Skip to main content

Protocol documentation

minder/v1/minder.proto

Services

ArtifactService

Method NameRequest TypeResponse TypeDescription
ListArtifactsListArtifactsRequestListArtifactsResponse
GetArtifactByIdGetArtifactByIdRequestGetArtifactByIdResponse
GetArtifactByNameGetArtifactByNameRequestGetArtifactByNameResponse

EvalResultsService

Method NameRequest TypeResponse TypeDescription
ListEvaluationResultsListEvaluationResultsRequestListEvaluationResultsResponse
ListEvaluationHistoryListEvaluationHistoryRequestListEvaluationHistoryResponse
GetEvaluationHistoryGetEvaluationHistoryRequestGetEvaluationHistoryResponse

HealthService

Simple Health Check Service replies with OK

Method NameRequest TypeResponse TypeDescription
CheckHealthCheckHealthRequestCheckHealthResponse

InviteService

Method NameRequest TypeResponse TypeDescription
GetInviteDetailsGetInviteDetailsRequestGetInviteDetailsResponse

OAuthService

Method NameRequest TypeResponse TypeDescription
GetAuthorizationURLGetAuthorizationURLRequestGetAuthorizationURLResponse
StoreProviderTokenStoreProviderTokenRequestStoreProviderTokenResponse
VerifyProviderTokenFromVerifyProviderTokenFromRequestVerifyProviderTokenFromResponseVerifyProviderTokenFrom verifies that a token has been created for a provider since given timestamp
VerifyProviderCredentialVerifyProviderCredentialRequestVerifyProviderCredentialResponseVerifyProviderCredential verifies that a credential has been created matching the enrollment nonce

PermissionsService

Method NameRequest TypeResponse TypeDescription
ListRolesListRolesRequestListRolesResponse
ListRoleAssignmentsListRoleAssignmentsRequestListRoleAssignmentsResponse
AssignRoleAssignRoleRequestAssignRoleResponse
UpdateRoleUpdateRoleRequestUpdateRoleResponse
RemoveRoleRemoveRoleRequestRemoveRoleResponse

ProfileService

Method NameRequest TypeResponse TypeDescription
CreateProfileCreateProfileRequestCreateProfileResponse
UpdateProfileUpdateProfileRequestUpdateProfileResponse
PatchProfilePatchProfileRequestPatchProfileResponse
DeleteProfileDeleteProfileRequestDeleteProfileResponse
ListProfilesListProfilesRequestListProfilesResponse
GetProfileByIdGetProfileByIdRequestGetProfileByIdResponse
GetProfileByNameGetProfileByNameRequestGetProfileByNameResponse
GetProfileStatusByNameGetProfileStatusByNameRequestGetProfileStatusByNameResponse
GetProfileStatusByProjectGetProfileStatusByProjectRequestGetProfileStatusByProjectResponse

ProjectsService

Method NameRequest TypeResponse TypeDescription
ListProjectsListProjectsRequestListProjectsResponse
CreateProjectCreateProjectRequestCreateProjectResponse
ListChildProjectsListChildProjectsRequestListChildProjectsResponse
DeleteProjectDeleteProjectRequestDeleteProjectResponse
UpdateProjectUpdateProjectRequestUpdateProjectResponse
PatchProjectPatchProjectRequestPatchProjectResponse
CreateEntityReconciliationTaskCreateEntityReconciliationTaskRequestCreateEntityReconciliationTaskResponse

ProvidersService

Method NameRequest TypeResponse TypeDescription
PatchProviderPatchProviderRequestPatchProviderResponse
GetProviderGetProviderRequestGetProviderResponse
ListProvidersListProvidersRequestListProvidersResponse
CreateProviderCreateProviderRequestCreateProviderResponse
DeleteProviderDeleteProviderRequestDeleteProviderResponse
DeleteProviderByIDDeleteProviderByIDRequestDeleteProviderByIDResponse
GetUnclaimedProvidersGetUnclaimedProvidersRequestGetUnclaimedProvidersResponseGetUnclaimedProviders returns a list of known provider configurations that this user could claim based on their identity. This is a read-only operation for use by clients which wish to present a menu of options.
ListProviderClassesListProviderClassesRequestListProviderClassesResponse
ReconcileEntityRegistrationReconcileEntityRegistrationRequestReconcileEntityRegistrationResponse

RepositoryService

Method NameRequest TypeResponse TypeDescription
RegisterRepositoryRegisterRepositoryRequestRegisterRepositoryResponse
ListRemoteRepositoriesFromProviderListRemoteRepositoriesFromProviderRequestListRemoteRepositoriesFromProviderResponse
ListRepositoriesListRepositoriesRequestListRepositoriesResponse
GetRepositoryByIdGetRepositoryByIdRequestGetRepositoryByIdResponse
GetRepositoryByNameGetRepositoryByNameRequestGetRepositoryByNameResponse
DeleteRepositoryByIdDeleteRepositoryByIdRequestDeleteRepositoryByIdResponse
DeleteRepositoryByNameDeleteRepositoryByNameRequestDeleteRepositoryByNameResponse

RuleTypeService

Method NameRequest TypeResponse TypeDescription
ListRuleTypesListRuleTypesRequestListRuleTypesResponse
GetRuleTypeByNameGetRuleTypeByNameRequestGetRuleTypeByNameResponse
GetRuleTypeByIdGetRuleTypeByIdRequestGetRuleTypeByIdResponse
CreateRuleTypeCreateRuleTypeRequestCreateRuleTypeResponse
UpdateRuleTypeUpdateRuleTypeRequestUpdateRuleTypeResponse
DeleteRuleTypeDeleteRuleTypeRequestDeleteRuleTypeResponse

UserService

manage Users CRUD

Method NameRequest TypeResponse TypeDescription
CreateUserCreateUserRequestCreateUserResponse
DeleteUserDeleteUserRequestDeleteUserResponse
GetUserGetUserRequestGetUserResponse
ListInvitationsListInvitationsRequestListInvitationsResponseListInvitations returns a list of invitations for the user based on the user's registered email address. Note that a user who receives an invitation code may still accept the invitation even if the code was directed to a different email address. This is because understanding the routing of email messages is beyond the scope of Minder. This API endpoint may be called without the logged-in user previously having called CreateUser.
ResolveInvitationResolveInvitationRequestResolveInvitationResponseResolveInvitation allows a user to accept or decline an invitation to a project given the code for the invitation. A user may call ResolveInvitation to accept or decline an invitation even if they have not called CreateUser. If a user accepts an invitation via this call before calling CreateUser, a Minder user record will be created, but no additional projects will be created (unlike CreateUser, which will also create a default project).

Messages

Artifact

FieldTypeLabelDescription
artifact_pkstring
ownerstring
namestring
typestring
visibilitystring
repositorystring
versionsArtifactVersionrepeated
created_atgoogle.protobuf.Timestamp
contextContext

ArtifactType

ArtifactType defines the artifact data evaluation.

ArtifactVersion

FieldTypeLabelDescription
version_idint64
tagsstringrepeated
shastring
created_atgoogle.protobuf.Timestamp

AssignRoleRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the role assignment is evaluated.
role_assignmentRoleAssignmentrole_assignment is the role assignment to be created.

