> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.endorlabs.com/feedback
```json
{
"path": "/api-reference/systemconfigservice/createsystemconfig",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# CreateSystemConfig
> Creates a system configuration object.
## OpenAPI
````yaml /api-reference/openapi.v3.json post /v1/namespaces/{tenant_meta.namespace}/system-config
openapi: 3.0.3
info:
description: Integrate your application with Endor Labs using the REST API.
title: Endor Labs REST API Reference
version: '1.0'
servers:
- url: https://api.endorlabs.com/
security: []
tags:
- name: AISastCustomerContextService
- name: APIKeyService
- name: APIKeyValidatorService
- name: ArtifactSignatureService
- name: AuditLogService
- name: AuthenticationLogService
- name: AuthenticationService
- name: AuthorizationPolicyService
- name: BatchFileSegmentsService
- name: BatchNotificationService
- name: CallGraphDataService
- name: CodeOwnersService
- name: DependencyMetadataService
- name: EndorIgnoreEntryService
- name: ExporterService
- name: FindingLogService
- name: FindingService
- name: HuggingFaceModelService
- name: HuggingFaceOrganizationService
- name: IPAddressPolicyService
- name: IdentityProviderService
- name: InstallationService
- name: InvitationService
- name: LicenseDependencyService
- name: LicenseNoticesReportService
- name: LicenseSummaryService
- name: LinterResultService
- name: MalwareService
- name: MetricService
- name: NamespaceService
- name: NotificationService
- name: NotificationTargetService
- name: OnPremSchedulerService
- name: PRCommentConfigService
- name: PackageFirewallLogService
- name: PackageLicenseOverrideService
- name: PackageLicenseQueryService
- name: PackageLicenseService
- name: PackageManagerService
- name: PackageVersionService
- name: PluginBinaryService
- name: PolicyService
- name: PolicyTemplateService
- name: ProjectService
- name: ProvisioningResultService
- name: QueryMalwareService
- name: QueryService
- name: QuerySimilarPackagesService
- name: QueryVulnerabilityService
- name: RegistryIngestionCheckpointService
- name: RepositoryService
- name: RepositoryVersionService
- name: RuleSetImportService
- name: SBOMExportService
- name: SBOMImportService
- name: SCMCredentialService
- name: SavedQueryService
- name: ScanLogRequestService
- name: ScanProfileService
- name: ScanResultService
- name: ScanWorkflowResultService
- name: ScanWorkflowService
- name: SecretRuleService
- name: SemgrepRuleService
- name: SystemConfigService
- name: TenantService
- name: VEXExportService
- name: VectorStoreService
- name: VersionUpgradeService
- name: VulnerabilityService
paths:
/v1/namespaces/{tenant_meta.namespace}/system-config:
post:
tags:
- SystemConfigService
summary: CreateSystemConfig
description: Creates a system configuration object.
operationId: SystemConfigService_CreateSystemConfig
parameters:
- description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
in: path
name: tenant_meta.namespace
required: true
schema:
type: string
x-endor-name: Namespace
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SystemConfigServiceCreateSystemConfigBody'
required: true
x-originalParamName: body
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/v1SystemConfig'
description: A successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/googlerpcStatus'
description: An unexpected error response.
components:
schemas:
SystemConfigServiceCreateSystemConfigBody:
description: SystemConfig represents the system configuration for a tenant.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
propagate:
description: Indicates that the object should be visible in child namespaces.
type: boolean
spec:
$ref: '#/components/schemas/v1SystemConfigSpec'
tenant_meta:
description: SystemConfig is associated with a tenant and namespace.
title: SystemConfig is associated with a tenant and namespace.
type: object
uuid:
description: The UUID of the system configuration.
readOnly: true
type: string
required:
- meta
- spec
type: object
v1SystemConfig:
description: SystemConfig represents the system configuration for a tenant.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
propagate:
description: Indicates that the object should be visible in child namespaces.
type: boolean
spec:
$ref: '#/components/schemas/v1SystemConfigSpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: The UUID of the system configuration.
readOnly: true
type: string
required:
- meta
- spec
type: object
googlerpcStatus:
description: >-
The `Status` type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It
is
used by [gRPC](https://github.com/grpc). Each `Status` message contains
three pieces of data: error code, error message, and error details.
