Type	Description	Format
module			String
level			String

71.1.2.680. V1Namespace

Field Name	Type	Format
metadata	StorageNamespaceMetadata
numDeployments	Integer	int32
numSecrets	Integer	int32
numNetworkPolicies	Integer	int32

71.1.2.681. V1NetworkBaselinePeerEntity

Field Name	Required	Nullable	Type	Description	Format
id			String
type			StorageNetworkEntityInfoType		UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,

71.1.2.682. V1NetworkBaselinePeerStatus

Field Name	Required	Nullable	Type	Description	Format
peer			V1NetworkBaselineStatusPeer
status			V1NetworkBaselinePeerStatusStatus		BASELINE, ANOMALOUS,

71.1.2.683. V1NetworkBaselinePeerStatusStatus

Status of this peer connection. As of now we only have two statuses: - BASELINE: the connection is in the current deployment baseline - ANOMALOUS: the connection is not recognized by the current deployment baseline

Enum Values
BASELINE
ANOMALOUS

71.1.2.684. V1NetworkBaselineStatusPeer

Field Name	Type	Description	Format
entity	V1NetworkBaselinePeerEntity
port	Long	The port and protocol of the destination of the given connection.	int64
protocol	StorageL4Protocol		L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,
ingress	Boolean	A boolean representing whether the query is for an ingress or egress connection. This is defined with respect to the current deployment. Thus: - If the connection in question is in the outEdges of the current deployment, this should be false. - If it is in the outEdges of the peer deployment, this should be true.

71.1.2.685. V1NetworkBaselineStatusResponse

Field Name	Required	Nullable	Type	Description	Format
statuses			List of V1NetworkBaselinePeerStatus

71.1.2.686. V1NetworkEdgeProperties

Field Name	Type	Format
port	Long	int64
protocol	StorageL4Protocol	L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,
lastActiveTimestamp	Date	date-time

71.1.2.687. V1NetworkEdgePropertiesBundle

Field Name	Required	Nullable	Type	Description	Format
properties			List of V1NetworkEdgeProperties

71.1.2.688. V1NetworkGraph

Field Name	Required	Nullable	Type	Description	Format
epoch			Long		int64
nodes			List of V1NetworkNode

71.1.2.689. V1NetworkGraphDiff

Field Name	Required	Nullable	Type	Description	Format
DEPRECATEDNodeDiffs			Map of V1NetworkNodeDiff
nodeDiffs			Map of V1NetworkNodeDiff

71.1.2.690. V1NetworkGraphEpoch

Field Name	Required	Nullable	Type	Description	Format
epoch			Long		int64

71.1.2.691. V1NetworkGraphScope

Field Name	Required	Nullable	Type	Description	Format
query			String

71.1.2.692. V1NetworkNode

Field Name	Required	Nullable	Type	Description	Format
entity			StorageNetworkEntityInfo
internetAccess			Boolean
policyIds			List of `string`
nonIsolatedIngress			Boolean
nonIsolatedEgress			Boolean
queryMatch			Boolean
outEdges			Map of V1NetworkEdgePropertiesBundle

71.1.2.693. V1NetworkNodeDiff

Field Name	Required	Nullable	Type	Description	Format
policyIds			List of `string`
DEPRECATEDOutEdges			Map of V1NetworkEdgePropertiesBundle
outEdges			Map of V1NetworkEdgePropertiesBundle
nonIsolatedIngress			Boolean
nonIsolatedEgress			Boolean

71.1.2.694. V1NetworkPoliciesResponse

Field Name	Required	Nullable	Type	Description	Format
networkPolicies			List of StorageNetworkPolicy

71.1.2.695. V1NetworkPolicyInSimulation

Field Name	Type	Format
policy	StorageNetworkPolicy
status	V1NetworkPolicyInSimulationStatus	INVALID, UNCHANGED, MODIFIED, ADDED, DELETED,
oldPolicy	StorageNetworkPolicy

71.1.2.696. V1NetworkPolicyInSimulationStatus

Enum Values
INVALID
UNCHANGED
MODIFIED
ADDED
DELETED

71.1.2.697. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field Name	Required	Nullable	Type	Description	Format
endpoint			String

71.1.2.698. V1Pagination

Field Name	Type	Description	Format
limit	Integer		int32
offset	Integer		int32
sortOption	V1SortOption
sortOptions	List of V1SortOption	This field is under development. It is not supported on any REST APIs.

71.1.2.699. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field Name	Required	Nullable	Type	Description	Format
endpoint			String

71.1.2.700. V1PodsResponse

Field Name	Required	Nullable	Type	Description	Format
pods			List of StoragePod

71.1.2.701. V1PolicyCategoriesResponse

Field Name	Required	Nullable	Type	Description	Format
categories			List of `string`

71.1.2.702. V1PolicyCategory

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
isDefault			Boolean

71.1.2.703. V1PolicyFromSearchRequest

Field Name	Required	Nullable	Type	Description	Format
searchParams			String

71.1.2.704. V1PolicyFromSearchResponse

Field Name	Required	Nullable	Type	Description	Format
policy			StoragePolicy
alteredSearchTerms			List of `string`
hasNestedFields			Boolean

71.1.2.705. V1PongMessage

Field Name	Required	Nullable	Type	Description	Format
status			String

71.1.2.706. V1PostReportConfigurationRequest

Field Name	Required	Nullable	Type	Description	Format
reportConfig			StorageReportConfiguration

71.1.2.707. V1PostReportConfigurationResponse

Field Name	Required	Nullable	Type	Description	Format
reportConfig			StorageReportConfiguration

71.1.2.708. V1Preferences

Field Name	Required	Nullable	Type	Description	Format
maxGrpcReceiveSizeBytes			String		uint64

71.1.2.709. V1ProbeUploadManifestFile

Field Name	Type	Format
name	String
size	String	int64
crc32	Long	int64

71.1.2.710. V1ProcessBaselineUpdateError

Field Name	Required	Nullable	Type	Description	Format
error			String
key			StorageProcessBaselineKey

71.1.2.711. V1ProcessGroup

Field Name	Required	Nullable	Type	Description	Format
args			String
signals			List of StorageProcessIndicator

71.1.2.712. V1ProcessNameAndContainerNameGroup

Field Name	Type	Format
name	String
containerName	String
timesExecuted	Long	int64
groups	List of V1ProcessGroup
suspicious	Boolean

71.1.2.713. V1ProcessNameGroup

Field Name	Type	Format
name	String
timesExecuted	Long	int64
groups	List of V1ProcessGroup

71.1.2.714. V1PutConfigRequest

Field Name	Required	Nullable	Type	Description	Format
config			StorageConfig

71.1.2.715. V1PutNetworkGraphConfigRequest

Field Name	Required	Nullable	Type	Description	Format
config			StorageNetworkGraphConfig

71.1.2.716. V1RawQuery

RawQuery represents the search query string. The format of the query string is "<field name>:<value,value,…><field name>:<value, value,...>…" For example: To search for deployments named "central" and "sensor" in the namespace "stackrox", the query string would be "Deployment:central,sensor+Namespace:stackrox" RawQuery is used in ListAPIs to search for a particular object.

