Grafeas Builds Notes and Occurrences

[Juan David Gómez]

Hello Grafeas team,

I'm writing because I'm wondering if someone has a complete example of Notes/Occurrences for Builds. I think the vulnerabilities model is well explained in Grafeas documentation and most of the blogs and articles rounds around that concept (and if someone needs to take a look of a Vulnz Note/Occurrence extracted from GCR please check https://gist.github.com/judavi/b91f06d7c7d3f53e6e27cddb4301eb84) but I want to use the full potential of Grafeas and start exploring the rest of the Notes available.

I'm checking the documentation available https://cloud.google.com/container-registry/docs/reference/rest/v1beta1/projects.notes#Build but I'm getting lost, without examples the explanation of those fields could be confusing for someone that is not using the same build system or process. 

Let's say for example if I use Jenkins how the information generated will fit on the model?

- What's a Note Build? The specific Jenkins Job?

• So what's the builderVersion? The version of the job or the version of Jenkins?
• In the signature. What's a BuildProvenance?

- Now related to the occurrences. What's an Occurrence Build? Each of the executions of the Job?

Thanks for the help, any complete example will be highly appreciated !!

Juan