You can find out more about this error model and how to work with it in
the
[API Design Guide](https://cloud.google.com/apis/design/errors).
properties:
code:
description: |-
The status code, which should be an enum value of
[google.rpc.Code][google.rpc.Code].
format: int32
type: integer
details:
description: >-
A list of messages that carry the error details. There is a common
set of
message types for APIs to use.
items:
$ref: '#/components/schemas/googleprotobufAny'
type: array
message:
description: >-
A developer-facing error message, which should be in English. Any
user-facing error message should be localized and sent in the
[google.rpc.Status.details][google.rpc.Status.details] field, or
localized
by the client.
type: string
type: object
v1Meta:
description: Common fields for all Endor Labs resources.
properties:
annotations:
additionalProperties:
type: string
description: >-
Annotations can be used to attach metadata to a resource message.
Annotation values can be small or large, structured or unstructured,
and may include characters not permitted by labels.
The keys may contain alphanumerics, underscores (_), dots (.) and
dashes
(-). The values of an annotation must be 16384 bytes or smaller.
type: object
create_time:
description: |-
Time the resource was created.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
created_by:
description: |-
Name and authentication source of the user who created the object,
for example, ewok@endor.ai@google@api-key.
readOnly: true
type: string
description:
description: Resource description. Must be less than 1024 bytes.
type: string
index_data:
$ref: '#/components/schemas/v1IndexData'
kind:
description: >-
Resource kind, for example, HelloResponse.
Auto-generated using the protobuf message
proto.MessageName().Name().
readOnly: true
type: string
name:
description: Resource name. Must be 63 characters or less.
type: string
parent_kind:
description: Parent object resource kind, for example, Project.
type: string
parent_uuid:
description: Parent object UUID.
type: string
references:
additionalProperties:
$ref: '#/components/schemas/googleprotobufAny'
description: Map of objects referenced in a query API.
readOnly: true
type: object
tags:
description: >-
List of tags attached to the resource.
Tags can be used to select objects and to find collections of
objects that
satisfy certain conditions. A tag must be 255 characters or less.
items:
type: string
type: array
update_time:
description: |-
Time the resource was last updated.
Note: Updated on all create/patch/delete operations.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
updated_by:
description: >-
Name and authentication source of the last user who updated the
object,
for example, vulnerabilityingestor@endor.ai@x509.
readOnly: true
type: string
upsert_time:
description: |-
Time the resource was last upserted.
Note:
create_time is only set the first time the resource is created.
upsert_time is set every time the resource is upseted.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
version:
description: Message version.
readOnly: true
type: string
required:
- name
type: object
v1SystemConfigSpec:
properties:
ai:
$ref: '#/components/schemas/SystemConfigAiConfig'
analytics:
$ref: '#/components/schemas/SystemConfigAnalyticsConfig'
artifactory:
$ref: '#/components/schemas/SystemConfigArtifactoryConfig'
cloud_deployment:
$ref: '#/components/schemas/SystemConfigCloudDeploymentConfig'
endor_ignore:
$ref: '#/components/schemas/SystemConfigEndorIgnoreConfig'
finding_prioritization:
$ref: '#/components/schemas/v1PrioritizationConfig'
logging:
$ref: '#/components/schemas/SystemConfigLoggingConfig'
package_firewall:
$ref: '#/components/schemas/SystemConfigPackageFirewallConfig'
policy:
$ref: '#/components/schemas/SystemConfigPolicyConfig'
sast:
$ref: '#/components/schemas/SystemConfigSastConfig'
urgent_notification:
$ref: '#/components/schemas/SystemConfigUrgentNotificationConfig'
type: object
v1TenantMeta:
description: Tenant related data for the tenant containing the resource.