AssignRoleResponse

FieldTypeLabelDescription
role_assignmentRoleAssignmentrole_assignment is the role assignment that was created.
invitationInvitationinvitation contains the details of the invitation for the assigned user to join the project if the user is not already a member.

AuthorizationParams

FieldTypeLabelDescription
authorization_urlstringauthorization_url is an external URL to use to authorize the provider.

AutoRegistration

AutoRegistration is the configuration for auto-registering entities. When nothing is set, it means that auto-registration is disabled. There is no difference between disabled and undefined so for the "let's not auto-register anything" case we'd just let the repeated string empty

FieldTypeLabelDescription
entitiesAutoRegistration.EntitiesEntryrepeatedenabled is the list of entities that are enabled for auto-registration.

AutoRegistration.EntitiesEntry

FieldTypeLabelDescription
keystring
valueEntityAutoRegistrationConfig

BranchProtection

FieldTypeLabelDescription
branchstring
is_protectedboolAdd other relevant fields

Build

BuiltinType

BuiltinType defines the builtin data evaluation.

FieldTypeLabelDescription
methodstring

CheckHealthRequest

CheckHealthResponse

FieldTypeLabelDescription
statusstring

Context

Context defines the context in which a rule is evaluated. this normally refers to a combination of the provider, organization and project.

Removing the 'optional' keyword from the following two fields below will break buf compatibility checks.

FieldTypeLabelDescription
providerstringoptionalname of the provider
projectstringoptionalID of the project
retired_organizationstringoptional

ContextV2

ContextV2 defines the context in which a rule is evaluated.

FieldTypeLabelDescription
project_idstringproject is the project ID
providerstringname of the provider. Set to empty string when not applicable.

CreateEntityReconciliationTaskRequest

FieldTypeLabelDescription
entityEntityTypedIdentity is the entity to be reconciled.
contextContextcontext is the context in which the entity reconciliation task is created.

CreateEntityReconciliationTaskResponse

CreateProfileRequest

Profile service

FieldTypeLabelDescription
profileProfile

CreateProfileResponse

FieldTypeLabelDescription
profileProfile

CreateProjectRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the project is created.
namestringname is the name of the project to create.

CreateProjectResponse

FieldTypeLabelDescription
projectProjectproject is the project that was created.

CreateProviderRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the provider is created.
providerProviderprovider is the provider to be created.

CreateProviderResponse

FieldTypeLabelDescription
providerProviderprovider is the provider that was created.
authorizationAuthorizationParamsauthorization provides additional authorization information needed to complete the initialization of the provider.

CreateRuleTypeRequest

CreateRuleTypeRequest is the request to create a rule type.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type to be created.

CreateRuleTypeResponse

CreateRuleTypeResponse is the response to create a rule type.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type that was created.

CreateUserRequest

User service

CreateUserResponse

FieldTypeLabelDescription
idint32
organization_idstringDeprecated.
organizatio_namestringDeprecated.
project_idstring
project_namestring
identity_subjectstring
created_atgoogle.protobuf.Timestamp
contextContext

Cursor

Cursor message to be used in request messages. Its purpose is to allow clients to specify the subset of records to retrieve by means of index within a collection, along with the number of items to retrieve.

FieldTypeLabelDescription
cursorstringcursor is the index to start from within the collection being retrieved. It's an opaque payload specified and interpreted on an per-rpc basis.
sizeuint32size is the number of items to retrieve from the collection.

CursorPage

CursorPage message used in response messages. Its purpose is to send to clients links pointing to next and/or previous collection subsets with respect to the one containing this struct.

FieldTypeLabelDescription
total_recordsuint32Total number of records matching the request. This is optional.
nextCursorCursor pointing to retrieve results logically placed after the ones shipped with the message containing this struct.
prevCursorCursor pointing to retrieve results logically placed before the ones shipped with the message containing this struct.

DeleteProfileRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
idstringid is the id of the profile to delete

DeleteProfileResponse

DeleteProjectRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the project is deleted.

DeleteProjectResponse

FieldTypeLabelDescription
project_idstringproject_id is the id of the project that was deleted.

DeleteProviderByIDRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the provider is deleted. Only the project is required in this context.
idstringid is the id of the provider to delete

DeleteProviderByIDResponse

FieldTypeLabelDescription
idstringid is the id of the provider that was deleted

DeleteProviderRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the provider is deleted. Both project and provider are required in this context.

DeleteProviderResponse

FieldTypeLabelDescription
namestringname is the name of the provider that was deleted

DeleteRepositoryByIdRequest

FieldTypeLabelDescription
repository_idstring
contextContext

DeleteRepositoryByIdResponse

FieldTypeLabelDescription
repository_idstring

DeleteRepositoryByNameRequest

FieldTypeLabelDescription
providerstringDeprecated.
namestring
contextContext

DeleteRepositoryByNameResponse

FieldTypeLabelDescription
namestring

DeleteRuleTypeRequest

DeleteRuleTypeRequest is the request to delete a rule type.

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
idstringid is the id of the rule type to be deleted.

DeleteRuleTypeResponse

DeleteRuleTypeResponse is the response to delete a rule type.

DeleteUserRequest

DeleteUserResponse

DiffType

DiffType defines the diff data ingester.

FieldTypeLabelDescription
ecosystemsDiffType.Ecosystemrepeatedecosystems is the list of ecosystems to be used for the "dep" diff type.
typestringtype is the type of diff ingestor to use. The default is "dep" which will leverage the ecosystems array.

DiffType.Ecosystem

FieldTypeLabelDescription
namestringname is the name of the ecosystem.
depfilestringdepfile is the file that contains the dependencies for this ecosystem

DockerHubProviderConfig

DockerHubProviderConfig contains the configuration for the DockerHub provider.

Namespace: is the namespace for the DockerHub provider.

FieldTypeLabelDescription
namespacestringoptionalnamespace is the namespace for the DockerHub provider.

EntityAutoRegistrationConfig

FieldTypeLabelDescription
enabledbooloptional

EntityInstance

FieldTypeLabelDescription
idstringid is the unique identifier of the entity.
contextContextV2context is the context in which the entity is evaluated.
namestringname is the name of the entity.
typeEntitytype is the type of the entity. DISCUSSION: If we're aiming for a BYO entity type, we should probably have this be a string, and have the user provide the type.
propertiesgoogle.protobuf.Structproperties is a map of properties of the entity.

EntityTypedId

EntiryTypeId is a message that carries an ID together with a type to uniquely identify an entity such as (repo, 1), (artifact, 2), ...