Field Name	Required	Nullable	Type	Description	Format
query			String
pagination			V1Pagination

71.1.2.717. V1RenamePolicyCategoryRequest

Field Name	Required	Nullable	Type	Description	Format
id			String
newCategoryName			String

71.1.2.718. V1ResolveAlertsRequest

Field Name	Required	Nullable	Type	Description	Format
query			String

71.1.2.719. V1SADeploymentRelationship

Service accounts can be used by a deployment. Next Tag: 3

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String	Name of the deployment.

71.1.2.720. V1ScanImageInternalRequestSource

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecrets			List of `string`

71.1.2.721. V1ScanImageInternalResponse

Field Name	Required	Nullable	Type	Description	Format
image			StorageImage

71.1.2.722. V1ScanImageRequest

Field Name	Type	Description
imageName	String
force	Boolean
includeSnoozed	Boolean
cluster	String	Cluster to delegate scan to, may be the cluster’s name or ID.

71.1.2.723. V1ScopeObject

ScopeObject represents an ID, name pair, which can apply to any entity that takes part in an access scope (so far Cluster and Namespace).

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.724. V1ScopedRoles

Field Name	Required	Nullable	Type	Description	Format
namespace			String
roles			List of StorageK8sRole

71.1.2.725. V1SearchCategory

Next available tag: 74

Enum Values
SEARCH_UNSET
ALERTS
IMAGES
IMAGE_COMPONENTS
IMAGE_VULN_EDGE
IMAGE_COMPONENT_EDGE
POLICIES
DEPLOYMENTS
ACTIVE_COMPONENT
PODS
SECRETS
PROCESS_INDICATORS
COMPLIANCE
CLUSTERS
NAMESPACES
NODES
NODE_COMPONENTS
NODE_VULN_EDGE
NODE_COMPONENT_EDGE
NODE_COMPONENT_CVE_EDGE
COMPLIANCE_STANDARD
COMPLIANCE_CONTROL_GROUP
COMPLIANCE_CONTROL
SERVICE_ACCOUNTS
ROLES
ROLEBINDINGS
REPORT_CONFIGURATIONS
PROCESS_BASELINES
SUBJECTS
RISKS
VULNERABILITIES
CLUSTER_VULNERABILITIES
IMAGE_VULNERABILITIES
NODE_VULNERABILITIES
COMPONENT_VULN_EDGE
CLUSTER_VULN_EDGE
NETWORK_ENTITY
VULN_REQUEST
NETWORK_BASELINE
NETWORK_POLICIES
PROCESS_BASELINE_RESULTS
COMPLIANCE_METADATA
COMPLIANCE_RESULTS
COMPLIANCE_DOMAIN
CLUSTER_HEALTH
POLICY_CATEGORIES
IMAGE_INTEGRATIONS
COLLECTIONS
POLICY_CATEGORY_EDGE
PROCESS_LISTENING_ON_PORT
API_TOKEN
REPORT_METADATA
REPORT_SNAPSHOT
COMPLIANCE_INTEGRATIONS
COMPLIANCE_SCAN_CONFIG
COMPLIANCE_SCAN
COMPLIANCE_CHECK_RESULTS
BLOB
ADMINISTRATION_EVENTS
COMPLIANCE_SCAN_CONFIG_STATUS
ADMINISTRATION_USAGE
COMPLIANCE_PROFILES
COMPLIANCE_RULES
COMPLIANCE_SCAN_SETTING_BINDINGS
COMPLIANCE_SUITES
CLOUD_SOURCES
DISCOVERED_CLUSTERS
COMPLIANCE_REMEDIATIONS
COMPLIANCE_BENCHMARKS
AUTH_PROVIDERS
COMPLIANCE_REPORT_SNAPSHOT

71.1.2.726. V1SearchOptionsResponse

Field Name	Required	Nullable	Type	Description	Format
options			List of `string`

71.1.2.727. V1SearchResponse

Field Name	Required	Nullable	Type	Description	Format
results			List of V1SearchResult
counts			List of SearchResponseCount

71.1.2.728. V1SearchResult

Field Name	Type	Description	Format
id	String
name	String
category	V1SearchCategory		SEARCH_UNSET, ALERTS, IMAGES, IMAGE_COMPONENTS, IMAGE_VULN_EDGE, IMAGE_COMPONENT_EDGE, POLICIES, DEPLOYMENTS, ACTIVE_COMPONENT, PODS, SECRETS, PROCESS_INDICATORS, COMPLIANCE, CLUSTERS, NAMESPACES, NODES, NODE_COMPONENTS, NODE_VULN_EDGE, NODE_COMPONENT_EDGE, NODE_COMPONENT_CVE_EDGE, COMPLIANCE_STANDARD, COMPLIANCE_CONTROL_GROUP, COMPLIANCE_CONTROL, SERVICE_ACCOUNTS, ROLES, ROLEBINDINGS, REPORT_CONFIGURATIONS, PROCESS_BASELINES, SUBJECTS, RISKS, VULNERABILITIES, CLUSTER_VULNERABILITIES, IMAGE_VULNERABILITIES, NODE_VULNERABILITIES, COMPONENT_VULN_EDGE, CLUSTER_VULN_EDGE, NETWORK_ENTITY, VULN_REQUEST, NETWORK_BASELINE, NETWORK_POLICIES, PROCESS_BASELINE_RESULTS, COMPLIANCE_METADATA, COMPLIANCE_RESULTS, COMPLIANCE_DOMAIN, CLUSTER_HEALTH, POLICY_CATEGORIES, IMAGE_INTEGRATIONS, COLLECTIONS, POLICY_CATEGORY_EDGE, PROCESS_LISTENING_ON_PORT, API_TOKEN, REPORT_METADATA, REPORT_SNAPSHOT, COMPLIANCE_INTEGRATIONS, COMPLIANCE_SCAN_CONFIG, COMPLIANCE_SCAN, COMPLIANCE_CHECK_RESULTS, BLOB, ADMINISTRATION_EVENTS, COMPLIANCE_SCAN_CONFIG_STATUS, ADMINISTRATION_USAGE, COMPLIANCE_PROFILES, COMPLIANCE_RULES, COMPLIANCE_SCAN_SETTING_BINDINGS, COMPLIANCE_SUITES, CLOUD_SOURCES, DISCOVERED_CLUSTERS, COMPLIANCE_REMEDIATIONS, COMPLIANCE_BENCHMARKS, AUTH_PROVIDERS, COMPLIANCE_REPORT_SNAPSHOT,
fieldToMatches	Map of SearchResultMatches
score	Double		double
location	String	Location is intended to be a unique, yet human readable, identifier for the result. For example, for a deployment, the location will be "$cluster_name/$namespace/$deployment_name. It is displayed in the UI in the global search results, underneath the name for each result.

