> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.endorlabs.com/feedback
```json
{
"path": "/api-reference/metricservice/listmetrics",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# ListMetrics
> Lists all metrics in a specified namespace.
## OpenAPI
````yaml /api-reference/openapi.v3.json get /v1/namespaces/{tenant_meta.namespace}/metrics
openapi: 3.0.3
info:
description: Integrate your application with Endor Labs using the REST API.
title: Endor Labs REST API Reference
version: '1.0'
servers:
- url: https://api.endorlabs.com/
security: []
tags:
- name: AISastCustomerContextService
- name: APIKeyService
- name: APIKeyValidatorService
- name: ArtifactSignatureService
- name: AuditLogService
- name: AuthenticationLogService
- name: AuthenticationService
- name: AuthorizationPolicyService
- name: BatchFileSegmentsService
- name: BatchNotificationService
- name: CallGraphDataService
- name: CodeOwnersService
- name: DependencyMetadataService
- name: EndorIgnoreEntryService
- name: ExporterService
- name: FindingLogService
- name: FindingService
- name: HuggingFaceModelService
- name: HuggingFaceOrganizationService
- name: IPAddressPolicyService
- name: IdentityProviderService
- name: InstallationService
- name: InvitationService
- name: LicenseDependencyService
- name: LicenseNoticesReportService
- name: LicenseSummaryService
- name: LinterResultService
- name: MalwareService
- name: MetricService
- name: NamespaceService
- name: NotificationService
- name: NotificationTargetService
- name: OnPremSchedulerService
- name: PRCommentConfigService
- name: PackageFirewallLogService
- name: PackageLicenseOverrideService
- name: PackageLicenseQueryService
- name: PackageLicenseService
- name: PackageManagerService
- name: PackageVersionService
- name: PluginBinaryService
- name: PolicyService
- name: PolicyTemplateService
- name: ProjectService
- name: ProvisioningResultService
- name: QueryMalwareService
- name: QueryService
- name: QuerySimilarPackagesService
- name: QueryVulnerabilityService
- name: RegistryIngestionCheckpointService
- name: RepositoryService
- name: RepositoryVersionService
- name: RuleSetImportService
- name: SBOMExportService
- name: SBOMImportService
- name: SCMCredentialService
- name: SavedQueryService
- name: ScanLogRequestService
- name: ScanProfileService
- name: ScanResultService
- name: ScanWorkflowResultService
- name: ScanWorkflowService
- name: SecretRuleService
- name: SemgrepRuleService
- name: SystemConfigService
- name: TenantService
- name: VEXExportService
- name: VectorStoreService
- name: VersionUpgradeService
- name: VulnerabilityService
paths:
/v1/namespaces/{tenant_meta.namespace}/metrics:
get:
tags:
- MetricService
summary: ListMetrics
description: Lists all metrics in a specified namespace.
operationId: MetricService_ListMetrics
parameters:
- description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
in: path
name: tenant_meta.namespace
required: true
schema:
type: string
x-endor-name: Namespace
- description: >-
String of conditions to filter resources by.
Filters may include any attribute along with the following
operators:
"==", "!=", ">", ">=", "<", "<=", "Contains", "In", "Matches", and
"Exists". The logical operators "And" and "Or" are also supported.
Expressions may be combined and grouped with parentheses.
Examples:
"spec.value == 5",
"spec.value in ["a", "b", "c"]",
"(meta.name == "xyz" and "spec.value in ["a","b"]) or (spec.value ==
"c")".
in: query
name: list_parameters.filter
schema:
type: string
- description: |-
Set the page token to start from.
Use page tokens to page through list results or list specific pages.
in: query
name: list_parameters.page_token
schema:
format: int32
type: integer
- description: |-
Set the page size to limit the number of results returned.
Default: 100. Max: 500.
in: query
name: list_parameters.page_size
schema:
format: int32
type: integer
- description: >-
Action to be executed with a request. Not supported for all
endpoints.
in: query
name: list_parameters.action
schema:
type: string
- description: List of fields to return (all fields are returned by default).
in: query
name: list_parameters.mask
schema:
type: string
- description: Get data from any child namespaces as well.
in: query
name: list_parameters.traverse
schema:
type: boolean
- description: Field to sort objects by, for example, meta.name.
in: query
name: list_parameters.sort.path
schema:
type: string
- description: 'Sort order. Default: ASC.'
in: query
name: list_parameters.sort.order
schema:
default: SORT_ENTRY_ORDER_UNSPECIFIED
enum:
- SORT_ENTRY_ORDER_UNSPECIFIED
- SORT_ENTRY_ORDER_ASC
- SORT_ENTRY_ORDER_DESC
type: string
- description: |-
Return the number of objects matching the given list parameters.
If count is set to true, the response is a CountResponse.
Can be used together with filter and traverse.
in: query
name: list_parameters.count
schema:
type: boolean
- description: |-
Group the objects based on this field.
If there are multiple fields then the objects are grouped
based on the uniqueness of all fields.
Supports composite paths.
Supports arrays and maps.
in: query
name: list_parameters.group.aggregation_paths
schema:
type: string
- description: |-
Return the UUID of each object in each group as specified by
aggregation_paths.
in: query
name: list_parameters.group.show_aggregation_uuids
schema:
type: boolean
- description: |-
List of fields for which we want the unique count.
Supports arrays and maps.
in: query
name: list_parameters.group.unique_count_paths
schema:
type: string
- description: |-
List of fields for which we want the unique values.
Supports arrays and maps.
in: query
name: list_parameters.group.unique_value_paths
schema:
type: string
- description: Only return objects from PR scans that match this context id.
in: query
name: list_parameters.ci_run_uuid
schema:
type: string
- description: Page ID to retrieve.
in: query
name: list_parameters.page_id
schema:
type: string
- description: |-
Group the objects based on this time field,
for example, meta.create_time.
in: query
name: list_parameters.group_by_time.aggregation_paths
schema:
type: string
- description: Return the UUIDs of the objects in each group.
in: query
name: list_parameters.group_by_time.show_aggregation_uuids
schema:
type: boolean
- description: Interval unit by which the objects should be grouped.
in: query
name: list_parameters.group_by_time.interval
schema:
default: GROUP_BY_TIME_INTERVAL_UNSPECIFIED
enum:
- GROUP_BY_TIME_INTERVAL_UNSPECIFIED
- GROUP_BY_TIME_INTERVAL_YEAR
- GROUP_BY_TIME_INTERVAL_QUARTER
- GROUP_BY_TIME_INTERVAL_MONTH
- GROUP_BY_TIME_INTERVAL_WEEK
- GROUP_BY_TIME_INTERVAL_DAY
- GROUP_BY_TIME_INTERVAL_HOUR
- GROUP_BY_TIME_INTERVAL_MINUTE
- GROUP_BY_TIME_INTERVAL_SECOND
type: string
- description: |-
Size of the time interval to group the objects by,
for example, to group objects by 2-week intervals, set interval
to GROUP_BY_TIME_INTERVAL_WEEK and group_size to 2.
in: query
name: list_parameters.group_by_time.group_size
schema:
format: int32
type: integer
- description: |-
Beginning of the time period to group objects.
Defaults to the beginning of time.
in: query
name: list_parameters.group_by_time.start_time
schema:
format: date-time
type: string
- description: |-
End of the time period to group objects.
Defaults to the current time.
in: query
name: list_parameters.group_by_time.end_time
schema:
format: date-time
type: string
- description: >-
The mode determines how the matching objects are counted
in the produced time-series. Values allowed are:
count (default) : is the number of items matching in every interval.
sum: is the total number of items matching since the beginning of
the
aggregation time.
in: query
name: list_parameters.group_by_time.mode
schema:
type: string
- description: >-
The aggregation_field is a field on the matched objects that we want
to
perform some operation in each interval (example : min, max, avg)
in: query
name: list_parameters.group_by_time.aggregation_value_field
schema:
type: string
- description: |-
The aggreation_operator is the operator that we should use for the
aggregation. Allowed values are: min, max, sum, avg
in: query
name: list_parameters.group_by_time.aggregation_operator
schema:
type: string
- description: |-
If true, the results will not be paginated and
only the first page will be returned. The order
of the results is not guaranteed.
in: query
name: list_parameters.disable_pagination
schema:
type: boolean
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/v1ListMetricsResponse'
description: A successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/googlerpcStatus'
description: An unexpected error response.
components:
schemas:
v1ListMetricsResponse:
description: Response to the request to retrieve the metrics.
properties:
count_response:
$ref: '#/components/schemas/v1CountResponse'
group_response:
$ref: '#/components/schemas/v1GroupResponse'
list:
$ref: '#/components/schemas/v1ListMetricsResponseList'
type: object
googlerpcStatus:
description: >-
The `Status` type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It
is
used by [gRPC](https://github.com/grpc). Each `Status` message contains
three pieces of data: error code, error message, and error details.
You can find out more about this error model and how to work with it in
the
[API Design Guide](https://cloud.google.com/apis/design/errors).
properties:
code:
description: |-
The status code, which should be an enum value of
[google.rpc.Code][google.rpc.Code].
format: int32
type: integer
details:
description: >-
A list of messages that carry the error details. There is a common
set of
message types for APIs to use.
items:
$ref: '#/components/schemas/googleprotobufAny'
type: array
message:
description: >-
A developer-facing error message, which should be in English. Any
user-facing error message should be localized and sent in the
[google.rpc.Status.details][google.rpc.Status.details] field, or
localized
by the client.
type: string
type: object
v1CountResponse:
description: Response to a list count request.
properties:
count:
description: Number of objects matching the given list parameters.
format: int32
type: integer
type: object
v1GroupResponse:
description: Response to a list group request.
properties:
groups:
additionalProperties:
$ref: '#/components/schemas/GroupResponseGroupData'
description: |-
Map indexed by values of the fields specified in aggregation_paths,
for example, {"[{"key":"meta.kind","value":"Project"}]": {
"aggregation_count": { "count": 1649 } } }.
type: object
type: object
v1ListMetricsResponseList:
properties:
objects:
items:
$ref: '#/components/schemas/endorv1Metric'
type: array
response:
$ref: '#/components/schemas/v1ListResponse'
type: object
googleprotobufAny:
additionalProperties: {}
description: >-
`Any` contains an arbitrary serialized protocol buffer message along
with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
====
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": ,
"lastName":
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: >-
A URL/resource name that uniquely identifies the type of the
serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical
form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that
they
expect it to use in the context of Any. However, for URLs which use
the
scheme `http`, `https`, or no scheme, one can optionally set up a
type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com. As of May 2023, there are no widely used type
server
implementations and no plans to implement one.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
GroupResponseGroupData:
description: Information about objects matching the given key.
properties:
aggregation_count:
$ref: '#/components/schemas/v1CountResponse'
aggregation_uuids:
description: |-
List of UUIDs of the objects in the group.
Only populated if show_aggregation_uuids is set.
items:
type: string
type: array
aggregation_value:
$ref: '#/components/schemas/v1GroupAggregationValueResponse'
unique_counts:
additionalProperties:
$ref: '#/components/schemas/v1CountResponse'
description: |-
Map of counts for the given unique_count_paths fields.
Only populated if unique_count_paths is set.
type: object
unique_values:
additionalProperties:
items:
type: object
type: array
description: |-
Map of values for the given unique_value_paths fields.
Only populated if unique_value_paths is set.
type: object
type: object
endorv1Metric:
description: This contains the definition all metrics.
properties:
context:
$ref: '#/components/schemas/v1Context'
meta:
$ref: '#/components/schemas/v1Meta'
spec:
$ref: '#/components/schemas/v1MetricSpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: The UUID of the the metric resource.
readOnly: true
type: string
required:
- tenant_meta
- meta
- spec
- context
type: object
v1ListResponse:
description: Response to a list request.
properties:
next_page_id:
description: The UUID of last message retrieved.
type: string
next_page_token:
description: >-
Pagination token that can be used to retrieve the next page of
results.
format: int32
type: integer
type: object
v1GroupAggregationValueResponse:
description: |-
GroupAggregationValueResponse returns the value of the aggregation if
requested.
properties:
value:
format: float
type: number
type: object
v1Context:
description: Contexts keep objects from different scans separated.
properties:
id:
description: The context ID, such as a pull request ID or branch reference.
type: string
tags:
description: |-
A list of tags applied to a context. Used primarily for CI and SBOM
contexts.
items:
type: string
type: array
type:
$ref: '#/components/schemas/ContextContextType'
will_be_deleted_at:
description: |-
Time that all objects in this context will be deleted.
This field is deprecated and will be removed in the future.
Please use the meta.will_be_deleted_at field instead.
format: date-time
readOnly: true
type: string
required:
- type
- id
type: object
v1Meta:
description: Common fields for all Endor Labs resources.
properties:
annotations:
additionalProperties:
type: string
description: >-
Annotations can be used to attach metadata to a resource message.
Annotation values can be small or large, structured or unstructured,
and may include characters not permitted by labels.
The keys may contain alphanumerics, underscores (_), dots (.) and
dashes
(-). The values of an annotation must be 16384 bytes or smaller.
type: object
create_time:
description: |-
Time the resource was created.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
created_by:
description: |-
Name and authentication source of the user who created the object,
for example, ewok@endor.ai@google@api-key.
readOnly: true
type: string
description:
description: Resource description. Must be less than 1024 bytes.
type: string
index_data:
$ref: '#/components/schemas/v1IndexData'
kind:
description: >-
Resource kind, for example, HelloResponse.
Auto-generated using the protobuf message
proto.MessageName().Name().
readOnly: true
type: string
name:
description: Resource name. Must be 63 characters or less.
type: string
parent_kind:
description: Parent object resource kind, for example, Project.
type: string
parent_uuid:
description: Parent object UUID.
type: string
references:
additionalProperties:
$ref: '#/components/schemas/googleprotobufAny'
description: Map of objects referenced in a query API.
readOnly: true
type: object
tags:
description: >-
List of tags attached to the resource.
Tags can be used to select objects and to find collections of
objects that
satisfy certain conditions. A tag must be 255 characters or less.
items:
type: string
type: array
update_time:
description: |-
Time the resource was last updated.
Note: Updated on all create/patch/delete operations.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
updated_by:
description: >-
Name and authentication source of the last user who updated the
object,
for example, vulnerabilityingestor@endor.ai@x509.
readOnly: true
type: string
upsert_time:
description: |-
Time the resource was last upserted.
Note:
create_time is only set the first time the resource is created.
upsert_time is set every time the resource is upseted.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
version:
description: Message version.
readOnly: true
type: string
required:
- name
type: object
v1MetricSpec:
properties:
analytic:
description: The name of the analytic used to generate this specific metric.
type: string
metric_values:
additionalProperties:
$ref: '#/components/schemas/v1MetricValue'
description: |-
A map of metric values.
These values include scores and score factors.
type: object
project_uuid:
description: The UUID of the project to which this metric relates.
type: string
raw:
description: This is a superset of the information included in the specification.
type: object
required:
- analytic
- project_uuid
- metric_values
type: object
v1TenantMeta:
description: Tenant related data for the tenant containing the resource.
properties:
namespace:
description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
type: string
required:
- namespace
type: object
ContextContextType:
default: CONTEXT_TYPE_UNSPECIFIED
description: |2-
- CONTEXT_TYPE_MAIN: Objects from a scan of the default branch.
All objects in the oss namespace are in the main context.
The context id is always "default".
- CONTEXT_TYPE_EXTERNAL: Indicates that this object is a copy/temporary value of an object in
another project. Used for same-tenant dependencies. In source code
reference this is equivalent to "vendor" folders. Package versions in
the external context are only scanned for call graphs. No other
operations are performed on them.
- CONTEXT_TYPE_CI_RUN: Objects from a PR scan. The context id is the PR UUID.
Objects in this context are deleted after 30 days.
- CONTEXT_TYPE_SBOM: Objects from an SBOM scan. The context id is the SBOM serial number or
some other unique identifier.