FieldTypeLabelDescription
typeEntityentity is the entity to get status for. Incompatible with all
idstringid is the ID of the entity to get status for. Incompatible with all

EvalResultAlert

EvalResultAlert holds the alert details for a given rule evaluation

FieldTypeLabelDescription
statusstringstatus is the status of the alert
last_updatedgoogle.protobuf.Timestamplast_updated is the last time the alert was performed or attempted
detailsstringdetails is the description of the alert attempt if any
urlstringurl is the URL to the alert

EvaluationHistory

FieldTypeLabelDescription
entityEvaluationHistoryEntityentity contains details of the entity which was evaluated.
ruleEvaluationHistoryRulerule contains details of the rule which the entity was evaluated against.
statusEvaluationHistoryStatusstatus contains the evaluation status.
alertEvaluationHistoryAlertalert contains details of the alerts for this evaluation.
remediationEvaluationHistoryRemediationremediation contains details of the remediation for this evaluation.
evaluated_atgoogle.protobuf.Timestampcreated_at is the timestamp of creation of this evaluation
idstringid is the unique identifier of the evaluation.

EvaluationHistoryAlert

FieldTypeLabelDescription
statusstringstatus is one of (on, off, error, skipped, not available) not using enums to mirror the behaviour of the existing API contracts.
detailsstringdetails contains optional details about the alert. the structure and contents are alert specific, and are subject to change.

EvaluationHistoryEntity

FieldTypeLabelDescription
idstringid is the unique identifier of the entity.
typeEntitytype is the entity type.
namestringname is the entity name.

EvaluationHistoryRemediation

FieldTypeLabelDescription
statusstringstatus is one of (success, error, failure, skipped, not available) not using enums to mirror the behaviour of the existing API contracts.
detailsstringdetails contains optional details about the remediation. the structure and contents are remediation specific, and are subject to change.

EvaluationHistoryRule

FieldTypeLabelDescription
namestringname is the name of the rule instance.
rule_typestringtype is the name of the rule type.
profilestringprofile is the name of the profile which contains the rule.
severitySeverityseverity is the severity of the rule type.

EvaluationHistoryStatus

FieldTypeLabelDescription
statusstringstatus is one of (success, error, failure, skipped) not using enums to mirror the behaviour of the existing API contracts.
detailsstringdetails contains optional details about the evaluation. the structure and contents are rule type specific, and are subject to change.

GHCRProviderConfig

GHCRProviderConfig contains the configuration for the GHCR provider.

Namespace: is the namespace for the GHCR provider.

FieldTypeLabelDescription
namespacestringoptionalnamespace is the namespace for the GHCR provider.

GetArtifactByIdRequest

FieldTypeLabelDescription
idstring
contextContext

GetArtifactByIdResponse

FieldTypeLabelDescription
artifactArtifact
versionsArtifactVersionrepeated

GetArtifactByNameRequest

FieldTypeLabelDescription
namestring
contextContext

GetArtifactByNameResponse

FieldTypeLabelDescription
artifactArtifact
versionsArtifactVersionrepeated

GetAuthorizationURLRequest

FieldTypeLabelDescription
clibool
portint32
ownerstringoptional
contextContext
redirect_urlstringoptional
configgoogle.protobuf.Structconfig is a JSON object that can be used to pass additional configuration
provider_classstring

GetAuthorizationURLResponse

FieldTypeLabelDescription
urlstring
statestring

GetEvaluationHistoryRequest

GetEvaluationHistoryRequest represents a request for the GetEvaluationHistory endpoint

FieldTypeLabelDescription
idstring
contextContext

GetEvaluationHistoryResponse

GetEvaluationHistoryResponse represents a response message for the GetEvaluationHistory RPC.

FieldTypeLabelDescription
evaluationEvaluationHistoryThe requested record

GetInviteDetailsRequest

FieldTypeLabelDescription
codestringInvite nonce/code to retrieve details for

GetInviteDetailsResponse

FieldTypeLabelDescription
project_displaystringProject associated with the invite
sponsor_displaystringSponsor of the invite
expires_atgoogle.protobuf.Timestampexpires_at is the time at which the invitation expires.
expiredboolexpired is true if the invitation has expired

GetProfileByIdRequest

get profile by id

FieldTypeLabelDescription
contextContextcontext is the context which contains the profiles
idstringid is the id of the profile to get

GetProfileByIdResponse

FieldTypeLabelDescription
profileProfile

GetProfileByNameRequest

get profile by name

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
namestringname is the name of the profile to get

GetProfileByNameResponse

FieldTypeLabelDescription
profileProfile

GetProfileStatusByNameRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
namestringname is the name of the profile to get
entityEntityTypedId
allbool
rulestringDeprecated. rule is the type of the rule. Deprecated in favor of rule_type
rule_typestring
rule_namestring

GetProfileStatusByNameResponse

FieldTypeLabelDescription
profile_statusProfileStatusprofile_status is the status of the profile
rule_evaluation_statusRuleEvaluationStatusrepeatedrule_evaluation_status is the status of the rules

GetProfileStatusByProjectRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.

GetProfileStatusByProjectResponse

FieldTypeLabelDescription
profile_statusProfileStatusrepeatedprofile_status is the status of the profile

GetProviderRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the provider is evaluated.
namestringname is the name of the provider to get.

GetProviderResponse

FieldTypeLabelDescription
providerProviderprovider is the provider that was retrieved.

GetRepositoryByIdRequest

FieldTypeLabelDescription
repository_idstring
contextContext

GetRepositoryByIdResponse

FieldTypeLabelDescription
repositoryRepository

GetRepositoryByNameRequest

FieldTypeLabelDescription
providerstringDeprecated.
namestring
contextContext

GetRepositoryByNameResponse

FieldTypeLabelDescription
repositoryRepository

GetRuleTypeByIdRequest

GetRuleTypeByIdRequest is the request to get a rule type by id.

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
idstringid is the id of the rule type.

GetRuleTypeByIdResponse

GetRuleTypeByIdResponse is the response to get a rule type by id.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type.

GetRuleTypeByNameRequest

GetRuleTypeByNameRequest is the request to get a rule type by name.

FieldTypeLabelDescription
contextContextcontext is the context in which the rule type is evaluated.
namestringname is the name of the rule type.

GetRuleTypeByNameResponse

GetRuleTypeByNameResponse is the response to get a rule type by name.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type.

GetUnclaimedProvidersRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the set of providers are evaluated.

GetUnclaimedProvidersResponse

FieldTypeLabelDescription
providersProviderParameterrepeatedproviders is a set of parameters which can be supplied to allow the user to assign existing unclaimed credentials to a new provider in the project via CreateProvider().

GetUserRequest

get user

GetUserResponse

FieldTypeLabelDescription
userUserRecordoptional
projectsProjectrepeatedDeprecated. This will be deprecated in favor of the project_roles field
project_rolesProjectRolerepeated

GitHubAppParams

GitHubAppParams is the parameters for a GitHub App provider.

FieldTypeLabelDescription
installation_idint64The GitHub installation ID for the app. On create, this is the only parameter used; the organization parameters are ignored.
organizationstringThe GitHub organization slug where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id).
organization_idint64The GitHub organization ID where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id).

GitHubAppProviderConfig

GitHubAppProviderConfig contains the configuration for the GitHub App provider

FieldTypeLabelDescription
endpointstringoptionalEndpoint is the GitHub API endpoint. If using the public GitHub API, Endpoint can be left blank.

