Module: Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType

Defined in:: proto_docs/grafeas/v1/vex.rb

Overview

Provides the type of justification.

Constant Summary collapse

JUSTIFICATION_TYPE_UNSPECIFIED = JUSTIFICATION_TYPE_UNSPECIFIED.

COMPONENT_NOT_PRESENT = The vulnerable component is not present in the product.

VULNERABLE_CODE_NOT_PRESENT = The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.

VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.

VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.

INLINE_MITIGATIONS_ALREADY_EXIST = The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.