- CONTEXT_TYPE_REF: Objects from a scan of a specific branch. The context id is the branch
reference name.
enum:
- CONTEXT_TYPE_UNSPECIFIED
- CONTEXT_TYPE_MAIN
- CONTEXT_TYPE_EXTERNAL
- CONTEXT_TYPE_CI_RUN
- CONTEXT_TYPE_SBOM
- CONTEXT_TYPE_REF
type: string
v1IndexData:
description: |-
IndexData is used to index the resource for search. It's an internal
object.
properties:
data:
items:
type: string
readOnly: true
type: array
search_score:
description: >-
search_score is the score of the resource for search. Internal use
only.
format: float
readOnly: true
type: number
tenant:
readOnly: true
type: string
will_be_deleted_at:
description: Time that the resource will be deleted.
format: date-time
readOnly: true
type: string
type: object
v1MetricValue:
description: The value of the metric and the associated category.
properties:
category:
description: Meteric value categories.
type: string
ci_cd_tools:
$ref: '#/components/schemas/v1CiCdTools'
cis_scorecard:
$ref: '#/components/schemas/v1CisScorecard'
dependency_stats:
$ref: '#/components/schemas/v1DependencyStats'
description:
description: Description of the metric value.
type: string
file_stats:
$ref: '#/components/schemas/v1FileStats'
float_value:
format: float
type: number
github_workflows:
$ref: '#/components/schemas/v1GitHubWorkflows'
int32_value:
format: int32
type: integer
int64_value:
format: int64
type: string
license_info:
$ref: '#/components/schemas/v1LicenseData'
linter_stats:
$ref: '#/components/schemas/v1LinterStats'
pr_security_review_result_info:
$ref: '#/components/schemas/v1PullRequestSecurityReviewResultInfo'
score_card:
$ref: '#/components/schemas/v1ScoreCard'
score_factor_list:
$ref: '#/components/schemas/v1ScoreFactorList'
scpm_data:
$ref: '#/components/schemas/v1ScpmData'
secret_stats:
$ref: '#/components/schemas/v1SecretStats'
string_value:
type: string
tag_counts:
$ref: '#/components/schemas/v1TagCounts'
time_tracker:
$ref: '#/components/schemas/v1TimeTracker'
vulnerability_stats:
$ref: '#/components/schemas/v1VulnerabilityStats'
required:
- description
type: object
v1CiCdTools:
description: >-
CiCdTools Metric Value contains information about CI/CD tools discovered
in the repository version.
properties:
tools:
items:
$ref: '#/components/schemas/v1CiCdTool'
type: array
type: object
v1CisScorecard:
description: >-
CisScorecard represents the CIS benchmark scorecard for the parent
repository.
A scorecard contains a list of benchmarks.
properties:
benchmarks:
items:
$ref: '#/components/schemas/CisScorecardCisBenchmark'
type: array
type: object
v1DependencyStats:
description: Includes all dependency related data.
properties:
dependency_specs:
description: |-
A list of all the related dependencies
for this package or package version.
items:
$ref: '#/components/schemas/v1DependencySpec'
type: array
direct_dependencies:
description: The total number of direct dependencies.
format: int32
type: integer
indirect_dependencies:
description: The total number of indirect dependencies.
format: int32
type: integer
unpinned_dependencies:
description: The number of unpinned dependencies.
format: int32
type: integer
unpinned_direct_dependencies:
description: The number of unpinned dependencies.
format: int32
type: integer
unused_dependencies:
description: The number of unused dependencies.
format: int32
type: integer
unused_direct_dependencies:
description: The number of unused dependencies.
format: int32
type: integer
type: object
v1FileStats:
description: File statistics message. Included as the payload of a metric object.
properties:
badges:
description: The names of the badges in the repository.
items:
type: string
type: array
best_practices_files:
description: The names of files that represent best practices.
items:
type: string
type: array
cicd_files:
description: The names of files that contain CI/CD configuration.
items:
type: string
type: array
copyrights:
description: The list of copyright notices found in source files.
items:
type: string
type: array
documentation_files:
description: The names of files that contain documentation.
items:
type: string
type: array
file_info:
$ref: '#/components/schemas/v1FileInfo'
file_types:
additionalProperties:
$ref: '#/components/schemas/v1FileInfo'
description: The breadown for each file type.
type: object
has_codeowners:
description: Whether the version contain a valid code owners file or not.
type: boolean
has_license:
description: Whether there is a licence or not.
type: boolean
has_security_md:
description: Whether the version contain a SECURITY.md file or not.
type: boolean
languages:
additionalProperties:
$ref: '#/components/schemas/v1FileInfo'
description: The breadown for each language type.
type: object
license_name:
description: The name of the license.
type: string
license_type:
description: The type of the license.
type: string
make_files:
description: The names of files that are related to Make tools.
items:
type: string
type: array
sast_files:
description: The names of files that are related to SAST tools.
items:
type: string
type: array
test_files:
description: The names of files that contain tests.
items:
type: string
type: array
type: object
v1GitHubWorkflows:
description: >-
GitHubWorkflows Metric Value contains information about the workflow
file's code posture management.
properties:
workflows:
items:
$ref: '#/components/schemas/GitHubWorkflowsWorkflow'
type: array
type: object
v1LicenseData:
description: |-
Contains a summary of license information for a project or package.
This will be included as the payload of a metric object.
properties:
all_licenses:
description: All the licenses found by Endor Labs.
items:
$ref: '#/components/schemas/v1LicenseInfo'
type: array
code_licenses:
description: The licenses found in the source code.
items:
$ref: '#/components/schemas/v1LicenseInfo'
type: array
copyrights:
description: The list of copyright notices found in source files.
items:
type: string
type: array
package_manager_licenses:
description: The licenses from the package manager.
items:
$ref: '#/components/schemas/v1LicenseInfo'
type: array
repository_license:
$ref: '#/components/schemas/v1LicenseInfo'
type: object
v1LinterStats:
description: >-
The linter statistics message. Included as the payload of a metric
object.
properties:
distinct_file_types_with_results:
description: The count of distinct file types with results.
format: int32
type: integer
distinct_rules_with_results:
description: The count of distint rules with results.
format: int32
type: integer
file_cnt_by_category:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count per category.
type: object
file_cnt_by_critical_api_category:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count per critical API category.
type: object
file_cnt_by_file_type:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count per file type.
type: object
file_cnt_by_rule:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count per rule.
type: object
file_cnt_by_severity:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count per severity level.
type: object
files_with_result_count:
description: The number of files with results.
format: int32
type: integer
finding_results:
description: >-
A list of the results that are marked with ANALYTICS_FINDING, which
results
in raising findings.
items:
$ref: '#/components/schemas/v1LinterResultInfo'
type: array
result_count:
description: The number of linter results.
format: int32
type: integer
results:
description: A list of all the linter results.
items:
$ref: '#/components/schemas/v1LinterResultInfo'
type: array
results_cnt_by_category:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count per category.
type: object
results_cnt_by_critical_api_category:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count per critical API category.
type: object
results_cnt_by_file_type:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count per file type.
type: object
results_cnt_by_rule:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count per rule.
type: object
results_cnt_by_severity:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count per severity level.
type: object
results_per_filecnt_ratio_by_file_type:
additionalProperties:
format: float
type: number
description: The ratio of result count/file count per file type.
type: object
results_per_filecnt_ratio_by_severity:
additionalProperties:
format: float
type: number
description: The ratio of result count/file count per severity level.
type: object
results_per_loc_ratio_by_file_type:
additionalProperties:
format: float
type: number
description: The ratio of result count/LOC per severity per file type.
type: object
results_per_loc_ratio_by_severity:
additionalProperties:
format: float
type: number
description: The ratio of result count/LOC per severity level.
type: object
type: object
v1PullRequestSecurityReviewResultInfo:
description: >-
PullRequestSecurityReviewResultInfo represents the comprehensive results
of an automated security review
performed on a pull request. It includes detailed information about code
changes, security metrics,
and relevant code snippets that may have security implications.
properties:
changes_description:
title: High-level description of all changes
type: string
file_changes:
additionalProperties:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoFileChanges
description: >-
Comprehensive information about all file changes in the pull
request.
The map key is the file path.
type: object
llm_context:
$ref: '#/components/schemas/v1LLMContext'
security_description:
title: Overall security assessment description
type: string
security_metrics:
items:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoSecurityAspectMetric
title: |-
Security review findings and metrics
Detailed security metrics and findings
type: array
type: object
v1ScoreCard:
description: A scorecard contains a total score per ScoreCategory.
properties:
analysis_scope_description:
description: Description of the analysis scope.
type: string
category_scores:
description: The per category scores.
items:
$ref: '#/components/schemas/v1CategoryScore'
type: array
overall_score:
description: The overall score.
format: float
type: number
type: object
v1ScoreFactorList:
description: >-
A list of score factors that are directly exported by the related
anlaytics.
properties:
score_factors:
items:
$ref: '#/components/schemas/v1ScoreFactor'
type: array
type: object
v1ScpmData:
description: ScpmData contains normalized SCPM data.
properties:
branch_access:
$ref: '#/components/schemas/v1BranchAccess'
organization_access:
$ref: '#/components/schemas/v1OrganizationAccess'
platform_source:
$ref: '#/components/schemas/v1PlatformSource'
raw:
description: Raw, platform specific, ingested data.
type: object
repository_access:
$ref: '#/components/schemas/v1RepositoryAccess'
required:
- platform_source
- raw
type: object
v1SecretStats:
description: >-
The secret statistics message. This is included as the payload of a
metric object.
properties:
distinct_file_types_with_secrets:
description: The count of distinct file types with secrets.
format: int32
type: integer
distinct_rules_with_results:
description: The count of distint rules with results.
format: int32
type: integer
file_cnt_by_category:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count for each category.
type: object
file_cnt_by_file_type:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count for each file type.
type: object
file_cnt_by_rule:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count for each rule.
type: object
file_cnt_by_severity:
additionalProperties:
format: int32
type: integer
description: The breakdown of distinct file count for each severity level.
type: object
files_with_secrets_count:
description: The number of files with secrets.
format: int32
type: integer
result_count:
description: The number of secrets found.
format: int32
type: integer
results_cnt_by_file_type:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count for each file type.
type: object
results_cnt_by_rule:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count for each rule.
type: object
results_cnt_by_severity:
additionalProperties:
format: int32
type: integer
description: The breakdown of result count for each severity level.
type: object
secrets:
description: A list of all the linter results.
items:
$ref: '#/components/schemas/v1SecretInfo'
type: array
type: object
v1TagCounts:
properties:
counts:
additionalProperties:
format: uint64
type: string
description: Overall activity count per tag.
type: object
type: object
v1TimeTracker:
description: |-
Tge sequence of TimeSlots for each time resolution we track.
We can track multiple resolutions, and some resolutions may be empty.
properties:
daily_activity:
items:
$ref: '#/components/schemas/v1TimeSlot'
type: array
monthly_activity:
items:
$ref: '#/components/schemas/v1TimeSlot'
type: array
resolutions:
items:
$ref: '#/components/schemas/v1TimeResolution'
type: array
yearly_activity:
items:
$ref: '#/components/schemas/v1TimeSlot'
type: array
type: object
v1VulnerabilityStats:
description: VulnerabilityFactors message includes all vulnerability related data.
properties:
critical_vulnerabilities:
description: The number of critical vulnerabilities.
format: int32
type: integer
high_vulnerabilities:
description: The number of high vulnerabilities.
format: int32
type: integer
low_vulnerabilities:
description: The number of low vulnerabilities.
format: int32
type: integer
medium_vulnerabilities:
description: The number of medium vulnerabilities.
format: int32
type: integer
vulnerabilities:
description: >-
A list of all the vulnerabilities found affecting this package or
package version.
items:
$ref: '#/components/schemas/v1Vuln'
type: array
type: object
v1CiCdTool:
description: Represents a CI/CD tool.
properties:
categories:
description: >-
List of control function categories (based on static name to
category mapping).
items:
type: string
type: array
description:
description: Tool description.
type: string
display_name:
description: Tool's display name for UI.
type: string
evidence:
description: Details of where and/or how the tool was discovered.
items:
$ref: '#/components/schemas/CiCdToolEvidence'
type: array
name:
description: Tool name.
type: string
summary:
description: Summary of each evidence instance.
items:
type: string
type: array
required:
- name
type: object
CisScorecardCisBenchmark:
properties:
audit:
description: CIS benchmark requirement audit procedure.
type: string
category:
$ref: '#/components/schemas/v1CisCategory'
criteria:
description: CIS benchmark requirement title.
type: string
description:
description: CIS benchmark requirement description.
type: string
id:
$ref: '#/components/schemas/v1CisReqId'
index:
description: CIS benchmark requirement index. For example, "2.1.4".
type: string
rationale:
description: CIS benchmark requirement rationale statement.
type: string
remediation:
description: CIS benchmark requirement remediation procedure.
type: string
satisfied:
description: True if this CIS benchmark requirement is satisfied.
type: boolean
sub_category:
$ref: '#/components/schemas/v1CisSubCategory'
version:
description: CIS benchmark requirement version. For example, "v1.0.0".
type: string
required:
- id
type: object
v1DependencySpec:
description: Captures the details of a single dependency.
properties:
dependency_name:
description: The name of the dependency package.
type: string
dependency_version:
description: The dependency version.
type: string
reachable:
$ref: '#/components/schemas/DependencyMetadataReachabilityType'
unpinned:
description: Set to true if the dependency is not pinned.
type: boolean
utilization:
description: The fraction of the dependency that is used by this package.
format: float
type: number
type: object
v1FileInfo:
description: The breakdown for various file categories.
properties:
byte_count:
description: The number of bytes.
format: uint64
type: string
file_count:
description: The number of files.
format: uint64
type: string
line_count:
description: The number of lines.
format: uint64
type: string
type: object
GitHubWorkflowsWorkflow:
description: Workflow represents one workflow file.
properties:
all_secrets_exposed:
description: Information about the exposure of 'secrets' object.
items:
$ref: '#/components/schemas/WorkflowAllSecretsExposed'
type: array
file_name:
description: Name of the workflow file.
type: string
file_path:
description: Path of the workflow file.
type: string
jobs:
description: All jobs defined in the workflow file.
items:
$ref: '#/components/schemas/GitHubWorkflowsWorkflowJob'
type: array
permissions:
description: Permissions of the GITHUB_TOKEN defined at the workflow file level.
items:
$ref: '#/components/schemas/WorkflowGHTokenPermission'
type: array
type: object
v1LicenseInfo:
description: LicenseInfo contains information for a license.
properties:
file:
description: The name of the file where the license was found.
type: string
file_location:
description: The line in the file where the license text begins.
format: int32
type: integer
mapping_info:
$ref: '#/components/schemas/v1LicenseMappingInfo'
matched_text:
description: The license text that was matched.
type: string
name:
description: |-
Raw license description as found, for example in package managers.
It is free form text that may not contain a valid SPDX ID.
type: string
spdxid:
description: Normalized SPDX id if known.
type: string
type:
description: License classification (based on licenseclassifier by Google).
type: string
url:
description: The URL that points to the license description.
type: string
required:
- name
type: object
v1LinterResultInfo:
description: A brief summary of linter results.
properties:
category:
description: The category of the result.
type: string
confidence:
description: The confidence of the result.
type: string
critical_api_category:
description: The critical API category of the result.
type: string
file:
description: The file where the result was found.
type: string
likelihood:
description: The likelihood of the result.
type: string
line:
description: The line in the file where the result was found.
format: int32
type: integer
match:
description: The text that matched.
type: string
rule_id:
description: The rule that generated the result.
type: string
severity:
description: The severity of the result.
type: string
snippet:
description: The source code that triggered the result.
type: string
tags:
description: The tags of the result.
items:
type: string
type: array
type: object
PullRequestSecurityReviewResultInfoFileChanges:
description: >-
FileChanges tracks all modifications made to a specific file in the pull
request.
Provides a comprehensive view of how a file was changed and its security
implications.
properties:
added_lines:
format: int32
title: Number of lines added to the file
type: integer
change_kind:
$ref: '#/components/schemas/PullRequestSecurityReviewResultInfoChangeKind'
changed_functions:
items:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoSecurityRelevantFunction
title: List of security-relevant functions affected
type: array
code_change_description:
items:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoChangeDescription
title: Detailed descriptions of individual changes
type: array
path:
title: Path to the modified file
type: string
purpose:
title: Overall purpose or role of the file
type: string
removed_lines:
format: int32
title: Number of lines removed from the file
type: integer
type: object
v1LLMContext:
properties:
structured_content:
$ref: '#/components/schemas/LLMContextStructuredContent'
unstructured_content:
description: The unstructured content of the LLM context.
type: string
type: object
PullRequestSecurityReviewResultInfoSecurityAspectMetric:
description: >-
SecurityAspectMetric represents a specific security concern or aspect
identified during review.
