public sealed class VulnerabilityOccurrence : IMessage<VulnerabilityOccurrence>, IEquatable<VulnerabilityOccurrence>, IDeepCloneable<VulnerabilityOccurrence>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class VulnerabilityOccurrence.
An occurrence of a severity vulnerability on a resource.
Implements
IMessageVulnerabilityOccurrence, IEquatableVulnerabilityOccurrence, IDeepCloneableVulnerabilityOccurrence, IBufferMessage, IMessageNamespace
Grafeas.V1Assembly
Grafeas.V1.dll
Constructors
VulnerabilityOccurrence()
public VulnerabilityOccurrence()
VulnerabilityOccurrence(VulnerabilityOccurrence)
public VulnerabilityOccurrence(VulnerabilityOccurrence other)
Parameter | |
---|---|
Name | Description |
other | VulnerabilityOccurrence |
Properties
CvssScore
public float CvssScore { get; set; }
Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
Property Value | |
---|---|
Type | Description |
float |
CvssV2
public CVSS CvssV2 { get; set; }
The cvss v2 score for the vulnerability.
Property Value | |
---|---|
Type | Description |
CVSS |
Cvssv3
public CVSS Cvssv3 { get; set; }
The cvss v3 score for the vulnerability.
Property Value | |
---|---|
Type | Description |
CVSS |
CvssVersion
public CVSSVersion CvssVersion { get; set; }
Output only. CVSS version used to populate cvss_score and severity.
Property Value | |
---|---|
Type | Description |
CVSSVersion |
EffectiveSeverity
public Severity EffectiveSeverity { get; set; }
The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.
When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
Property Value | |
---|---|
Type | Description |
Severity |
FixAvailable
public bool FixAvailable { get; set; }
Output only. Whether at least one of the affected packages has a fix available.
Property Value | |
---|---|
Type | Description |
bool |
LongDescription
public string LongDescription { get; set; }
Output only. A detailed description of this vulnerability.
Property Value | |
---|---|
Type | Description |
string |
PackageIssue
public RepeatedField<VulnerabilityOccurrence.Types.PackageIssue> PackageIssue { get; }
Required. The set of affected locations and their fixes (if available) within the associated resource.
Property Value | |
---|---|
Type | Description |
RepeatedFieldVulnerabilityOccurrenceTypesPackageIssue |
RelatedUrls
public RepeatedField<RelatedUrl> RelatedUrls { get; }
Output only. URLs related to this vulnerability.
Property Value | |
---|---|
Type | Description |
RepeatedFieldRelatedUrl |
Severity
public Severity Severity { get; set; }
Output only. The note provider assigned severity of this vulnerability.
Property Value | |
---|---|
Type | Description |
Severity |
ShortDescription
public string ShortDescription { get; set; }
Output only. A one sentence description of this vulnerability.
Property Value | |
---|---|
Type | Description |
string |
Type
public string Type { get; set; }
The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
Property Value | |
---|---|
Type | Description |
string |
VexAssessment
public VulnerabilityOccurrence.Types.VexAssessment VexAssessment { get; set; }
Property Value | |
---|---|
Type | Description |
VulnerabilityOccurrenceTypesVexAssessment |