1*d5c09012SAndroid Build Coastguard Worker// Copyright 2019 The Grafeas Authors. All rights reserved. 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage grafeas.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/common.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/cvss.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/package.proto"; 24*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/severity.proto"; 25*d5c09012SAndroid Build Coastguard Workerimport "grafeas/v1/vex.proto"; 26*d5c09012SAndroid Build Coastguard Worker 27*d5c09012SAndroid Build Coastguard Workeroption go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 28*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 29*d5c09012SAndroid Build Coastguard Workeroption java_package = "io.grafeas.v1"; 30*d5c09012SAndroid Build Coastguard Workeroption objc_class_prefix = "GRA"; 31*d5c09012SAndroid Build Coastguard Worker 32*d5c09012SAndroid Build Coastguard Worker// A security vulnerability that can be found in resources. 33*d5c09012SAndroid Build Coastguard Workermessage VulnerabilityNote { 34*d5c09012SAndroid Build Coastguard Worker // The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 35*d5c09012SAndroid Build Coastguard Worker // where 0 indicates low severity and 10 indicates high severity. 36*d5c09012SAndroid Build Coastguard Worker float cvss_score = 1; 37*d5c09012SAndroid Build Coastguard Worker 38*d5c09012SAndroid Build Coastguard Worker // The note provider assigned severity of this vulnerability. 39*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Severity severity = 2; 40*d5c09012SAndroid Build Coastguard Worker 41*d5c09012SAndroid Build Coastguard Worker // Details of all known distros and packages affected by this vulnerability. 42*d5c09012SAndroid Build Coastguard Worker repeated Detail details = 3; 43*d5c09012SAndroid Build Coastguard Worker 44*d5c09012SAndroid Build Coastguard Worker // A detail for a distro and package affected by this vulnerability and its 45*d5c09012SAndroid Build Coastguard Worker // associated fix (if one is available). 46*d5c09012SAndroid Build Coastguard Worker message Detail { 47*d5c09012SAndroid Build Coastguard Worker // The distro assigned severity of this vulnerability. 48*d5c09012SAndroid Build Coastguard Worker string severity_name = 1; 49*d5c09012SAndroid Build Coastguard Worker 50*d5c09012SAndroid Build Coastguard Worker // A vendor-specific description of this vulnerability. 51*d5c09012SAndroid Build Coastguard Worker string description = 2; 52*d5c09012SAndroid Build Coastguard Worker 53*d5c09012SAndroid Build Coastguard Worker // The type of package; whether native or non native (e.g., ruby gems, 54*d5c09012SAndroid Build Coastguard Worker // node.js packages, etc.). 55*d5c09012SAndroid Build Coastguard Worker string package_type = 3; 56*d5c09012SAndroid Build Coastguard Worker 57*d5c09012SAndroid Build Coastguard Worker // Required. The [CPE URI](https://cpe.mitre.org/specification/) this 58*d5c09012SAndroid Build Coastguard Worker // vulnerability affects. 59*d5c09012SAndroid Build Coastguard Worker string affected_cpe_uri = 4; 60*d5c09012SAndroid Build Coastguard Worker 61*d5c09012SAndroid Build Coastguard Worker // Required. The package this vulnerability affects. 62*d5c09012SAndroid Build Coastguard Worker string affected_package = 5; 63*d5c09012SAndroid Build Coastguard Worker 64*d5c09012SAndroid Build Coastguard Worker // The version number at the start of an interval in which this 65*d5c09012SAndroid Build Coastguard Worker // vulnerability exists. A vulnerability can affect a package between 66*d5c09012SAndroid Build Coastguard Worker // version numbers that are disjoint sets of intervals (example: 67*d5c09012SAndroid Build Coastguard Worker // [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be 68*d5c09012SAndroid Build Coastguard Worker // represented in its own Detail. If a specific affected version is provided 69*d5c09012SAndroid Build Coastguard Worker // by a vulnerability database, affected_version_start and 70*d5c09012SAndroid Build Coastguard Worker // affected_version_end will be the same in that Detail. 