pulumi-google-native-kotlin/com.pulumi.googlenative.containeranalysis.v1.kotlin.outputs/VulnerabilityNoteResponse

VulnerabilityNoteResponse

data class VulnerabilityNoteResponse(val cvssScore: Double, val cvssV2: CVSSResponse, val cvssV3: CVSSv3Response, val cvssVersion: String, val details: List<DetailResponse>, val severity: String, val sourceUpdateTime: String, val windowsDetails: List<WindowsDetailResponse>)

A security vulnerability that can be found in resources.

Constructors

VulnerabilityNoteResponse

fun VulnerabilityNoteResponse(cvssScore: Double, cvssV2: CVSSResponse, cvssV3: CVSSv3Response, cvssVersion: String, details: List<DetailResponse>, severity: String, sourceUpdateTime: String, windowsDetails: List<WindowsDetailResponse>)

Types

object Companion

Properties

val cvssScore: Double

The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

val cvssV2: CVSSResponse

The full description of the v2 CVSS for this vulnerability.

val cvssV3: CVSSv3Response

The full description of the CVSSv3 for this vulnerability.

val cvssVersion: String

CVSS version used to populate cvss_score and severity.

val details: List<DetailResponse>

Details of all known distros and packages affected by this vulnerability.

val severity: String

The note provider assigned severity of this vulnerability.

sourceUpdateTime

val sourceUpdateTime: String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

val windowsDetails: List<WindowsDetailResponse>

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.