71.1.2.729. V1SecuredUnitsUsageResponse

SecuredUnitsUsageResponse holds the values of the currently observable administration usage metrics.

Field Name	Required	Nullable	Type	Description	Format
numNodes			String		int64
numCpuUnits			String		int64

71.1.2.730. V1ServiceAccountAndRoles

A service account and the roles that reference it Next Tag: 5

Field Name	Required	Nullable	Type	Description	Format
serviceAccount			StorageServiceAccount
clusterRoles			List of StorageK8sRole
scopedRoles			List of V1ScopedRoles
deploymentRelationships			List of V1SADeploymentRelationship

71.1.2.731. V1ServiceIdentityResponse

Field Name	Required	Nullable	Type	Description	Format
identities			List of StorageServiceIdentity

71.1.2.732. V1SimulateNetworkGraphResponse

Field Name	Required	Nullable	Type	Description	Format
simulatedGraph			V1NetworkGraph
policies			List of V1NetworkPolicyInSimulation
added			V1NetworkGraphDiff
removed			V1NetworkGraphDiff

71.1.2.733. V1SortOption

Field Name	Required	Nullable	Type	Description	Format
field			String
reversed			Boolean
aggregateBy			V1AggregateBy

71.1.2.734. V1SubjectAndRoles

Field Name	Required	Nullable	Type	Description	Format
subject			StorageSubject
roles			List of StorageK8sRole

71.1.2.735. V1SummaryCountsResponse

Field Name	Type	Format
numAlerts	String	int64
numClusters	String	int64
numDeployments	String	int64
numImages	String	int64
numSecrets	String	int64
numNodes	String	int64

71.1.2.736. V1SuppressCVERequest

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	These are (NVD) vulnerability identifiers, `cve` field of `storage.CVE`, and not the `id` field. For example, CVE-2021-44832.
duration			String	In JSON format, the Duration type is encoded as a string rather than an object, where the string ends in the suffix "s" (indicating seconds) and is preceded by the number of seconds, with nanoseconds expressed as fractional seconds. For example, 3 seconds with 0 nanoseconds should be encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should be expressed in JSON format as "3.000000001s", and 3 seconds and 1 microsecond should be expressed in JSON format as "3.000001s".

71.1.2.737. V1TLSChallengeResponse

Field Name	Required	Nullable	Type	Description	Format
trustInfoSerialized			byte[]		byte
signature			byte[]		byte

71.1.2.738. V1TestCloudSourceRequest

Field Name	Required	Nullable	Type	Description	Format
cloudSource			V1CloudSource
updateCredentials			Boolean	If true, cloud_source must include valid credentials. If false, the resource must already exist and credentials in cloud_source are ignored.

71.1.2.739. V1TriggerComplianceRunsRequest

Field Name	Required	Nullable	Type	Description	Format
selection			V1ComplianceRunSelection

71.1.2.740. V1TriggerComplianceRunsResponse

Field Name	Required	Nullable	Type	Description	Format
startedRuns			List of V1ComplianceRun

71.1.2.741. V1Type

Enum Values
CREATED
REMOVED

71.1.2.742. V1UndoVulnRequestResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.743. V1UnsuppressCVERequest

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	These are (NVD) vulnerability identifiers, `cve` field of `storage.CVE`, and not the `id` field. For example, CVE-2021-44832.

71.1.2.744. V1UpdateCollectionResponse

Field Name	Required	Nullable	Type	Description	Format
collection			StorageResourceCollection

71.1.2.745. V1UpdateExternalBackupRequest

Field Name	Required	Nullable	Type	Description	Format
externalBackup			StorageExternalBackup
updatePassword			Boolean	When false, use the stored credentials of an existing external backup configuration given its ID.

71.1.2.746. V1UpdateImageIntegrationRequest

Field Name	Required	Nullable	Type	Description	Format
config			StorageImageIntegration
updatePassword			Boolean	When false, use the stored credentials of an existing image integration given its ID.

71.1.2.747. V1UpdateNotifierRequest

Field Name	Required	Nullable	Type	Description	Format
notifier			StorageNotifier
updatePassword			Boolean	When false, use the stored credentials of an existing notifier configuration given its ID.

71.1.2.748. V1UpdateProcessBaselinesRequest

Field Name	Required	Nullable	Type	Description	Format
keys			List of StorageProcessBaselineKey
addElements			List of StorageBaselineItem
removeElements			List of StorageBaselineItem

71.1.2.749. V1UpdateProcessBaselinesResponse

Field Name	Required	Nullable	Type	Description	Format
baselines			List of StorageProcessBaseline
errors			List of V1ProcessBaselineUpdateError

71.1.2.750. V1UpdateSensorUpgradeConfigRequest

Field Name	Required	Nullable	Type	Description	Format
config			StorageSensorUpgradeConfig

71.1.2.751. V1UpdateVulnRequestResponse

Field Name	Required	Nullable	Type	Description	Format
requestInfo			StorageVulnerabilityRequest

71.1.2.752. V1UpdateVulnerabilityExceptionConfigRequest

Field Name	Required	Nullable	Type	Description	Format
config			V1VulnerabilityExceptionConfig

71.1.2.753. V1UpdateVulnerabilityExceptionConfigResponse

Field Name	Required	Nullable	Type	Description	Format
config			V1VulnerabilityExceptionConfig

71.1.2.754. V1UserAttribute

Field Name	Required	Nullable	Type	Description	Format
key			String
values			List of `string`

71.1.2.755. V1UserAttributeTuple

UserAttributeTuple descript the auth:key:value tuple that decides group membership. Next Tag: 4

Field Name	Required	Nullable	Type	Description	Format
authProviderId			String
key			String
value			String

71.1.2.756. V1VulnDefinitionsInfo

Field Name	Required	Nullable	Type	Description	Format
lastUpdatedTimestamp			Date		date-time

71.1.2.757. V1VulnDefinitionsInfoRequestComponent

Enum Values
SCANNER
SCANNER_V4

71.1.2.758. V1VulnMgmtExportWorkloadsResponse

The workloads response contains the full image details including the vulnerability data.