Used to quantify and qualify various security characteristics of the
changes.
properties:
category:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoSecurityReviewCategory
confidence_justification:
title: Explanation of the confidence score
type: string
confidence_level:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoSecurityReviewConfidenceLevel
description:
title: Detailed description of the security concern
type: string
justification:
title: Reasoning behind the security assessment
type: string
security_impact:
$ref: '#/components/schemas/SecurityAspectMetricSecurityImpactType'
severity_level:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoSecuritySeverityLevel
snippets:
items:
$ref: >-
#/components/schemas/PullRequestSecurityReviewResultInfoCodeSnippet
title: Code snippets related to this security aspect
type: array
title:
title: Short title describing the security aspect
type: string
required:
- category
- title
- severity_level
- confidence_level
type: object
v1CategoryScore:
description: >-
The score for one score category. The is the overall score
for a specific category. It is computed from the score factors that
have been created for the category. There is going to be only a single
instance of this information for the repo per score category.
Example:
Category: SCORE_CATEGORY_BEST_PRACTICES
Score: 5
Description: This score provides an overview of how this repo does when
considering security best practices.
The value is a number in the range 1 to 10, with 10 being the best.
properties:
category:
$ref: '#/components/schemas/v1ScoreCategory'
centered_score:
description: >-
Centered score for the category. This score is
normalized to be centered on 5 and is a float, so it has a higher
resolution.
format: float
type: number
description:
description: Text description of the category.
type: string
raw_score:
description: |-
Raw score for the category. This is the score by
adding up the score factors, not centered around 5.
format: float
type: number
score:
description: The score for this score.
format: int32
type: integer
type: object
v1ScoreFactor:
description: >-
A score factor for an object. Each score factor
describes a piece of information used while computing the overall score.
Each factor is associated with a specific category. Score factors can
have a
positive impact on the repository score and then they have a positive
score, or can
have a negative impact on the overall score and then they have a
positive score.
The description captures additional information for the particular
factor.
In general there are many (tens or hundreds) of such score factors split
across the ScoreCategory categories.
Postive score factor example:
Category: SCORE_CATEGORY_BEST_PRACTICES
Score: 2
Description: The repository is enforcing signed commits.
Negative score factor example:
Category: SCORE_CATEGORY_VULNERABILITIES
Score: -1
Description: the repository has unresolved issues related to
vulnerabilities that have been open for more than 3 months.
properties:
category:
$ref: '#/components/schemas/v1ScoreCategory'
description:
description: Text description of the factor and its meaning.
type: string
evidence:
description: The details of what the factor was raised.
type: string
id:
description: Unique ID to identify the factor.
type: string
name:
description: An external name for the factor.
type: string
score:
description: The score for this factor.
format: int32
type: integer
score_float:
description: The float value of the score for the factor.
format: float
type: number
type: object
v1BranchAccess:
description: BranchAccess contains normalized branch protection settings.
properties:
allow_create:
description: Anyone with write access to the repository can create a new branch.
type: boolean
allow_delete:
description: Anyone with write access to the repository can delete a branch.
type: boolean
allow_force_push:
description: >-
Anyone with write access to the repository can force push to a
branch.
type: boolean
allow_fork_sync:
description: Users can pull changes from upstream when the branch is locked.
type: boolean
allow_review_bypass:
description: Specific users, teams, or apps can bypass pull request requirements.
type: boolean
allow_self_approval:
description: Users can approve their own pull requests.
type: boolean
dismiss_stale_approvals:
description: >-
Approving reviews are automatically dismissed when someone pushes a
new commit.
type: boolean
enforce_admins:
description: All configured restrictions are also enforced for administrators.
type: boolean
is_locked:
description: Branch is set to read-only.
type: boolean
linear_history:
description: >-
Linear commit Git history is enforced, which prevents anyone from
pushing merge commits to a branch.
type: boolean
num_approvals_required:
description: A minimum number of approvals is required to merge a pull request.
format: int32
type: integer
require_code_owner_approval:
description: Pull request merges are blocked until code owners have reviewed.
type: boolean
require_comment_resolution:
description: All pull request comments must be resolved before it can be merged.
type: boolean
require_signatures:
description: All commits must be signed.
type: boolean
require_status_checks:
description: All status checks must pass before merging.
type: boolean
require_update:
description: Branch must be up to date before merging.
type: boolean
restrict_dismiss:
description: Specific users, teams, and apps can dismiss pull request reviews.
type: boolean
restrict_push:
description: Specific users, teams, and apps can push code.
type: boolean
type: object
v1OrganizationAccess:
description: OrganizationAccess contains normalized organization access settings.
properties:
action_policies:
$ref: '#/components/schemas/v1ActionPolicies'
admins:
description: List of all organization administrator usernames.
items:
type: string
type: array
allow_internal_repo_create:
description: Allows members to create internal repositories.
type: boolean
allow_private_repo_create:
description: Allows members to create private repositories.
type: boolean
allow_private_repo_fork:
description: Allows members to fork private repositories.
type: boolean
allow_public_repo_create:
description: Allows members to create public repositories.
type: boolean
default_workflow_permissions:
description: |-
Default GITHUB_TOKEN permissions for workflows.
Can be one of: "read", "write".
type: string
mfa_external:
description: Multi-factor authentication is required for external contributors.
type: boolean
mfa_internal:
description: Multi-factor authentication is required for internal contributors.
type: boolean
repo_edit_permission:
description: |-
Default permission required to execute EDIT commands on repository.
Can be one of: "read", "write", "admin", "none".
type: string
repo_get_permission:
description: |-
Default permission required to run GET queries on repository.
Can be one of: "read", "write", "admin", "none".
type: string
runner_group:
description: List of all organization runners.
items:
$ref: '#/components/schemas/ScpmDataRunner'
type: array
verified:
description: Organization is verified.
type: boolean
webhooks:
description: List of all organization webhooks.
items:
$ref: '#/components/schemas/ScpmDataWebhook'
type: array
workflows_can_approve_prs:
description: Allows workflows to approve pull request reviews.
type: boolean
type: object
v1PlatformSource:
default: PLATFORM_SOURCE_UNSPECIFIED
description: Type of source control platform a resource was discovered on.
enum:
- PLATFORM_SOURCE_UNSPECIFIED
- PLATFORM_SOURCE_GITHUB
- PLATFORM_SOURCE_GITLAB
- PLATFORM_SOURCE_GITSERVER
- PLATFORM_SOURCE_BITBUCKET
- PLATFORM_SOURCE_BINARY
- PLATFORM_SOURCE_HUGGING_FACE
- PLATFORM_SOURCE_AZURE
- PLATFORM_SOURCE_ARCHIVE
- PLATFORM_SOURCE_EXTERNAL_AI_SERVICE
- PLATFORM_SOURCE_GITHUB_ENTERPRISE
type: string
v1RepositoryAccess:
description: RepositoryAccess contains normalized repository access settings.
properties:
admins:
description: List of all repository administrator usernames.
items:
type: string
type: array
advanced_security_enabled:
description: Advanced security is automatically enabled for new repositories.
type: boolean
allow_auto_merge:
description: Repository allows auto-merge on pull requests.
type: boolean
allow_fork:
description: Repository allows forking.
type: boolean
allow_merge_commit:
description: Repository allows merging pull requests with a merge commit.
type: boolean
allow_rebase_merge:
description: Repository allows rebase-merging pull requests.
type: boolean
allow_squash_merge:
description: Repository allows squash merging pull-requests.
type: boolean
archived:
description: Repository is archived.
type: boolean
default_branch_protection_status:
description: Branch protection status of default branch.
type: boolean
disabled:
description: Repository is disabled.
type: boolean
ingested_object:
$ref: '#/components/schemas/v1IngestedObject'
private:
description: Repository is private.
type: boolean
pushed_at:
description: Time of the most recent commit to the repository.
format: date-time
type: string
require_web_commit_signoff:
description: >-
Require developers to sign off on commits made through a web
interface.
type: boolean
webhooks:
description: List of all repository webhooks.
items:
$ref: '#/components/schemas/ScpmDataWebhook'
type: array
required:
- ingested_object
type: object
v1SecretInfo:
description: A brief summary of secret results.
properties:
confidence:
description: Confidence of the result.
type: string
file:
description: The file where the result was found.
type: string
line:
description: The line in the file where the result was found.
format: int32
type: integer
match:
description: The text that matched.
type: string
rule_id:
description: The rule that generated the result.
type: string
severity:
description: The severity of the result.
type: string
snippet:
description: The source code that was responsible for triggering the result.
type: string
type: object
v1TimeSlot:
description: >-
Structure that contains activity information for a given slot of time.
Each slot could capture activity for one day, month or year, depending
on the resolution used.
properties:
count:
description: The count of activity in the slot.
format: uint64
type: string
tag_activity:
additionalProperties:
format: uint64
type: string
description: >-
The breakdown of activity per tag. When we track an activity,
it can be associated with a user specified tag (for example, "Open"
for a PR).
So here we get the per-tag breakdown.
type: object
timestamp:
description: |-
Timestamp of the slot. The resolution of this timestamp
depends on the time resolution we are tracking, so for
daily resolution will be the 12:00am of the day.
format: date-time
type: string
type: object
v1TimeResolution:
default: TIME_RESOLUTION_UNSPECIFIED
description: Describes the resolution used.
enum:
- TIME_RESOLUTION_UNSPECIFIED
- TIME_RESOLUTION_DAY
- TIME_RESOLUTION_MONTH
- TIME_RESOLUTION_YEAR
type: string
v1Vuln:
description: Vuln represents an Endor Labs vulnerability in the system.
properties:
meta:
$ref: '#/components/schemas/v1Meta'
spec:
$ref: '#/components/schemas/v1VulnSpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: The UUID of a vulnerability.
readOnly: true
type: string
required:
- meta
type: object
CiCdToolEvidence:
properties:
app_id:
description: Unigue GitHub application ID.
format: int64
type: string
app_permissions:
additionalProperties:
type: string
description: Permissions granted to the GitHub application.
type: object
app_repo_url:
description: URL of the repository the GitHub application has access to.
type: string
app_settings_url:
description: URL of the app installation settings.
type: string
app_slug:
description: Unique GitHub application slug.
type: string
badge:
description: Badge URL.
type: string
badge_regex:
description: Regex used to identify badge URL.
type: string
file_path:
description: Relative path to file.
type: string
file_regex:
description: Regex used to identify file name.
type: string
line_content:
description: Line content.
type: string
line_number:
description: Line number in file.
format: int32
type: integer
line_regex:
description: Regex used to identify line.
type: string
parent_tool_name:
description: >-
Name of parent tool that this evidence belongs to.
For example, the parent tool is "ghactions" if a reference to "uses:
endorlabs" is found in a GitHub Actions workflow file.
type: string
url:
description: Webhook payload URL.
type: string
url_regex:
description: Regex used to identify webhook URL.
type: string
type: object
v1CisCategory:
default: CIS_CATEGORY_UNSPECIFIED
description: |-
CisCategory represents a CIS benchmark requirement category per
CIS Software Supply Chain Security - Base v1.0.0
https://workbench.cisecurity.org/benchmarks/7555.
enum:
- CIS_CATEGORY_UNSPECIFIED
- CIS_CATEGORY_SRC_CODE
- CIS_CATEGORY_BLD_PIPELINES
- CIS_CATEGORY_DEPENDENCIES
- CIS_CATEGORY_ARTIFACTS
- CIS_CATEGORY_DEPLOYMENT
type: string
v1CisReqId:
default: CIS_REQ_ID_UNSPECIFIED
description: |-
CisReqId represents a CIS benchmark requirement per
CIS Software Supply Chain Security - Base v1.0.0
https://workbench.cisecurity.org/benchmarks/7555.
enum:
- CIS_REQ_ID_UNSPECIFIED
- CIS_REQ_ID_VERSION_CTRL
- CIS_REQ_ID_TASK_MGMT
- CIS_REQ_ID_TWO_APPROVERS
- CIS_REQ_ID_DISMISS_APPROVAL
- CIS_REQ_ID_AUTH_DISMISS
- CIS_REQ_ID_CODE_OWNERS
- CIS_REQ_ID_CODE_OWNER_APPROVAL
- CIS_REQ_ID_DEL_INACTIVE_BRANCHES
- CIS_REQ_ID_PASS_CHECKS_TO_MERGE
- CIS_REQ_ID_UPDATE_BEFORE_MERGE
- CIS_REQ_ID_RESOLVE_COMMENTS_TO_MERGE
- CIS_REQ_ID_SIGNED_COMMITS
- CIS_REQ_ID_LINEAR_HISTORY
- CIS_REQ_ID_RULES_APPLY_TO_ADMIN
- CIS_REQ_ID_AUTH_MERGE
- CIS_REQ_ID_FORCE_PUSH_DISABLED
- CIS_REQ_ID_AUTH_BRANCH_DEL
- CIS_REQ_ID_SCAN_MERGES
- CIS_REQ_ID_AUDIT_BRANCH_PROT_CHANGES
- CIS_REQ_ID_PROT_DEFAULT_BRANCH
- CIS_REQ_ID_SECURITY_MD
- CIS_REQ_ID_AUTH_REPO_CREATE
- CIS_REQ_ID_AUTH_REPO_DEL
- CIS_REQ_ID_AUTH_ISSUE_DEL
- CIS_REQ_ID_TRACK_FORKS
- CIS_REQ_ID_TRACK_VISIBILITY
- CIS_REQ_ID_ARCHIVE_INACTIVE_REPOS
- CIS_REQ_ID_DEL_INACTIVE_USERS
- CIS_REQ_ID_AUTH_TEAM_CREATE
- CIS_REQ_ID_MIN_NUM_ADMINS
- CIS_REQ_ID_MFA_OUTSIDE_ORG
- CIS_REQ_ID_MFA_INSIDE_ORG
- CIS_REQ_ID_ORG_EMAIL_ADDR
- CIS_REQ_ID_TWO_ADMINS_PER_REPO
- CIS_REQ_ID_STRICT_BASE_PERMS
- CIS_REQ_ID_VERIFIED_ORG_BADGE
- CIS_REQ_ID_SCM_EMAIL_DOMAINS
- CIS_REQ_ID_ORG_SSH_CERTS
- CIS_REQ_ID_AUTH_IP_ADDR
- CIS_REQ_ID_TRACK_ANOMALOUS_BEHAVIOR
- CIS_REQ_ID_AUTH_INSTALLED_APPS
- CIS_REQ_ID_DEL_INACTIVE_APPS
- CIS_REQ_ID_LEAST_PRIV_FOR_APPS
- CIS_REQ_ID_SECURED_WEB_HOOKS
- CIS_REQ_ID_SCAN_FOR_SENS_DATA
- CIS_REQ_ID_SCAN_CI_PIPELINE_CFG
- CIS_REQ_ID_SCAN_IAC_CFG
- CIS_REQ_ID_SCAN_FOR_CODE_VULNS
- CIS_REQ_ID_SCAN_FOR_OSS_VULNS
- CIS_REQ_ID_SCAN_FOR_OSS_LICENSES
- CIS_REQ_ID_SINGLE_PIPELINE_RESP
- CIS_REQ_ID_IMMUTABLE_BLD_CFG
- CIS_REQ_ID_LOG_BLD_ENV
- CIS_REQ_ID_AUTOMATE_BLD_ENV
- CIS_REQ_ID_LIMIT_BLD_ENV_ACCESS
- CIS_REQ_ID_AUTH_BLD_ENV_ACCESS
- CIS_REQ_ID_MIN_BLD_SECRET_SCOPE
- CIS_REQ_ID_SCAN_BLD_INFRA_FOR_VULNS
- CIS_REQ_ID_BLD_NO_DEFAULT_PWS
- CIS_REQ_ID_BLD_SECURED_WEB_HOOKS
- CIS_REQ_ID_MIN_NUM_BLD_ENV_ADMINS
- CIS_REQ_ID_SINGLE_USE_BLD_WORKERS
- CIS_REQ_ID_BLD_ENV_PASSED_NOT_PULLED
- CIS_REQ_ID_SEP_BLD_WORKER_DUTIES
- CIS_REQ_ID_MIN_BLD_WORKER_NET_CON
- CIS_REQ_ID_BLD_WORKER_RUNTIME_SECURITY
- CIS_REQ_ID_SCAN_BLD_WORKERS_FOR_VULNS
- CIS_REQ_ID_BLD_WORKER_CFG_VERSION_CTRL
- CIS_REQ_ID_MON_BLD_WORKER_RESOURCE_USE
- CIS_REQ_ID_DEFINE_BLD_STEPS_AS_CODE
- CIS_REQ_ID_DEFINE_BLD_STEP_INPUT_OUTPUT
- CIS_REQ_ID_LOG_BLD_STEP_OUTPUT
- CIS_REQ_ID_BLD_STEP_VERSION_CTRL
- CIS_REQ_ID_LIMIT_BLD_TRIGGER_ACCESS
- CIS_REQ_ID_SCAN_BLD_FOR_MISCFG
- CIS_REQ_ID_SCAN_BLD_FOR_VULNS
- CIS_REQ_ID_SCAN_BLD_FOR_SENS_DATA
- CIS_REQ_ID_SIGN_BLD_ARTS
- CIS_REQ_ID_LOCK_EXT_BLD_DEPS
- CIS_REQ_ID_VALIDATE_BLD_DEPS
- CIS_REQ_ID_REPROD_BLD_ARTS
- CIS_REQ_ID_BLD_STEP_SBOMS
- CIS_REQ_ID_SIGN_BLD_STEP_SBOMS
- CIS_REQ_ID_VERIFY_TP_ARTS
- CIS_REQ_ID_REQ_TP_SBOMS
- CIS_REQ_ID_SIGNED_TP_BLD_MDATA
- CIS_REQ_ID_MON_INTER_TP_DEPS
- CIS_REQ_ID_TRUSTED_TP_PKG_MGRS
- CIS_REQ_ID_SIGNED_TP_SBOM
- CIS_REQ_ID_PIN_TP_DEPS
- CIS_REQ_ID_MIN_TP_PKG_AGE
- CIS_REQ_ID_ORG_TP_USAGE_POLICY
- CIS_REQ_ID_SCAN_TP_PKGS_FOR_VULNS
- CIS_REQ_ID_SCAN_TP_PKGS_FOR_LICENSE
- CIS_REQ_ID_SCAN_TP_PKGS_FOR_OWNER_CHANGE
- CIS_REQ_ID_SIGN_ARTS
- CIS_REQ_ID_ENCRYPT_ARTS
- CIS_REQ_ID_AUTH_ART_DECRYPT
- CIS_REQ_ID_LIMIT_ART_CERT
- CIS_REQ_ID_LIMIT_ART_UPLOAD
- CIS_REQ_ID_MFA_FOR_PKG_REG
- CIS_REQ_ID_EXT_AUTH_FOR_PKG_REG
- CIS_REQ_ID_ANONYMOUS_USER_DISABLED
- CIS_REQ_ID_MIN_NUM_PKG_REG_ADMINS
- CIS_REQ_ID_VALIDATE_ARTS_ON_UPLOAD
- CIS_REQ_ID_VALIDATE_ALL_ART_VERSIONS
- CIS_REQ_ID_AUDIT_PKG_REG_CFG_CHANGES
- CIS_REQ_ID_PKG_REG_SECURED_WEB_HOOKS
- CIS_REQ_ID_PKG_REG_NO_DEFAULT_PWS
- CIS_REQ_ID_ARTS_CONTAIN_ORIGIN_INFO
- CIS_REQ_ID_BLOCK_INT_ARTS_FROM_EXT_REG
- CIS_REQ_ID_SEP_DEP_CFG_FROM_SRC_CODE
- CIS_REQ_ID_TRACK_DEP_CFG_CHANGES
- CIS_REQ_ID_SCAN_DEP_CFG_FOR_SENS_DATA
- CIS_REQ_ID_LIMIT_DEP_CFG_ACCESS
- CIS_REQ_ID_SCAN_IAC_DEP_CFG
- CIS_REQ_ID_VERIFY_DEP_CFG
- CIS_REQ_ID_PIN_DEP_CFG_VERSIONS
- CIS_REQ_ID_AUTOMATED_DEPLOYMENTS
- CIS_REQ_ID_REPROD_DEPLOYMENT_ENV
- CIS_REQ_ID_LIMIT_PROD_ENV_ACCESS
- CIS_REQ_ID_DEPLOYMENT_NO_DEFAULT_PWS
type: string
v1CisSubCategory:
default: CIS_SUB_CATEGORY_UNSPECIFIED
description: |-
CisSubCategory represents a CIS benchmark requirement sub-category per
CIS Software Supply Chain Security - Base v1.0.0
https://workbench.cisecurity.org/benchmarks/7555.
