Interface VulnerabilityDetails

The associations (e.g. Jira issue) to add in addition to the currently stored associations of the Security Vulnerability.

VulnerabilityAdditionalInfo

Extra information (optional). This data will be shown in the security feature under the vulnerability displayName.

An ISO-8601 Date-time string representing the last time the provider updated associations on this entity.

Expected format is an RFC3339 formatted string.

A sequence number to compare when writing entity associations to the database.

This can be any monotonically increasing number. A highly recommended implementation is to use epoch millis.

This is an optional field. If it is not provided it will default to being equal to the corresponding entity's updateSequenceNumber.

Associations are written following a LastWriteWins strategy, association that are received with an associationsUpdateSequenceNumber lower than what is currently stored will be ignored.

The identifier of the Container where this Vulnerability was found. Must be unique for a given Provider. This must follow this regex pattern: [a-zA-Z0-9\\-_.~@:{}=]+(/[a-zA-Z0-9\\-_.~@:{}=]+)*

A description of the issue in markdown format that will be shown in the UI and used when creating Jira Issues. HTML tags are not supported in the markdown format. For creating a new line \n can be used. Read more about the accepted markdown transformations here.

The human-readable name for the Vulnerability. Will be shown in the UI.

If not provided, will use the ID for display.

The identifier for the Vulnerability. Must be unique for a given Provider.

The identifying information for the Vulnerability.

The timestamp to present to the user that shows when the Vulnerability was introduced.

Expected format is an RFC3339 formatted string.

The last-updated timestamp to present to the user the last time the Vulnerability was updated.

Expected format is an RFC3339 formatted string.

The associations (e.g. Jira issue) to remove from currently stored associations of the Security Vulnerability.

The VulnerabilityData schema version used for this vulnerability data.

Placeholder to support potential schema changes in the future.

VulnerabilitySeverity

Severity information for a single Vulnerability.

This is the severity information that will be presented to the user on e.g. the Jira Security screen.

VulnerabilityStatus

The current status of the Vulnerability.

The type of Vulnerability detected.

An ID used to apply an ordering to updates for this Vulnerability in the case of out-of-order receipt of update requests.

This can be any monotonically increasing number. A suggested implementation is to use epoch millis from the Provider system, but other alternatives are valid (e.g. a Provider could store a counter against each Vulnerability and increment that on each update to Jira).

Updates for a Vulnerability that are received with an updateSequenceId lower than what is currently stored will be ignored.

A URL users can use to link to a summary view of this vulnerability, if appropriate.

This could be any location that makes sense in the Provider system (e.g. if the summary information comes from a specific project, it might make sense to link the user to the vulnerability in that project).