GitHubProviderConfig

GitHubProviderConfig contains the configuration for the GitHub client

Endpoint: is the GitHub API endpoint

If using the public GitHub API, Endpoint can be left blank disable revive linting for this struct as there is nothing wrong with the naming convention

FieldTypeLabelDescription
endpointstringoptionalEndpoint is the GitHub API endpoint. If using the public GitHub API, Endpoint can be left blank.

GitLabProviderConfig

GitLabProviderConfig contains the configuration for the GitLab provider.

Endpoint: is the GitLab API endpoint

If using the public GitLab API, Endpoint can be left blank

FieldTypeLabelDescription
endpointstringEndpoint is the GitLab API endpoint. If using the public GitLab API, Endpoint can be left blank.
groupstringgroup is the GitLab group to use for the provider

GitType

GitType defines the git data ingester.

FieldTypeLabelDescription
clone_urlstringclone_url is the url of the git repository.
branchstringbranch is the branch of the git repository.

Invitation

FieldTypeLabelDescription
rolestringrole is the role that would be assigned if the user accepts the invitation.
emailstringemail is the email address of the invited user. This is presented as a convenience for display purposes, and does not affect who can accept the invitation using the code.
projectstringproject is the project to which the user is invited.
codestringcode is a unique identifier for the invitation, which can be used by the recipient to accept or reject the invitation. The code is only transmitted in response to AssignRole or ListInvitations RPCs, and not transmitted in ListRoleAssignments or other calls.
created_atgoogle.protobuf.Timestampcreated_at is the time at which the invitation was created.
expires_atgoogle.protobuf.Timestampexpires_at is the time at which the invitation expires.
expiredboolexpired is true if the invitation has expired.
sponsorstringsponsor is the account (ID) of the user who created the invitation.
sponsor_displaystringsponsor_display is the display name of the user who created the invitation.
project_displaystringproject_display is the display name of the project to which the user is invited.
invite_urlstringinviteURL is the URL that can be used to accept the invitation.
email_skippedboolemailSkipped is true if the email was not sent to the invitee.

ListArtifactsRequest

FieldTypeLabelDescription
providerstring
contextContext
fromstring

ListArtifactsResponse

FieldTypeLabelDescription
resultsArtifactrepeated

ListChildProjectsRequest

FieldTypeLabelDescription
contextContextV2context is the context in which the child projects are listed.
recursiveboolrecursive is true if child projects should be listed recursively.

ListChildProjectsResponse

FieldTypeLabelDescription
projectsProjectrepeated

ListEvaluationHistoryRequest

ListEvaluationHistoryRequest represents a request message for the ListEvaluationHistory RPC.

Most of its fields are used for filtering, except for cursor which is used for pagination.

FieldTypeLabelDescription
contextContext
entity_typestringrepeatedList of entity types to retrieve.
entity_namestringrepeatedList of entity names to retrieve.
profile_namestringrepeatedList of profile names to retrieve.
statusstringrepeatedList of evaluation statuses to retrieve.
remediationstringrepeatedList of remediation statuses to retrieve.
alertstringrepeatedList of alert statuses to retrieve.
fromgoogle.protobuf.TimestampTimestamp representing the start time of the selection window.
togoogle.protobuf.TimestampTimestamp representing the end time of the selection window.
cursorCursorCursor object to select the "page" of data to retrieve.

ListEvaluationHistoryResponse

ListEvaluationHistoryResponse represents a response message for the ListEvaluationHistory RPC.

It ships a collection of records retrieved and pointers to get to the next and/or previous pages of data.

FieldTypeLabelDescription
dataEvaluationHistoryrepeatedList of records retrieved.
pageCursorPageMetadata of the current page and pointers to next and/or previous pages.

ListEvaluationResultsRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the evaluation results are evaluated.
profilestringID can contain either a profile name or an ID
label_filterstringFilter profiles to only those matching the specified labels.

The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. | | entity | EntityTypedId | repeated | If set, only return evaluation results for the named entities. If empty, return evaluation results for all entities | | rule_name | string | repeated | If set, only return evaluation results for the named rules. If empty, return evaluation results for all rules |

ListEvaluationResultsResponse

FieldTypeLabelDescription
entitiesListEvaluationResultsResponse.EntityEvaluationResultsrepeatedEach entity selected by the list request will have single entry in entities which contains results of all evaluations for each profile.

ListEvaluationResultsResponse.EntityEvaluationResults

FieldTypeLabelDescription
entityEntityTypedId
profilesListEvaluationResultsResponse.EntityProfileEvaluationResultsrepeated

ListEvaluationResultsResponse.EntityProfileEvaluationResults

FieldTypeLabelDescription
profile_statusProfileStatusprofile_status is the status of the profile - id, name, status, last_updated
resultsRuleEvaluationStatusrepeatedNote that some fields like profile_id and entity might be empty Eventually we might replace this type with another one that fits the API better

ListInvitationsRequest

ListInvitationsResponse

FieldTypeLabelDescription
invitationsInvitationrepeated

ListProfilesRequest

list profiles

FieldTypeLabelDescription
contextContextcontext is the context which contains the profiles
label_filterstringFilter profiles to only those matching the specified labels.

The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. |

ListProfilesResponse

FieldTypeLabelDescription
profilesProfilerepeated

ListProjectsRequest

ListProjectsResponse

FieldTypeLabelDescription
projectsProjectrepeated

ListProviderClassesRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the provider classes are evaluated.

ListProviderClassesResponse

FieldTypeLabelDescription
provider_classesstringrepeatedprovider_classes is the list of provider classes.

ListProvidersRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the providers are evaluated.
limitint32limit is the maximum number of providers to return.
cursorstringcursor is the cursor to use for the page of results, empty if at the beginning

ListProvidersResponse

FieldTypeLabelDescription
providersProviderrepeated
cursorstringcursor is the cursor to use for the next page of results, empty if at the end

ListRemoteRepositoriesFromProviderRequest

FieldTypeLabelDescription
providerstringDeprecated.
contextContext

ListRemoteRepositoriesFromProviderResponse

FieldTypeLabelDescription
resultsUpstreamRepositoryRefrepeated
entitiesRegistrableUpstreamEntityRefrepeatedentities is the same list as the repositories, but it uses the new UpstreamEntityRef message. This is what we'll migrate to eventually.

ListRepositoriesRequest

FieldTypeLabelDescription
providerstringDeprecated.
limitint64
contextContext
cursorstring

ListRepositoriesResponse

FieldTypeLabelDescription
resultsRepositoryrepeated
cursorstringcursor is the cursor to use for the next page of results, empty if at the end

ListRoleAssignmentsRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the role assignments are evaluated.

ListRoleAssignmentsResponse

FieldTypeLabelDescription
role_assignmentsRoleAssignmentrepeatedrole_assignments contains permission grants which have been accepted by a user.
invitationsInvitationrepeatedinvitations contains outstanding role invitations which have not yet been accepted by a user.

ListRolesRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the roles are evaluated.

ListRolesResponse

FieldTypeLabelDescription
rolesRolerepeated

ListRuleTypesRequest

ListRuleTypesRequest is the request to list rule types.