enum:
- CIS_SUB_CATEGORY_UNSPECIFIED
- CIS_SUB_CATEGORY_CODE_CHANGES
- CIS_SUB_CATEGORY_REPO_MGMT
- CIS_SUB_CATEGORY_ACCESS
- CIS_SUB_CATEGORY_THIRD_PARTY
- CIS_SUB_CATEGORY_CODE_RISKS
- CIS_SUB_CATEGORY_BLD_ENV
- CIS_SUB_CATEGORY_BLD_WORKER
- CIS_SUB_CATEGORY_PIPELINE_INSTRUCTIONS
- CIS_SUB_CATEGORY_PIPELINE_INTEGRITY
- CIS_SUB_CATEGORY_PKG_REGISTRIES
- CIS_SUB_CATEGORY_VALIDATION
- CIS_SUB_CATEGORY_VERIFICATION
- CIS_SUB_CATEGORY_ORIGIN_TRACEABILITY
- CIS_SUB_CATEGORY_DEPLOYMENT_CFG
- CIS_SUB_CATEGORY_DEPLOYMENT_ENV
type: string
DependencyMetadataReachabilityType:
default: REACHABILITY_TYPE_UNSPECIFIED
description: |2-
- REACHABILITY_TYPE_REACHABLE: Call graph analysis determined that the dependency is likely reachable.
- REACHABILITY_TYPE_UNREACHABLE: Call graph analysis determined that the dependency is likely not
reachable.
- REACHABILITY_TYPE_UNKNOWN: Not enough information to perform reachability analysis.
enum:
- REACHABILITY_TYPE_UNSPECIFIED
- REACHABILITY_TYPE_REACHABLE
- REACHABILITY_TYPE_UNREACHABLE
- REACHABILITY_TYPE_UNKNOWN
type: string
WorkflowAllSecretsExposed:
description: AllSecretsExposed defines the exposure of the 'secrets' object.
properties:
evidence:
description: Matched keyword from the content of the line.
type: string
line_content:
description: Content of the line exposing full 'secrets' object.
type: string
location_uri:
description: Full path of exposed 'secrets' object with the line number.
type: string
type: object
GitHubWorkflowsWorkflowJob:
description: A single job defined in the workflow file.
properties:
actions:
description: List of all actions used in the job.
items:
type: string
type: array
cloud_resource_accessed_without_oidc:
description: >-
Lists all cloud resources accessed without the workflow identity
federation.
items:
$ref: '#/components/schemas/JobCloudResourceAccessedWithoutOIDC'
type: array
id:
description: The Job ID.
type: string
imposter_commit:
description: Imposter commit SHA detected for the job.
items:
$ref: '#/components/schemas/JobImposterCommit'
type: array
name:
description: Name of the job.
type: string
permissions:
description: Permissions of the GITHUB_TOKEN defined at the job level.
items:
$ref: '#/components/schemas/WorkflowGHTokenPermission'
type: array
script_injection_detected:
description: Detected script injection in the job's shell script code.
items:
$ref: '#/components/schemas/JobScriptInjectionDetected'
type: array
unpinned_commit_sha_actions:
description: Unpinned commit SHA action versions used.
items:
$ref: '#/components/schemas/JobUnpinnedCommitShaAction'
type: array
unpinned_runner_version:
$ref: '#/components/schemas/JobUnpinnedRunner'
untrusted_code_execution:
description: Untrusted code execution identified for the job.
items:
$ref: '#/components/schemas/JobUntrustedCodeExecution'
type: array
unverified_gh_actions:
description: Unverified GitHub actions used.
items:
$ref: '#/components/schemas/JobUnverifiedGHAction'
type: array
type: object
WorkflowGHTokenPermission:
default: GH_TOKEN_PERMISSION_UNSPECIFIED
description: >-
GHTokenPermission represents the possible permissions assignable to
GITHUB_TOKEN used by the workflow.
enum:
- GH_TOKEN_PERMISSION_UNSPECIFIED
- GH_TOKEN_PERMISSION_ACTION_NONE
- GH_TOKEN_PERMISSION_ACTION_READ
- GH_TOKEN_PERMISSION_ACTION_WRITE
- GH_TOKEN_PERMISSION_CHECKS_NONE
- GH_TOKEN_PERMISSION_CHECKS_READ
- GH_TOKEN_PERMISSION_CHECKS_WRITE
- GH_TOKEN_PERMISSION_CONTENTS_NONE
- GH_TOKEN_PERMISSION_CONTENTS_READ
- GH_TOKEN_PERMISSION_CONTENTS_WRITE
- GH_TOKEN_PERMISSION_DEPLOYMENTS_NONE
- GH_TOKEN_PERMISSION_DEPLOYMENTS_READ
- GH_TOKEN_PERMISSION_DEPLOYMENTS_WRITE
- GH_TOKEN_PERMISSION_IDTOKEN_NONE
- GH_TOKEN_PERMISSION_IDTOKEN_READ
- GH_TOKEN_PERMISSION_IDTOKEN_WRITE
- GH_TOKEN_PERMISSION_ISSUES_NONE
- GH_TOKEN_PERMISSION_ISSUES_READ
- GH_TOKEN_PERMISSION_ISSUES_WRITE
- GH_TOKEN_PERMISSION_DISCUSSIONS_NONE
- GH_TOKEN_PERMISSION_DISCUSSIONS_READ
- GH_TOKEN_PERMISSION_DISCUSSIONS_WRITE
- GH_TOKEN_PERMISSION_PACKAGES_NONE
- GH_TOKEN_PERMISSION_PACKAGES_READ
- GH_TOKEN_PERMISSION_PACKAGES_WRITE
- GH_TOKEN_PERMISSION_PAGES_NONE
- GH_TOKEN_PERMISSION_PAGES_READ
- GH_TOKEN_PERMISSION_PAGES_WRITE
- GH_TOKEN_PERMISSION_PULLREQUESTS_NONE
- GH_TOKEN_PERMISSION_PULLREQUESTS_READ
- GH_TOKEN_PERMISSION_PULLREQUESTS_WRITE
- GH_TOKEN_PERMISSION_REPOSITORYPROJECTS_NONE
- GH_TOKEN_PERMISSION_REPOSITORYPROJECTS_READ
- GH_TOKEN_PERMISSION_REPOSITORYPROJECTS_WRITE
- GH_TOKEN_PERMISSION_SECURITYEVENTS_NONE
- GH_TOKEN_PERMISSION_SECURITYEVENTS_READ
- GH_TOKEN_PERMISSION_SECURITYEVENTS_WRITE
- GH_TOKEN_PERMISSION_STATUSES_NONE
- GH_TOKEN_PERMISSION_STATUSES_READ
- GH_TOKEN_PERMISSION_STATUSES_WRITE
type: string
v1LicenseMappingInfo:
default: LICENSE_MAPPING_INFO_UNSPECIFIED
description: |-
LicenseMappingInfo contains additional information
that we determine when we attempt to match a license string
to a known SPDX id.
- LICENSE_MAPPING_INFO_NOT_OSS: This does not look to like an OSS license.
- LICENSE_MAPPING_INFO_IN_CODE: License information is to be found in the code.
- LICENSE_MAPPING_INFO_UNKNOWN: Cannot determine anything about the license.
- LICENSE_MAPPING_INFO_NOT_INCOMPLETE: There is some license information, but is not detailed enough.
- LICENSE_MAPPING_INFO_PRIVATE: Appears to be a private package.
- LICENSE_MAPPING_INFO_EXACT: An exact match to a SPDX id.
- LICENSE_MAPPING_INFO_UNLICENSED: Seems to be explicitly without license.
enum:
- LICENSE_MAPPING_INFO_UNSPECIFIED
- LICENSE_MAPPING_INFO_NOT_OSS
- LICENSE_MAPPING_INFO_IN_CODE
- LICENSE_MAPPING_INFO_UNKNOWN
- LICENSE_MAPPING_INFO_NOT_INCOMPLETE
- LICENSE_MAPPING_INFO_PRIVATE
- LICENSE_MAPPING_INFO_EXACT
- LICENSE_MAPPING_INFO_UNLICENSED
type: string
PullRequestSecurityReviewResultInfoChangeKind:
default: CHANGE_KIND_UNSPECIFIED
description: >-
ChangeKind indicates the type of modification made to a code element
(file, function, or snippet)
within the pull request. This helps track whether items are newly added,
modified, or removed.
- CHANGE_KIND_UNSPECIFIED: Default state when the change type is unknown
- CHANGE_KIND_NEW: Indicates a newly added element
- CHANGE_KIND_MODIFIED: Indicates an existing element that was modified
- CHANGE_KIND_REMOVED: Indicates an element that was removed
enum:
- CHANGE_KIND_UNSPECIFIED
- CHANGE_KIND_NEW
- CHANGE_KIND_MODIFIED
- CHANGE_KIND_REMOVED
type: string
PullRequestSecurityReviewResultInfoSecurityRelevantFunction:
description: >-
SecurityRelevantFunction represents a function or method that performs
security-sensitive operations.
or requires special security consideration during review.
properties:
change_kind:
$ref: '#/components/schemas/PullRequestSecurityReviewResultInfoChangeKind'
description:
title: Description of the function's purpose
type: string
name:
title: Name of the function
type: string
security_labels:
items:
type: string
title: Security classification or sensitivity level of the function
type: array
type: object
PullRequestSecurityReviewResultInfoChangeDescription:
description: >-
ChangeDescription provides a detailed explanation of specific changes
made within a file.
Used to track and document individual modifications for better
understanding of the changes.
properties:
change_kind:
$ref: '#/components/schemas/PullRequestSecurityReviewResultInfoChangeKind'
description:
title: Human-readable description of the change
type: string
line:
format: int32
title: Starting line number of the change
type: integer
line_end:
format: int32
title: Ending line number of the change
type: integer
type: object
LLMContextStructuredContent:
properties:
data:
description: The actual content data.
type: string
schema:
description: >-
The schema defining the structure and validation rules for the
content.
type: object
type: object
PullRequestSecurityReviewResultInfoSecurityReviewCategory:
default: SECURITY_REVIEW_CATEGORY_UNSPECIFIED
description: >-
SecurityCategory represents the different categories of security aspects
that can be evaluated.
- SECURITY_REVIEW_CATEGORY_UNSPECIFIED: Default when category is unknown
- SECURITY_REVIEW_CATEGORY_DEPENDENCY: Integration of external code, packages, and frameworks
- SECURITY_REVIEW_CATEGORY_ACCESS_CONTROL: Authentication, authorization mechanisms and session management
- SECURITY_REVIEW_CATEGORY_API_ENDPOINT: API and service entry points
- SECURITY_REVIEW_CATEGORY_DATABASE: Database architecture and security
- SECURITY_REVIEW_CATEGORY_CRYPTOGRAPHIC: Cryptographic systems and implementations
- SECURITY_REVIEW_CATEGORY_PAYMENT_PROCESSING: Payment processing and financial systems
- SECURITY_REVIEW_CATEGORY_MEMORY_PROTECTION: Memory management and protection
- SECURITY_REVIEW_CATEGORY_PII_DATA_HANDLING: Processing of PII and sensitive information
- SECURITY_REVIEW_CATEGORY_INPUT_VALIDATION: Input validation and processing security
- SECURITY_REVIEW_CATEGORY_INFRASTRUCTURE: Infrastructure security
- SECURITY_REVIEW_CATEGORY_CI_CD: CI/CD pipeline security
- SECURITY_REVIEW_CATEGORY_CONFIGURATION: Application and infrastructure configuration
- SECURITY_REVIEW_CATEGORY_NETWORK: Network security and communication protocols
- SECURITY_REVIEW_CATEGORY_AI: AI/LLM integration security
- SECURITY_REVIEW_CATEGORY_IMPROVEMENT: Improvement to the security posture
- SECURITY_REVIEW_CATEGORY_VULNERABILITY: Vulnerability found in the code
- SECURITY_REVIEW_CATEGORY_BUG: Bug found in the code
enum:
- SECURITY_REVIEW_CATEGORY_UNSPECIFIED
- SECURITY_REVIEW_CATEGORY_DEPENDENCY
- SECURITY_REVIEW_CATEGORY_ACCESS_CONTROL
- SECURITY_REVIEW_CATEGORY_API_ENDPOINT
- SECURITY_REVIEW_CATEGORY_DATABASE
- SECURITY_REVIEW_CATEGORY_CRYPTOGRAPHIC
- SECURITY_REVIEW_CATEGORY_PAYMENT_PROCESSING
- SECURITY_REVIEW_CATEGORY_MEMORY_PROTECTION
- SECURITY_REVIEW_CATEGORY_PII_DATA_HANDLING
- SECURITY_REVIEW_CATEGORY_INPUT_VALIDATION
- SECURITY_REVIEW_CATEGORY_INFRASTRUCTURE
- SECURITY_REVIEW_CATEGORY_CI_CD
- SECURITY_REVIEW_CATEGORY_CONFIGURATION
- SECURITY_REVIEW_CATEGORY_NETWORK
- SECURITY_REVIEW_CATEGORY_AI
- SECURITY_REVIEW_CATEGORY_IMPROVEMENT
- SECURITY_REVIEW_CATEGORY_VULNERABILITY
- SECURITY_REVIEW_CATEGORY_BUG
type: string
PullRequestSecurityReviewResultInfoSecurityReviewConfidenceLevel:
default: SECURITY_REVIEW_CONFIDENCE_LEVEL_UNSPECIFIED
description: >-
SecurityReviewConfidenceLevel represents the confidence level in the
security assessment.
