cdx-proto
    Preparing search index...

    Type Alias Vulnerability

    Vulnerability: Message<"cyclonedx.v1_6.Vulnerability"> & {
        advisories: Advisory[];
        affects: VulnerabilityAffects[];
        analysis?: VulnerabilityAnalysis;
        bomRef?: string;
        created?: Timestamp;
        credits?: VulnerabilityCredits;
        cwes: number[];
        description?: string;
        detail?: string;
        id?: string;
        proofOfConcept?: ProofOfConcept;
        properties: Property[];
        published?: Timestamp;
        ratings: VulnerabilityRating[];
        recommendation?: string;
        references: VulnerabilityReference[];
        rejected?: Timestamp;
        source?: Source;
        tools?: Tool;
        updated?: Timestamp;
        workaround?: string;
    }

    Type declaration

    • advisories: Advisory[]

      Published advisories of the vulnerability if provided.

      from field: repeated cyclonedx.v1_6.Advisory advisories = 10;

    • affects: VulnerabilityAffects[]

      affects

      from field: repeated cyclonedx.v1_6.VulnerabilityAffects affects = 17;

    • Optionalanalysis?: VulnerabilityAnalysis

      An assessment of the impact and exploitability of the vulnerability.

      from field: optional cyclonedx.v1_6.VulnerabilityAnalysis analysis = 16;

    • OptionalbomRef?: string

      An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.

      from field: optional string bom_ref = 1;

    • Optionalcreated?: Timestamp

      The date and time (timestamp) when the vulnerability record was created in the vulnerability database.

      from field: optional google.protobuf.Timestamp created = 11;

    • Optionalcredits?: VulnerabilityCredits

      Individuals or organizations credited with the discovery of the vulnerability.

      from field: optional cyclonedx.v1_6.VulnerabilityCredits credits = 14;

    • cwes: number[]

      List of Common Weaknesses Enumerations (CWEs) codes that describe this vulnerability. For example, 399 (of https://cwe.mitre.org/data/definitions/399.html)

      from field: repeated int32 cwes = 6;

    • Optionaldescription?: string

      A description of the vulnerability as provided by the source.

      from field: optional string description = 7;

    • Optionaldetail?: string

      If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding the root cause.

      from field: optional string detail = 8;

    • Optionalid?: string

      The identifier that uniquely identifies the vulnerability.

      from field: optional string id = 2;

    • OptionalproofOfConcept?: ProofOfConcept

      Evidence used to reproduce the vulnerability.

      from field: optional cyclonedx.v1_6.ProofOfConcept proofOfConcept = 20;

    • properties: Property[]

      Specifies optional, custom, properties

      from field: repeated cyclonedx.v1_6.Property properties = 18;

    • Optionalpublished?: Timestamp

      The date and time (timestamp) when the vulnerability record was first published.

      from field: optional google.protobuf.Timestamp published = 12;

    • ratings: VulnerabilityRating[]

      List of vulnerability ratings

      from field: repeated cyclonedx.v1_6.VulnerabilityRating ratings = 5;

    • Optionalrecommendation?: string

      Recommendations of how the vulnerability can be remediated or mitigated.

      from field: optional string recommendation = 9;

    • references: VulnerabilityReference[]

      Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Oftentimes, the same vulnerability may exist in multiple sources of vulnerability intelligence but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.

      from field: repeated cyclonedx.v1_6.VulnerabilityReference references = 4;

    • Optionalrejected?: Timestamp

      The date and time (timestamp) when the vulnerability record was rejected (if applicable).

      from field: optional google.protobuf.Timestamp rejected = 19;

    • Optionalsource?: Source

      The source that published the vulnerability.

      from field: optional cyclonedx.v1_6.Source source = 3;

    • Optionaltools?: Tool

      The tool(s) used to identify, confirm, or score the vulnerability.

      from field: optional cyclonedx.v1_6.Tool tools = 15;

    • Optionalupdated?: Timestamp

      The date and time (timestamp) when the vulnerability record was last updated.

      from field: optional google.protobuf.Timestamp updated = 13;

    • Optionalworkaround?: string

      A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments.

      from field: optional string workaround = 21;

    from message cyclonedx.v1_6.Vulnerability

    Settings

    Member Visibility