package grafeas.v1beta1.vulnerability

Get desktop application:
View/edit binary Protocol Buffers messages

Details of a vulnerability occurrence.

Used in: Occurrence

• string type = 1

  The type of package; whether native or non native(ruby gems, node.js packages etc)

• Severity severity = 2

  Output only. The note provider assigned Severity of the vulnerability.

• float cvss_score = 3

  Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.

• repeated PackageIssue package_issue = 4

  The set of affected locations and their fixes (if available) within the associated resource.

• string short_description = 5

  Output only. A one sentence description of this vulnerability.

• string long_description = 6

  Output only. A detailed description of this vulnerability.

• repeated RelatedUrl related_urls = 7

  Output only. URLs related to this vulnerability.

This message wraps a location affected by a vulnerability and its associated fix (if one is available).

Used in: Details

• optional VulnerabilityLocation affected_location = 1

  The location of the vulnerability.

• optional VulnerabilityLocation fixed_location = 2

  The location of the available fix for vulnerability.

• string severity_name = 3

  The severity (e.g., distro assigned severity) for this vulnerability.

Note provider-assigned severity/impact ranking.

Used in: VulnerabilityOccurrencesSummary.FixableTotalByDigest, Details, Vulnerability

• SEVERITY_UNSPECIFIED = 0

  Unknown.

• MINIMAL = 1

  Minimal severity.

• LOW = 2

  Low severity.

• MEDIUM = 3

  Medium severity.

• HIGH = 4

  High severity.

• CRITICAL = 5

  Critical severity.

Vulnerability provides metadata about a security vulnerability.

Used in: Note

• float cvss_score = 1

  The CVSS score for this vulnerability.

• Severity severity = 2

  Note provider assigned impact of the vulnerability.

• repeated Vulnerability.Detail details = 3

  All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

Identifies all occurrences of this vulnerability in the package for a specific distro/location. For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2

Used in: Vulnerability

• string cpe_uri = 1

  The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in which the vulnerability manifests. Examples include distro or storage location for vulnerable jar.

• string package = 2

  The name of the package where the vulnerability was found.

• optional package.Version min_affected_version = 3

  The min version of the package in which the vulnerability exists.

• optional package.Version max_affected_version = 4

  The max version of the package in which the vulnerability exists.

• string severity_name = 5

  The severity (eg: distro assigned severity) for this vulnerability.

• string description = 6

  A vendor-specific description of this note.

• optional VulnerabilityLocation fixed_location = 7

  The fix for this specific package version.

• string package_type = 8

  The type of package; whether native or non native(ruby gems, node.js packages etc).

• bool is_obsolete = 9

  Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

The location of the vulnerability.

Used in: PackageIssue, Vulnerability.Detail

• string cpe_uri = 1

  The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar.

• string package = 2

  The package being described.

• optional package.Version version = 3

  The version of the package being described.