VulnerabilityNote
import type { VulnerabilityNote } from "https://googleapis.deno.dev/v1/containeranalysis:v1.ts";
A security vulnerability that can be found in resources.
interface VulnerabilityNote {
cvssScore?: number;
cvssV2?: CVSS;
cvssV3?: CVSSv3;
cvssVersion?: "CVSS_VERSION_UNSPECIFIED" | "CVSS_VERSION_2" | "CVSS_VERSION_3";
details?: Detail[];
severity?:
| "SEVERITY_UNSPECIFIED"
| "MINIMAL"
| "LOW"
| "MEDIUM"
| "HIGH"
| "CRITICAL";
sourceUpdateTime?: Date;
windowsDetails?: WindowsDetail[];
}§Properties
§
cvssScore?: number
[src]The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
§
cvssVersion?: "CVSS_VERSION_UNSPECIFIED" | "CVSS_VERSION_2" | "CVSS_VERSION_3"
[src]CVSS version used to populate cvss_score and severity.
§
severity?: "SEVERITY_UNSPECIFIED" | "MINIMAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
[src]The note provider assigned severity of this vulnerability.
§
sourceUpdateTime?: Date
[src]The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
§
windowsDetails?: WindowsDetail[]
[src]Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.