Field Name	Required	Nullable	Type	Description	Format
deployment			StorageDeployment
images			List of StorageImage

71.1.2.759. V1VulnerabilityExceptionConfig

Field Name	Required	Nullable	Type	Description	Format
expiryOptions			V1VulnerabilityExceptionConfigExpiryOptions

71.1.2.760. V1VulnerabilityExceptionConfigExpiryOptions

Field Name	Type	Description
dayOptions	List of V1DayOption	This allows users to set expiry interval based on number of days.
fixableCveOptions	V1VulnerabilityExceptionConfigFixableCVEOptions
customDate	Boolean	This option, if true, allows UI to show a custom date picker for setting expiry date.
indefinite	Boolean

71.1.2.761. V1VulnerabilityExceptionConfigFixableCVEOptions

Field Name	Required	Nullable	Type	Description	Format
allFixable			Boolean	This options allows users to expire the vulnerability deferral request if and only if all vulnerabilities in the requests become fixable.
anyFixable			Boolean	This options allows users to expire the vulnerability deferral request if any vulnerability in the requests become fixable.

71.1.2.762. V1WatchImageRequest

Field Name	Required	Nullable	Type	Description	Format
name			String	The name of the image. This must be fully qualified, including a tag, but must NOT include a SHA.

71.1.2.763. V1WatchImageResponse

Field Name	Type	Description	Format
normalizedName	String
errorType	WatchImageResponseErrorType		NO_ERROR, INVALID_IMAGE_NAME, NO_VALID_INTEGRATION, SCAN_FAILED,
errorMessage	String	Only set if error_type is NOT equal to "NO_ERROR".

71.1.2.764. V2AggregateBy

Field Name	Required	Nullable	Type	Description	Format
aggrFunc			V2Aggregation		UNSET, COUNT, MIN, MAX,
distinct			Boolean

71.1.2.765. V2Aggregation

Enum Values
UNSET
COUNT
MIN
MAX

71.1.2.766. V2ApproveVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.767. V2BaseComplianceScanConfigurationSettings

Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
oneTimeScan			Boolean
profiles			List of `string`
scanSchedule			V2Schedule
description			String
notifiers			List of V2NotifierConfiguration

71.1.2.768. V2COStatus

Represents the status of compliance operator

Enum Values
HEALTHY
UNHEALTHY

71.1.2.769. V2CancelVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.770. V2ClusterCheckStatus

ClusterCheckStatus groups the result of the check by cluster

Field Name	Type	Format
cluster	V2ComplianceScanCluster
status	V2ComplianceCheckStatus	UNSET_CHECK_STATUS, PASS, FAIL, ERROR, INFO, MANUAL, NOT_APPLICABLE, INCONSISTENT,
createdTime	Date	date-time
checkUid	String
lastScanTime	Date	date-time

71.1.2.771. V2ClusterPlatformType

Enum Values
GENERIC_CLUSTER
KUBERNETES_CLUSTER
OPENSHIFT_CLUSTER
OPENSHIFT4_CLUSTER

71.1.2.772. V2ClusterProviderType

Enum Values
UNSPECIFIED
AKS
ARO
EKS
GKE
OCP
OSD
ROSA

71.1.2.773. V2ClusterScanStatus

ClusterScanStatus holds status based on cluster in the event that a scan configuration was successfully applied to some clusters but not others. Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
errors			List of `string`
clusterName			String
suiteStatus			ClusterScanStatusSuiteStatus

71.1.2.774. V2CollectionReference

Field Name	Required	Nullable	Type	Description	Format
collectionId			String
collectionName			String

71.1.2.775. V2CollectionSnapshot

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.776. V2Comment

Field Name	Type	Format
id	String
message	String
user	V2SlimUser
createdAt	Date	date-time

71.1.2.777. V2ComplianceBenchmark

Field Name	Required	Nullable	Type	Description	Format
name			String
version			String
description			String
provider			String
shortName			String

71.1.2.778. V2ComplianceCheckData

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
scanName			String
result			V2ComplianceCheckResult

71.1.2.779. V2ComplianceCheckResult

ComplianceCheckResult details of an instance of a compliance check result

Field Name	Type	Format
checkId	String
checkName	String
checkUid	String
description	String
instructions	String
rationale	String
valuesUsed	List of `string`
warnings	List of `string`
status	V2ComplianceCheckStatus	UNSET_CHECK_STATUS, PASS, FAIL, ERROR, INFO, MANUAL, NOT_APPLICABLE, INCONSISTENT,
ruleName	String
labels	Map of `string`
annotations	Map of `string`
controls	List of V2ComplianceControl

71.1.2.780. V2ComplianceCheckResultStatusCount

Group the number of occurrences by status

Field Name	Required	Nullable	Type	Description	Format
checkName			String
rationale			String
ruleName			String
checkStats			List of V2ComplianceCheckStatusCount
controls			List of V2ComplianceControl

71.1.2.781. V2ComplianceCheckStatus

Enum Values
UNSET_CHECK_STATUS
PASS
FAIL
ERROR
INFO
MANUAL
NOT_APPLICABLE
INCONSISTENT

71.1.2.782. V2ComplianceCheckStatusCount

Group the number of occurrences by status

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32
status			V2ComplianceCheckStatus		UNSET_CHECK_STATUS, PASS, FAIL, ERROR, INFO, MANUAL, NOT_APPLICABLE, INCONSISTENT,

71.1.2.783. V2ComplianceClusterCheckStatus

ComplianceClusterCheckStatus provides the status of a compliance check result across clusters

Field Name	Required	Nullable	Type	Description	Format
checkId			String
checkName			String
clusters			List of V2ClusterCheckStatus
description			String
instructions			String
rationale			String
valuesUsed			List of `string`
warnings			List of `string`
labels			Map of `string`
annotations			Map of `string`
controls			List of V2ComplianceControl

71.1.2.784. V2ComplianceClusterOverallStats

ComplianceClusterOverallStats provides overall stats for cluster

Field Name	Type	Format
cluster	V2ComplianceScanCluster
checkStats	List of V2ComplianceCheckStatusCount
clusterErrors	List of `string`
lastScanTime	Date	date-time

71.1.2.785. V2ComplianceClusterScanStats

ComplianceClusterScanStats provides scan stats overview based on cluster

Field Name	Required	Nullable	Type	Description	Format
scanStats			V2ComplianceScanStatsShim
cluster			V2ComplianceScanCluster

71.1.2.786. V2ComplianceControl

Field Name	Required	Nullable	Type	Description	Format
standard			String
control			String