properties:
namespace:
description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
type: string
required:
- namespace
type: object
googleprotobufAny:
additionalProperties: {}
description: >-
`Any` contains an arbitrary serialized protocol buffer message along
with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
====
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": ,
"lastName":
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: >-
A URL/resource name that uniquely identifies the type of the
serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical
form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that
they
expect it to use in the context of Any. However, for URLs which use
the
scheme `http`, `https`, or no scheme, one can optionally set up a
type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com. As of May 2023, there are no widely used type
server
implementations and no plans to implement one.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
v1IndexData:
description: |-
IndexData is used to index the resource for search. It's an internal
object.
properties:
data:
items:
type: string
readOnly: true
type: array
search_score:
description: >-
search_score is the score of the resource for search. Internal use
only.
format: float
readOnly: true
type: number
tenant:
readOnly: true
type: string
will_be_deleted_at:
description: Time that the resource will be deleted.
format: date-time
readOnly: true
type: string
type: object
SystemConfigAiConfig:
description: AI related system configuration.
properties:
code_segment_processing:
description: |-
Set to true to enable code segment embeddings and LLM processing.
Code segment embeddings and LLM processing are used to improve
C/C++ and AI-model dependency detection accuracy.
Endor Labs uses a private Azure OpenAI Service deployment
that is isolated from the public internet and cannot be
used for training.
The code segments themselves are never stored anywhere,
only the embeddings are saved in the database.
type: boolean
type: object
SystemConfigAnalyticsConfig:
properties:
cvss_version:
$ref: '#/components/schemas/SpecCVSSVersion'
enable_finding_prioritization:
description: Set to true to enable finding prioritization.
type: boolean
enable_version_upgrade_prioritization:
description: Set to true to enable version upgrade prioritization.
type: boolean
type: object
SystemConfigArtifactoryConfig:
description: ArtifactoryConfig contains all artifactory related system configuration.
properties:
enable_streaming:
description: Enable streaming mode.
type: boolean
type: object
SystemConfigCloudDeploymentConfig:
description: >-
CloudDeploymentConfig contains all cloud deployment related
configurations.
These parameteres can only be modified by the Endor team.
properties:
nat_network_requests:
description: |-
nat_network_requests will force all requests to go through the NAT
network.
type: boolean
type: object
SystemConfigEndorIgnoreConfig:
description: EndorIgnoreConfig contains all ignore file related system configuration.
properties:
custom_file_names:
description: |-
List of additional supported file names.
By default, the following file names are supported:
- .endorignore.yaml
It is recommended to configure CODEOWNERS for all ignore files,
including the default file names, to enforce an approval process
for developer ignore requests.
items:
type: string
type: array
enable:
description: |-
Set to true to enable ignore file support.
The ignore file must be either a raw list of vulnerability ids
(one per line), or follow the ignore file YAML syntax.
Use the endorctl ignore command to automatically generate and
format the ignore file.
type: boolean
type: object
v1PrioritizationConfig:
description: >-
Configuration of the factors that control the prioritization of
artifacts.
properties:
factors:
additionalProperties:
$ref: '#/components/schemas/v1PrioritizationFactorConfig'
type: object
type: object
SystemConfigLoggingConfig:
properties:
enable_remote_logging:
description: Set to true to enable remote logging.
type: boolean
remote_ep:
description: Remote logging endpoint.
type: string
remote_log_level:
$ref: '#/components/schemas/v1LogLevel'
type: object
SystemConfigPackageFirewallConfig:
description: >-
PackageFirewallConfig contains package firewall configuration for
exceptions,
malware enforcement, restricted license enforcement, and minimum package
age enforcement.