- SECURITY_REVIEW_CONFIDENCE_LEVEL_UNSPECIFIED: Default confidence level when confidence is unknown
- SECURITY_REVIEW_CONFIDENCE_LEVEL_LOW: Low confidence level
- SECURITY_REVIEW_CONFIDENCE_LEVEL_MEDIUM: Medium confidence level
- SECURITY_REVIEW_CONFIDENCE_LEVEL_HIGH: High confidence level
enum:
- SECURITY_REVIEW_CONFIDENCE_LEVEL_UNSPECIFIED
- SECURITY_REVIEW_CONFIDENCE_LEVEL_LOW
- SECURITY_REVIEW_CONFIDENCE_LEVEL_MEDIUM
- SECURITY_REVIEW_CONFIDENCE_LEVEL_HIGH
type: string
SecurityAspectMetricSecurityImpactType:
default: SECURITY_IMPACT_TYPE_UNSPECIFIED
description: >-
Indicates whether a code change improves security, introduces
regression, or is neutral.
- SECURITY_IMPACT_TYPE_UNSPECIFIED: Default unspecified value.
- SECURITY_IMPACT_TYPE_IMPROVEMENT: The change improves security.
- SECURITY_IMPACT_TYPE_REGRESSION: The change introduces security regression.
- SECURITY_IMPACT_TYPE_NEUTRAL: The change has neutral security impact.
enum:
- SECURITY_IMPACT_TYPE_UNSPECIFIED
- SECURITY_IMPACT_TYPE_IMPROVEMENT
- SECURITY_IMPACT_TYPE_REGRESSION
- SECURITY_IMPACT_TYPE_NEUTRAL
type: string
PullRequestSecurityReviewResultInfoSecuritySeverityLevel:
default: SECURITY_SEVERITY_LEVEL_UNSPECIFIED
description: >-
Level represents the severity or importance level of a security aspect
or finding
Used to prioritize security concerns and determine the urgency of
required actions.
- SECURITY_SEVERITY_LEVEL_UNSPECIFIED: Default level when severity is unknown
- SECURITY_SEVERITY_LEVEL_LOW: Minor security concerns with minimal impact
- SECURITY_SEVERITY_LEVEL_MEDIUM: Moderate security concerns that should be addressed
- SECURITY_SEVERITY_LEVEL_HIGH: Significant security concerns requiring prompt attention
- SECURITY_SEVERITY_LEVEL_CRITICAL: Critical security issues that need immediate remediation
enum:
- SECURITY_SEVERITY_LEVEL_UNSPECIFIED
- SECURITY_SEVERITY_LEVEL_LOW
- SECURITY_SEVERITY_LEVEL_MEDIUM
- SECURITY_SEVERITY_LEVEL_HIGH
- SECURITY_SEVERITY_LEVEL_CRITICAL
type: string
PullRequestSecurityReviewResultInfoCodeSnippet:
description: >-
CodeSnippet represents a specific portion of code that has security
implications.
This could be sensitive operations, security controls, or potential
vulnerabilities.
properties:
change_kind:
$ref: '#/components/schemas/PullRequestSecurityReviewResultInfoChangeKind'
description:
title: Description of what the code snippet does
type: string
file:
title: File path where the snippet is located
type: string
impact:
title: Security impact or implications of this code
type: string
language:
title: Code language of the snippet
type: string
line:
format: int32
title: Starting line number of the snippet
type: integer
line_end:
format: int32
title: Ending line number of the snippet
type: integer
snippet:
title: The actual code content of the snippet
type: string
required:
- file
- line
type: object
v1ScoreCategory:
default: SCORE_CATEGORY_UNSPECIFIED
description: |-
The types of scores that Endor Labs tracks.
- SCORE_CATEGORY_POPULARITY: Tracks a project's popularity.
- SCORE_CATEGORY_ACTIVITY: Tracks the amount of activity around a project.
- SCORE_CATEGORY_BEST_PRACTICES: Tracks how much a project follows various development best practices.
- SCORE_CATEGORY_SUSPICIOUS_ACTIVITY: Tracks suspicious activity on a project.
- SCORE_CATEGORY_DEPENDENCIES: Tracks the dependencies of a project.
- SCORE_CATEGORY_SECURITY: Tracks security aspects of a project.
- SCORE_CATEGORY_CODE_QUALITY: Tracks the code quality of a project.
- SCORE_CATEGORY_OPERATIONAL_RISK: Tracks the operationa risk of a project.
enum:
- SCORE_CATEGORY_UNSPECIFIED
- SCORE_CATEGORY_POPULARITY
- SCORE_CATEGORY_ACTIVITY
- SCORE_CATEGORY_BEST_PRACTICES
- SCORE_CATEGORY_SUSPICIOUS_ACTIVITY
- SCORE_CATEGORY_DEPENDENCIES
- SCORE_CATEGORY_SECURITY
- SCORE_CATEGORY_CODE_QUALITY
- SCORE_CATEGORY_OPERATIONAL_RISK
type: string
v1ActionPolicies:
properties:
allowed_actions:
type: string
enabled_repositories:
type: string
type: object
ScpmDataRunner:
properties:
allows_public_repos:
type: boolean
id:
format: uint64
type: string
name:
type: string
url:
type: string
visibility:
type: string
type: object
ScpmDataWebhook:
properties:
active:
type: boolean
config_url:
type: string
deliveries_url:
type: string
events:
items:
type: string
type: array
id:
format: uint64
type: string
insecure_ssl:
type: boolean
name:
type: string
ping_url:
type: string
secret:
type: string
test_url:
type: string
type:
type: string
url:
type: string
type: object
v1IngestedObject:
description: |-
Raw ingested object from a 3rd party source,
along with any additional metadata we want
to add to the object.
properties:
ingestion_time:
description: Time the object was last ingested.
format: date-time
type: string
raw:
description: Generic representation of the object.
type: object
status:
$ref: '#/components/schemas/IngestedObjectIngestedObjectStatus'
required:
- raw
- ingestion_time
- status
type: object
v1VulnSpec:
properties:
additional_endor_notes:
description: Notes from the Endor Labs analysis of the vulnerability.
items:
type: string
type: array
additional_notes:
description: Notes by the person that processed the CVE.
items:
type: string
type: array
affected:
items:
$ref: '#/components/schemas/VulnSpecAffected'
type: array
aliases:
description: Optional. IDs for the same vulnerability in other databases.
items:
type: string
type: array
credits:
description: Optional. Credits for the vulnerability.
items:
$ref: '#/components/schemas/VulnSpecCredit'
type: array
cvss_v3_severity:
$ref: '#/components/schemas/SpecCVSSV3Severity'
cvss_v4_severity:
$ref: '#/components/schemas/SpecCVSSV4Severity'
database_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the database for which the record
applies.
type: object
deepdive:
description: >-
Indicates whether the research team performed full analysis on
multiple
artifact_ids involved in CVE.
type: boolean
disputed:
description: >-
Indicates whether the research team considers a CVE should be
disputed
based on analysis.
type: boolean
epss_score:
$ref: '#/components/schemas/SpecEPSSScore'
malicious:
description: Indicates whether this item is classified as malicious or not.
type: boolean
modified:
description: The RFC3339 timestamp indicating when this entry was last modified.
format: date-time
type: string
published:
description: The RFC3339 timestamp indicating when this entry was published.
format: date-time
type: string
raw:
$ref: '#/components/schemas/SpecRaw'
references:
description: Reference URLs for the vulnerability.
items:
$ref: '#/components/schemas/VulnSpecReference'
type: array
related:
description: >-
Optional. List of IDs of closely related vulnerabilities, such as
the
same problem in alternate ecosystems.
items:
type: string
type: array
summary:
description: Long summary of the vulnerability.
type: string
withdrawn:
description: >-
Optional. The RFC3339 timestamp indicating when this entry is
considered
to be withdrawn.
format: date-time
type: string
type: object
JobCloudResourceAccessedWithoutOIDC:
properties:
action_name:
description: Name of the action used to access cloud resources.
type: string
cloud_name:
$ref: '#/components/schemas/JobCloudName'
evidence_message:
description: Contains evidence message for the non-OIDC cloud resource violation.
type: string
input_parameters:
description: List of input parameters used to access the cloud resource.
items:
type: string
type: array
invoking_script:
description: Script content if the cloud resource is accessed using a script.
type: string
location_uri:
description: >-
Workflow file path with line number for non-OIDC cloud resource
access.
type: string
step_name:
description: Step name for the non-OIDC cloud resource access.
type: string
type: object
JobImposterCommit:
properties:
action:
description: Full action reference (e.g. "actions/checkout@abc123...").
type: string
action_repo_clone_url:
description: Constructed clone URL used for the lookup.
type: string
action_sha:
description: The pinned commit SHA.
type: string
location_uri:
description: Workflow file path with line number for the imposter action step.
type: string
step_name:
description: Step name where the imposter action is used.
type: string
type: object
JobScriptInjectionDetected:
properties:
gh_context_variables:
items:
type: string
title: >-
List of GitHub context variable for which the injection was
detected.
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections
type: array
location_uris:
description: Full path of each injection variable detected with line number.
items:
type: string
type: array
script_content:
description: Shell script content where the injection was detected.
type: string
step_name:
description: Step name where script injection was detected.
type: string
type: object
JobUnpinnedCommitShaAction:
properties:
line_number:
description: Line number of the workflow file containing the action.
format: int32
type: integer
name:
description: Name of the action.
type: string
version:
description: Version of the action used.
type: string
type: object
JobUnpinnedRunner:
properties:
line_number:
description: Line number of the workflow file containing the runner version.
format: int32
type: integer
name:
description: Name of the targeted runner type.
type: string
version:
description: Version of the runner used.
type: string
type: object
JobUntrustedCodeExecution:
properties:
build_cmd:
description: Build cmd used to execute the untrusted code.
items:
type: string
type: array
build_cmd_script_content:
description: Shell script content where the untrusted code is being executed.
type: string
build_cmd_step:
description: Step name where the untrusted code is being executed.
type: string
checkout_cmd:
description: Checkout command used to checkout the code.
type: string
checkout_script_content:
description: Shell script content where the untrusted code is being checked out.
type: string
checkout_step:
description: Step name where the untrusted code is being checked out.
type: string
location_uri:
description: >-
Workflow file path with the line number for untrusted code execution
script.
type: string
type: object
JobUnverifiedGHAction:
properties:
line_number:
description: Line number of the workflow file containing the action.
format: int32
type: integer
name:
description: Name of the action.
type: string
type: object
IngestedObjectIngestedObjectStatus:
default: INGESTED_OBJECT_STATUS_UNSPECIFIED
description: |2-
- INGESTED_OBJECT_STATUS_LIGHT: Example: Use when a user exists because they are attached to a commit,
but are not found on a direct lookup.
enum:
- INGESTED_OBJECT_STATUS_UNSPECIFIED
- INGESTED_OBJECT_STATUS_FOUND
- INGESTED_OBJECT_STATUS_NOT_FOUND
- INGESTED_OBJECT_STATUS_LIGHT
type: string
VulnSpecAffected:
properties:
affected_callpath_uris:
description: >-
Affected function URIs in FastenURI format.
For example,
"/com.atlassian.connect.spring.internal.lifecycle/LifecycleController.installed(%2Fcom.atlassian.connect.spring.internal.lifecycle%2FLifecycleEvent,%2Fcom.atlassian.connect.spring%2FAtlassianHostUser)%2Forg.springframework.http%2FResponseEntity".
items:
type: string
type: array
affected_filepaths:
description: >-
Class name that this vulnerability affects in JVM notation.
For example,
"com/atlassian/connect/spring/internal/lifecycle/LifecycleController.class".
items:
type: string
type: array
database_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the database for which the record
applies.
type: object
ecosystem_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the ecosystem for which the record
applies.
type: object
fix_commits:
items:
type: string
title: Links to the commits that fix the vulnerability
type: array
has_been_fixed:
type: boolean
maintainer_cvss_level:
$ref: '#/components/schemas/SpecCVSSSeverityLevel'
maintainer_severity:
$ref: '#/components/schemas/CVSSV3SeverityLevel'
package:
$ref: '#/components/schemas/SpecAffectedPackage'
ranges:
items:
$ref: '#/components/schemas/SpecAffectedRange'
type: array
source:
$ref: '#/components/schemas/AffectedSource'
versions:
items:
type: string
type: array
type: object
VulnSpecCredit:
properties:
contact:
description: Contact methods (URLs).
items:
type: string
type: array
name:
description: The name to give the credit.
type: string
type: object
SpecCVSSV3Severity:
properties:
level:
$ref: '#/components/schemas/CVSSV3SeverityLevel'
score:
description: |-
The Common Vulnerability Scoring System (CVSS score) provides a
numerical (0-10) representation of the severity of an information
security vulnerability.
format: float
type: number
temporal_level:
$ref: '#/components/schemas/CVSSV3SeverityLevel'
temporal_score:
description: |-
The Common Vulnerability Scoring System (CVSS score) provides a
numerical (0-10) representation of the severity of an information
security vulnerability.
format: float
type: number
temporal_vector:
description: >-
A specially formatted vector indicating the attack surface and
severity
of the vulnerability. Format is here:
https://www.first.org/cvss/specification-document.
type: string
vector:
description: >-
A specially formatted vector indicating the attack surface and
severity
of the vulnerability. Format is here:
https://www.first.org/cvss/specification-document.
type: string
type: object
SpecCVSSV4Severity:
properties:
base_level:
$ref: '#/components/schemas/CVSSV4SeverityV4Level'
base_score:
description: |-
The Common Vulnerability Scoring System v4.0 base score provides a
numerical (0-10) representation of the severity of an information
security vulnerability.
format: float
type: number
environmental_level:
$ref: '#/components/schemas/CVSSV4SeverityV4Level'
environmental_score:
description: |-
The CVSS v4.0 environmental score provides context-specific scoring
based on the deployment environment.
format: float
type: number
threat_level:
$ref: '#/components/schemas/CVSSV4SeverityV4Level'
threat_score:
description: |-
The CVSS v4.0 threat score provides additional context about the
exploitability of the vulnerability.
format: float
type: number
vector:
description: >-
A specially formatted vector indicating the attack surface and
severity
of the vulnerability. Format is here:
https://www.first.org/cvss/v4.0/specification-document.
type: string
type: object
SpecEPSSScore:
properties:
percentile_score:
format: double
type: number
probability_score:
format: double
type: number
type: object
SpecRaw:
properties:
endor_vulnerability:
$ref: '#/components/schemas/endorv1Vulnerability'
epss_record:
$ref: '#/components/schemas/SpecEPSSRecord'
kev_record:
$ref: '#/components/schemas/SpecKEVRecord'
nvd_vulnerability:
$ref: '#/components/schemas/v1NVDVulnerability'
osv_vulnerability:
$ref: '#/components/schemas/osvVulnerability'
type: object
VulnSpecReference:
properties:
type:
$ref: '#/components/schemas/ReferenceReferenceType'
url:
description: The vulnerability URL.
