Class: Grafeas::V1::VulnerabilityOccurrence

Inherits:
Object
  • Object
show all
Extended by:
Google::Protobuf::MessageExts::ClassMethods
Includes:
Google::Protobuf::MessageExts
Defined in:
proto_docs/grafeas/v1/vulnerability.rb

Overview

An occurrence of a severity vulnerability on a resource.

Defined Under Namespace

Classes: PackageIssue, VexAssessment

Instance Attribute Summary collapse

Instance Attribute Details

#cvss_score::Float 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvss_v2::Grafeas::V1::CVSS 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvss_version::Grafeas::V1::CVSSVersion 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#cvssv3::Grafeas::V1::CVSS 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#effective_severity::Grafeas::V1::Severity 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#fix_available::Boolean 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#long_description::String 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#package_issue::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue> 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#related_urls::Array<::Grafeas::V1::RelatedUrl> 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#severity::Grafeas::V1::Severity 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#short_description::String 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#type::String 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#vex_assessment::Grafeas::V1::VulnerabilityOccurrence::VexAssessment 



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'proto_docs/grafeas/v1/vulnerability.rb', line 216

class VulnerabilityOccurrence
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package this vulnerability occurrence was found
  # in and its associated fix (if one is available).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability was found in.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability was found in.
  # @!attribute [rw] affected_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package that is installed on the resource
  #     affected by this vulnerability.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] fix_available
  #   @return [::Boolean]
  #     Output only. Whether a fix is available for this package.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package (e.g. OS, MAVEN, GO).
  # @!attribute [r] effective_severity
  #   @return [::Grafeas::V1::Severity]
  #     The distro or language system assigned severity for this vulnerability
  #     when that is available and note provider assigned severity when it is not
  #     available.
  # @!attribute [rw] file_location
  #   @return [::Array<::Grafeas::V1::FileLocation>]
  #     The location at which this package was found.
  class PackageIssue
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # VexAssessment provides all publisher provided Vex information that is
  # related to this vulnerability.
  # @!attribute [rw] cve
  #   @return [::String]
  #     Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
  #     tracking number for the vulnerability.
  # @!attribute [rw] related_uris
  #   @return [::Array<::Grafeas::V1::RelatedUrl>]
  #     Holds a list of references associated with this vulnerability item and
  #     assessment.
  # @!attribute [rw] note_name
  #   @return [::String]
  #     The VulnerabilityAssessment note from which this VexAssessment was
  #     generated.
  #     This will be of the form: `projects/[PROJECT_ID]/notes/[NOTE_ID]`.
  #     (-- api-linter: core::0122::name-suffix=disabled
  #         aip.dev/not-precedent: The suffix is kept for consistency. --)
  # @!attribute [rw] state
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
  #     Provides the state of this Vulnerability assessment.
  # @!attribute [rw] impacts
  #   @return [::Array<::String>]
  #     Contains information about the impact of this vulnerability,
  #     this will change with time.
  # @!attribute [rw] remediations
  #   @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
  #     Specifies details on how to handle (and presumably, fix) a vulnerability.
  # @!attribute [rw] justification
  #   @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
  #     Justification provides the justification when the state of the
  #     assessment if NOT_AFFECTED.
  class VexAssessment
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end