71*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Version affected_version_start = 6; 72*d5c09012SAndroid Build Coastguard Worker 73*d5c09012SAndroid Build Coastguard Worker // The version number at the end of an interval in which this vulnerability 74*d5c09012SAndroid Build Coastguard Worker // exists. A vulnerability can affect a package between version numbers 75*d5c09012SAndroid Build Coastguard Worker // that are disjoint sets of intervals (example: [1.0.0-1.1.0], 76*d5c09012SAndroid Build Coastguard Worker // [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its 77*d5c09012SAndroid Build Coastguard Worker // own Detail. If a specific affected version is provided by a vulnerability 78*d5c09012SAndroid Build Coastguard Worker // database, affected_version_start and affected_version_end will be the 79*d5c09012SAndroid Build Coastguard Worker // same in that Detail. 80*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Version affected_version_end = 7; 81*d5c09012SAndroid Build Coastguard Worker 82*d5c09012SAndroid Build Coastguard Worker // The distro recommended [CPE URI](https://cpe.mitre.org/specification/) 83*d5c09012SAndroid Build Coastguard Worker // to update to that contains a fix for this vulnerability. It is possible 84*d5c09012SAndroid Build Coastguard Worker // for this to be different from the affected_cpe_uri. 85*d5c09012SAndroid Build Coastguard Worker string fixed_cpe_uri = 8; 86*d5c09012SAndroid Build Coastguard Worker 87*d5c09012SAndroid Build Coastguard Worker // The distro recommended package to update to that contains a fix for this 88*d5c09012SAndroid Build Coastguard Worker // vulnerability. It is possible for this to be different from the 89*d5c09012SAndroid Build Coastguard Worker // affected_package. 90*d5c09012SAndroid Build Coastguard Worker string fixed_package = 9; 91*d5c09012SAndroid Build Coastguard Worker 92*d5c09012SAndroid Build Coastguard Worker // The distro recommended version to update to that contains a 93*d5c09012SAndroid Build Coastguard Worker // fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no 94*d5c09012SAndroid Build Coastguard Worker // such version is yet available. 95*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Version fixed_version = 10; 96*d5c09012SAndroid Build Coastguard Worker 97*d5c09012SAndroid Build Coastguard Worker // Whether this detail is obsolete. Occurrences are expected not to point to 98*d5c09012SAndroid Build Coastguard Worker // obsolete details. 99*d5c09012SAndroid Build Coastguard Worker bool is_obsolete = 11; 100*d5c09012SAndroid Build Coastguard Worker 101*d5c09012SAndroid Build Coastguard Worker // The time this information was last changed at the source. This is an 102*d5c09012SAndroid Build Coastguard Worker // upstream timestamp from the underlying information source - e.g. Ubuntu 103*d5c09012SAndroid Build Coastguard Worker // security tracker. 104*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp source_update_time = 12; 105*d5c09012SAndroid Build Coastguard Worker 106*d5c09012SAndroid Build Coastguard Worker // The source from which the information in this Detail was obtained. 107*d5c09012SAndroid Build Coastguard Worker string source = 13; 108*d5c09012SAndroid Build Coastguard Worker 109*d5c09012SAndroid Build Coastguard Worker // The name of the vendor of the product. 110*d5c09012SAndroid Build Coastguard Worker string vendor = 14; 111*d5c09012SAndroid Build Coastguard Worker } 112*d5c09012SAndroid Build Coastguard Worker 113*d5c09012SAndroid Build Coastguard Worker // The full description of the CVSSv3 for this vulnerability. 