@google-cloud/containeranalysis 1.3.1 » Namespace: vulnerability

Property

Severity

Abstract types

Detail
Details

PackageIssue
Vulnerability

VulnerabilityLocation

Property

constant static

Severity number

Note provider-assigned severity/impact ranking.

Properties

Name	Type	Optional	Description
SEVERITY_UNSPECIFIED			Unknown.
MINIMAL			Minimal severity.
LOW			Low severity.
MEDIUM			Medium severity.
HIGH			High severity.
CRITICAL			Critical severity.

Abstract types

static

Detail

Identifies all occurrences of this vulnerability in the package for a specific distro/location. For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2

Properties

Name	Type	Description
cpeUri	string	The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
package	string	The name of the package where the vulnerability was found.
minAffectedVersion	Object	The min version of the package in which the vulnerability exists. This object should have the same structure as Version
maxAffectedVersion	Object	The max version of the package in which the vulnerability exists. This object should have the same structure as Version
severityName	string	The severity (eg: distro assigned severity) for this vulnerability.
description	string	A vendor-specific description of this note.
fixedLocation	Object	The fix for this specific package version. This object should have the same structure as VulnerabilityLocation
packageType	string	The type of package; whether native or non native(ruby gems, node.js packages etc).
isObsolete	boolean	Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

See also: grafeas.v1beta1.vulnerability.Vulnerability.Detail definition in proto format

static

Details

Details of a vulnerability occurrence.

Properties

Name	Type	Description
type	string	The type of package; whether native or non native(ruby gems, node.js packages etc)
severity	number	Output only. The note provider assigned Severity of the vulnerability. The number should be among the values of Severity
cvssScore	number	Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
packageIssue	Array of Object	The set of affected locations and their fixes (if available) within the associated resource. This object should have the same structure as PackageIssue
shortDescription	string	Output only. A one sentence description of this vulnerability.
longDescription	string	Output only. A detailed description of this vulnerability.
relatedUrls	Array of Object	Output only. URLs related to this vulnerability. This object should have the same structure as RelatedUrl

See also: grafeas.v1beta1.vulnerability.Details definition in proto format

static

PackageIssue

This message wraps a location affected by a vulnerability and its associated fix (if one is available).

Properties

Name	Type	Description
affectedLocation	Object	The location of the vulnerability. This object should have the same structure as VulnerabilityLocation
fixedLocation	Object	The location of the available fix for vulnerability. This object should have the same structure as VulnerabilityLocation
severityName	string	The severity (e.g., distro assigned severity) for this vulnerability.

Name

Type

Optional

Description

affectedLocation

Object

The location of the vulnerability.

This object should have the same structure as VulnerabilityLocation

fixedLocation

Object

The location of the available fix for vulnerability.

This object should have the same structure as VulnerabilityLocation

severityName

string

The severity (e.g., distro assigned severity) for this vulnerability.

See also: grafeas.v1beta1.vulnerability.PackageIssue definition in proto format

static

Vulnerability

Vulnerability provides metadata about a security vulnerability.

Properties

Name	Type	Description
cvssScore	number	The CVSS score for this vulnerability.
severity	number	Note provider assigned impact of the vulnerability. The number should be among the values of Severity
details	Array of Object	All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in. This object should have the same structure as Detail

Name

Type

Optional

Description

cvssScore

number

The CVSS score for this vulnerability.

severity

number

Note provider assigned impact of the vulnerability.

The number should be among the values of Severity

details

Array of Object

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

This object should have the same structure as Detail

See also: grafeas.v1beta1.vulnerability.Vulnerability definition in proto format

static

VulnerabilityLocation

The location of the vulnerability.

Properties

Name	Type	Description
cpeUri	string	The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar.
package	string	The package being described.
version	Object	The version of the package being described. This object should have the same structure as Version

Name

Type

Optional

Description

cpeUri

string

The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar.

package

string

The package being described.

version

Object

The version of the package being described.

This object should have the same structure as Version

See also: grafeas.v1beta1.vulnerability.VulnerabilityLocation definition in proto format