Class: Grafeas::V1::VulnerabilityOccurrence

Inherits:
Object
  • Object
show all
Extended by:
Google::Protobuf::MessageExts::ClassMethods
Includes:
Google::Protobuf::MessageExts
Defined in:
proto_docs/grafeas/v1/vulnerability.rb

Overview

An occurrence of a severity vulnerability on a resource.

Defined Under Namespace

Classes: PackageIssue, VexAssessment

Instance Attribute Summary collapse

Instance Attribute Details

#cvss_score::Float

Returns Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

Returns:

  • (::Float)

    Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvss_v2::Grafeas::V1::CVSS

Returns The cvss v2 score for the vulnerability.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvss_version::Grafeas::V1::CVSSVersion

Returns Output only. CVSS version used to populate cvss_score and severity.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvssv3::Grafeas::V1::CVSS

Returns The cvss v3 score for the vulnerability.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#effective_severity::Grafeas::V1::Severity

Returns The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.

When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.

Returns:

  • (::Grafeas::V1::Severity)

    The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.

    When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#extra_details::String

Returns Occurrence-specific extra details about the vulnerability.

Returns:

  • (::String)

    Occurrence-specific extra details about the vulnerability.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#fix_available::Boolean

Returns Output only. Whether at least one of the affected packages has a fix available.

Returns:

  • (::Boolean)

    Output only. Whether at least one of the affected packages has a fix available.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#long_description::String

Returns Output only. A detailed description of this vulnerability.

Returns:

  • (::String)

    Output only. A detailed description of this vulnerability.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#package_issue::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>

Returns Required. The set of affected locations and their fixes (if available) within the associated resource.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#related_urls::Array<::Grafeas::V1::RelatedUrl>

Returns Output only. URLs related to this vulnerability.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#severity::Grafeas::V1::Severity

Returns Output only. The note provider assigned severity of this vulnerability.

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#short_description::String

Returns Output only. A one sentence description of this vulnerability.

Returns:

  • (::String)

    Output only. A one sentence description of this vulnerability.



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#type::String

Returns The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

Returns:

  • (::String)

    The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#vex_assessment::Grafeas::V1::VulnerabilityOccurrence::VexAssessment

Returns:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 219

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @deprecated This field is deprecated and may be removed in the next major version update.
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  #     Deprecated: Use vulnerability_id instead to denote CVEs.
  # @!attribute [rw] vulnerability_id
  #   @return [::String]
  #     The vulnerability identifier for this Assessment. Will hold one of
  #     common identifiers e.g. CVE, GHSA etc.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end