type: string
required:
- type
- url
type: object
JobCloudName:
default: CLOUD_NAME_UNSPECIFIED
enum:
- CLOUD_NAME_UNSPECIFIED
- CLOUD_NAME_AWS
- CLOUD_NAME_AZURE
- CLOUD_NAME_GCP
- CLOUD_NAME_HASHICORP
type: string
SpecCVSSSeverityLevel:
default: CVSS_SEVERITY_LEVEL_UNSPECIFIED
description: Common severity level enum used across different CVSS versions.
enum:
- CVSS_SEVERITY_LEVEL_UNSPECIFIED
- CVSS_SEVERITY_LEVEL_NONE
- CVSS_SEVERITY_LEVEL_LOW
- CVSS_SEVERITY_LEVEL_MEDIUM
- CVSS_SEVERITY_LEVEL_HIGH
- CVSS_SEVERITY_LEVEL_CRITICAL
type: string
CVSSV3SeverityLevel:
default: LEVEL_UNSPECIFIED
enum:
- LEVEL_UNSPECIFIED
- LEVEL_NONE
- LEVEL_LOW
- LEVEL_MEDIUM
- LEVEL_HIGH
- LEVEL_CRITICAL
type: string
SpecAffectedPackage:
description: Package information and version.
properties:
cpe:
type: string
cpes:
description: List of CPEs associated with the affected package.
items:
type: string
type: array
ecosystem:
$ref: '#/components/schemas/v1Ecosystem'
name:
type: string
purl:
type: string
required:
- name
- ecosystem
type: object
SpecAffectedRange:
description: Affected ranges.
properties:
fixed:
description: The version or commit in which this vulnerability was fixed.
type: string
introduced:
description: |-
The earliest version or commit in which this vulnerability was
introduced.
type: string
last_affected:
description: >-
The last version known to be affected. Versions strictly after this
are assumed to be fixed. Used when an explicit fixed version is
unavailable.
type: string
repo:
description: The repository URL.
type: string
type:
$ref: '#/components/schemas/RangeRangeType'
type: object
AffectedSource:
default: SOURCE_UNSPECIFIED
enum:
- SOURCE_UNSPECIFIED
- SOURCE_OSV
- SOURCE_ENDOR
- SOURCE_OVAL
type: string
CVSSV4SeverityV4Level:
default: V4_LEVEL_UNSPECIFIED
enum:
- V4_LEVEL_UNSPECIFIED
- V4_LEVEL_NONE
- V4_LEVEL_LOW
- V4_LEVEL_MEDIUM
- V4_LEVEL_HIGH
- V4_LEVEL_CRITICAL
type: string
endorv1Vulnerability:
description: >-
Vulnerability models information that can be extracted by analyzing
CVEs.
properties:
additional_notes:
description: Notes by the person that processed the CVE.
type: string
component:
description: |-
Information about affected artifacts, versions
and function identifiers.
items:
$ref: '#/components/schemas/VulnerabilityComponent'
type: array
cve_description:
description: A freeform textual summary of the vulnerability.
type: string
cve_id:
description: The CVE ID, as it appears in the NVD. For example, CVE-2021-36090.
type: string
cve_references:
items:
type: string
title: Web links containing extra information about the CVE
type: array
cvss_score:
description: >-
The Common Vulnerability Scoring System (CVSS score) provides a
numerical
(0-10) representation of the severity of an information security
vulnerability.
format: float
type: number
cvss_vector:
title: >-
A specially formatted vector indicating the attack surface and
severity of
the vulnerability. Format is here:
https://www.first.org/cvss/specification-document
type: string
cwe:
title: |-
The Common Weakness Enumeration field, if any.
See: https://cwe.mitre.org
type: string
deepdive:
description: >-
Indicates whether the research team performed full analysis on
multiple
artifact_ids involved in CVE.
type: boolean
disputed:
description: >-
Indicates whether the research team considers a CVE should be
disputed
based on analysis.
type: boolean
ecosystem:
title: A free form name of the ecosystem, e.g. Maven
type: string
fix_commit:
items:
type: string
title: Links to the commit(s) that fix the vulnerability
type: array
last_updated:
description: The timestamp when the vulnerability was last updated.
format: date-time
type: string
malicious:
description: Indicates whether this item is classified as malicious or not.
type: boolean
nofix:
description: >-
Indicates whether the fix is not released or not disclosed for a
CVE.
In such cases, the endor_uri string might not be available.
type: boolean
package_name:
title: |-
A free form name of the affected package / project, e.g. Apache
commons-compress
type: string
schema_version:
description: The schema version used for this vulnerability descriptor.
type: string
withdrawn:
description: Indicates whether the underlying vulnerability has been withdrawn.
format: date-time
type: string
required:
- cve_id
- cve_description
- package_name
- ecosystem
- schema_version
type: object
SpecEPSSRecord:
properties:
cve_id:
type: string
ingestion_time:
format: date-time
type: string
percentile:
format: double
type: number
probability:
format: double
type: number
type: object
SpecKEVRecord:
properties:
cve_id:
type: string
date_added:
format: date-time
type: string
due_date:
format: date-time
type: string
known_ransomware_campaign_use:
type: string
notes:
type: string
product:
type: string
required_action:
type: string
short_description:
type: string
vendor_project:
type: string
vulnerability_name:
type: string
type: object
v1NVDVulnerability:
description: >-
NVD Vulnerability.
Based on schema definition provided by NVD here.
https://csrc.nist.gov/schema/nvd/api/2.0/cve_api_json_2.0.schema.
properties:
cve:
$ref: '#/components/schemas/NVDVulnerabilityRootCve'
type: object
osvVulnerability:
description: >-
A vulnerability entry.
The protobuf representation is *NOT* stable and only used for
implementing
the JSON based API.
properties:
affected:
description: Required. Affected commit ranges and versions.
items:
$ref: '#/components/schemas/osvAffected'
type: array
aliases:
description: Optional. IDs for the same vulnerability in other databases.
items:
type: string
type: array
credits:
description: Optional. Credits for the vulnerability.
items:
$ref: '#/components/schemas/osvCredit'
type: array
database_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the database for which the record
applies.
type: object
details:
description: >-
Required. Any additional human readable details for the
vulnerability.
type: string
id:
description: >-
The `id` field is a unique identifier for the vulnerability entry.
It is a
string of the format `-`, where `DB` names the database
and
`ENTRYID` is in the format used by the database. For example:
“OSV-2020-111”, “CVE-2021-3114”, or “GHSA-vp9c-fpxx-744v”.
type: string
modified:
description: The RFC3339 timestamp indicating when this entry was last modified.
format: date-time
type: string
package:
$ref: '#/components/schemas/osvPackage'
published:
description: The RFC3339 timestamp indicating when this entry was published.
format: date-time
type: string
references:
description: |-
Optional. URLs to more information/advisories (including the
scheme e.g "https://").
items:
$ref: '#/components/schemas/osvReference'
type: array
related:
description: >-
Optional. List of IDs of closely related vulnerabilities, such as
the same
problem in alternate ecosystems.
items:
type: string
type: array
schema_version:
description: The OSV schema version.
type: string
severity:
description: Optional. Severity of the vulnerability.
items:
$ref: '#/components/schemas/osvSeverity'
type: array
summary:
description: >-
Required. One line human readable summary for the vulnerability. It
is
recommended to keep this under 120 characters.
type: string
withdrawn:
description: >-
Optional. The RFC3339 timestamp indicating when this entry is
considered to
be withdrawn.
format: date-time
type: string
type: object
ReferenceReferenceType:
default: REFERENCE_TYPE_UNSPECIFIED
enum:
- REFERENCE_TYPE_UNSPECIFIED
- REFERENCE_TYPE_WEB
- REFERENCE_TYPE_ADVISORY
- REFERENCE_TYPE_REPORT
- REFERENCE_TYPE_FIX
- REFERENCE_TYPE_PACKAGE
- REFERENCE_TYPE_ARTICLE
type: string
v1Ecosystem:
default: ECOSYSTEM_UNSPECIFIED
description: >2-
- ECOSYSTEM_GO: GoLang.
- ECOSYSTEM_MAVEN: Maven.
- ECOSYSTEM_PYPI: Python.
- ECOSYSTEM_CARGO: Rust.
- ECOSYSTEM_NPM: Javascript.
- ECOSYSTEM_GEM: Ruby.
- ECOSYSTEM_NUGET: Dotnet.
- ECOSYSTEM_PACKAGIST: PHP.
- ECOSYSTEM_SBOM: SBOMs.
- ECOSYSTEM_RPM: RPM.
- ECOSYSTEM_DEBIAN: Debian.
- ECOSYSTEM_GITHUB_ACTION: GitHub Actions.
- ECOSYSTEM_COCOAPOD: Cocoapods.
- ECOSYSTEM_APK: APK (alpine et.al).
- ECOSYSTEM_CONTAINER: Containers.
- ECOSYSTEM_HUGGING_FACE: Hugging Face.
- ECOSYSTEM_C: C/C++.
- ECOSYSTEM_GIT: ecosystem GIT for GIT repository dependencies.
This can be used for package name of the resolved dependencies when a
given repository has dependencies to other GIT repositories. Currently
we
use this to represent vulnerabilities for the given GIT repository. ex:
git submodules, C/C++ dependencies.
- ECOSYSTEM_AI_MODEL: AI models.
- ECOSYSTEM_SWIFT: Ecosystem Swift consists of native Swift packages, which are defined
using the Package.swift manifest file and managed by the Swift Package
Manager. There is a separate ecosystem for Cocoapod packages called
ECOSYSTEM_COCOAPOD, which is an alternative package manager for Swift
packages.
- ECOSYSTEM_CONAN: Ecosystem Conan for C/C++ packages managed by the Conan 2.x package manager.
enum:
- ECOSYSTEM_UNSPECIFIED
- ECOSYSTEM_GO
- ECOSYSTEM_MAVEN
- ECOSYSTEM_PYPI
- ECOSYSTEM_CARGO
- ECOSYSTEM_NPM
- ECOSYSTEM_GEM
- ECOSYSTEM_NUGET
- ECOSYSTEM_PACKAGIST
- ECOSYSTEM_SBOM
- ECOSYSTEM_RPM
- ECOSYSTEM_DEBIAN
- ECOSYSTEM_GITHUB_ACTION
- ECOSYSTEM_COCOAPOD
- ECOSYSTEM_APK
- ECOSYSTEM_CONTAINER
- ECOSYSTEM_HUGGING_FACE
- ECOSYSTEM_C
- ECOSYSTEM_GIT
- ECOSYSTEM_AI_MODEL
- ECOSYSTEM_SWIFT
- ECOSYSTEM_CONAN
type: string
RangeRangeType:
default: RANGE_TYPE_UNSPECIFIED
description: Type of the version information.
enum:
- RANGE_TYPE_UNSPECIFIED
- RANGE_TYPE_GIT
- RANGE_TYPE_SEMVER
- RANGE_TYPE_ECOSYSTEM
type: string
VulnerabilityComponent:
properties:
artifact_id:
description: Indicates the artifact artifact_id that the CVE affects.
type: string
endor_uri:
description: >-
Affected function URIs in FastenURI format.
For example,
"/com.atlassian.connect.spring.internal.lifecycle/LifecycleController.installed(%2Fcom.atlassian.connect.spring.internal.lifecycle%2FLifecycleEvent,%2Fcom.atlassian.connect.spring%2FAtlassianHostUser)%2Forg.springframework.http%2FResponseEntity".
items:
type: string
type: array
fixed_versions:
description: >-
A list of all fixed versions.
Can be more than one if the fix is applied on multiple release
branches.
items:
type: string
type: array
group_id:
description: Indicates the artifact group id that the CVE affects.
type: string
versions_range:
description: >-
Vulnerable version range in Maven notation. For example,
"[1.1.0,2.1.3)".
items:
type: string
type: array
vulnerable_filepath:
description: >-
Class name that this vulnerability affects in JVM notation.
For example,
"com/atlassian/connect/spring/internal/lifecycle/LifecycleController.class".
items:
type: string
type: array
vulnerable_versions:
description: A list of all affected artifact versions.
items:
type: string
type: array
required:
- group_id
- artifact_id
type: object
NVDVulnerabilityRootCve:
properties:
cisa_action_due:
type: string
cisa_exploit_add:
type: string
cisa_required_action:
type: string
cisa_vulnerability_name:
type: string
configurations:
items:
$ref: '#/components/schemas/RootCveConfig'
type: array
descriptions:
items:
$ref: '#/components/schemas/RootCveLangString'
type: array
evaluator_comment:
type: string
evaluator_impact:
type: string
evaluator_solution:
type: string
id:
type: string
last_modified:
format: date-time
type: string
metrics:
$ref: '#/components/schemas/RootCveCVSSMetric'
published:
format: date-time
type: string
references:
items:
$ref: '#/components/schemas/NVDVulnerabilityRootCveReference'
type: array
source_identifier:
type: string
vendor_comments:
items:
$ref: '#/components/schemas/RootCveVendorComment'
type: array
vuln_status:
type: string
vuln_typed_status:
$ref: '#/components/schemas/v1NVDStatus'
weaknesses:
items:
$ref: '#/components/schemas/RootCveWeakness'
type: array
required:
- id
- published
- last_modified
- descriptions
- references
type: object
osvAffected:
description: Affected versions and commits.
properties:
database_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the database for which the record
applies.
type: object
ecosystem_specific:
description: >-
Optional. JSON object holding additional information about the
vulnerability as defined by the ecosystem for which the record
applies.
type: object
package:
$ref: '#/components/schemas/osvPackage'
ranges:
description: Required. Range information.
items:
$ref: '#/components/schemas/osvRange'
type: array
versions:
description: Optional. List of affected versions.
items:
type: string
type: array
type: object
osvCredit:
properties:
contact:
description: Contact methods (URLs).
items:
type: string
type: array
name:
description: The name to give credit to.
type: string
type: object
osvPackage:
description: Package information and version.
properties:
ecosystem:
description: |-
Required. The ecosystem for this package.