114*d5c09012SAndroid Build Coastguard Worker CVSSv3 cvss_v3 = 4; 115*d5c09012SAndroid Build Coastguard Worker 116*d5c09012SAndroid Build Coastguard Worker // Windows details get their own format because the information format and 117*d5c09012SAndroid Build Coastguard Worker // model don't match a normal detail. Specifically Windows updates are done as 118*d5c09012SAndroid Build Coastguard Worker // patches, thus Windows vulnerabilities really are a missing package, rather 119*d5c09012SAndroid Build Coastguard Worker // than a package being at an incorrect version. 120*d5c09012SAndroid Build Coastguard Worker repeated WindowsDetail windows_details = 5; 121*d5c09012SAndroid Build Coastguard Worker 122*d5c09012SAndroid Build Coastguard Worker message WindowsDetail { 123*d5c09012SAndroid Build Coastguard Worker // Required. The [CPE URI](https://cpe.mitre.org/specification/) this 124*d5c09012SAndroid Build Coastguard Worker // vulnerability affects. 125*d5c09012SAndroid Build Coastguard Worker string cpe_uri = 1; 126*d5c09012SAndroid Build Coastguard Worker 127*d5c09012SAndroid Build Coastguard Worker // Required. The name of this vulnerability. 128*d5c09012SAndroid Build Coastguard Worker string name = 2; 129*d5c09012SAndroid Build Coastguard Worker 130*d5c09012SAndroid Build Coastguard Worker // The description of this vulnerability. 131*d5c09012SAndroid Build Coastguard Worker string description = 3; 132*d5c09012SAndroid Build Coastguard Worker 133*d5c09012SAndroid Build Coastguard Worker // Required. The names of the KBs which have hotfixes to mitigate this 134*d5c09012SAndroid Build Coastguard Worker // vulnerability. Note that there may be multiple hotfixes (and thus 135*d5c09012SAndroid Build Coastguard Worker // multiple KBs) that mitigate a given vulnerability. Currently any listed 136*d5c09012SAndroid Build Coastguard Worker // KBs presence is considered a fix. 137*d5c09012SAndroid Build Coastguard Worker repeated KnowledgeBase fixing_kbs = 4; 138*d5c09012SAndroid Build Coastguard Worker 139*d5c09012SAndroid Build Coastguard Worker message KnowledgeBase { 140*d5c09012SAndroid Build Coastguard Worker // The KB name (generally of the form KB[0-9]+ (e.g., KB123456)). 141*d5c09012SAndroid Build Coastguard Worker string name = 1; 142*d5c09012SAndroid Build Coastguard Worker // A link to the KB in the [Windows update catalog] 143*d5c09012SAndroid Build Coastguard Worker // (https://www.catalog.update.microsoft.com/). 144*d5c09012SAndroid Build Coastguard Worker string url = 2; 145*d5c09012SAndroid Build Coastguard Worker } 146*d5c09012SAndroid Build Coastguard Worker } 147*d5c09012SAndroid Build Coastguard Worker 148*d5c09012SAndroid Build Coastguard Worker // The time this information was last changed at the source. This is an 149*d5c09012SAndroid Build Coastguard Worker // upstream timestamp from the underlying information source - e.g. Ubuntu 150*d5c09012SAndroid Build Coastguard Worker // security tracker. 151*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp source_update_time = 6; 152*d5c09012SAndroid Build Coastguard Worker 153*d5c09012SAndroid Build Coastguard Worker // CVSS version used to populate cvss_score and severity. 154*d5c09012SAndroid Build Coastguard Worker grafeas.v1.CVSSVersion cvss_version = 7; 155*d5c09012SAndroid Build Coastguard Worker 156*d5c09012SAndroid Build Coastguard Worker // The full description of the v2 CVSS for this vulnerability. 157*d5c09012SAndroid Build Coastguard Worker CVSS cvss_v2 = 8; 158*d5c09012SAndroid Build Coastguard Worker 159*d5c09012SAndroid Build Coastguard Worker // Next free ID is 9. 160*d5c09012SAndroid Build Coastguard Worker} 161*d5c09012SAndroid Build Coastguard Worker 162*d5c09012SAndroid Build Coastguard Worker// An occurrence of a severity vulnerability on a resource. 