Cached per namespace in endorfactory and enforced on versioned requests.
properties:
exceptions:
description: >-
Exception rules. If any exception matches the request, all checks
are skipped.
items:
$ref: '#/components/schemas/PackageFirewallConfigException'
type: array
malware_action:
$ref: '#/components/schemas/v1PackageFirewallAction'
min_age_action:
$ref: '#/components/schemas/v1PackageFirewallAction'
min_age_hours:
description: Minimum age in hours for a package to be allowed (0 = disabled).
format: int32
type: integer
restricted_license_action:
$ref: '#/components/schemas/v1PackageFirewallAction'
restricted_licenses:
description: >-
List of restricted SPDX license identifiers.
Packages with these licenses are subject to
restricted_license_action.
items:
type: string
type: array
type: object
SystemConfigPolicyConfig:
description: PolicyConfig contains all policy related system configuration.
properties:
auto_enable:
description: Automatically enable new system policies on release upgrade.
type: boolean
auto_update:
description: |-
Automatically update policies if the corresponding policy
template has changed between releases.
type: boolean
type: object
SystemConfigSastConfig:
description: SastConfig contains all SAST related system configuration.
properties:
enable_code_snippet_storage:
description: Set to true to enable code snippet storage.
type: boolean
enable_semgrep:
description: Opt-in for the usage of semgrep.
type: boolean
type: object
SystemConfigUrgentNotificationConfig:
description: >-
Urgent Notification configuration for critical alerts via email or
slack.
properties:
email_addresses:
description: List of email addresses to send urgent notifications to.
items:
type: string
type: array
enable_urgent_notification:
description: Set to true to enable urgent notification.
type: boolean
slack_webhook_url:
description: Option slack channel webhook URL to send the notification to.
type: string
urgent_notification_threshold:
$ref: >-
#/components/schemas/UrgentNotificationConfigUrgentNotificationThreshold
type: object
SpecCVSSVersion:
default: CVSS_VERSION_UNSPECIFIED
description: The CVSS version.
enum:
- CVSS_VERSION_UNSPECIFIED
- CVSS_VERSION_V2
- CVSS_VERSION_V3
- CVSS_VERSION_V4
type: string
v1PrioritizationFactorConfig:
properties:
category:
$ref: '#/components/schemas/v1FactorCategory'
description:
description: Brief description of the factor.
type: string
impact:
$ref: '#/components/schemas/v1FactorImpact'
name:
description: External name for the factor.
type: string
type: object
v1LogLevel:
default: LOG_LEVEL_UNSPECIFIED
description: |2-
- LOG_LEVEL_EMERGENCY: System is unusable, for example, a panic condition.
- LOG_LEVEL_ALERT: Action must be taken immediately, for example, a corrupted system
database.
- LOG_LEVEL_CRITICAL: Critical conditions such as hard device errors.
- LOG_LEVEL_ERROR: Error conditions.
- LOG_LEVEL_WARNING: Warning conditions.
- LOG_LEVEL_NOTICE: Normal but significant conditions that may require special handling.
- LOG_LEVEL_INFO: Informational messages that confirmation that the program is working as
expected.
- LOG_LEVEL_DEBUG: Messages that contain information normally of use only for debugging.
enum:
- LOG_LEVEL_UNSPECIFIED
- LOG_LEVEL_EMERGENCY
- LOG_LEVEL_ALERT
- LOG_LEVEL_CRITICAL
- LOG_LEVEL_ERROR
- LOG_LEVEL_WARNING
- LOG_LEVEL_NOTICE
- LOG_LEVEL_INFO
- LOG_LEVEL_DEBUG
type: string
PackageFirewallConfigException:
description: >-
Exception defines an allowlist rule for a specific package and optional
version constraints.
If any exception matches the request, all checks are skipped
immediately.
properties:
ecosystem:
$ref: '#/components/schemas/v1Ecosystem'
exact_versions:
description: Optional list of exact version strings to except.
items:
type: string
type: array
package_name:
description: >-
Name of the excepted package (e.g. "lodash" for npm, "requests" for
pypi).
