Class: Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

Inherits:

Object

• Object
• Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification

Extended by:

Google::Protobuf::MessageExts::ClassMethods

Includes:

Google::Protobuf::MessageExts

Defined in:

proto_docs/grafeas/v1/vex.rb

Overview

Justification provides the justification when the state of the assessment if NOT_AFFECTED.

Defined Under Namespace

Modules: JustificationType

Instance Attribute Summary

• #details ⇒ ::String

  Additional details on why this justification was chosen.

• #justification_type ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType

  The justification type for this vulnerability.

Instance Attribute Details

#details ⇒ ::String

Returns Additional details on why this justification was chosen.

Returns:

• (::String) —

  Additional details on why this justification was chosen.

# File 'proto_docs/grafeas/v1/vex.rb', line 145

class Justification
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Provides the type of justification.
  module JustificationType
    # JUSTIFICATION_TYPE_UNSPECIFIED.
    JUSTIFICATION_TYPE_UNSPECIFIED = 0

    # The vulnerable component is not present in the product.
    COMPONENT_NOT_PRESENT = 1

    # The vulnerable code is not present. Typically this case
    # occurs when source code is configured or built in a way that excludes
    # the vulnerable code.
    VULNERABLE_CODE_NOT_PRESENT = 2

    # The vulnerable code can not be executed.
    # Typically this case occurs when the product includes the vulnerable
    # code but does not call or use the vulnerable code.
    VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

    # The vulnerable code cannot be controlled by an attacker to exploit
    # the vulnerability.
    VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

    # The product includes built-in protections or features that prevent
    # exploitation of the vulnerability. These built-in protections cannot
    # be subverted by the attacker and cannot be configured or disabled by
    # the user. These mitigations completely prevent exploitation based on
    # known attack vectors.
    INLINE_MITIGATIONS_ALREADY_EXIST = 5
  end
end

#justification_type ⇒ ::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType

Returns The justification type for this vulnerability.

Returns:

• (::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType) —

  The justification type for this vulnerability.

# File 'proto_docs/grafeas/v1/vex.rb', line 145

class Justification
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Provides the type of justification.
  module JustificationType
    # JUSTIFICATION_TYPE_UNSPECIFIED.
    JUSTIFICATION_TYPE_UNSPECIFIED = 0

    # The vulnerable component is not present in the product.
    COMPONENT_NOT_PRESENT = 1

    # The vulnerable code is not present. Typically this case
    # occurs when source code is configured or built in a way that excludes
    # the vulnerable code.
    VULNERABLE_CODE_NOT_PRESENT = 2

    # The vulnerable code can not be executed.
    # Typically this case occurs when the product includes the vulnerable
    # code but does not call or use the vulnerable code.
    VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3

    # The vulnerable code cannot be controlled by an attacker to exploit
    # the vulnerability.
    VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4

    # The product includes built-in protections or features that prevent
    # exploitation of the vulnerability. These built-in protections cannot
    # be subverted by the attacker and cannot be configured or disabled by
    # the user. These mitigations completely prevent exploitation based on
    # known attack vectors.
    INLINE_MITIGATIONS_ALREADY_EXIST = 5
  end
end