163*d5c09012SAndroid Build Coastguard Workermessage VulnerabilityOccurrence { 164*d5c09012SAndroid Build Coastguard Worker // The type of package; whether native or non native (e.g., ruby gems, node.js 165*d5c09012SAndroid Build Coastguard Worker // packages, etc.). 166*d5c09012SAndroid Build Coastguard Worker string type = 1; 167*d5c09012SAndroid Build Coastguard Worker 168*d5c09012SAndroid Build Coastguard Worker // Output only. The note provider assigned severity of this vulnerability. 169*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Severity severity = 2; 170*d5c09012SAndroid Build Coastguard Worker 171*d5c09012SAndroid Build Coastguard Worker // Output only. The CVSS score of this vulnerability. CVSS score is on a 172*d5c09012SAndroid Build Coastguard Worker // scale of 0 - 10 where 0 indicates low severity and 10 indicates high 173*d5c09012SAndroid Build Coastguard Worker // severity. 174*d5c09012SAndroid Build Coastguard Worker float cvss_score = 3; 175*d5c09012SAndroid Build Coastguard Worker 176*d5c09012SAndroid Build Coastguard Worker // The cvss v3 score for the vulnerability. 177*d5c09012SAndroid Build Coastguard Worker CVSS cvssv3 = 10; 178*d5c09012SAndroid Build Coastguard Worker 179*d5c09012SAndroid Build Coastguard Worker // Required. The set of affected locations and their fixes (if available) 180*d5c09012SAndroid Build Coastguard Worker // within the associated resource. 181*d5c09012SAndroid Build Coastguard Worker repeated PackageIssue package_issue = 4; 182*d5c09012SAndroid Build Coastguard Worker 183*d5c09012SAndroid Build Coastguard Worker // A detail for a distro and package this vulnerability occurrence was found 184*d5c09012SAndroid Build Coastguard Worker // in and its associated fix (if one is available). 185*d5c09012SAndroid Build Coastguard Worker message PackageIssue { 186*d5c09012SAndroid Build Coastguard Worker // Required. The [CPE URI](https://cpe.mitre.org/specification/) this 187*d5c09012SAndroid Build Coastguard Worker // vulnerability was found in. 188*d5c09012SAndroid Build Coastguard Worker string affected_cpe_uri = 1; 189*d5c09012SAndroid Build Coastguard Worker 190*d5c09012SAndroid Build Coastguard Worker // Required. The package this vulnerability was found in. 191*d5c09012SAndroid Build Coastguard Worker string affected_package = 2; 192*d5c09012SAndroid Build Coastguard Worker 193*d5c09012SAndroid Build Coastguard Worker // Required. The version of the package that is installed on the resource 194*d5c09012SAndroid Build Coastguard Worker // affected by this vulnerability. 195*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Version affected_version = 3; 196*d5c09012SAndroid Build Coastguard Worker 197*d5c09012SAndroid Build Coastguard Worker // The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability 198*d5c09012SAndroid Build Coastguard Worker // was fixed in. It is possible for this to be different from the 199*d5c09012SAndroid Build Coastguard Worker // affected_cpe_uri. 200*d5c09012SAndroid Build Coastguard Worker string fixed_cpe_uri = 4; 201*d5c09012SAndroid Build Coastguard Worker 202*d5c09012SAndroid Build Coastguard Worker // The package this vulnerability was fixed in. It is possible for this to 203*d5c09012SAndroid Build Coastguard Worker // be different from the affected_package. 204*d5c09012SAndroid Build Coastguard Worker string fixed_package = 5; 205*d5c09012SAndroid Build Coastguard Worker 206*d5c09012SAndroid Build Coastguard Worker // Required. The version of the package this vulnerability was fixed in. 207*d5c09012SAndroid Build Coastguard Worker // Setting this to VersionKind.MAXIMUM means no fix is yet available. 208*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Version fixed_version = 6; 209*d5c09012SAndroid Build Coastguard Worker 210*d5c09012SAndroid Build Coastguard Worker // Output only. Whether a fix is available for this package. 