For the complete list of valid ecosystem names, see
.
type: string
name:
description: >-
Required. Name of the package. Should match the name used in the
package
ecosystem (e.g. the npm package name). For C/C++ projects integrated
in
OSS-Fuzz, this is the name used for the integration.
type: string
purl:
description: Optional. The package URL for this package.
type: string
type: object
osvReference:
description: Reference URL.
properties:
type:
$ref: '#/components/schemas/osvReferenceType'
url:
description: Required. The URL.
type: string
type: object
osvSeverity:
properties:
score:
description: The quantitative score.
type: string
type:
$ref: '#/components/schemas/osvSeverityType'
type: object
RootCveConfig:
properties:
negate:
type: boolean
nodes:
items:
$ref: '#/components/schemas/ConfigCVSSNode'
type: array
operator:
$ref: '#/components/schemas/ConfigOperator'
type: object
RootCveLangString:
properties:
lang:
type: string
value:
type: string
required:
- lang
- value
type: object
RootCveCVSSMetric:
properties:
cvss_metric_v2:
items:
$ref: '#/components/schemas/NVDVulnerabilityCvssMetricV2'
type: array
cvss_metric_v30:
items:
$ref: '#/components/schemas/NVDVulnerabilityCvssMetricV30'
type: array
cvss_metric_v31:
items:
$ref: '#/components/schemas/NVDVulnerabilityCvssMetricV31'
type: array
cvss_metric_v40:
items:
$ref: '#/components/schemas/NVDVulnerabilityCvssMetricV40'
type: array
type: object
NVDVulnerabilityRootCveReference:
properties:
source:
type: string
tags:
items:
type: string
type: array
url:
type: string
required:
- url
type: object
RootCveVendorComment:
properties:
comment:
type: string
last_modified:
format: date-time
type: string
organization:
type: string
required:
- organization
- comment
- last_modified
type: object
v1NVDStatus:
default: NVD_STATUS_UNSPECIFIED
enum:
- NVD_STATUS_UNSPECIFIED
- NVD_STATUS_RECEIVED
- NVD_STATUS_AWAITING_ANALYSIS
- NVD_STATUS_UNDERGOING_ANALYSIS
- NVD_STATUS_ANALYZED
- NVD_STATUS_MODIFIED
- NVD_STATUS_DEFERRED
- NVD_STATUS_REJECTED
type: string
RootCveWeakness:
properties:
description:
items:
$ref: '#/components/schemas/RootCveLangString'
type: array
source:
type: string
type:
type: string
required:
- source
- type
- description
type: object
osvRange:
description: Affected ranges.
properties:
events:
description: Required. Version event information.
items:
$ref: '#/components/schemas/osvEvent'
type: array
repo:
description: >-
Required if type is GIT. The publicly accessible URL of the repo
that can
be directly passed to clone commands.
type: string
type:
$ref: '#/components/schemas/osvRangeType'
type: object
osvReferenceType:
default: NONE
enum:
- NONE
- WEB
- ADVISORY
- REPORT
- FIX
- PACKAGE
- ARTICLE
type: string
osvSeverityType:
default: UNSPECIFIED
description: Type of the severity.
enum:
- UNSPECIFIED
- CVSS_V3
type: string
ConfigCVSSNode:
properties:
cpe_match:
items:
$ref: '#/components/schemas/CVSSNodeCpeMatch'
type: array
negate:
type: boolean
operator:
$ref: '#/components/schemas/ConfigOperator'
required:
- operator
- cpe_match
type: object
ConfigOperator:
default: OPERATOR_UNSPECIFIED
enum:
- OPERATOR_UNSPECIFIED
- OPERATOR_AND
- OPERATOR_OR
type: string
NVDVulnerabilityCvssMetricV2:
description: >-
Based on schema definition provided by NVD here.
https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v2.0.json.
properties:
ac_insuf_info:
type: boolean
base_severity:
type: string
cvss_data:
$ref: '#/components/schemas/v1CvssDataV2'
exploitability_score:
format: float
type: number
impact_score:
format: float
type: number
obtain_all_privilege:
type: boolean
obtain_other_privilege:
type: boolean
obtain_user_privilege:
type: boolean
source:
type: string
type:
$ref: '#/components/schemas/v1NVDMetricType'
user_interaction_required:
type: boolean
required:
- source
- type
- cvss_data
type: object
NVDVulnerabilityCvssMetricV30:
description: >-
Based on schema definition provided by NVD here.
https://csrc.nist.gov/schema/nvd/api/3.0/external/cvss-v2.0.json.
properties:
cvss_data:
$ref: '#/components/schemas/v1CvssDataV30'
exploitability_score:
format: float
type: number
impact_score:
format: float
type: number
source:
type: string
type:
$ref: '#/components/schemas/v1NVDMetricType'
required:
- source
- type
- cvss_data
type: object
NVDVulnerabilityCvssMetricV31:
description: >-
Based on schema definition provided by NVD here.
https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v3.1.json.
properties:
cvss_data:
$ref: '#/components/schemas/v1CvssDataV31'
exploitability_score:
format: float
type: number
impact_score:
format: float
type: number
source:
type: string
type:
$ref: '#/components/schemas/v1NVDMetricType'
required:
- source
- type
- cvss_data
type: object
NVDVulnerabilityCvssMetricV40:
description: >-
CvssMetricV40. Based on schema definition provided by FIRST.ORG for CVSS
v4.0.
schema in
https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v4.0.json.
properties:
cvss_data:
$ref: '#/components/schemas/v1CvssDataV40'
exploitability_score:
format: float
type: number
impact_score:
format: float
type: number
source:
type: string
type:
$ref: '#/components/schemas/v1NVDMetricType'
required:
- source
- type
- cvss_data
type: object
osvEvent:
description: Version events.
properties:
fixed:
description: The version/commit that this vulnerability was fixed in.
type: string
introduced:
description: |-
The earliest version/commit where this vulnerability
was introduced in.
type: string
limit:
description: The limit to apply to the range.
type: string
type: object
osvRangeType:
default: UNSPECIFIED
description: Type of the version information.
enum:
- UNSPECIFIED
- GIT
- SEMVER
- ECOSYSTEM
type: string
CVSSNodeCpeMatch:
properties:
criteria:
type: string
match_criteria_id:
type: string
version_end_excluding:
type: string
version_end_including:
type: string
version_start_excluding:
type: string
version_start_including:
type: string
vulnerable:
type: boolean
required:
- vulnerable
- criteria
- match_criteria_id
type: object
v1CvssDataV2:
properties:
access_complexity:
$ref: '#/components/schemas/CvssDataV2AccessComplexity'
access_vector:
$ref: '#/components/schemas/v1NVDAttackVector'
authentication:
$ref: '#/components/schemas/CvssDataV2Auth'
availability_impact:
$ref: '#/components/schemas/CvssDataV2V2Impact'
availability_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
base_score:
format: float
type: number
collateral_damage_potential:
$ref: '#/components/schemas/CvssDataV2CollateralDamagePotential'
confidentiality_impact:
$ref: '#/components/schemas/CvssDataV2V2Impact'
confidentiality_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
environmental_score:
format: float
type: number
exploitability:
$ref: '#/components/schemas/CvssDataV2Exploitability'
integrity_impact:
$ref: '#/components/schemas/CvssDataV2V2Impact'
integrity_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
remediation_level:
$ref: '#/components/schemas/v1NVDRemediationLevel'
report_confidence:
$ref: '#/components/schemas/CvssDataV2ReportConfidence'
target_distribution:
$ref: '#/components/schemas/CvssDataV2TargetDistribution'
temporal_score:
format: float
type: number
vector_string:
type: string
version:
type: string
required:
- version
- vector_string
- base_score
type: object
v1NVDMetricType:
default: NVD_METRIC_TYPE_UNSPECIFIED
enum:
- NVD_METRIC_TYPE_UNSPECIFIED
- NVD_METRIC_TYPE_PRIMARY
- NVD_METRIC_TYPE_SECONDARY
type: string
v1CvssDataV30:
properties:
attack_complexity:
$ref: '#/components/schemas/v1NVDAttackComplexity'
attack_vector:
$ref: '#/components/schemas/v1NVDAttackVector'
availability_impact:
$ref: '#/components/schemas/v1NVDImpact'
availability_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
base_score:
format: float
type: number
base_severity:
$ref: '#/components/schemas/v1NVDSeverity'
confidentiality_impact:
$ref: '#/components/schemas/v1NVDImpact'
confidentiality_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
environmental_score:
format: float
type: number
environmental_severity:
$ref: '#/components/schemas/v1NVDSeverity'
exploit_code_maturity:
$ref: '#/components/schemas/v1NVDExploitCodeMaturity'
integrity_impact:
$ref: '#/components/schemas/v1NVDImpact'
integrity_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
modified_attack_complexity:
$ref: '#/components/schemas/v1NVDModifiedAttackComplexity'
modified_attack_vector:
$ref: '#/components/schemas/v1NVDModifiedAttackVector'
modified_availability_impact:
$ref: '#/components/schemas/v1NVDModifiedImpact'
modified_confidentiality_impact:
$ref: '#/components/schemas/v1NVDModifiedImpact'
modified_integrity_impact:
$ref: '#/components/schemas/v1NVDModifiedImpact'
modified_privileges_required:
$ref: '#/components/schemas/v1NVDModifiedPrivilegesRequired'
modified_scope:
$ref: '#/components/schemas/v1NVDModifiedScope'
modified_user_interaction:
$ref: '#/components/schemas/v1NVDModifiedUserInteraction'
privileges_required:
$ref: '#/components/schemas/v1NVDPrivilegesRequired'
remediation_level:
$ref: '#/components/schemas/v1NVDRemediationLevel'
report_confidence:
$ref: '#/components/schemas/v1NVDReportConfidence'
scope:
$ref: '#/components/schemas/v1NVDScope'
temporal_score:
format: float
type: number
temporal_severity:
$ref: '#/components/schemas/v1NVDSeverity'
user_interaction:
$ref: '#/components/schemas/v1NVDUserInteraction'
vector_string:
type: string
version:
type: string
required:
- version
- vector_string
- base_score
- base_severity
type: object
v1CvssDataV31:
properties:
attack_complexity:
$ref: '#/components/schemas/v1NVDAttackComplexity'
attack_vector:
$ref: '#/components/schemas/v1NVDAttackVector'
availability_impact:
$ref: '#/components/schemas/v1NVDImpact'
availability_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
base_score:
format: float
type: number
base_severity:
$ref: '#/components/schemas/v1NVDSeverity'
confidentiality_impact:
$ref: '#/components/schemas/v1NVDImpact'
confidentiality_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
environmental_score:
format: float
type: number
environmental_severity:
$ref: '#/components/schemas/v1NVDSeverity'
exploit_code_maturity:
$ref: '#/components/schemas/v1NVDExploitCodeMaturity'
integrity_impact:
$ref: '#/components/schemas/v1NVDImpact'
integrity_requirement:
$ref: '#/components/schemas/v1NVDRequirement'
modified_attack_complexity:
$ref: '#/components/schemas/v1NVDModifiedAttackComplexity'
modified_attack_vector:
$ref: '#/components/schemas/v1NVDModifiedAttackVector'
modified_availability_impact:
$ref: '#/components/schemas/v1NVDModifiedImpact'
modified_confidentiality_impact:
$ref: '#/components/schemas/v1NVDModifiedScope'
modified_integrity_impact:
$ref: '#/components/schemas/v1NVDModifiedImpact'
modified_privileges_required:
$ref: '#/components/schemas/v1NVDModifiedPrivilegesRequired'
modified_scope:
$ref: '#/components/schemas/v1NVDModifiedScope'
modified_user_interaction:
$ref: '#/components/schemas/v1NVDModifiedUserInteraction'
privileges_required:
$ref: '#/components/schemas/v1NVDPrivilegesRequired'
remediation_level:
$ref: '#/components/schemas/v1NVDRemediationLevel'
report_confidence:
$ref: '#/components/schemas/v1NVDReportConfidence'
scope:
$ref: '#/components/schemas/v1NVDScope'
temporal_score:
format: float
type: number
temporal_severity:
$ref: '#/components/schemas/v1NVDSeverity'
user_interaction:
$ref: '#/components/schemas/v1NVDUserInteraction'
vector_string:
type: string
version:
type: string
required:
- version
- vector_string
- base_score
- base_severity
type: object
v1CvssDataV40:
properties:
attack_complexity:
$ref: '#/components/schemas/v1NVDV40AttackComplexity'
attack_requirements:
$ref: '#/components/schemas/v1NVDV40AttackRequirements'
attack_vector:
$ref: '#/components/schemas/v1NVDV40AttackVector'
automatable:
$ref: '#/components/schemas/v1NVDV40Automatable'
availability_requirement:
$ref: '#/components/schemas/v1NVDV40Requirement'
base_score:
format: float
type: number
base_severity:
$ref: '#/components/schemas/v1NVDSeverity'
confidentiality_requirement:
$ref: '#/components/schemas/v1NVDV40Requirement'
environmental_score:
format: float
type: number
environmental_severity:
$ref: '#/components/schemas/v1NVDSeverity'
exploit_maturity:
$ref: '#/components/schemas/v1NVDV40ExploitMaturity'
integrity_requirement:
$ref: '#/components/schemas/v1NVDV40Requirement'
modified_attack_complexity:
$ref: '#/components/schemas/v1NVDV40ModifiedAttackComplexity'
modified_attack_requirements:
$ref: '#/components/schemas/v1NVDV40ModifiedAttackRequirements'
modified_attack_vector:
$ref: '#/components/schemas/v1NVDV40ModifiedAttackVector'
modified_privileges_required:
$ref: '#/components/schemas/v1NVDV40ModifiedPrivilegesRequired'
modified_sub_availability_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedSubImpact'
