trufflehog/proto/sources.proto

syntax = "proto3";

package sources;

option go_package = "github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb";

import "validate/validate.proto";
import "credentials.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";


enum SourceType {
  SOURCE_TYPE_AZURE_STORAGE = 0;
  SOURCE_TYPE_BITBUCKET = 1;
  SOURCE_TYPE_CIRCLECI = 2;
  SOURCE_TYPE_CONFLUENCE = 3;
  SOURCE_TYPE_DOCKERHUB_IMAGES = 4;
  SOURCE_TYPE_ECR = 5;
  SOURCE_TYPE_GCS = 6;
  SOURCE_TYPE_GITHUB = 7;
  SOURCE_TYPE_PUBLIC_GIT = 8;
  SOURCE_TYPE_GITLAB = 9;
  SOURCE_TYPE_JIRA = 10;
  SOURCE_TYPE_NPM_UNAUTHD_PACKAGES = 11;
  SOURCE_TYPE_PYPI_UNAUTHD_PACKAGES = 12;
  SOURCE_TYPE_S3 = 13;
  SOURCE_TYPE_SLACK = 14;
  SOURCE_TYPE_FILESYSTEM = 15;
  SOURCE_TYPE_GIT = 16;
  SOURCE_TYPE_TEST = 17;
  SOURCE_TYPE_S3_UNAUTHED = 18;
  SOURCE_TYPE_GITHUB_UNAUTHENTICATED_ORG = 19;
  SOURCE_TYPE_BUILDKITE = 20;
  SOURCE_TYPE_GERRIT = 21;
  SOURCE_TYPE_JENKINS = 22;
  SOURCE_TYPE_TEAMS = 23;
  SOURCE_TYPE_JFROG_ARTIFACTORY = 24;
  SOURCE_TYPE_SYSLOG = 25;
  SOURCE_TYPE_PUBLIC_EVENT_MONITORING = 26;
  SOURCE_TYPE_SLACK_REALTIME = 27;
  SOURCE_TYPE_GOOGLE_DRIVE = 28;
  SOURCE_TYPE_SHAREPOINT = 29;
  SOURCE_TYPE_GCS_UNAUTHED = 30;
}

message LocalSource {
  string type = 1 ;
  string name = 2 ;
  google.protobuf.Duration scan_interval = 3;
  bool verify = 4;
  google.protobuf.Any connection = 5;
}

message AzureStorage {
  oneof credential {
    string connection_string = 1;
    credentials.BasicAuth basic_auth = 2;
    string client_certificate = 3;
    credentials.Unauthenticated unauthenticated = 4;
  }
  repeated string storage_containers = 5;
}

message Bitbucket {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    string token = 2;
    credentials.Oauth2 oauth = 3;
    credentials.BasicAuth basic_auth = 4;

  }
  repeated string repositories = 5;
  repeated string ignore_repos = 6;
}

message CircleCI {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    string token = 2;
  }
}

message Confluence {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.Unauthenticated unauthenticated = 2;
    credentials.BasicAuth basic_auth = 3;
    string token = 4;
  }

  enum GetAllSpacesScope {
    ALL = 0;
    GLOBAL = 1;
    PERSONAL = 2;
  }

  GetAllSpacesScope spaces_scope = 5;
  bool insecure_skip_verify_tls = 6;
  repeated string spaces = 7;
  repeated string ignore_spaces = 8;
  bool include_attachments = 9;
  bool skip_history = 10;
}

message DockerHub {
  oneof credential {
    credentials.Unauthenticated unauthenticated = 1;
  }
  repeated string repositories = 2;
}

message ECR {
  oneof credential {
    credentials.KeySecret access_key = 1;
  }
  repeated string registries = 2;
}

message Filesystem {
  // DEPRECATED: directories is deprecated and can be removed / renamed to
  // paths when we no longer depend on the name in enterprise configs.
  repeated string directories = 1;
  repeated string paths = 2;
}