211*d5c09012SAndroid Build Coastguard Worker bool fix_available = 7; 212*d5c09012SAndroid Build Coastguard Worker 213*d5c09012SAndroid Build Coastguard Worker // The type of package (e.g. OS, MAVEN, GO). 214*d5c09012SAndroid Build Coastguard Worker string package_type = 8; 215*d5c09012SAndroid Build Coastguard Worker 216*d5c09012SAndroid Build Coastguard Worker // The distro or language system assigned severity for this vulnerability 217*d5c09012SAndroid Build Coastguard Worker // when that is available and note provider assigned severity when it is not 218*d5c09012SAndroid Build Coastguard Worker // available. 219*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Severity effective_severity = 9 220*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 221*d5c09012SAndroid Build Coastguard Worker 222*d5c09012SAndroid Build Coastguard Worker // The location at which this package was found. 223*d5c09012SAndroid Build Coastguard Worker repeated FileLocation file_location = 10; 224*d5c09012SAndroid Build Coastguard Worker } 225*d5c09012SAndroid Build Coastguard Worker 226*d5c09012SAndroid Build Coastguard Worker // Output only. A one sentence description of this vulnerability. 227*d5c09012SAndroid Build Coastguard Worker string short_description = 5; 228*d5c09012SAndroid Build Coastguard Worker 229*d5c09012SAndroid Build Coastguard Worker // Output only. A detailed description of this vulnerability. 230*d5c09012SAndroid Build Coastguard Worker string long_description = 6; 231*d5c09012SAndroid Build Coastguard Worker 232*d5c09012SAndroid Build Coastguard Worker // Output only. URLs related to this vulnerability. 233*d5c09012SAndroid Build Coastguard Worker repeated grafeas.v1.RelatedUrl related_urls = 7; 234*d5c09012SAndroid Build Coastguard Worker 235*d5c09012SAndroid Build Coastguard Worker // The distro assigned severity for this vulnerability when it is available, 236*d5c09012SAndroid Build Coastguard Worker // otherwise this is the note provider assigned severity. 237*d5c09012SAndroid Build Coastguard Worker // 238*d5c09012SAndroid Build Coastguard Worker // When there are multiple PackageIssues for this vulnerability, they can have 239*d5c09012SAndroid Build Coastguard Worker // different effective severities because some might be provided by the distro 240*d5c09012SAndroid Build Coastguard Worker // while others are provided by the language ecosystem for a language pack. 241*d5c09012SAndroid Build Coastguard Worker // For this reason, it is advised to use the effective severity on the 242*d5c09012SAndroid Build Coastguard Worker // PackageIssue level. In the case where multiple PackageIssues have differing 243*d5c09012SAndroid Build Coastguard Worker // effective severities, this field should be the highest severity for any of 244*d5c09012SAndroid Build Coastguard Worker // the PackageIssues. 245*d5c09012SAndroid Build Coastguard Worker grafeas.v1.Severity effective_severity = 8; 246*d5c09012SAndroid Build Coastguard Worker 247*d5c09012SAndroid Build Coastguard Worker // Output only. Whether at least one of the affected packages has a fix 248*d5c09012SAndroid Build Coastguard Worker // available. 249*d5c09012SAndroid Build Coastguard Worker bool fix_available = 9; 250*d5c09012SAndroid Build Coastguard Worker 251*d5c09012SAndroid Build Coastguard Worker // Output only. CVSS version used to populate cvss_score and severity. 252*d5c09012SAndroid Build Coastguard Worker grafeas.v1.CVSSVersion cvss_version = 11; 253*d5c09012SAndroid Build Coastguard Worker 254*d5c09012SAndroid Build Coastguard Worker // The cvss v2 score for the vulnerability. 