FieldTypeLabelDescription
contextContextcontext is the context in which the rule types are evaluated.

ListRuleTypesResponse

ListRuleTypesResponse is the response to list rule types.

FieldTypeLabelDescription
rule_typesRuleTyperepeatedrule_types is the list of rule types.

PatchProfileRequest

FieldTypeLabelDescription
contextContextThe context in which the patch is applied. Provided explicitly so that the patch itself can be minimal and contain only the attribute to set, e.g. remediate=true
idstringThe id of the profile to patch. Same explanation about explicitness as for the context
patchProfileThe patch to apply to the profile
update_maskgoogle.protobuf.FieldMaskneeded to enable PATCH, see https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/patch_feature/ is not exposed to the API user

PatchProfileResponse

FieldTypeLabelDescription
profileProfile

PatchProjectRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the project is updated.
patchProjectPatchpatch is the patch to apply to the project
update_maskgoogle.protobuf.FieldMaskneeded to enable PATCH, see https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/patch_feature/ is not exposed to the API user

PatchProjectResponse

FieldTypeLabelDescription
projectProjectproject is the project that was updated.

PatchProviderRequest

FieldTypeLabelDescription
contextContext
patchProvider
update_maskgoogle.protobuf.FieldMask

PatchProviderResponse

FieldTypeLabelDescription
providerProvider

PipelineRun

Profile

Profile defines a profile that is user defined.

FieldTypeLabelDescription
contextContextcontext is the context in which the profile is evaluated.
idstringoptionalid is the id of the profile. This is optional and is set by the system.
namestringname is the name of the profile instance.
labelsstringrepeatedlabels are a set of system-provided attributes which can be used to filter profiles and status results. Labels cannot be set by the user, but are returned in ListProfiles.

Labels use DNS label constraints, with a possible namespace prefix separated by a colon (:). They are intended to allow filtering, but not to store arbitrary metadata. DNS labels are 1-63 character alphanumeric strings with internal hyphens. An RE2-style validation regex would be:

DNS_STR = "a-zA-Z0-9?" ($DNS_STR:)?$DNS_STR | | repository | Profile.Rule | repeated | These are the entities that one could set in the profile. | | build_environment | Profile.Rule | repeated | | | artifact | Profile.Rule | repeated | | | pull_request | Profile.Rule | repeated | | | release | Profile.Rule | repeated | | | pipeline_run | Profile.Rule | repeated | | | task_run | Profile.Rule | repeated | | | build | Profile.Rule | repeated | | | selection | Profile.Selector | repeated | | | remediate | string | optional | whether and how to remediate (on,off,dry_run) this is optional and defaults to "off" | | alert | string | optional | whether and how to alert (on,off,dry_run) this is optional and defaults to "on" | | type | string | | type is a placeholder for the object type. It should always be set to "profile". | | version | string | | version is the version of the profile type. In this case, it is "v1" | | display_name | string | | display_name is the display name of the profile. |

Profile.Rule

Rule defines the individual call of a certain rule type.

FieldTypeLabelDescription
typestringtype is the type of the rule to be instantiated.
paramsgoogle.protobuf.Structparams are the parameters that are passed to the rule. This is optional and depends on the rule type.
defgoogle.protobuf.Structdef is the definition of the rule. This depends on the rule type.
namestringname is the descriptive name of the rule, not to be confused with type

Profile.Selector

FieldTypeLabelDescription
idstringid is optional and use for updates to match upserts as well as read operations. It is ignored for creates.
entitystringentity is the entity to select.
selectorstringexpr is the expression to select the entity.
descriptionstringdescription is the human-readable description of the selector.

ProfileStatus

get the overall profile status

FieldTypeLabelDescription
profile_idstringprofile_id is the id of the profile
profile_namestringprofile_name is the name of the profile
profile_statusstringprofile_status is the status of the profile
last_updatedgoogle.protobuf.Timestamplast_updated is the last time the profile was updated
profile_display_namestringprofile_display_name is the display name of the profile

Project

Project API Objects

FieldTypeLabelDescription
project_idstring
namestring
descriptionstring
created_atgoogle.protobuf.Timestamp
updated_atgoogle.protobuf.Timestamp
display_namestringdisplay_name allows for a human-readable name to be used. display_names are short non-unique strings to provide a user-friendly name for presentation in lists, etc.

ProjectPatch

FieldTypeLabelDescription
display_namestringoptionaldisplay_name is the display name of the project to update.
descriptionstringoptionaldescription is the description of the project to update.

ProjectRole

ProjectRole has the project along with the role the user has in the project

FieldTypeLabelDescription
roleRole
projectProject

Provider

FieldTypeLabelDescription
namestringname is the name of the provider.
classstringclass is the name of the provider implementation, eg. 'github' or 'gh-app'.
projectstringproject is the project where the provider is. This is ignored on input in favor of the context field in CreateProviderRequest.
versionstringversion is the version of the provider.
implementsProviderTyperepeatedimplements is the list of interfaces that the provider implements.
configgoogle.protobuf.Structconfig is the configuration of the provider.
auth_flowsAuthorizationFlowrepeatedauth_flows is the list of authorization flows that the provider supports.
parametersProviderParameterparameters is the list of parameters that the provider requires.
credentials_statestringcredentials_state is the state of the credentials for the provider. This is an output-only field. It may be: "set", "unset", "not_applicable".

ProviderConfig

ProviderConfig contains the generic configuration for a provider.

FieldTypeLabelDescription
auto_registrationAutoRegistrationoptionalauto_registration is the configuration for auto-registering entities.

ProviderParameter

FieldTypeLabelDescription
github_appGitHubAppParams

PullRequest

FieldTypeLabelDescription
urlstringThe full URL to the PR
commit_shastringCommit SHA of the PR HEAD. Will be useful to submit a review
numberint64The sequential PR number (not the DB PK!)
repo_ownerstringThe owner of the repo, will be used to submit a review
repo_namestringThe name of the repo, will be used to submit a review
author_idint64The author of the PR, will be used to check if we can request changes
actionstringThe action that triggered the webhook
contextContext
propertiesgoogle.protobuf.Structproperties is a map of properties of the entity.

RESTProviderConfig

RESTProviderConfig contains the configuration for the REST provider.

FieldTypeLabelDescription
base_urlstringoptionalbase_url is the base URL for the REST provider.

ReconcileEntityRegistrationRequest

FieldTypeLabelDescription
contextContext
entitystring

ReconcileEntityRegistrationResponse

RegisterRepoResult

FieldTypeLabelDescription
repositoryRepository
statusRegisterRepoResult.Status

RegisterRepoResult.Status

FieldTypeLabelDescription
successbool
errorstringoptional

RegisterRepositoryRequest

FieldTypeLabelDescription
providerstringDeprecated.
repositoryUpstreamRepositoryRef
contextContext
entityUpstreamEntityRefentity is the entity to register. This is the same as the repository field, but uses the new UpstreamEntityRef message. This is what we'll migrate to eventually.

