Class: Grafeas::V1::VulnerabilityAssessmentNote::Assessment

Inherits:

Object

• Object
• Grafeas::V1::VulnerabilityAssessmentNote::Assessment

Extended by:

Google::Protobuf::MessageExts::ClassMethods

Includes:

Google::Protobuf::MessageExts

Defined in:

proto_docs/grafeas/v1/vex.rb

Overview

Assessment provides all information that is related to a single vulnerability for this product.

Defined Under Namespace

Modules: State Classes: Justification, Remediation

Instance Attribute Summary

• #cve ⇒ ::String deprecated Deprecated.

  This field is deprecated and may be removed in the next major version update.

• #impacts ⇒ ::Array<::String>

  Contains information about the impact of this vulnerability, this will change with time.

• #justification ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

  Justification provides the justification when the state of the assessment if NOT_AFFECTED.

• #long_description ⇒ ::String

  A detailed description of this Vex.

• #related_uris ⇒ ::Array<::Grafeas::V1::RelatedUrl>

  Holds a list of references associated with this vulnerability item and assessment.

• #remediations ⇒ ::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>

  Specifies details on how to handle (and presumably, fix) a vulnerability.

• #short_description ⇒ ::String

  A one sentence description of this Vex.

• #state ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State

  Provides the state of this Vulnerability assessment.

• #vulnerability_id ⇒ ::String

  The vulnerability identifier for this Assessment.

Instance Attribute Details

#cve ⇒ ::String

Deprecated.

This field is deprecated and may be removed in the next major version update.

Returns Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.

Returns:

• (::String) —

  Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#impacts ⇒ ::Array<::String>

Returns Contains information about the impact of this vulnerability, this will change with time.

Returns:

• (::Array<::String>) —

  Contains information about the impact of this vulnerability, this will change with time.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#justification ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

Returns Justification provides the justification when the state of the assessment if NOT_AFFECTED.

Returns:

• (::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification) —

  Justification provides the justification when the state of the assessment if NOT_AFFECTED.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#long_description ⇒ ::String

Returns A detailed description of this Vex.

Returns:

• (::String) —

  A detailed description of this Vex.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#related_uris ⇒ ::Array<::Grafeas::V1::RelatedUrl>

Returns Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.

Returns:

• (::Array<::Grafeas::V1::RelatedUrl>) —

  Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#remediations ⇒ ::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>

Returns Specifies details on how to handle (and presumably, fix) a vulnerability.

Returns:

• (::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>) —

  Specifies details on how to handle (and presumably, fix) a vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#short_description ⇒ ::String

Returns A one sentence description of this Vex.

Returns:

• (::String) —

  A one sentence description of this Vex.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#state ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State

Returns Provides the state of this Vulnerability assessment.

Returns:

• (::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State) —

  Provides the state of this Vulnerability assessment.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end

#vulnerability_id ⇒ ::String

Returns The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.

Returns:

• (::String) —

  The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc.

# File 'proto_docs/grafeas/v1/vex.rb', line 133

class Assessment
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Justification provides the justification when the state of the
  # assessment if NOT_AFFECTED.
  # @!attribute [rw] justification_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
  #     The justification type for this vulnerability.
  # @!attribute [rw] details
  #   @return [::String]
  #     Additional details on why this justification was chosen.
  class Justification
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Provides the type of justification.
    module JustificationType
      # JUSTIFICATION_TYPE_UNSPECIFIED.
      JUSTIFICATION_TYPE_UNSPECIFIED = 0

      # The vulnerable component is not present in the product.
      COMPONENT_NOT_PRESENT = 1

      # The vulnerable code is not present. Typically this case
      # occurs when source code is configured or built in a way that excludes
      # the vulnerable code.
      VULNERABLE_CODE_NOT_PRESENT = 2

      # The vulnerable code can not be executed.
      # Typically this case occurs when the product includes the vulnerable
      # code but does not call or use the vulnerable code.
      VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

      # The vulnerable code cannot be controlled by an attacker to exploit
      # the vulnerability.
      VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

      # The product includes built-in protections or features that prevent
      # exploitation of the vulnerability. These built-in protections cannot
      # be subverted by the attacker and cannot be configured or disabled by
      # the user. These mitigations completely prevent exploitation based on
      # known attack vectors.
      INLINE_MITIGATIONS_ALREADY_EXIST = 5
    end
  end

  # Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] remediation_type
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
  #     The type of remediation that can be applied.
  # @!attribute [rw] details
  #   @return [::String]
  #     Contains a comprehensive human-readable discussion of the remediation.
  # @!attribute [rw] remediation_uri
  #   @return [::Grafeas::V1::RelatedUrl]
  #     Contains the URL where to obtain the remediation.
  class Remediation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of remediation that can be applied.
    module RemediationType
      # No remediation type specified.
      REMEDIATION_TYPE_UNSPECIFIED = 0

      # A MITIGATION is available.
      MITIGATION = 1

      # No fix is planned.
      NO_FIX_PLANNED = 2

      # Not available.
      NONE_AVAILABLE = 3

      # A vendor fix is available.
      VENDOR_FIX = 4

      # A workaround is available.
      WORKAROUND = 5
    end
  end

  # Provides the state of this Vulnerability assessment.
  module State
    # No state is specified.
    STATE_UNSPECIFIED = 0

    # This product is known to be affected by this vulnerability.
    AFFECTED = 1

    # This product is known to be not affected by this vulnerability.
    NOT_AFFECTED = 2

    # This product contains a fix for this vulnerability.
    FIXED = 3

    # It is not known yet whether these versions are or are not affected
    # by the vulnerability. However, it is still under investigation.
    UNDER_INVESTIGATION = 4
  end
end