255*d5c09012SAndroid Build Coastguard Worker CVSS cvss_v2 = 12; 256*d5c09012SAndroid Build Coastguard Worker 257*d5c09012SAndroid Build Coastguard Worker // VexAssessment provides all publisher provided Vex information that is 258*d5c09012SAndroid Build Coastguard Worker // related to this vulnerability. 259*d5c09012SAndroid Build Coastguard Worker message VexAssessment { 260*d5c09012SAndroid Build Coastguard Worker // Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) 261*d5c09012SAndroid Build Coastguard Worker // tracking number for the vulnerability. 262*d5c09012SAndroid Build Coastguard Worker // Deprecated: Use vulnerability_id instead to denote CVEs. 263*d5c09012SAndroid Build Coastguard Worker string cve = 1 [deprecated = true]; 264*d5c09012SAndroid Build Coastguard Worker 265*d5c09012SAndroid Build Coastguard Worker // The vulnerability identifier for this Assessment. Will hold one of 266*d5c09012SAndroid Build Coastguard Worker // common identifiers e.g. CVE, GHSA etc. 267*d5c09012SAndroid Build Coastguard Worker string vulnerability_id = 8; 268*d5c09012SAndroid Build Coastguard Worker 269*d5c09012SAndroid Build Coastguard Worker // Holds a list of references associated with this vulnerability item and 270*d5c09012SAndroid Build Coastguard Worker // assessment. 271*d5c09012SAndroid Build Coastguard Worker repeated grafeas.v1.RelatedUrl related_uris = 2; 272*d5c09012SAndroid Build Coastguard Worker 273*d5c09012SAndroid Build Coastguard Worker // The VulnerabilityAssessment note from which this VexAssessment was 274*d5c09012SAndroid Build Coastguard Worker // generated. 275*d5c09012SAndroid Build Coastguard Worker // This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`. 276*d5c09012SAndroid Build Coastguard Worker // (-- api-linter: core::0122::name-suffix=disabled 277*d5c09012SAndroid Build Coastguard Worker // aip.dev/not-precedent: The suffix is kept for consistency. --) 278*d5c09012SAndroid Build Coastguard Worker string note_name = 3; 279*d5c09012SAndroid Build Coastguard Worker 280*d5c09012SAndroid Build Coastguard Worker // Provides the state of this Vulnerability assessment. 281*d5c09012SAndroid Build Coastguard Worker grafeas.v1.VulnerabilityAssessmentNote.Assessment.State state = 4; 282*d5c09012SAndroid Build Coastguard Worker 283*d5c09012SAndroid Build Coastguard Worker // Contains information about the impact of this vulnerability, 284*d5c09012SAndroid Build Coastguard Worker // this will change with time. 285*d5c09012SAndroid Build Coastguard Worker repeated string impacts = 5; 286*d5c09012SAndroid Build Coastguard Worker 287*d5c09012SAndroid Build Coastguard Worker // Specifies details on how to handle (and presumably, fix) a vulnerability. 288*d5c09012SAndroid Build Coastguard Worker repeated grafeas.v1.VulnerabilityAssessmentNote.Assessment.Remediation 289*d5c09012SAndroid Build Coastguard Worker remediations = 6; 290*d5c09012SAndroid Build Coastguard Worker 291*d5c09012SAndroid Build Coastguard Worker // Justification provides the justification when the state of the 292*d5c09012SAndroid Build Coastguard Worker // assessment if NOT_AFFECTED. 293*d5c09012SAndroid Build Coastguard Worker grafeas.v1.VulnerabilityAssessmentNote.Assessment.Justification 294*d5c09012SAndroid Build Coastguard Worker justification = 7; 295*d5c09012SAndroid Build Coastguard Worker 296*d5c09012SAndroid Build Coastguard Worker // Next ID: 9 297*d5c09012SAndroid Build Coastguard Worker } 298*d5c09012SAndroid Build Coastguard Worker 299*d5c09012SAndroid Build Coastguard Worker VexAssessment vex_assessment = 13; 300*d5c09012SAndroid Build Coastguard Worker 301*d5c09012SAndroid Build Coastguard Worker // Occurrence-specific extra details about the vulnerability. 302*d5c09012SAndroid Build Coastguard Worker string extra_details = 14; 303*d5c09012SAndroid Build Coastguard Worker 304*d5c09012SAndroid Build Coastguard Worker // Next free ID is 15. 305*d5c09012SAndroid Build Coastguard Worker} 306