Does not include version or ecosystem prefix.
type: string
version_ranges:
description: >-
Optional version ranges. A package version matches if it falls
within any of these ranges.
If both version_ranges and exact_versions are empty, all versions of
the package are excepted.
items:
$ref: '#/components/schemas/PackageFirewallConfigVersionRange'
type: array
required:
- ecosystem
- package_name
type: object
v1PackageFirewallAction:
default: PACKAGE_FIREWALL_ACTION_UNSPECIFIED
description: >-
PackageFirewallAction defines how the package firewall responds when a
check is triggered.
Used in both configuration (what to do) and audit logs (what was done).
- PACKAGE_FIREWALL_ACTION_BLOCK: Block the request and return HTTP 403.
- PACKAGE_FIREWALL_ACTION_WARN: Log a warning audit event and allow the request to proceed.
enum:
- PACKAGE_FIREWALL_ACTION_UNSPECIFIED
- PACKAGE_FIREWALL_ACTION_BLOCK
- PACKAGE_FIREWALL_ACTION_WARN
type: string
UrgentNotificationConfigUrgentNotificationThreshold:
default: URGENT_NOTIFICATION_THRESHOLD_UNSPECIFIED
description: |2-
- URGENT_NOTIFICATION_THRESHOLD_UNSPECIFIED: Unspecified default value.
- URGENT_NOTIFICATION_THRESHOLD_DEFINITELY_AFFECTED: Notification setting for specific package versions that are definitely
affected.
- URGENT_NOTIFICATION_THRESHOLD_POTENTIALLY_AFFECTED: Notification setting for specific package versions that are potentially
affected. Example: npm:abc@1.0.2 is affected. If set, this will notify
for npm:abc all versions.
enum:
- URGENT_NOTIFICATION_THRESHOLD_UNSPECIFIED
- URGENT_NOTIFICATION_THRESHOLD_DEFINITELY_AFFECTED
- URGENT_NOTIFICATION_THRESHOLD_POTENTIALLY_AFFECTED
type: string
v1FactorCategory:
default: FACTOR_CATEGORY_UNSPECIFIED
description: |-
Prioritization factors are organized into categories
based on what they capture.
- FACTOR_CATEGORY_SECURITY_RISK: Security risk related.
- FACTOR_CATEGORY_OPERATIONAL_RISK: Operational risk related.
- FACTOR_CATEGORY_ENTERPRISE_CONTEXT: Captures the enterprize context, such as critical projects.
- FACTOR_CATEGORY_COST_OF_FIXING: Captures the effort required to fix the issue.
- FACTOR_CATEGORY_RISK_OF_FIXING: Captures the risk of attempting to fix the issue.
- FACTOR_CATEGORY_IMPACT_OF_FIXING: Captures the level of improvement gained from fixing the issue.
- FACTOR_CATEGORY_FEASIBILITY_OF_FIXING: Captures how feasible it is to fix the issue.
enum:
- FACTOR_CATEGORY_UNSPECIFIED
- FACTOR_CATEGORY_SECURITY_RISK
- FACTOR_CATEGORY_OPERATIONAL_RISK
- FACTOR_CATEGORY_ENTERPRISE_CONTEXT
- FACTOR_CATEGORY_COST_OF_FIXING
- FACTOR_CATEGORY_RISK_OF_FIXING
- FACTOR_CATEGORY_IMPACT_OF_FIXING
- FACTOR_CATEGORY_FEASIBILITY_OF_FIXING
type: string
v1FactorImpact:
default: FACTOR_IMPACT_UNSPECIFIED
description: |-
The settings capture the impact of this factor on the decision.
- FACTOR_IMPACT_NONE: Does not affect the priority.
- FACTOR_IMPACT_POSITIVE: Important. Increases the priority.