71.1.2.787. V2ComplianceIntegration

Next Tag: 11

Field Name	Type	Description	Format
id	String
version	String
clusterId	String
clusterName	String
namespace	String
statusErrors	List of `string`	Collection of errors that occurred while trying to obtain compliance operator health info.
operatorInstalled	Boolean
status	V2COStatus		HEALTHY, UNHEALTHY,
clusterPlatformType	V2ClusterPlatformType		GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,
clusterProviderType	V2ClusterProviderType		UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,

71.1.2.788. V2ComplianceProfile

Next Tag: 12

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
profileVersion			String
productType			String
description			String
rules			List of V2ComplianceRule
product			String
title			String
values			List of `string`
standards			List of V2ComplianceBenchmark

71.1.2.789. V2ComplianceProfileScanStats

ComplianceProfileScanStats provides scan stats overview based on profile

Field Name	Required	Nullable	Type	Description	Format
checkStats			List of V2ComplianceCheckStatusCount
profileName			String
title			String
version			String
benchmarks			List of V2ComplianceBenchmark

71.1.2.790. V2ComplianceProfileSummary

Next Tag: 8

Field Name	Type	Format
name	String
productType	String
description	String
title	String
ruleCount	Integer	int32
profileVersion	String
standards	List of V2ComplianceBenchmark

71.1.2.791. V2ComplianceReportHistoryResponse

Field Name	Required	Nullable	Type	Description	Format
complianceReportSnapshots			List of V2ComplianceReportSnapshot

71.1.2.792. V2ComplianceReportSnapshot

Field Name	Required	Nullable	Type	Description	Format
reportJobId			String
scanConfigId			String
name			String
description			String
reportStatus			V2ComplianceReportStatus
reportData			V2ComplianceScanConfigurationStatus
user			V2SlimUser
isDownloadAvailable			Boolean

71.1.2.793. V2ComplianceReportStatus

Field Name	Type	Format
runState	V2ComplianceReportStatusRunState	WAITING, PREPARING, GENERATED, DELIVERED, FAILURE,
startedAt	Date	date-time
completedAt	Date	date-time
errorMsg	String
reportRequestType	V2ComplianceReportStatusReportMethod	ON_DEMAND, SCHEDULED,
reportNotificationMethod	V2NotificationMethod	EMAIL, DOWNLOAD,

71.1.2.794. V2ComplianceReportStatusReportMethod

Enum Values
ON_DEMAND
SCHEDULED

71.1.2.795. V2ComplianceReportStatusRunState

Enum Values
WAITING
PREPARING
GENERATED
DELIVERED
FAILURE

71.1.2.796. V2ComplianceRule

Field Name	Required	Nullable	Type	Description	Format
name			String
ruleType			String
severity			String
standard			String
control			String
title			String
description			String
rationale			String
fixes			List of ComplianceRuleFix
id			String
ruleId			String
parentRule			String
instructions			String
warning			String

71.1.2.797. V2ComplianceRunReportRequest

Field Name	Required	Nullable	Type	Description	Format
scanConfigId			String
reportNotificationMethod			V2NotificationMethod		EMAIL, DOWNLOAD,

71.1.2.798. V2ComplianceRunReportResponse

Field Name	Type	Format
runState	V2ComplianceRunReportResponseRunState	SUBMITTED, ERROR,
submittedAt	Date	date-time
errorMsg	String

71.1.2.799. V2ComplianceRunReportResponseRunState

Enum Values
SUBMITTED
ERROR

71.1.2.800. V2ComplianceScanCluster

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
clusterName			String

71.1.2.801. V2ComplianceScanConfiguration

Next available tag: 5

Field Name	Required	Nullable	Type	Description	Format
id			String
scanName			String
scanConfig			V2BaseComplianceScanConfigurationSettings
clusters			List of `string`

71.1.2.802. V2ComplianceScanConfigurationStatus

Next available tag: 9

Field Name	Type	Format
id	String
scanName	String
scanConfig	V2BaseComplianceScanConfigurationSettings
clusterStatus	List of V2ClusterScanStatus
createdTime	Date	date-time
lastUpdatedTime	Date	date-time
modifiedBy	V2SlimUser
lastExecutedTime	Date	date-time

71.1.2.803. V2ComplianceScanStatsShim

ComplianceScanStatsShim models statistics of checks for a given scan configuration

Field Name	Type	Format
scanName	String
checkStats	List of V2ComplianceCheckStatusCount
lastScan	Date	date-time
scanConfigId	String

71.1.2.804. V2CountReportConfigurationsResponse

Field Name	Required	Nullable	Type	Description	Format
count			Integer		int32

71.1.2.805. V2CreateDeferVulnerabilityExceptionRequest

next available tag: 6

Field Name	Type	Description
cves	List of `string`	REQUIRED. The CVEs to which the exception should be applied.
comment	String	REQUIRED. The rationale for creating the exception.
scope	VulnerabilityExceptionScope
exceptionExpiry	V2ExceptionExpiry

71.1.2.806. V2CreateDeferVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.807. V2CreateFalsePositiveVulnerabilityExceptionRequest

Field Name	Type	Description
cves	List of `string`	REQUIRED. The CVEs to which the exception should be applied.
scope	VulnerabilityExceptionScope
comment	String	REQUIRED. The rationale for creating the exception.

71.1.2.808. V2CreateFalsePositiveVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.809. V2DeferralRequest

Field Name	Required	Nullable	Type	Description	Format
expiry			V2ExceptionExpiry

71.1.2.810. V2DeferralUpdate

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	Use this field to update the CVEs of a deferral exception.
expiry			V2ExceptionExpiry

71.1.2.811. V2DenyVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.812. V2EmailNotifierConfiguration

Field Name	Required	Nullable	Type	Description	Format
notifierId			String
mailingLists			List of `string`
customSubject			String
customBody			String

71.1.2.813. V2ExceptionExpiry

Field Name	Required	Nullable	Type	Description	Format
expiryType			ExceptionExpiryExpiryType		TIME, ALL_CVE_FIXABLE, ANY_CVE_FIXABLE,
expiresOn			Date	Indicates the timestamp when the exception expires. This field is REQUIRED only if the expiry type is set to TIME.	date-time

71.1.2.814. V2ExceptionStatus

Indicates the status of a request.

PENDING: Default request state. It indicates that the request has not been fulfilled and that an action (approve/deny) is required.
APPROVED: Indicates that the request has been approved by the approver.
DENIED: Indicates that the request has been denied by the approver.
APPROVED_PENDING_UPDATE: Indicates that the original request was approved, but an update is still pending an approval or denial.

Enum Values
PENDING
APPROVED
DENIED
APPROVED_PENDING_UPDATE

71.1.2.815. V2FalsePositiveUpdate

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	Use this field to update the CVEs of a false-positive exception.

