Module: Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType
- Defined in:
- proto_docs/grafeas/v1/vex.rb
Overview
Provides the type of justification.
Constant Summary collapse
- JUSTIFICATION_TYPE_UNSPECIFIED =
JUSTIFICATION_TYPE_UNSPECIFIED.
0
- COMPONENT_NOT_PRESENT =
The vulnerable component is not present in the product.
1
- VULNERABLE_CODE_NOT_PRESENT =
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code.
2
- VULNERABLE_CODE_NOT_IN_EXECUTE_PATH =
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code.
3
- VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY =
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability.
4
- INLINE_MITIGATIONS_ALREADY_EXIST =
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors.
5