vulnerability

Source:

index.js, line 72

Members

(static, constant) Severity :number

Note provider-assigned severity/impact ranking.

Properties:

Name	Type	Description
`SEVERITY_UNSPECIFIED`	number	Unknown.
`MINIMAL`	number	Minimal severity.
`LOW`	number	Low severity.
`MEDIUM`	number	Medium severity.
`HIGH`	number	High severity.
`CRITICAL`	number	Critical severity.

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 190

Type Definitions

Detail

Identifies all occurrences of this vulnerability in the package for a specific distro/location. For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2

Properties:

Name	Type	Description
`cpeUri`	string	The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.
`package`	string	The name of the package where the vulnerability was found.
`minAffectedVersion`	Object	The min version of the package in which the vulnerability exists. This object should have the same structure as Version
`maxAffectedVersion`	Object	The max version of the package in which the vulnerability exists. This object should have the same structure as Version
`severityName`	string	The severity (eg: distro assigned severity) for this vulnerability.
`description`	string	A vendor-specific description of this note.
`fixedLocation`	Object	The fix for this specific package version. This object should have the same structure as VulnerabilityLocation
`packageType`	string	The type of package; whether native or non native(ruby gems, node.js packages etc).
`isObsolete`	boolean	Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 43

See:

grafeas.v1beta1.vulnerability.Vulnerability.Detail definition in proto format

Details

Details of a vulnerability occurrence.

Properties:

Name	Type	Description
`type`	string	The type of package; whether native or non native(ruby gems, node.js packages etc)
`severity`	number	Output only. The note provider assigned Severity of the vulnerability. The number should be among the values of Severity
`cvssScore`	number	Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
`packageIssue`	Array.<Object>	The set of affected locations and their fixes (if available) within the associated resource. This object should have the same structure as PackageIssue
`shortDescription`	string	Output only. A one sentence description of this vulnerability.
`longDescription`	string	Output only. A detailed description of this vulnerability.
`relatedUrls`	Array.<Object>	Output only. URLs related to this vulnerability. This object should have the same structure as RelatedUrl

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 94

See:

grafeas.v1beta1.vulnerability.Details definition in proto format

PackageIssue

This message wraps a location affected by a vulnerability and its associated fix (if one is available).

Properties:

Name Type Description

Name	Type	Description
`affectedLocation`	Object	The location of the vulnerability. This object should have the same structure as VulnerabilityLocation
`fixedLocation`	Object	The location of the available fix for vulnerability. This object should have the same structure as VulnerabilityLocation
`severityName`	string	The severity (e.g., distro assigned severity) for this vulnerability.

affectedLocation

Object

The location of the vulnerability.

This object should have the same structure as VulnerabilityLocation

fixedLocation

Object

The location of the available fix for vulnerability.

This object should have the same structure as VulnerabilityLocation

severityName

string

The severity (e.g., distro assigned severity) for this vulnerability.

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 136

See:

grafeas.v1beta1.vulnerability.PackageIssue definition in proto format

Vulnerability provides metadata about a security vulnerability.

Properties:

Name Type Description

Name	Type	Description
`cvssScore`	number	The CVSS score for this vulnerability.
`severity`	number	Note provider assigned impact of the vulnerability. The number should be among the values of Severity
`details`	Array.<Object>	All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in. This object should have the same structure as Detail

cvssScore

number

The CVSS score for this vulnerability.

severity

number

Note provider assigned impact of the vulnerability.

The number should be among the values of Severity

details

Array.<Object>

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

This object should have the same structure as Detail

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 18

See:

grafeas.v1beta1.vulnerability.Vulnerability definition in proto format

VulnerabilityLocation

The location of the vulnerability.

Properties:

Name Type Description

Name	Type	Description
`cpeUri`	string	The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar.
`package`	string	The package being described.
`version`	Object	The version of the package being described. This object should have the same structure as Version

cpeUri

string

The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar.

package

string

The package being described.

version

Object

The version of the package being described.

This object should have the same structure as Version

Source:

v1beta1/doc/grafeas/v1beta1/vulnerability/doc_vulnerability.js, line 161

See:

grafeas.v1beta1.vulnerability.VulnerabilityLocation definition in proto format