pulumi-google-native-kotlin/com.pulumi.googlenative.containeranalysis.v1beta1.kotlin.outputs/VulnerabilityResponse

VulnerabilityResponse

data class VulnerabilityResponse(val cvssScore: Double, val cvssV2: CVSSResponse, val cvssV3: CVSSv3Response, val cvssVersion: String, val cwe: List<String>, val details: List<DetailResponse>, val severity: String, val sourceUpdateTime: String, val windowsDetails: List<WindowsDetailResponse>)

Vulnerability provides metadata about a security vulnerability in a Note.

Constructors

VulnerabilityResponse

constructor(cvssScore: Double, cvssV2: CVSSResponse, cvssV3: CVSSv3Response, cvssVersion: String, cwe: List<String>, details: List<DetailResponse>, severity: String, sourceUpdateTime: String, windowsDetails: List<WindowsDetailResponse>)

Types

object Companion

Properties

val cvssScore: Double

The CVSS score for this vulnerability.

val cvssV2: CVSSResponse

The full description of the CVSS for version 2.

val cvssV3: CVSSv3Response

The full description of the CVSS for version 3.

val cvssVersion: String

CVSS version used to populate cvss_score and severity.

val cwe: List<String>

A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html

val details: List<DetailResponse>

All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.

val severity: String

Note provider assigned impact of the vulnerability.

sourceUpdateTime

val sourceUpdateTime: String

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

val windowsDetails: List<WindowsDetailResponse>

Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.