Class: Grafeas::V1::VulnerabilityAssessmentNote::Assessment

Inherits:

Object

• Object
• Grafeas::V1::VulnerabilityAssessmentNote::Assessment

Extended by:

Google::Protobuf::MessageExts::ClassMethods

Includes:

Google::Protobuf::MessageExts

Defined in:

proto_docs/grafeas/v1/vex.rb

Overview

Assessment provides all information that is related to a single vulnerability for this product.

Defined Under Namespace

Modules: State Classes: Justification, Remediation

Instance Attribute Summary

• #cve ⇒ ::String

  Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.

• #impacts ⇒ ::Array<::String>

  Contains information about the impact of this vulnerability, this will change with time.

• #justification ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

  Justification provides the justification when the state of the assessment if NOT_AFFECTED.

• #long_description ⇒ ::String

  A detailed description of this Vex.

• #related_uris ⇒ ::Array<::Grafeas::V1::RelatedUrl>

  Holds a list of references associated with this vulnerability item and assessment.

• #remediations ⇒ ::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>

  Specifies details on how to handle (and presumably, fix) a vulnerability.

• #short_description ⇒ ::String

  A one sentence description of this Vex.

• #state ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State

  Provides the state of this Vulnerability assessment.

Instance Attribute Details

#cve ⇒ ::String

Returns Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.

Returns:

• (::String) —

  Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#impacts ⇒ ::Array<::String>

Returns Contains information about the impact of this vulnerability, this will change with time.

Returns:

• (::Array<::String>) —

  Contains information about the impact of this vulnerability, this will change with time.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#justification ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

Returns Justification provides the justification when the state of the assessment if NOT_AFFECTED.

Returns:

• (::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification) —

  Justification provides the justification when the state of the assessment if NOT_AFFECTED.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#long_description ⇒ ::String

Returns A detailed description of this Vex.

Returns:

• (::String) —

  A detailed description of this Vex.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#related_uris ⇒ ::Array<::Grafeas::V1::RelatedUrl>

Returns Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.

Returns:

• (::Array<::Grafeas::V1::RelatedUrl>) —

  Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#remediations ⇒ ::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>

Returns Specifies details on how to handle (and presumably, fix) a vulnerability.

Returns:

• (::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>) —

  Specifies details on how to handle (and presumably, fix) a vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#short_description ⇒ ::String

Returns A one sentence description of this Vex.

Returns:

• (::String) —

  A one sentence description of this Vex.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#state ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State

Returns Provides the state of this Vulnerability assessment.

Returns:

• (::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State) —

  Provides the state of this Vulnerability assessment.

# File 'proto_docs/grafeas/v1/vex.rb', line 127

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end