RegisterRepositoryResponse

FieldTypeLabelDescription
resultRegisterRepoResult

RegistrableUpstreamEntityRef

FieldTypeLabelDescription
entityUpstreamEntityRef
registeredboolTrue if the entity is already registered in Minder.

Release

Stubs for the SDLC entities

RemoveRoleRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the role assignment is evaluated.
role_assignmentRoleAssignmentrole_assignment is the role assignment to be removed.

RemoveRoleResponse

FieldTypeLabelDescription
role_assignmentRoleAssignmentrole_assignment is the role assignment that was removed.
invitationInvitationinvitation contains the details of the invitation that was removed.

Repository

FieldTypeLabelDescription
idstringoptionalThis is optional when returning remote repositories
contextContextoptional
ownerstring
namestring
repo_idint64
hook_idint64
hook_urlstring
deploy_urlstring
clone_urlstring
hook_namestring
hook_typestring
hook_uuidstring
is_privatebool
is_forkbool
created_atgoogle.protobuf.Timestamp
updated_atgoogle.protobuf.Timestamp
default_branchstring
licensestring
propertiesgoogle.protobuf.Structproperties is a map of properties of the entity.

ResolveInvitationRequest

FieldTypeLabelDescription
codestringcode is the code of the invitation to resolve.
acceptboolaccept is true if the invitation is accepted, false if it is rejected.

ResolveInvitationResponse

FieldTypeLabelDescription
rolestringrole is the role that would be assigned if the user accepts the invitation.
emailstringemail is the email address of the invited user.
projectstringproject is the project to which the user is invited.
is_acceptedboolis_accepted is the status of the invitation.
project_displaystringproject_display is the display name of the project to which the user is invited.

RestType

RestType defines the rest data evaluation. This is used to fetch data from a REST endpoint.

FieldTypeLabelDescription
endpointstringendpoint is the endpoint to fetch data from. This can be a URL or the path on the API.bool This is a required field and must be set. This is also evaluated via a template which allows us dynamically fill in the values.
methodstringmethod is the method to use to fetch data.
headersstringrepeatedheaders are the headers to be sent to the endpoint.
bodystringoptionalbody is the body to be sent to the endpoint.
parsestringparse is the parsing mechanism to be used to parse the data.
fallbackRestType.Fallbackrepeatedfallback provides a body that the ingester would return in case the REST call returns a non-200 status code.

RestType.Fallback

FieldTypeLabelDescription
http_codeint32
bodystring

Role

FieldTypeLabelDescription
namestringname is the name of the role.
display_namestringdisplay name of the role
descriptionstringdescription is the description of the role.

RoleAssignment

FieldTypeLabelDescription
rolestringrole is the role that is assigned.
subjectstringsubject is the subject to which the role is assigned.
display_namestringdisplay_name is the display name of the subject.
projectstringoptionalproject is the project in which the role is assigned.
emailstringemail is the email address of the subject used for invitations.
first_namestringfirst_name is the first name of the subject.
last_namestringlast_name is the last name of the subject.

RpcOptions

FieldTypeLabelDescription
no_logbool
target_resourceTargetResource
relationRelation

RuleEvaluationStatus

get the status of the rules for a given profile

FieldTypeLabelDescription
profile_idstringprofile_id is the id of the profile
rule_idstringrule_id is the id of the rule
rule_namestringDeprecated. rule_name is the type of the rule. Deprecated in favor of rule_type_name
entitystringentity is the entity that was evaluated
statusstringstatus is the status of the evaluation
last_updatedgoogle.protobuf.Timestamplast_updated is the last time the profile was updated
entity_infoRuleEvaluationStatus.EntityInfoEntryrepeatedentity_info is the information about the entity
detailsstringdetails is the description of the evaluation if any
guidancestringguidance is the guidance for the evaluation if any
remediation_statusstringremediation_status is the status of the remediation
remediation_last_updatedgoogle.protobuf.Timestampoptionalremediation_last_updated is the last time the remediation was performed or attempted
remediation_detailsstringremediation_details is the description of the remediation attempt if any
rule_type_namestringrule_type_name is the name of the rule
rule_description_namestringrule_description_name is the name to describe the rule
alertEvalResultAlertalert holds the alert details if the rule generated an alert in an external system
severitySeverityseverity is the severity of the rule
rule_evaluation_idstringrule_evaluation_id is the id of the rule evaluation
remediation_urlstringremediation_url is a url to get more data about a remediation, for PRs is the link to the PR
rule_display_namestringrule_display_name captures the display name of the rule
release_phaseRuleTypeReleasePhaserelease_phase is the phase of the release

RuleEvaluationStatus.EntityInfoEntry

FieldTypeLabelDescription
keystring
valuestring

RuleType

RuleType defines rules that may or may not be user defined. The version is assumed from the folder's version.

FieldTypeLabelDescription
idstringoptionalid is the id of the rule type. This is mostly optional and is set by the server.
namestringname is the name of the rule type.
display_namestringdisplay_name is the display name of the rule type.
short_failure_messagestringshort_failure_message is the message to display when the evaluation fails.
contextContextcontext is the context in which the rule is evaluated.
defRuleType.Definitiondef is the definition of the rule type.
descriptionstringdescription is the description of the rule type.
guidancestringguidance are instructions we give the user in case a rule fails.
severitySeverityseverity is the severity of the rule type.
release_phaseRuleTypeReleasePhaserelease_phase is the release phase of the rule type, i.e. alpha, beta, ga, deprecated.

RuleType.Definition

Definition defines the rule type. It encompases the schema and the data evaluation.

FieldTypeLabelDescription
in_entitystringin_entity is the entity in which the rule is evaluated. This can be repository, build_environment or artifact.
rule_schemagoogle.protobuf.Structrule_schema is the schema of the rule. This is expressed in JSON Schema.
param_schemagoogle.protobuf.Structoptionalparam_schema is the schema of the parameters that are passed to the rule. This is expressed in JSON Schema.
ingestRuleType.Definition.Ingest
evalRuleType.Definition.Eval
remediateRuleType.Definition.Remediate
alertRuleType.Definition.Alert

RuleType.Definition.Alert

FieldTypeLabelDescription
typestring
security_advisoryRuleType.Definition.Alert.AlertTypeSAoptional

RuleType.Definition.Alert.AlertTypeSA

FieldTypeLabelDescription
severitystring

RuleType.Definition.Eval

Eval defines the data evaluation definition. This pertains to the way we traverse data from the upstream endpoint and how we compare it to the rule.

FieldTypeLabelDescription
typestringtype is the type of the data evaluation. Right now only jq is supported as a driver
jqRuleType.Definition.Eval.JQComparisonrepeatedjq is only used if the jq type is selected. It defines the comparisons that are made between the ingested data and the profile rule.
regoRuleType.Definition.Eval.Regooptionalrego is only used if the rego type is selected.
vulncheckRuleType.Definition.Eval.Vulncheckoptionalvulncheck is only used if the vulncheck type is selected.
trustyRuleType.Definition.Eval.TrustyoptionalThe trusty type is no longer used, but is still here for backwards compatibility with existing stored rules
homoglyphsRuleType.Definition.Eval.Homoglyphsoptionalhomoglyphs is only used if the homoglyphs type is selected.