message GCS {
  oneof credential {
    string json_service_account = 1;
    string api_key = 2;
    credentials.Unauthenticated unauthenticated = 3;
    credentials.CloudEnvironment adc = 4;
    string service_account_file = 11;
    credentials.Oauth2 oauth = 12;
  }
  string project_id = 5;
  repeated string include_buckets = 6;
  repeated string exclude_buckets = 7;
  repeated string include_objects = 8;
  repeated string exclude_objects = 9;
  int64 max_object_size = 10;
}

message Git {
  oneof credential {
    credentials.BasicAuth basic_auth = 1;
    credentials.Unauthenticated unauthenticated = 2;
    credentials.SSHAuth ssh_auth = 5;
  }
  repeated string directories = 3;
  repeated string repositories = 4;
}

message GitLab {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    string token = 2;
    credentials.Oauth2 oauth = 3;
    credentials.BasicAuth basic_auth = 4;
  }
  repeated string repositories = 5;
  repeated string ignore_repos = 6;
}

message GitHub {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.GitHubApp github_app = 2;
    string token = 3;
    credentials.Unauthenticated unauthenticated = 4;
    credentials.BasicAuth basic_auth = 13;
  }
  repeated string repositories = 5;
  repeated string organizations = 6;
  bool scanUsers = 7;
  bool includeForks = 8;
  string head = 9;
  string base = 10;
  repeated string ignoreRepos = 11;
  repeated string includeRepos = 12;
}

message GoogleDrive {
  oneof credential {
    string refresh_token = 1;
  }
}

message JIRA {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.BasicAuth basic_auth = 2;
    credentials.Unauthenticated unauthenticated = 3;
    credentials.Oauth2 oauth = 4;
    string token = 6;
  }
  repeated string projects = 5;
  repeated string ignore_projects = 7;
}

message NPMUnauthenticatedPackage {
  oneof credential {
    credentials.Unauthenticated unauthenticated = 1;
  }
}

message PyPIUnauthenticatedPackage {
  oneof credential {
    credentials.Unauthenticated unauthenticated = 1;
  }
}

message S3 {
  oneof credential {
    credentials.KeySecret access_key = 1;
    credentials.Unauthenticated unauthenticated = 2;
    credentials.CloudEnvironment cloud_environment = 4;
    credentials.AWSSessionTokenSecret session_token = 5;
  }
  repeated string buckets = 3;
  int64 max_object_size = 6;
}

message Slack {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    string token = 2;
    credentials.SlackTokens tokens = 5;
  }
  repeated string channels = 3;
  repeated string ignoreList = 4;
}

message Test{}

message Buildkite {
  oneof credential {
    string token = 1;
  }
}

message Gerrit {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.BasicAuth basic_auth = 2;
    credentials.Unauthenticated unauthenticated = 3;
  }
  repeated string projects = 4;
}

message Jenkins {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.BasicAuth basic_auth = 2;
    credentials.Header header = 3;
  }
}

message Teams {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    string token = 2;
    credentials.ClientCredentials authenticated = 3;
    credentials.Oauth2 oauth = 7;
  }
  repeated string channels = 4;
  repeated string ignoreList = 5;
  repeated string team_ids = 6;
}

// https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-RetrieveFolderorRepositoryArchive
message Artifactory {
  string endpoint = 1 [(validate.rules).string.uri_ref = true];
  oneof credential {
    credentials.BasicAuth basic_auth = 2;
    string access_token = 3;
  }
  repeated string repositories = 4;
}

message Syslog {
  string protocol = 1;
  string listenAddress = 2;
  string tlsCert = 3;
  string tlsKey = 4;
  string format = 5;
}

message PublicEventMonitoring {
  oneof credential {
    credentials.Unauthenticated unauthenticated = 1;
  }
  string domain = 2;
  int64 max_depth = 3;
  google.protobuf.Timestamp since = 4;
}

message SlackRealtime {
  oneof credential {
    credentials.SlackTokens tokens = 1;
  }
}

message Sharepoint {
  oneof credential {
    credentials.Oauth2 oauth = 1;
  }
  string site_url = 2;
}