Vulnerability provides metadata about a security vulnerability in a Note.

Attributes

• cvssScore (type: number(), default: nil) - The CVSS score for this vulnerability.
• cvssV2 (type: GoogleApi.ContainerAnalysis.V1beta1.Model.CVSS.t, default: nil) - The full description of the CVSS for version 2.
• cvssV3 (type: GoogleApi.ContainerAnalysis.V1beta1.Model.CVSSv3.t, default: nil) - The full description of the CVSS for version 3.
• cvssVersion (type: String.t, default: nil) - CVSS version used to populate cvss_score and severity.
• cwe (type: list(String.t), default: nil) - A list of CWE for this vulnerability. For details, see: https://cwe.mitre.org/index.html
• details (type: list(GoogleApi.ContainerAnalysis.V1beta1.Model.Detail.t), default: nil) - All information about the package to specifically identify this vulnerability. One entry per (version range and cpe_uri) the package vulnerability has manifested in.
• severity (type: String.t, default: nil) - Note provider assigned impact of the vulnerability.
• sourceUpdateTime (type: DateTime.t, default: nil) - The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
• windowsDetails (type: list(GoogleApi.ContainerAnalysis.V1beta1.Model.WindowsDetail.t), default: nil) - Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.