RuleType.Definition.Eval.Homoglyphs

FieldTypeLabelDescription
typestring

RuleType.Definition.Eval.JQComparison

FieldTypeLabelDescription
ingestedRuleType.Definition.Eval.JQComparison.OperatorIngested points to the data retrieved in the ingest section
profileRuleType.Definition.Eval.JQComparison.OperatorProfile points to the profile itself.
constantgoogle.protobuf.ValueConstant points to a constant value

RuleType.Definition.Eval.JQComparison.Operator

FieldTypeLabelDescription
defstring

RuleType.Definition.Eval.Rego

FieldTypeLabelDescription
typestringtype is the type of evaluation engine to use for rego. We currently have two modes of operation: - deny-by-default: this is the default mode of operation where we deny access by default and allow access only if the profile explicitly allows it. It expects the profile to set an allow variable to true or false. - constraints: this is the mode of operation where we allow access by default and deny access only if a violation is found. It expects the profile to set a violations variable with a "msg" field.
defstringdef is the definition of the rego profile.
violation_formatstringoptionalhow are violations reported. This is only used if the constraints type is selected. The default is text which returns human-readable text. The other option is json which returns a JSON array containing the violations.

RuleType.Definition.Eval.Trusty

FieldTypeLabelDescription
endpointstringThis is no longer used, but is still here for backwards compatibility with existing stored rules

RuleType.Definition.Eval.Vulncheck

no configuration for now

RuleType.Definition.Ingest

Ingest defines how the data is ingested.

FieldTypeLabelDescription
typestringtype is the type of the data ingestion. we currently support rest, artifact and builtin.
restRestTypeoptionalrest is the rest data ingestion. this is only used if the type is rest.
builtinBuiltinTypeoptionalbuiltin is the builtin data ingestion.
artifactArtifactTypeoptionalartifact is the artifact data ingestion.
gitGitTypeoptionalgit is the git data ingestion.
diffDiffTypeoptionaldiff is the diff data ingestion.

RuleType.Definition.Remediate

FieldTypeLabelDescription
typestring
restRestTypeoptional
gh_branch_protectionRuleType.Definition.Remediate.GhBranchProtectionTypeoptional
pull_requestRuleType.Definition.Remediate.PullRequestRemediationoptional

RuleType.Definition.Remediate.GhBranchProtectionType

FieldTypeLabelDescription
patchstring

RuleType.Definition.Remediate.PullRequestRemediation

the name stutters a bit but we already use a PullRequest message for handling PR entities

FieldTypeLabelDescription
titlestringthe title of the PR
bodystringthe body of the PR
contentsRuleType.Definition.Remediate.PullRequestRemediation.Contentrepeated
methodstringthe method to use to create the PR. For now, these are supported: -- minder.content - ensures that the content of the file is exactly as specified refer to the Content message for more details -- minder.actions.replace_tags_with_sha - finds any github actions within a workflow file and replaces the tag with the SHA
actions_replace_tags_with_shaRuleType.Definition.Remediate.PullRequestRemediation.ActionsReplaceTagsWithShaoptionalIf the method is minder.actions.replace_tags_with_sha, this is the configuration for that method

RuleType.Definition.Remediate.PullRequestRemediation.ActionsReplaceTagsWithSha

FieldTypeLabelDescription
excludestringrepeatedList of actions to exclude from the replacement

RuleType.Definition.Remediate.PullRequestRemediation.Content

FieldTypeLabelDescription
pathstringthe file to patch
actionstringhow to patch the file. For now, only replace is supported
contentstringthe content of the file
modestringoptionalthe GIT mode of the file. Not UNIX mode! String because the GH API also uses strings the usual modes are: 100644 for regular files, 100755 for executable files and 040000 for submodules (which we don't use but now you know the meaning of the 1 in 100644) see e.g. https://github.com/go-git/go-git/blob/32e0172851c35ae2fac495069c923330040903d2/plumbing/filemode/filemode.go#L16

Severity

Severity defines the severity of the rule.

FieldTypeLabelDescription
valueSeverity.Valuevalue is the severity value.

StoreProviderTokenRequest

FieldTypeLabelDescription
providerstringDeprecated.
access_tokenstring
ownerstringoptional
contextContext

StoreProviderTokenResponse

TaskRun

UpdateProfileRequest

FieldTypeLabelDescription
profileProfile

UpdateProfileResponse

FieldTypeLabelDescription
profileProfile

UpdateProjectRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the project is updated.
display_namestringdisplay_name is the display name of the project to update.
descriptionstringdescription is the description of the project to update.

UpdateProjectResponse

FieldTypeLabelDescription
projectProjectproject is the project that was updated.

UpdateRoleRequest

FieldTypeLabelDescription
contextContextcontext is the context in which the role assignment is evaluated.
subjectstringsubject is the account to change permissions for. The account must already have permissions on the project
rolesstringrepeatedAll subject roles are replaced with the following role assignments. Must be non-empty, use RemoveRole to remove permissions entirely from the project.
emailstringemail is the email address of the subject used for updating invitations

UpdateRoleResponse

FieldTypeLabelDescription
role_assignmentsRoleAssignmentrepeatedrole_assignments are the role assignments that were updated.
invitationsInvitationrepeatedinvitations contains the details of the invitations that were updated.

UpdateRuleTypeRequest

UpdateRuleTypeRequest is the request to update a rule type.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type to be updated.

UpdateRuleTypeResponse

UpdateRuleTypeResponse is the response to update a rule type.

FieldTypeLabelDescription
rule_typeRuleTyperule_type is the rule type that was updated.

UpstreamEntityRef

UpstreamEntityRef providers enough information for the provider to identify the entity in the upstream system.

FieldTypeLabelDescription
contextContextV2context is the context in which the entity is evaluated. Note that the context is included here since users of this message may return upstream references from multiple providers
typeEntitytype is the type of the entity.
propertiesgoogle.protobuf.Structproperties is a map of properties of the entity. This will be used to identify the entity in the upstream system and will be a subset of the properties of the entity that will be stored in Minder.

UpstreamRepositoryRef

FieldTypeLabelDescription
ownerstring
namestring
repo_idint64The upstream identity of the repository, as an integer. This is only set on output, and is ignored on input.
contextContext
registeredboolTrue if the repository is already registered in Minder. This is only set on output, and is ignored on input.