modified_sub_confidentiality_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedSubImpact'
modified_sub_integrity_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedSubImpact'
modified_user_interaction:
$ref: '#/components/schemas/v1NVDV40ModifiedUserInteraction'
modified_vuln_availability_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedImpact'
modified_vuln_confidentiality_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedImpact'
modified_vuln_integrity_impact:
$ref: '#/components/schemas/v1NVDV40ModifiedImpact'
privileges_required:
$ref: '#/components/schemas/v1NVDV40PrivilegesRequired'
provider_urgency:
$ref: '#/components/schemas/v1NVDV40ProviderUrgency'
recovery:
$ref: '#/components/schemas/v1NVDV40Recovery'
safety:
$ref: '#/components/schemas/v1NVDV40Safety'
sub_availability_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
sub_confidentiality_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
sub_integrity_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
threat_score:
format: float
type: number
threat_severity:
$ref: '#/components/schemas/v1NVDSeverity'
user_interaction:
$ref: '#/components/schemas/v1NVDV40UserInteraction'
value_density:
$ref: '#/components/schemas/v1NVDV40ValueDensity'
vector_string:
type: string
version:
type: string
vuln_availability_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
vuln_confidentiality_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
vuln_integrity_impact:
$ref: '#/components/schemas/v1NVDV40Impact'
vulnerability_response_effort:
$ref: '#/components/schemas/v1NVDV40VulnerabilityResponseEffort'
required:
- version
- vector_string
- base_score
- base_severity
type: object
CvssDataV2AccessComplexity:
default: ACCESS_COMPLEXITY_UNSPECIFIED
enum:
- ACCESS_COMPLEXITY_UNSPECIFIED
- ACCESS_COMPLEXITY_HIGH
- ACCESS_COMPLEXITY_MEDIUM
- ACCESS_COMPLEXITY_LOW
type: string
v1NVDAttackVector:
default: NVD_ATTACK_VECTOR_UNSPECIFIED
enum:
- NVD_ATTACK_VECTOR_UNSPECIFIED
- NVD_ATTACK_VECTOR_NETWORK
- NVD_ATTACK_VECTOR_ADJACENT_NETWORK
- NVD_ATTACK_VECTOR_LOCAL
- NVD_ATTACK_VECTOR_PHYSICAL
type: string
CvssDataV2Auth:
default: AUTH_UNSPECIFIED
enum:
- AUTH_UNSPECIFIED
- AUTH_MULTIPLE
- AUTH_SINGLE
- AUTH_NONE
type: string
CvssDataV2V2Impact:
default: V2_IMPACT_IMPACT_UNSPECIFIED
enum:
- V2_IMPACT_IMPACT_UNSPECIFIED
- V2_IMPACT_IMPACT_NONE
- V2_IMPACT_IMPACT_PARTIAL
- V2_IMPACT_IMPACT_COMPLETE
type: string
v1NVDRequirement:
default: NVD_REQUIREMENT_UNSPECIFIED
enum:
- NVD_REQUIREMENT_UNSPECIFIED
- NVD_REQUIREMENT_LOW
- NVD_REQUIREMENT_MEDIUM
- NVD_REQUIREMENT_HIGH
- NVD_REQUIREMENT_NOT_DEFINED
type: string
CvssDataV2CollateralDamagePotential:
default: COLLATERAL_DAMAGE_POTENTIAL_UNSPECIFIED
enum:
- COLLATERAL_DAMAGE_POTENTIAL_UNSPECIFIED
- COLLATERAL_DAMAGE_POTENTIAL_NONE
- COLLATERAL_DAMAGE_POTENTIAL_LOW
- COLLATERAL_DAMAGE_POTENTIAL_LOW_MEDIUM
- COLLATERAL_DAMAGE_POTENTIAL_MEDIUM_HIGH
- COLLATERAL_DAMAGE_POTENTIAL_HIGH
- COLLATERAL_DAMAGE_POTENTIAL_NOT_DEFINED
type: string
CvssDataV2Exploitability:
default: EXPLOITABILITY_UNSPECIFIED
enum:
- EXPLOITABILITY_UNSPECIFIED
- EXPLOITABILITY_UNPROVEN
- EXPLOITABILITY_PROOF_OF_CONCEPT
- EXPLOITABILITY_FUNCTIONAL
- EXPLOITABILITY_HIGH
- EXPLOITABILITY_NOT_DEFINED
type: string
v1NVDRemediationLevel:
default: NVD_REMEDIATION_LEVEL_UNSPECIFIED
enum:
- NVD_REMEDIATION_LEVEL_UNSPECIFIED
- NVD_REMEDIATION_LEVEL_OFFICIAL_FIX
- NVD_REMEDIATION_LEVEL_TEMPORARY_FIX
- NVD_REMEDIATION_LEVEL_WORKAROUND
- NVD_REMEDIATION_LEVEL_UNAVAILABLE
- NVD_REMEDIATION_LEVEL_NOT_DEFINED
type: string
CvssDataV2ReportConfidence:
default: REPORT_CONFIDENCE_UNSPECIFIED
enum:
- REPORT_CONFIDENCE_UNSPECIFIED
- REPORT_CONFIDENCE_UNCONFIRMED
- REPORT_CONFIDENCE_UNCORROBORATED
- REPORT_CONFIDENCE_CONFIRMED
- REPORT_CONFIDENCE_NOT_DEFINED
type: string
CvssDataV2TargetDistribution:
default: TARGET_DISTRIBUTION_UNSPECIFIED
enum:
- TARGET_DISTRIBUTION_UNSPECIFIED
- TARGET_DISTRIBUTION_NONE
- TARGET_DISTRIBUTION_LOW
- TARGET_DISTRIBUTION_MEDIUM
- TARGET_DISTRIBUTION_HIGH
- TARGET_DISTRIBUTION_NOT_DEFINED
type: string
v1NVDAttackComplexity:
default: NVD_ATTACK_COMPLEXITY_UNSPECIFIED
enum:
- NVD_ATTACK_COMPLEXITY_UNSPECIFIED
- NVD_ATTACK_COMPLEXITY_HIGH
- NVD_ATTACK_COMPLEXITY_LOW
type: string
v1NVDImpact:
default: NVD_IMPACT_UNSPECIFIED
enum:
- NVD_IMPACT_UNSPECIFIED
- NVD_IMPACT_NONE
- NVD_IMPACT_LOW
- NVD_IMPACT_HIGH
type: string
v1NVDSeverity:
default: NVD_SEVERITY_UNSPECIFIED
enum:
- NVD_SEVERITY_UNSPECIFIED
- NVD_SEVERITY_NONE
- NVD_SEVERITY_LOW
- NVD_SEVERITY_MEDIUM
- NVD_SEVERITY_HIGH
- NVD_SEVERITY_CRITICAL
type: string
v1NVDExploitCodeMaturity:
default: NVD_EXPLOIT_CODE_MATURITY_UNSPECIFIED
enum:
- NVD_EXPLOIT_CODE_MATURITY_UNSPECIFIED
- NVD_EXPLOIT_CODE_MATURITY_UNPROVEN
- NVD_EXPLOIT_CODE_MATURITY_PROOF_OF_CONCEPT
- NVD_EXPLOIT_CODE_MATURITY_FUNCTIONAL
- NVD_EXPLOIT_CODE_MATURITY_HIGH
- NVD_EXPLOIT_CODE_MATURITY_NOT_DEFINED
type: string
v1NVDModifiedAttackComplexity:
default: NVD_MODIFIED_ATTACK_COMPLEXITY_UNSPECIFIED
enum:
- NVD_MODIFIED_ATTACK_COMPLEXITY_UNSPECIFIED
- NVD_MODIFIED_ATTACK_COMPLEXITY_HIGH
- NVD_MODIFIED_ATTACK_COMPLEXITY_LOW
- NVD_MODIFIED_ATTACK_COMPLEXITY_NOT_DEFINED
type: string
v1NVDModifiedAttackVector:
default: NVD_MODIFIED_ATTACK_VECTOR_UNSPECIFIED
enum:
- NVD_MODIFIED_ATTACK_VECTOR_UNSPECIFIED
- NVD_MODIFIED_ATTACK_VECTOR_NETWORK
- NVD_MODIFIED_ATTACK_VECTOR_ADJACENT_NETWORK
- NVD_MODIFIED_ATTACK_VECTOR_LOCAL
- NVD_MODIFIED_ATTACK_VECTOR_PHYSICAL
- NVD_MODIFIED_ATTACK_VECTOR_NOT_DEFINED
type: string
v1NVDModifiedImpact:
default: NVD_MODIFIED_IMPACT_UNSPECIFIED
enum:
- NVD_MODIFIED_IMPACT_UNSPECIFIED
- NVD_MODIFIED_IMPACT_NONE
- NVD_MODIFIED_IMPACT_LOW
- NVD_MODIFIED_IMPACT_HIGH
- NVD_MODIFIED_IMPACT_NOT_DEFINED
type: string
v1NVDModifiedPrivilegesRequired:
default: NVD_MODIFIED_PRIVILEGES_REQUIRED_UNSPECIFIED
enum:
- NVD_MODIFIED_PRIVILEGES_REQUIRED_UNSPECIFIED
- NVD_MODIFIED_PRIVILEGES_REQUIRED_HIGH
- NVD_MODIFIED_PRIVILEGES_REQUIRED_LOW
- NVD_MODIFIED_PRIVILEGES_REQUIRED_NONE
- NVD_MODIFIED_PRIVILEGES_REQUIRED_NOT_DEFINED
type: string
v1NVDModifiedScope:
default: NVD_MODIFIED_SCOPE_UNSPECIFIED
enum:
- NVD_MODIFIED_SCOPE_UNSPECIFIED
- NVD_MODIFIED_SCOPE_UNCHANGED
- NVD_MODIFIED_SCOPE_CHANGED
- NVD_MODIFIED_SCOPE_NOT_DEFINED
type: string
v1NVDModifiedUserInteraction:
default: NVD_MODIFIED_USER_INTERACTION_UNSPECIFIED
enum:
- NVD_MODIFIED_USER_INTERACTION_UNSPECIFIED
- NVD_MODIFIED_USER_INTERACTION_NONE
- NVD_MODIFIED_USER_INTERACTION_REQUIRED
- NVD_MODIFIED_USER_INTERACTION_NOT_DEFINED
type: string
v1NVDPrivilegesRequired:
default: NVD_PRIVILEGES_REQUIRED_UNSPECIFIED
enum:
- NVD_PRIVILEGES_REQUIRED_UNSPECIFIED
- NVD_PRIVILEGES_REQUIRED_HIGH
- NVD_PRIVILEGES_REQUIRED_LOW
- NVD_PRIVILEGES_REQUIRED_NONE
type: string
v1NVDReportConfidence:
default: NVD_REPORT_CONFIDENCE_UNSPECIFIED
enum:
- NVD_REPORT_CONFIDENCE_UNSPECIFIED
- NVD_REPORT_CONFIDENCE_UNKNOWN
- NVD_REPORT_CONFIDENCE_REASONABLE
- NVD_REPORT_CONFIDENCE_CONFIRMED
- NVD_REPORT_CONFIDENCE_NOT_DEFINED
type: string
v1NVDScope:
default: NVD_SCOPE_UNSPECIFIED
enum:
- NVD_SCOPE_UNSPECIFIED
- NVD_SCOPE_UNCHANGED
- NVD_SCOPE_CHANGED
type: string
v1NVDUserInteraction:
default: NVD_USER_INTERACTION_UNSPECIFIED
enum:
- NVD_USER_INTERACTION_UNSPECIFIED
- NVD_USER_INTERACTION_NONE
- NVD_USER_INTERACTION_REQUIRED
type: string
v1NVDV40AttackComplexity:
default: NVDV40_ATTACK_COMPLEXITY_UNSPECIFIED
enum:
- NVDV40_ATTACK_COMPLEXITY_UNSPECIFIED
- NVDV40_ATTACK_COMPLEXITY_HIGH
- NVDV40_ATTACK_COMPLEXITY_LOW
type: string
v1NVDV40AttackRequirements:
default: NVDV40_ATTACK_REQUIREMENTS_UNSPECIFIED
enum:
- NVDV40_ATTACK_REQUIREMENTS_UNSPECIFIED
- NVDV40_ATTACK_REQUIREMENTS_NONE
- NVDV40_ATTACK_REQUIREMENTS_PRESENT
type: string
v1NVDV40AttackVector:
default: NVDV40_ATTACK_VECTOR_UNSPECIFIED
enum:
- NVDV40_ATTACK_VECTOR_UNSPECIFIED
- NVDV40_ATTACK_VECTOR_NETWORK
- NVDV40_ATTACK_VECTOR_ADJACENT
- NVDV40_ATTACK_VECTOR_LOCAL
- NVDV40_ATTACK_VECTOR_PHYSICAL
type: string
v1NVDV40Automatable:
default: NVDV40_AUTOMATABLE_UNSPECIFIED
enum:
- NVDV40_AUTOMATABLE_UNSPECIFIED
- NVDV40_AUTOMATABLE_NO
- NVDV40_AUTOMATABLE_YES
- NVDV40_AUTOMATABLE_NOT_DEFINED
type: string
v1NVDV40Requirement:
default: NVDV40_REQUIREMENT_UNSPECIFIED
enum:
- NVDV40_REQUIREMENT_UNSPECIFIED
- NVDV40_REQUIREMENT_LOW
- NVDV40_REQUIREMENT_MEDIUM
- NVDV40_REQUIREMENT_HIGH
- NVDV40_REQUIREMENT_NOT_DEFINED
type: string
v1NVDV40ExploitMaturity:
default: NVDV40_EXPLOIT_MATURITY_UNSPECIFIED
enum:
- NVDV40_EXPLOIT_MATURITY_UNSPECIFIED
- NVDV40_EXPLOIT_MATURITY_UNREPORTED
- NVDV40_EXPLOIT_MATURITY_PROOF_OF_CONCEPT
- NVDV40_EXPLOIT_MATURITY_ATTACKED
- NVDV40_EXPLOIT_MATURITY_NOT_DEFINED
type: string
v1NVDV40ModifiedAttackComplexity:
default: NVDV40_MODIFIED_ATTACK_COMPLEXITY_UNSPECIFIED
enum:
- NVDV40_MODIFIED_ATTACK_COMPLEXITY_UNSPECIFIED
- NVDV40_MODIFIED_ATTACK_COMPLEXITY_HIGH
- NVDV40_MODIFIED_ATTACK_COMPLEXITY_LOW
- NVDV40_MODIFIED_ATTACK_COMPLEXITY_NOT_DEFINED
type: string
v1NVDV40ModifiedAttackRequirements:
default: NVDV40_MODIFIED_ATTACK_REQUIREMENTS_UNSPECIFIED
enum:
- NVDV40_MODIFIED_ATTACK_REQUIREMENTS_UNSPECIFIED
- NVDV40_MODIFIED_ATTACK_REQUIREMENTS_NONE
- NVDV40_MODIFIED_ATTACK_REQUIREMENTS_PRESENT
- NVDV40_MODIFIED_ATTACK_REQUIREMENTS_NOT_DEFINED
type: string
v1NVDV40ModifiedAttackVector:
default: NVDV40_MODIFIED_ATTACK_VECTOR_UNSPECIFIED
enum:
- NVDV40_MODIFIED_ATTACK_VECTOR_UNSPECIFIED
- NVDV40_MODIFIED_ATTACK_VECTOR_NETWORK
- NVDV40_MODIFIED_ATTACK_VECTOR_ADJACENT
- NVDV40_MODIFIED_ATTACK_VECTOR_LOCAL
- NVDV40_MODIFIED_ATTACK_VECTOR_PHYSICAL
- NVDV40_MODIFIED_ATTACK_VECTOR_NOT_DEFINED
type: string
v1NVDV40ModifiedPrivilegesRequired:
default: NVDV40_MODIFIED_PRIVILEGES_REQUIRED_UNSPECIFIED
enum:
- NVDV40_MODIFIED_PRIVILEGES_REQUIRED_UNSPECIFIED
- NVDV40_MODIFIED_PRIVILEGES_REQUIRED_HIGH
- NVDV40_MODIFIED_PRIVILEGES_REQUIRED_LOW
- NVDV40_MODIFIED_PRIVILEGES_REQUIRED_NONE
- NVDV40_MODIFIED_PRIVILEGES_REQUIRED_NOT_DEFINED
type: string
v1NVDV40ModifiedSubImpact:
default: NVDV40_MODIFIED_SUB_IMPACT_UNSPECIFIED
enum:
- NVDV40_MODIFIED_SUB_IMPACT_UNSPECIFIED
- NVDV40_MODIFIED_SUB_IMPACT_NEGLIGIBLE
- NVDV40_MODIFIED_SUB_IMPACT_LOW
- NVDV40_MODIFIED_SUB_IMPACT_HIGH
- NVDV40_MODIFIED_SUB_IMPACT_SAFETY
- NVDV40_MODIFIED_SUB_IMPACT_NOT_DEFINED
type: string
v1NVDV40ModifiedUserInteraction:
default: NVDV40_MODIFIED_USER_INTERACTION_UNSPECIFIED
enum:
- NVDV40_MODIFIED_USER_INTERACTION_UNSPECIFIED
- NVDV40_MODIFIED_USER_INTERACTION_NONE
- NVDV40_MODIFIED_USER_INTERACTION_PASSIVE
- NVDV40_MODIFIED_USER_INTERACTION_ACTIVE
- NVDV40_MODIFIED_USER_INTERACTION_NOT_DEFINED
type: string
v1NVDV40ModifiedImpact:
default: NVDV40_MODIFIED_IMPACT_UNSPECIFIED
enum:
- NVDV40_MODIFIED_IMPACT_UNSPECIFIED
- NVDV40_MODIFIED_IMPACT_NONE
- NVDV40_MODIFIED_IMPACT_LOW
- NVDV40_MODIFIED_IMPACT_HIGH
- NVDV40_MODIFIED_IMPACT_NOT_DEFINED
type: string
v1NVDV40PrivilegesRequired:
default: NVDV40_PRIVILEGES_REQUIRED_UNSPECIFIED
enum:
- NVDV40_PRIVILEGES_REQUIRED_UNSPECIFIED
- NVDV40_PRIVILEGES_REQUIRED_HIGH
- NVDV40_PRIVILEGES_REQUIRED_LOW
- NVDV40_PRIVILEGES_REQUIRED_NONE
type: string
v1NVDV40ProviderUrgency:
default: NVDV40_PROVIDER_URGENCY_UNSPECIFIED
enum:
- NVDV40_PROVIDER_URGENCY_UNSPECIFIED
- NVDV40_PROVIDER_URGENCY_CLEAR
- NVDV40_PROVIDER_URGENCY_GREEN
- NVDV40_PROVIDER_URGENCY_AMBER
- NVDV40_PROVIDER_URGENCY_RED
- NVDV40_PROVIDER_URGENCY_NOT_DEFINED
type: string
v1NVDV40Recovery:
default: NVDV40_RECOVERY_UNSPECIFIED
enum:
- NVDV40_RECOVERY_UNSPECIFIED
- NVDV40_RECOVERY_AUTOMATIC
- NVDV40_RECOVERY_USER
- NVDV40_RECOVERY_IRRECOVERABLE
- NVDV40_RECOVERY_NOT_DEFINED
type: string
v1NVDV40Safety:
default: NVDV40_SAFETY_UNSPECIFIED
enum:
- NVDV40_SAFETY_UNSPECIFIED
- NVDV40_SAFETY_NEGLIGIBLE
- NVDV40_SAFETY_PRESENT
- NVDV40_SAFETY_NOT_DEFINED
type: string
v1NVDV40Impact:
default: NVDV40_IMPACT_UNSPECIFIED
enum:
- NVDV40_IMPACT_UNSPECIFIED
- NVDV40_IMPACT_NONE
- NVDV40_IMPACT_LOW
- NVDV40_IMPACT_HIGH
type: string
v1NVDV40UserInteraction:
default: NVDV40_USER_INTERACTION_UNSPECIFIED
enum:
- NVDV40_USER_INTERACTION_UNSPECIFIED
- NVDV40_USER_INTERACTION_NONE
- NVDV40_USER_INTERACTION_PASSIVE
- NVDV40_USER_INTERACTION_ACTIVE
type: string
v1NVDV40ValueDensity:
default: NVDV40_VALUE_DENSITY_UNSPECIFIED
enum:
- NVDV40_VALUE_DENSITY_UNSPECIFIED
- NVDV40_VALUE_DENSITY_DIFFUSE
- NVDV40_VALUE_DENSITY_CONCENTRATED
- NVDV40_VALUE_DENSITY_NOT_DEFINED
type: string
v1NVDV40VulnerabilityResponseEffort:
default: NVDV40_VULNERABILITY_RESPONSE_EFFORT_UNSPECIFIED
enum:
- NVDV40_VULNERABILITY_RESPONSE_EFFORT_UNSPECIFIED
- NVDV40_VULNERABILITY_RESPONSE_EFFORT_LOW
- NVDV40_VULNERABILITY_RESPONSE_EFFORT_MODERATE
- NVDV40_VULNERABILITY_RESPONSE_EFFORT_HIGH
- NVDV40_VULNERABILITY_RESPONSE_EFFORT_NOT_DEFINED
type: string
````