71.1.2.816. V2GetVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.817. V2ListComplianceCheckClusterResponse

ListComplianceCheckClusterResponse provides stats per cluster

Field Name	Type	Format
checkResults	List of V2ClusterCheckStatus
profileName	String
checkName	String
totalCount	Integer	int32
controls	List of V2ComplianceControl

71.1.2.818. V2ListComplianceCheckResultResponse

Field Name	Type	Format
checkResults	List of V2ComplianceCheckResult
profileName	String
clusterId	String
totalCount	Integer	int32
lastScanTime	Date	date-time

71.1.2.819. V2ListComplianceClusterOverallStatsResponse

ListComplianceCheckScanStatsResponse provides stats per cluster

Field Name	Required	Nullable	Type	Description	Format
scanStats			List of V2ComplianceClusterOverallStats
totalCount			Integer		int32

71.1.2.820. V2ListComplianceClusterProfileStatsResponse

ListComplianceClusterProfileStatsResponse provides stats for the profiles within the scans

Field Name	Type	Format
scanStats	List of V2ComplianceProfileScanStats
clusterId	String
clusterName	String
totalCount	Integer	int32

71.1.2.821. V2ListComplianceClusterScanStatsResponse

ListComplianceClusterScanStatsResponse provides stats for the clusters within the scans

Field Name	Required	Nullable	Type	Description	Format
scanStats			List of V2ComplianceClusterScanStats
totalCount			Integer		int32

71.1.2.822. V2ListComplianceIntegrationsResponse

Field Name	Required	Nullable	Type	Description	Format
integrations			List of V2ComplianceIntegration
totalCount			Integer		int32

71.1.2.823. V2ListComplianceProfileResults

ListComplianceProfileResults provides scan stats overview based on profile

Field Name	Type	Format
profileResults	List of V2ComplianceCheckResultStatusCount
profileName	String
totalCount	Integer	int32

71.1.2.824. V2ListComplianceProfileScanStatsResponse

ListComplianceProfileScanStatsResponse provides stats for the profiles within the scans

Field Name	Required	Nullable	Type	Description	Format
scanStats			List of V2ComplianceProfileScanStats
totalCount			Integer		int32

71.1.2.825. V2ListComplianceProfileSummaryResponse

ListComplianceProfileSummaryResponse provides a list of profiles summaries

Field Name	Required	Nullable	Type	Description	Format
profiles			List of V2ComplianceProfileSummary
totalCount			Integer		int32

71.1.2.826. V2ListComplianceProfilesResponse

ListComplianceProfilesResponse provides a list of profiles

Field Name	Required	Nullable	Type	Description	Format
profiles			List of V2ComplianceProfile
totalCount			Integer		int32

71.1.2.827. V2ListComplianceResultsResponse

ListComplianceResultsResponse provides the complete scan results

Field Name	Required	Nullable	Type	Description	Format
scanResults			List of V2ComplianceCheckData
totalCount			Integer		int32

71.1.2.828. V2ListComplianceScanConfigsClusterProfileResponse

Field Name	Type	Format
clusterId	String
clusterName	String
profiles	List of V2ComplianceProfileSummary
totalCount	Integer	int32

71.1.2.829. V2ListComplianceScanConfigsProfileResponse

Field Name	Required	Nullable	Type	Description	Format
profiles			List of V2ComplianceProfileSummary
totalCount			Integer		int32

71.1.2.830. V2ListComplianceScanConfigurationsResponse

Field Name	Required	Nullable	Type	Description	Format
configurations			List of V2ComplianceScanConfigurationStatus
totalCount			Integer		int32

71.1.2.831. V2ListReportConfigurationsResponse

Field Name	Required	Nullable	Type	Description	Format
reportConfigs			List of V2ReportConfiguration

71.1.2.832. V2ListVulnerabilityExceptionsResponse

Field Name	Required	Nullable	Type	Description	Format
exceptions			List of V2VulnerabilityException

71.1.2.833. V2NotificationMethod

Enum Values
EMAIL
DOWNLOAD

71.1.2.834. V2NotifierConfiguration

Field Name	Required	Nullable	Type	Description	Format
emailConfig			V2EmailNotifierConfiguration
notifierName			String

71.1.2.835. V2Pagination

Field Name	Type	Description	Format
limit	Integer		int32
offset	Integer		int32
sortOption	V2SortOption
sortOptions	List of V2SortOption	This field is under development. It is not supported on any REST APIs.

71.1.2.836. V2RawQuery

RawQuery represents the search query string. The format of the query string is "<field name>:<value,value,…><field name>:<value, value,...>…" For example: To search for deployments named "central" and "sensor" in the namespace "stackrox", the query string would be "Deployment:central,sensor+Namespace:stackrox" RawQuery is used in ListAPIs to search for a particular object.

Field Name	Required	Nullable	Type	Description	Format
query			String
pagination			V2Pagination

71.1.2.837. V2ReportConfiguration

Field Name	Type	Format
id	String
name	String
description	String
type	ReportConfigurationReportType	VULNERABILITY,
vulnReportFilters	V2VulnerabilityReportFilters
schedule	V2ReportSchedule
resourceScope	V2ResourceScope
notifiers	List of V2NotifierConfiguration

71.1.2.838. V2ReportHistoryResponse

Field Name	Required	Nullable	Type	Description	Format
reportSnapshots			List of V2ReportSnapshot

71.1.2.839. V2ReportSchedule

Field Name	Type	Format
intervalType	V2ReportScheduleIntervalType	UNSET, WEEKLY, MONTHLY,
hour	Integer	int32
minute	Integer	int32
daysOfWeek	V2ReportScheduleDaysOfWeek
daysOfMonth	V2ReportScheduleDaysOfMonth

71.1.2.840. V2ReportScheduleDaysOfMonth

1 for 1st, 2 for 2nd …. 31 for 31st

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.841. V2ReportScheduleDaysOfWeek

Sunday = 0, Monday = 1, …. Saturday = 6

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.842. V2ReportScheduleIntervalType

Enum Values
UNSET
WEEKLY
MONTHLY

71.1.2.843. V2ReportSnapshot

Field Name	Required	Nullable	Type	Description	Format
reportConfigId			String
reportJobId			String
name			String
description			String
vulnReportFilters			V2VulnerabilityReportFilters
collectionSnapshot			V2CollectionSnapshot
schedule			V2ReportSchedule
reportStatus			V2ReportStatus
notifiers			List of V2NotifierConfiguration
user			V2SlimUser
isDownloadAvailable			Boolean

71.1.2.844. V2ReportStatus

Field Name	Type	Format
runState	V2ReportStatusRunState	WAITING, PREPARING, GENERATED, DELIVERED, FAILURE,
completedAt	Date	date-time
errorMsg	String
reportRequestType	V2ReportStatusReportMethod	ON_DEMAND, SCHEDULED,
reportNotificationMethod	V2NotificationMethod	EMAIL, DOWNLOAD,

