A Finding resource represents a vulnerability instance identified during a ScanRun.

Attributes

• body (type: String.t, default: nil) - Output only. The body of the request that triggered the vulnerability.
• description (type: String.t, default: nil) - Output only. The description of the vulnerability.
• finalUrl (type: String.t, default: nil) - Output only. The URL where the browser lands when the vulnerability is detected.
• findingType (type: String.t, default: nil) - Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
• form (type: GoogleApi.WebSecurityScanner.V1.Model.Form.t, default: nil) - Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
• frameUrl (type: String.t, default: nil) - Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
• fuzzedUrl (type: String.t, default: nil) - Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
• httpMethod (type: String.t, default: nil) - Output only. The http method of the request that triggered the vulnerability, in uppercase.
• name (type: String.t, default: nil) - Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
• outdatedLibrary (type: GoogleApi.WebSecurityScanner.V1.Model.OutdatedLibrary.t, default: nil) - Output only. An addon containing information about outdated libraries.
• reproductionUrl (type: String.t, default: nil) - Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
• severity (type: String.t, default: nil) - Output only. The severity level of the reported vulnerability.
• trackingId (type: String.t, default: nil) - Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
• violatingResource (type: GoogleApi.WebSecurityScanner.V1.Model.ViolatingResource.t, default: nil) - Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
• vulnerableHeaders (type: GoogleApi.WebSecurityScanner.V1.Model.VulnerableHeaders.t, default: nil) - Output only. An addon containing information about vulnerable or missing HTTP headers.
• vulnerableParameters (type: GoogleApi.WebSecurityScanner.V1.Model.VulnerableParameters.t, default: nil) - Output only. An addon containing information about request parameters which were found to be vulnerable.
• xss (type: GoogleApi.WebSecurityScanner.V1.Model.Xss.t, default: nil) - Output only. An addon containing information reported for an XSS, if any.
• xxe (type: GoogleApi.WebSecurityScanner.V1.Model.Xxe.t, default: nil) - Output only. An addon containing information reported for an XXE, if any.