UserRecord

user record to be returned

FieldTypeLabelDescription
idint32
identity_subjectstring
created_atgoogle.protobuf.Timestamp
updated_atgoogle.protobuf.Timestamp

VerifyProviderCredentialRequest

VerifyProviderCredentialRequest contains the enrollment nonce (aka state) that was used when enrolling the provider

FieldTypeLabelDescription
contextContext
enrollment_noncestringenrollment_nonce is the state parameter returned when enrolling the provider

VerifyProviderCredentialResponse

VerifyProviderCredentialRequest responds with a boolean indicating if the provider has been created and the provider name, if it has been created

FieldTypeLabelDescription
createdbool
provider_namestring

VerifyProviderTokenFromRequest

FieldTypeLabelDescription
providerstringDeprecated.
timestampgoogle.protobuf.Timestamp
contextContext

VerifyProviderTokenFromResponse

FieldTypeLabelDescription
statusstring
ExtensionTypeBaseNumberDescription
namestring.google.protobuf.EnumValueOptions42445
rpc_optionsRpcOptions.google.protobuf.MethodOptions51077

AuthorizationFlow

NameNumberDescription
AUTHORIZATION_FLOW_UNSPECIFIED0
AUTHORIZATION_FLOW_NONE1
AUTHORIZATION_FLOW_USER_INPUT2
AUTHORIZATION_FLOW_OAUTH2_AUTHORIZATION_CODE_FLOW3
AUTHORIZATION_FLOW_GITHUB_APP_FLOW4

CredentialsState

NameNumberDescription
CREDENTIALS_STATE_UNSPECIFIED0
CREDENTIALS_STATE_SET1
CREDENTIALS_STATE_UNSET2
CREDENTIALS_STATE_NOT_APPLICABLE3

Entity

Entity defines the entity that is supported by the provider.

NameNumberDescription
ENTITY_UNSPECIFIED0
ENTITY_REPOSITORIES1
ENTITY_BUILD_ENVIRONMENTS2
ENTITY_ARTIFACTS3
ENTITY_PULL_REQUESTS4
ENTITY_RELEASE5
ENTITY_PIPELINE_RUN6
ENTITY_TASK_RUN7
ENTITY_BUILD8

ObjectOwner

NameNumberDescription
OBJECT_OWNER_UNSPECIFIED0
OBJECT_OWNER_PROJECT2
OBJECT_OWNER_USER3

ProviderClass

NameNumberDescription
PROVIDER_CLASS_UNSPECIFIED0
PROVIDER_CLASS_GITHUB1
PROVIDER_CLASS_GITHUB_APP2
PROVIDER_CLASS_GHCR3
PROVIDER_CLASS_DOCKERHUB4

ProviderType

ProviderTrait is the type of the provider.

NameNumberDescription
PROVIDER_TYPE_UNSPECIFIED0
PROVIDER_TYPE_GITHUB1
PROVIDER_TYPE_REST2
PROVIDER_TYPE_GIT3
PROVIDER_TYPE_OCI4
PROVIDER_TYPE_REPO_LISTER5
PROVIDER_TYPE_IMAGE_LISTER6

Relation

NameNumberDescription
RELATION_UNSPECIFIED0
RELATION_CREATE1
RELATION_GET2
RELATION_UPDATE3
RELATION_DELETE4
RELATION_ROLE_LIST5
RELATION_ROLE_ASSIGNMENT_LIST6
RELATION_ROLE_ASSIGNMENT_CREATE7
RELATION_ROLE_ASSIGNMENT_REMOVE8
RELATION_REPO_GET9
RELATION_REPO_CREATE10
RELATION_REPO_UPDATE11
RELATION_REPO_DELETE12
RELATION_ARTIFACT_GET13
RELATION_ARTIFACT_CREATE14
RELATION_ARTIFACT_UPDATE15
RELATION_ARTIFACT_DELETE16
RELATION_PR_GET17
RELATION_PR_CREATE18
RELATION_PR_UPDATE19
RELATION_PR_DELETE20
RELATION_PROVIDER_GET21
RELATION_PROVIDER_CREATE22
RELATION_PROVIDER_UPDATE23
RELATION_PROVIDER_DELETE24
RELATION_RULE_TYPE_GET25
RELATION_RULE_TYPE_CREATE26
RELATION_RULE_TYPE_UPDATE27
RELATION_RULE_TYPE_DELETE28
RELATION_PROFILE_GET29
RELATION_PROFILE_CREATE30
RELATION_PROFILE_UPDATE31
RELATION_PROFILE_DELETE32
RELATION_PROFILE_STATUS_GET33
RELATION_REMOTE_REPO_GET34
RELATION_ENTITY_RECONCILIATION_TASK_CREATE35
RELATION_ENTITY_RECONCILE36
RELATION_ROLE_ASSIGNMENT_UPDATE37

RuleTypeReleasePhase

RuleTypeReleasePhase defines the release phase of the rule type.

NameNumberDescription
RULE_TYPE_RELEASE_PHASE_UNSPECIFIED0
RULE_TYPE_RELEASE_PHASE_ALPHA1
RULE_TYPE_RELEASE_PHASE_BETA2
RULE_TYPE_RELEASE_PHASE_GA3
RULE_TYPE_RELEASE_PHASE_DEPRECATED4

Severity.Value

Value enumerates the severity values.

NameNumberDescription
VALUE_UNSPECIFIED0
VALUE_UNKNOWN1unknown severity means that the severity is unknown or hasn't been set.
VALUE_INFO2info severity means that the severity is informational and does not incur risk.
VALUE_LOW3low severity means that the severity is low and does not incur significant risk.
VALUE_MEDIUM4medium severity means that the severity is medium and may incur some risk.
VALUE_HIGH5high severity means that the severity is high and may incur significant risk.
VALUE_CRITICAL6critical severity means that the severity is critical and requires immediate attention.

TargetResource

NameNumberDescription
TARGET_RESOURCE_UNSPECIFIED0
TARGET_RESOURCE_NONE1
TARGET_RESOURCE_USER2
TARGET_RESOURCE_PROJECT3

File-level Extensions

ExtensionTypeBaseNumberDescription
namestring.google.protobuf.EnumValueOptions42445
rpc_optionsRpcOptions.google.protobuf.MethodOptions51077

Scalar Value Types

.proto TypeNotesC++JavaPythonGoC#PHPRuby
doubledoubledoublefloatfloat64doublefloatFloat
floatfloatfloatfloatfloat32floatfloatFloat
int32Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.int32intintint32intintegerBignum or Fixnum (as required)
int64Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.int64longint/longint64longinteger/stringBignum
uint32Uses variable-length encoding.uint32intint/longuint32uintintegerBignum or Fixnum (as required)
uint64Uses variable-length encoding.uint64longint/longuint64ulonginteger/stringBignum or Fixnum (as required)
sint32Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.int32intintint32intintegerBignum or Fixnum (as required)
sint64Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.int64longint/longint64longinteger/stringBignum
fixed32Always four bytes. More efficient than uint32 if values are often greater than 2^28.uint32intintuint32uintintegerBignum or Fixnum (as required)
fixed64Always eight bytes. More efficient than uint64 if values are often greater than 2^56.uint64longint/longuint64ulonginteger/stringBignum
sfixed32Always four bytes.int32intintint32intintegerBignum or Fixnum (as required)
sfixed64Always eight bytes.int64longint/longint64longinteger/stringBignum
boolboolbooleanbooleanboolboolbooleanTrueClass/FalseClass
stringA string must always contain UTF-8 encoded or 7-bit ASCII text.stringStringstr/unicodestringstringstringString (UTF-8)
bytesMay contain any arbitrary sequence of bytes.stringByteStringstr[]byteByteStringstringString (ASCII-8BIT)