You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
+14Lines changed: 14 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -698,6 +698,20 @@ <h3>Method Details</h3>
698
698
},
699
699
"vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
700
700
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
701
+
"cvssV2": { # Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version. # The cvss v2 score for the vulnerability.
"attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
"cvssVersion": "A String", # Output only. CVSS version used to populate cvss_score and severity.
702
716
"cvssv3": { # Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version. # The cvss v3 score for the vulnerability.
Copy file name to clipboardExpand all lines: docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
+43Lines changed: 43 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -768,6 +768,20 @@ <h3>Method Details</h3>
768
768
},
769
769
"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how to fix it. # Details of a security vulnerability note.
770
770
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
771
+
"cvssV2": { # Common Vulnerability Scoring System. This message is compatible with CVSS v2 and v3. For CVSS v2 details, see https://www.first.org/cvss/v2/guide CVSS v2 calculator: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator For CVSS v3 details, see https://www.first.org/cvss/specification-document CVSS v3 calculator: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator # The CVSS v2 score of this vulnerability.
772
+
"attackComplexity": "A String", # Defined in CVSS v3, CVSS v2
773
+
"attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
774
+
"authentication": "A String", # Defined in CVSS v2
775
+
"availabilityImpact": "A String", # Defined in CVSS v3, CVSS v2
776
+
"baseScore": 3.14, # The base score is a function of the base metric scores.
777
+
"confidentialityImpact": "A String", # Defined in CVSS v3, CVSS v2
778
+
"exploitabilityScore": 3.14,
779
+
"impactScore": 3.14,
780
+
"integrityImpact": "A String", # Defined in CVSS v3, CVSS v2
781
+
"privilegesRequired": "A String", # Defined in CVSS v3
782
+
"scope": "A String", # Defined in CVSS v3
783
+
"userInteraction": "A String", # Defined in CVSS v3
784
+
},
771
785
"cvssV3": { # Common Vulnerability Scoring System. This message is compatible with CVSS v2 and v3. For CVSS v2 details, see https://www.first.org/cvss/v2/guide CVSS v2 calculator: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator For CVSS v3 details, see https://www.first.org/cvss/specification-document CVSS v3 calculator: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator # The CVSS v3 score of this vulnerability.
772
786
"attackComplexity": "A String", # Defined in CVSS v3, CVSS v2
773
787
"attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Defined in CVSS v3, CVSS v2
@@ -782,6 +796,7 @@ <h3>Method Details</h3>
782
796
"scope": "A String", # Defined in CVSS v3
783
797
"userInteraction": "A String", # Defined in CVSS v3
784
798
},
799
+
"cvssVersion": "A String", # Output only. CVSS version used to populate cvss_score and severity.
785
800
"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
786
801
"packageIssue": [ # The set of affected locations and their fixes (if available) within the associated resource.
787
802
{ # This message wraps a location affected by a vulnerability and its associated fix (if one is available).
@@ -824,6 +839,34 @@ <h3>Method Details</h3>
824
839
],
825
840
"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
826
841
"type": "A String", # The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
842
+
"vexAssessment": { # VexAssessment provides all publisher provided Vex information that is related to this vulnerability. # VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.
843
+
"cve": "A String", # Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
844
+
"noteName": "A String", # The VulnerabilityAssessment note from which this VexAssessment was generated. This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
845
+
"relatedUris": [ # Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.
846
+
{ # An URI message.
847
+
"label": "A String", # A label for the URI.
848
+
"uri": "A String", # The unique resource identifier.
849
+
},
850
+
],
851
+
"remediations": [ # Specifies details on how to handle (and presumably, fix) a vulnerability.
852
+
{ # Specifies details on how to handle (and presumably, fix) a vulnerability.
853
+
"details": "A String", # Contains a comprehensive human-readable discussion of the remediation.
854
+
"remediationTime": "A String", # Contains the date from which the remediation is available.
855
+
"remediationType": "A String", # The type of remediation that can be applied.
856
+
"remediationUri": { # An URI message. # Contains the URL where to obtain the remediation.
857
+
"label": "A String", # A label for the URI.
858
+
"uri": "A String", # The unique resource identifier.
859
+
},
860
+
},
861
+
],
862
+
"state": "A String", # Provides the state of this Vulnerability assessment.
863
+
"threats": [ # Contains information about this vulnerability, this will change with time.
864
+
{ # Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.
865
+
"details": "A String", # Represents a thorough human-readable discussion of the threat.
866
+
"threatType": "A String", # The type of threat.
0 commit comments