- FACTOR_IMPACT_VERY_POSITIVE: Very important. Increases the priority even more.
- FACTOR_IMPACT_NEGATIVE: Not important. Reduces the priority.
- FACTOR_IMPACT_VERY_NEGATIVE: Not important at all. Reduces the priority even more.
enum:
- FACTOR_IMPACT_UNSPECIFIED
- FACTOR_IMPACT_NONE
- FACTOR_IMPACT_POSITIVE
- FACTOR_IMPACT_VERY_POSITIVE
- FACTOR_IMPACT_NEGATIVE
- FACTOR_IMPACT_VERY_NEGATIVE
type: string
v1Ecosystem:
default: ECOSYSTEM_UNSPECIFIED
description: >2-
- ECOSYSTEM_GO: GoLang.
- ECOSYSTEM_MAVEN: Maven.
- ECOSYSTEM_PYPI: Python.
- ECOSYSTEM_CARGO: Rust.
- ECOSYSTEM_NPM: Javascript.
- ECOSYSTEM_GEM: Ruby.
- ECOSYSTEM_NUGET: Dotnet.
- ECOSYSTEM_PACKAGIST: PHP.
- ECOSYSTEM_SBOM: SBOMs.
- ECOSYSTEM_RPM: RPM.
- ECOSYSTEM_DEBIAN: Debian.
- ECOSYSTEM_GITHUB_ACTION: GitHub Actions.
- ECOSYSTEM_COCOAPOD: Cocoapods.
- ECOSYSTEM_APK: APK (alpine et.al).
- ECOSYSTEM_CONTAINER: Containers.
- ECOSYSTEM_HUGGING_FACE: Hugging Face.
- ECOSYSTEM_C: C/C++.
- ECOSYSTEM_GIT: ecosystem GIT for GIT repository dependencies.
This can be used for package name of the resolved dependencies when a
given repository has dependencies to other GIT repositories. Currently
we
use this to represent vulnerabilities for the given GIT repository. ex:
git submodules, C/C++ dependencies.
- ECOSYSTEM_AI_MODEL: AI models.
- ECOSYSTEM_SWIFT: Ecosystem Swift consists of native Swift packages, which are defined
using the Package.swift manifest file and managed by the Swift Package
Manager. There is a separate ecosystem for Cocoapod packages called
ECOSYSTEM_COCOAPOD, which is an alternative package manager for Swift
packages.
- ECOSYSTEM_CONAN: Ecosystem Conan for C/C++ packages managed by the Conan 2.x package manager.
enum:
- ECOSYSTEM_UNSPECIFIED
- ECOSYSTEM_GO
- ECOSYSTEM_MAVEN
- ECOSYSTEM_PYPI
- ECOSYSTEM_CARGO
- ECOSYSTEM_NPM
- ECOSYSTEM_GEM
- ECOSYSTEM_NUGET
- ECOSYSTEM_PACKAGIST
- ECOSYSTEM_SBOM
- ECOSYSTEM_RPM
- ECOSYSTEM_DEBIAN
- ECOSYSTEM_GITHUB_ACTION
- ECOSYSTEM_COCOAPOD
- ECOSYSTEM_APK
- ECOSYSTEM_CONTAINER
- ECOSYSTEM_HUGGING_FACE
- ECOSYSTEM_C
- ECOSYSTEM_GIT
- ECOSYSTEM_AI_MODEL
- ECOSYSTEM_SWIFT
- ECOSYSTEM_CONAN
type: string
PackageFirewallConfigVersionRange:
description: >-
VersionRange defines an inclusive lower bound and an exclusive upper
bound for a version range.
Either boundary may be omitted.
properties:
end:
description: Exclusive upper bound (e.g. "2.0.0"). Omit to match to the end.
type: string
start:
description: >-
Inclusive lower bound (e.g. "1.0.0"). Omit to match from the
beginning.
type: string
type: object
````