71.1.2.845. V2ReportStatusReportMethod

Enum Values
ON_DEMAND
SCHEDULED

71.1.2.846. V2ReportStatusResponse

Field Name	Required	Nullable	Type	Description	Format
status			V2ReportStatus

71.1.2.847. V2ReportStatusRunState

Enum Values
WAITING
PREPARING
GENERATED
DELIVERED
FAILURE

71.1.2.848. V2ResourceScope

Field Name	Required	Nullable	Type	Description	Format
collectionScope			V2CollectionReference

71.1.2.849. V2RunReportRequest

Field Name	Required	Nullable	Type	Description	Format
reportConfigId			String
reportNotificationMethod			V2NotificationMethod		EMAIL, DOWNLOAD,

71.1.2.850. V2RunReportResponse

Field Name	Required	Nullable	Type	Description	Format
reportConfigId			String
reportId			String

71.1.2.851. V2Schedule

Field Name	Type	Format
intervalType	V2ScheduleIntervalType	UNSET, WEEKLY, MONTHLY, DAILY,
hour	Integer	int32
minute	Integer	int32
daysOfWeek	V2ScheduleDaysOfWeek
daysOfMonth	V2ScheduleDaysOfMonth

71.1.2.852. V2ScheduleDaysOfMonth

1 for 1st, 2 for 2nd …. 31 for 31st

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.853. V2ScheduleDaysOfWeek

Sunday = 0, Monday = 1, …. Saturday = 6

Field Name	Required	Nullable	Type	Description	Format
days			List of `integer`		int32

71.1.2.854. V2ScheduleIntervalType

Enum Values
UNSET
WEEKLY
MONTHLY
DAILY

71.1.2.855. V2SlimUser

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String

71.1.2.856. V2SortOption

Field Name	Required	Nullable	Type	Description	Format
field			String
reversed			Boolean
aggregateBy			V2AggregateBy

71.1.2.857. V2UpdateVulnerabilityExceptionResponse

Field Name	Required	Nullable	Type	Description	Format
exception			V2VulnerabilityException

71.1.2.858. V2VulnerabilityException

Next available tag: 16 VulnerabilityException represents a vulnerability exception such as deferral and false-positive.

Field Name	Type	Description	Format
id	String
name	String	Auto-generated display name of the exception.
targetState	V2VulnerabilityState		OBSERVED, DEFERRED, FALSE_POSITIVE,
status	V2ExceptionStatus		PENDING, APPROVED, DENIED, APPROVED_PENDING_UPDATE,
expired	Boolean	If set to `true`, this field indicates that the exception is no longer enforced.
requester	V2SlimUser
approvers	List of V2SlimUser
createdAt	Date		date-time
lastUpdated	Date		date-time
comments	List of V2Comment
scope	VulnerabilityExceptionScope
deferralRequest	V2DeferralRequest
falsePositiveRequest	Object
cves	List of `string`	Indicates the CVEs to which the exception applies.
deferralUpdate	V2DeferralUpdate
falsePositiveUpdate	V2FalsePositiveUpdate

71.1.2.859. V2VulnerabilityReportFilters

Field Name	Type	Format
fixability	VulnerabilityReportFiltersFixability	BOTH, FIXABLE, NOT_FIXABLE,
severities	List of VulnerabilityReportFiltersVulnerabilitySeverity
imageTypes	List of VulnerabilityReportFiltersImageType
allVuln	Boolean
sinceLastSentScheduledReport	Boolean
sinceStartDate	Date	date-time
includeNvdCvss	Boolean

71.1.2.860. V2VulnerabilityState

VulnerabilityState are the possible applicable to CVE. By default all vulnerabilities are in observed state.

OBSERVED: This is the default state and indicates that the CVE is not excluded from policy evaluation and risk evaluation.

DEFERRED: Indicates that the vulnerability is deferred. A deferred CVE is excluded from policy evaluation and risk evaluation.
FALSE_POSITIVE: Indicates that the vulnerability is a false-positive. A false-positive CVE is excluded from policy evaluation and risk evaluation.

Enum Values
OBSERVED
DEFERRED
FALSE_POSITIVE

71.1.2.861. V4Contents

Field Name	Required	Nullable	Type	Description	Format
packages			List of V4Package
distributions			List of V4Distribution
repositories			List of V4Repository
environments			Map of EnvironmentList

71.1.2.862. V4Distribution

Field Name	Required	Nullable	Type	Description	Format
id			String
did			String
name			String
version			String
versionCodeName			String
versionId			String
arch			String
cpe			String
prettyName			String

71.1.2.863. V4Environment

Environment describes the surrounding environment a package was discovered in.

Field Name	Required	Nullable	Type	Description	Format
packageDb			String
introducedIn			String
distributionId			String
repositoryIds			List of `string`

71.1.2.864. V4NormalizedVersion

Field Name	Required	Nullable	Type	Description	Format
kind			String
v			List of `integer`		int32

71.1.2.865. V4Package

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
version			String
normalizedVersion			V4NormalizedVersion
fixedInVersion			String
kind			String
source			V4Package
packageDb			String
repositoryHint			String
module			String
arch			String
cpe			String

71.1.2.866. V4Repository

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
key			String
uri			String
cpe			String

71.1.2.867. ViolationKeyValueAttrs

Field Name	Required	Nullable	Type	Description	Format
attrs			List of KeyValueAttrsKeyValueAttr

71.1.2.868. ViolationNetworkFlowInfo

Field Name	Type	Format
protocol	StorageL4Protocol	L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,
source	NetworkFlowInfoEntity
destination	NetworkFlowInfoEntity

71.1.2.869. VolumeMountPropagation

Enum Values
NONE
HOST_TO_CONTAINER
BIDIRECTIONAL

71.1.2.870. VulnerabilityExceptionScope

Field Name	Required	Nullable	Type	Description	Format
imageScope			ScopeImage

71.1.2.871. VulnerabilityExceptionServiceApproveVulnerabilityExceptionBody

Field Name	Required	Nullable	Type	Description	Format
comment			String	REQUIRED. The rationale for approving the exception.

71.1.2.872. VulnerabilityExceptionServiceDenyVulnerabilityExceptionBody

Field Name	Required	Nullable	Type	Description	Format
comment			String	REQUIRED. The rationale for denying the exception.

