Skip to main content
← back to extensions

@swamp/gcp/containeranalysis

v2026.04.23.1

Google Cloud containeranalysis infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

gcpgoogle-cloudcontaineranalysiscloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/containeranalysis

@swamp/gcp/containeranalysis/notesv2026.04.23.1notes.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
attestation?objectNote kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences,
build?objectNote holding the version of the provider's builder and the signature of the provenance message in the build details occurrence.
compliance?object
deployment?objectAn artifact that can be deployed in some runtime.
discovery?objectA note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis.
dsseAttestation?object
expirationTime?stringTime of expiration for this note. Empty if note does not expire.
image?objectBasis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url.
longDescription?stringA detailed description of this note.
package?objectPackageNote represents a particular package version.
relatedNoteNames?arrayOther notes related to this note.
relatedUrl?arrayURLs associated with this note.
sbomReference?objectThe note representing an SBOM reference.
secret?objectThe note representing a secret.
shortDescription?stringA one sentence description of this note.
upgrade?objectAn Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update.
vulnerability?objectA security vulnerability that can be found in resources.
vulnerabilityAssessment?objectA single VulnerabilityAssessmentNote represents one particular product's vulnerability assessment for one CVE.
noteId?stringRequired. The ID to use for this note.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a notes
getGet a notes
ArgumentTypeDescription
identifierstringThe name of the notes
updateUpdate notes attributes
deleteDelete the notes
ArgumentTypeDescription
identifierstringThe name of the notes
syncSync notes state from GCP
batch_createbatch create
ArgumentTypeDescription
notes?any

Resources

state(infinite)— A type of analysis that can be done for a resource.
@swamp/gcp/containeranalysis/notes-occurrencesv2026.04.23.1notes_occurrences.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a occurrences
ArgumentTypeDescription
identifierstringThe name of the occurrences
syncSync occurrences state from GCP

Resources

state(infinite)— An instance of an analysis type that has been found on a resource.
@swamp/gcp/containeranalysis/occurrencesv2026.04.23.1occurrences.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
advisoryPublishTime?stringThe time this advisory was published by the source.
attestationobject
build?objectDetails of a build occurrence.
compliance?objectAn indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.
deployment?objectThe period during which some deployable was active in a runtime.
discovery?objectProvides information about the analysis status of a discovered resource.
dsseAttestation?objectDeprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.
envelope?objectMUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type.
image?objectDetails of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM.
noteName?stringRequired. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
package?objectDetails on how a particular software package was installed on a system.
remediation?stringA description of actions that can be taken to remedy the note.
resourceUri?stringRequired. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
sbomReference?objectThe occurrence representing an SBOM reference as applied to a specific resource. The occurrence follows the DSSE specification. See https://github.com/secure-systems-lab/dsse/blob/master/envelope.md for more details.
secret?objectThe occurrence provides details of a secret.
upgrade?objectAn Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update.
vulnerability?objectAn occurrence of a severity vulnerability on a resource.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a occurrences
getGet a occurrences
ArgumentTypeDescription
identifierstringThe name of the occurrences
updateUpdate occurrences attributes
deleteDelete the occurrences
ArgumentTypeDescription
identifierstringThe name of the occurrences
syncSync occurrences state from GCP
batch_createbatch create
ArgumentTypeDescription
occurrences?any
get_notesget notes
get_vulnerability_summaryget vulnerability summary

Resources

state(infinite)— An instance of an analysis type that has been found on a resource.