Reference documentation and code samples for the Grafeas V1 Client class VulnerabilityOccurrence.
An occurrence of a severity vulnerability on a resource.
Generated from protobuf message grafeas.v1.VulnerabilityOccurrence
Namespace
Grafeas \ V1Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ type
string
The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
↳ severity
int
Output only. The note provider assigned severity of this vulnerability.
↳ cvss_score
float
Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
↳ cvssv3
↳ package_issue
array< Grafeas\V1\VulnerabilityOccurrence\PackageIssue
>
Required. The set of affected locations and their fixes (if available) within the associated resource.
↳ short_description
string
Output only. A one sentence description of this vulnerability.
↳ long_description
string
Output only. A detailed description of this vulnerability.
↳ related_urls
↳ effective_severity
int
The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
↳ fix_available
bool
Output only. Whether at least one of the affected packages has a fix available.
↳ cvss_version
int
Output only. CVSS version used to populate cvss_score and severity.
↳ cvss_v2
↳ vex_assessment
↳ extra_details
string
Occurrence-specific extra details about the vulnerability.
getType
The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
string
setType
The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
var
string
$this
getSeverity
Output only. The note provider assigned severity of this vulnerability.
int
setSeverity
Output only. The note provider assigned severity of this vulnerability.
var
int
$this
getCvssScore
Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
float
setCvssScore
Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
var
float
$this
getCvssv3
The cvss v3 score for the vulnerability.
hasCvssv3
clearCvssv3
setCvssv3
The cvss v3 score for the vulnerability.
$this
getPackageIssue
Required. The set of affected locations and their fixes (if available) within the associated resource.
setPackageIssue
Required. The set of affected locations and their fixes (if available) within the associated resource.
$this
getShortDescription
Output only. A one sentence description of this vulnerability.
string
setShortDescription
Output only. A one sentence description of this vulnerability.
var
string
$this
getLongDescription
Output only. A detailed description of this vulnerability.
string
setLongDescription
Output only. A detailed description of this vulnerability.
var
string
$this
getRelatedUrls
Output only. URLs related to this vulnerability.
setRelatedUrls
Output only. URLs related to this vulnerability.
$this
getEffectiveSeverity
The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.
When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
int
setEffectiveSeverity
The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity.
When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
var
int
$this
getFixAvailable
Output only. Whether at least one of the affected packages has a fix available.
bool
setFixAvailable
Output only. Whether at least one of the affected packages has a fix available.
var
bool
$this
getCvssVersion
Output only. CVSS version used to populate cvss_score and severity.
int
setCvssVersion
Output only. CVSS version used to populate cvss_score and severity.
var
int
$this
getCvssV2
The cvss v2 score for the vulnerability.
hasCvssV2
clearCvssV2
setCvssV2
The cvss v2 score for the vulnerability.
$this
getVexAssessment
Generated from protobuf field .grafeas.v1.VulnerabilityOccurrence.VexAssessment vex_assessment = 13;
hasVexAssessment
clearVexAssessment
setVexAssessment
Generated from protobuf field .grafeas.v1.VulnerabilityOccurrence.VexAssessment vex_assessment = 13;
$this
getExtraDetails
Occurrence-specific extra details about the vulnerability.
string
setExtraDetails
Occurrence-specific extra details about the vulnerability.
var
string
$this