71.1.2.873. VulnerabilityExceptionServiceUpdateVulnerabilityExceptionBody

Field Name	Type	Description
comment	String	REQUIRED. The rationale for updating the exception.
deferralUpdate	V2DeferralUpdate
falsePositiveUpdate	V2FalsePositiveUpdate

71.1.2.874. VulnerabilityReportFiltersFixability

Enum Values
BOTH
FIXABLE
NOT_FIXABLE

71.1.2.875. VulnerabilityReportFiltersImageType

Enum Values
DEPLOYED
WATCHED

71.1.2.876. VulnerabilityReportFiltersVulnerabilitySeverity

Enum Values
UNKNOWN_VULNERABILITY_SEVERITY
LOW_VULNERABILITY_SEVERITY
MODERATE_VULNERABILITY_SEVERITY
IMPORTANT_VULNERABILITY_SEVERITY
CRITICAL_VULNERABILITY_SEVERITY

71.1.2.877. VulnerabilityRequestCVEs

Field Name	Required	Nullable	Type	Description	Format
cves			List of `string`	These are (NVD) vulnerability identifiers, `cve` field of `storage.CVE`, and not the `id` field. For example, CVE-2021-44832.

71.1.2.878. VulnerabilityRequestScopeImage

Field Name	Required	Nullable	Type	Description	Format
registry			String
remote			String
tag			String

71.1.2.879. VulnerabilityRequestServiceApproveVulnerabilityRequestBody

Field Name	Required	Nullable	Type	Description	Format
comment			String

71.1.2.880. VulnerabilityRequestServiceDenyVulnerabilityRequestBody

Field Name	Required	Nullable	Type	Description	Format
comment			String

71.1.2.881. VulnerabilityRequestServiceUpdateVulnerabilityRequestBody

Field Name	Required	Nullable	Type	Description	Format
comment			String
expiry			StorageRequestExpiry

71.1.2.882. WatchImageResponseErrorType

Enum Values
NO_ERROR
INVALID_IMAGE_NAME
NO_VALID_INTEGRATION
SCAN_FAILED

71.1. Common Object Reference

71.1.1. Common object reference

71.1.2. Models

71.1.2.1. AlertDeploymentContainer

71.1.2.2. AlertEnforcement

71.1.2.3. AlertEntityType

71.1.2.4. AlertGroupAlertCounts

71.1.2.5. AlertProcessViolation

71.1.2.6. AlertResourceResourceType

71.1.2.7. AlertServiceResolveAlertBody

71.1.2.8. AlertServiceSnoozeAlertBody

71.1.2.9. AlertViolation

71.1.2.10. AlertViolationType

71.1.2.11. AuthMachineToMachineConfigMapping

71.1.2.12. AuthProviderRequiredAttribute

71.1.2.13. AuthProviderServicePutAuthProviderBody

71.1.2.14. AuthProviderServiceUpdateAuthProviderBody

71.1.2.15. AuthServiceUpdateAuthMachineToMachineConfigBody

71.1.2.16. AuthServiceUpdateAuthMachineToMachineConfigBodyConfig

71.1.2.17. AuthorizationTraceResponseResponseStatus

71.1.2.18. AuthorizationTraceResponseTrace

71.1.2.19. AuthorizationTraceResponseUserRole

71.1.2.20. AvailableProviderTypesResponseAuthProviderType

71.1.2.21. BannerConfigSize

71.1.2.22. CRSRevokeResponseCRSRevocationError

71.1.2.23. CVSSV2AccessComplexity

71.1.2.24. CVSSV2Authentication

71.1.2.25. CVSSV3Complexity

71.1.2.26. CVSSV3Privileges

71.1.2.27. CVSSV3UserInteraction

71.1.2.28. CentralServicesCapabilitiesCapabilityStatus

71.1.2.29. CentralTelemetryConfig

71.1.2.30. CloudSourcesServiceUpdateCloudSourceBody

71.1.2.31. CloudSourcesServiceUpdateCloudSourceBodyCloudSource

71.1.2.32. ClusterAlertsAlertEvents

71.1.2.33. ClusterHealthStatusHealthStatusLabel

71.1.2.34. ClusterScanStatusSuiteStatus

71.1.2.35. ClusterUpgradeStatusUpgradability

71.1.2.36. ClusterUpgradeStatusUpgradeProcessStatus

71.1.2.37. ClustersServicePutClusterBody

71.1.2.38. CollectionServiceUpdateCollectionBody

71.1.2.39. ComplianceAggregationAggregationKey

71.1.2.40. ComplianceResultValueEvidence

71.1.2.41. ComplianceRuleFix

71.1.2.42. ComplianceRunResultsEntityResults

71.1.2.43. ComplianceScanConfigurationServiceUpdateComplianceScanConfigurationBody

71.1.2.44. ComplianceServiceUpdateComplianceStandardConfigBody

71.1.2.45. ComputeEffectiveAccessScopeRequestDetail

71.1.2.46. ComputeEffectiveAccessScopeRequestPayload

71.1.2.47. ContainerConfigEnvironmentConfig

71.1.2.48. ContainerNameAndBaselineStatusBaselineStatus

71.1.2.49. CosignPublicKeyVerificationPublicKey

71.1.2.50. DBExportManifestEncodingType

71.1.2.51. DBRestoreProcessStatusResumeInfo

71.1.2.52. DBRestoreRequestHeaderLocalFileInfo

71.1.2.53. DatabaseStatusDatabaseType

71.1.2.54. DelegatedRegistryConfigDelegatedRegistry

71.1.2.55. DelegatedRegistryConfigEnabledFor

71.1.2.56. DeployDetectionResponseRun

71.1.2.57. DeploymentLabelsResponseLabelValues

71.1.2.58. DeploymentListenPort

71.1.2.59. DiscoveredClusterMetadataType

71.1.2.60. ECRConfigAuthorizationData

71.1.2.61. EmailAuthMethod

71.1.2.62. EmbeddedVulnerabilityVulnerabilityType

71.1.2.63. EnvironmentConfigEnvVarSource

71.1.2.64. EnvironmentList

71.1.2.65. ExceptionExpiryExpiryType

71.1.2.66. ExternalBackupServicePutExternalBackupBody

71.1.2.67. ExternalBackupServiceUpdateExternalBackupBody

71.1.2.68. GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode

71.1.2.69. GetAlertTimeseriesResponseClusterAlerts

71.1.2.70. GetAlertsCountsRequestRequestGroup

71.1.2.71. GetAlertsCountsResponseAlertGroup

71.1.2.72. GetLoginAuthProvidersResponseLoginAuthProvider

71.1.2.73. GetSensorUpgradeConfigResponseSensorAutoUpgradeFeatureStatus

71.1.2.74. GetSensorUpgradeConfigResponseUpgradeConfig

71.1.2.75. GooglerpcStatus

71.1.2.76. ImageIntegrationServicePutImageIntegrationBody