You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
+4-2Lines changed: 4 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -517,7 +517,7 @@ <h3>Method Details</h3>
517
517
},
518
518
"vulnerabilityDetails": { # Used by Occurrence to point to where the vulnerability exists and how to fix it. # Details of a security vulnerability note.
519
519
"cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.
520
-
"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability.
520
+
"effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.
521
521
"packageIssue": [ # The set of affected locations and their fixes (if available) within the associated resource.
522
522
{ # This message wraps a location affected by a vulnerability and its associated fix (if one is available).
523
523
"affectedLocation": { # The location of the vulnerability # The location of the vulnerability.
@@ -531,6 +531,7 @@ <h3>Method Details</h3>
531
531
"revision": "A String", # The iteration of the package build from the above version.
532
532
},
533
533
},
534
+
"effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when distro or language system has not yet assigned a severity for this vulnerability.
534
535
"fixedLocation": { # The location of the vulnerability # The location of the available fix for vulnerability.
535
536
"cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) format. Examples include distro or storage location for vulnerable jar. This field can be used as a filter in list requests.
536
537
"package": "A String", # The package being described.
@@ -542,11 +543,12 @@ <h3>Method Details</h3>
542
543
"revision": "A String", # The iteration of the package build from the above version.
543
544
},
544
545
},
546
+
"packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
545
547
"severityName": "A String",
546
548
},
547
549
],
548
550
"severity": "A String", # Output only. The note provider assigned Severity of the vulnerability.
549
-
"type": "A String", # The type of package; whether native or non native(ruby gems, node.js packages etc)
551
+
"type": "A String", # The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.
0 commit comments