gitlab-security_report_schemas 0.1.0.min15.0.0.max15.1.4 → 0.1.0.min15.1.0.max15.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (88) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +5 -3
  3. data/README.md +10 -14
  4. data/Rakefile +1 -1
  5. data/gem_version +1 -1
  6. data/lib/gitlab/security_report_schemas/configuration.rb +2 -2
  7. data/lib/gitlab/security_report_schemas/version.rb +2 -0
  8. data/supported_versions +0 -11
  9. metadata +2 -81
  10. data/RUNBOOK.md +0 -28
  11. data/schemas/15.0.0/cluster-image-scanning-report-format.json +0 -946
  12. data/schemas/15.0.0/container-scanning-report-format.json +0 -880
  13. data/schemas/15.0.0/coverage-fuzzing-report-format.json +0 -836
  14. data/schemas/15.0.0/dast-report-format.json +0 -1241
  15. data/schemas/15.0.0/dependency-scanning-report-format.json +0 -944
  16. data/schemas/15.0.0/sast-report-format.json +0 -831
  17. data/schemas/15.0.0/secret-detection-report-format.json +0 -854
  18. data/schemas/15.0.1/cluster-image-scanning-report-format.json +0 -980
  19. data/schemas/15.0.1/container-scanning-report-format.json +0 -914
  20. data/schemas/15.0.1/coverage-fuzzing-report-format.json +0 -870
  21. data/schemas/15.0.1/dast-report-format.json +0 -1275
  22. data/schemas/15.0.1/dependency-scanning-report-format.json +0 -978
  23. data/schemas/15.0.1/sast-report-format.json +0 -865
  24. data/schemas/15.0.1/secret-detection-report-format.json +0 -888
  25. data/schemas/15.0.2/cluster-image-scanning-report-format.json +0 -980
  26. data/schemas/15.0.2/container-scanning-report-format.json +0 -912
  27. data/schemas/15.0.2/coverage-fuzzing-report-format.json +0 -870
  28. data/schemas/15.0.2/dast-report-format.json +0 -1275
  29. data/schemas/15.0.2/dependency-scanning-report-format.json +0 -978
  30. data/schemas/15.0.2/sast-report-format.json +0 -865
  31. data/schemas/15.0.2/secret-detection-report-format.json +0 -888
  32. data/schemas/15.0.4/cluster-image-scanning-report-format.json +0 -984
  33. data/schemas/15.0.4/container-scanning-report-format.json +0 -916
  34. data/schemas/15.0.4/coverage-fuzzing-report-format.json +0 -874
  35. data/schemas/15.0.4/dast-report-format.json +0 -1279
  36. data/schemas/15.0.4/dependency-scanning-report-format.json +0 -982
  37. data/schemas/15.0.4/sast-report-format.json +0 -869
  38. data/schemas/15.0.4/secret-detection-report-format.json +0 -893
  39. data/schemas/15.0.5/cluster-image-scanning-report-format.json +0 -1035
  40. data/schemas/15.0.5/container-scanning-report-format.json +0 -967
  41. data/schemas/15.0.5/coverage-fuzzing-report-format.json +0 -925
  42. data/schemas/15.0.5/dast-report-format.json +0 -1330
  43. data/schemas/15.0.5/dependency-scanning-report-format.json +0 -1033
  44. data/schemas/15.0.5/sast-report-format.json +0 -920
  45. data/schemas/15.0.5/secret-detection-report-format.json +0 -944
  46. data/schemas/15.0.6/cluster-image-scanning-report-format.json +0 -1035
  47. data/schemas/15.0.6/container-scanning-report-format.json +0 -967
  48. data/schemas/15.0.6/coverage-fuzzing-report-format.json +0 -925
  49. data/schemas/15.0.6/dast-report-format.json +0 -1330
  50. data/schemas/15.0.6/dependency-scanning-report-format.json +0 -1033
  51. data/schemas/15.0.6/sast-report-format.json +0 -920
  52. data/schemas/15.0.6/secret-detection-report-format.json +0 -944
  53. data/schemas/15.0.7/cluster-image-scanning-report-format.json +0 -1085
  54. data/schemas/15.0.7/container-scanning-report-format.json +0 -1017
  55. data/schemas/15.0.7/coverage-fuzzing-report-format.json +0 -975
  56. data/schemas/15.0.7/dast-report-format.json +0 -1380
  57. data/schemas/15.0.7/dependency-scanning-report-format.json +0 -1083
  58. data/schemas/15.0.7/sast-report-format.json +0 -970
  59. data/schemas/15.0.7/secret-detection-report-format.json +0 -994
  60. data/schemas/15.1.1/cluster-image-scanning-report-format.json +0 -1065
  61. data/schemas/15.1.1/container-scanning-for-registry-report-format.json +0 -0
  62. data/schemas/15.1.1/container-scanning-report-format.json +0 -998
  63. data/schemas/15.1.1/coverage-fuzzing-report-format.json +0 -975
  64. data/schemas/15.1.1/dast-report-format.json +0 -1380
  65. data/schemas/15.1.1/dependency-scanning-report-format.json +0 -986
  66. data/schemas/15.1.1/sast-report-format.json +0 -970
  67. data/schemas/15.1.1/secret-detection-report-format.json +0 -994
  68. data/schemas/15.1.2/cluster-image-scanning-report-format.json +0 -1190
  69. data/schemas/15.1.2/container-scanning-report-format.json +0 -1123
  70. data/schemas/15.1.2/coverage-fuzzing-report-format.json +0 -1100
  71. data/schemas/15.1.2/dast-report-format.json +0 -1505
  72. data/schemas/15.1.2/dependency-scanning-report-format.json +0 -1111
  73. data/schemas/15.1.2/sast-report-format.json +0 -1095
  74. data/schemas/15.1.2/secret-detection-report-format.json +0 -1119
  75. data/schemas/15.1.3/cluster-image-scanning-report-format.json +0 -1190
  76. data/schemas/15.1.3/container-scanning-report-format.json +0 -1123
  77. data/schemas/15.1.3/coverage-fuzzing-report-format.json +0 -1100
  78. data/schemas/15.1.3/dast-report-format.json +0 -1505
  79. data/schemas/15.1.3/dependency-scanning-report-format.json +0 -1111
  80. data/schemas/15.1.3/sast-report-format.json +0 -1095
  81. data/schemas/15.1.3/secret-detection-report-format.json +0 -1119
  82. data/schemas/15.1.4/cluster-image-scanning-report-format.json +0 -1190
  83. data/schemas/15.1.4/container-scanning-report-format.json +0 -1123
  84. data/schemas/15.1.4/coverage-fuzzing-report-format.json +0 -1100
  85. data/schemas/15.1.4/dast-report-format.json +0 -1505
  86. data/schemas/15.1.4/dependency-scanning-report-format.json +0 -1111
  87. data/schemas/15.1.4/sast-report-format.json +0 -1095
  88. data/schemas/15.1.4/secret-detection-report-format.json +0 -1119
@@ -1,946 +0,0 @@
1
- {
2
- "$schema": "http://json-schema.org/draft-07/schema#",
3
- "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/cluster-image-scanning-report-format.json",
4
- "title": "Report format for GitLab Cluster Image Scanning",
5
- "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).",
6
- "definitions": {
7
- "detail_type": {
8
- "oneOf": [
9
- {
10
- "$ref": "#/definitions/named_list"
11
- },
12
- {
13
- "$ref": "#/definitions/list"
14
- },
15
- {
16
- "$ref": "#/definitions/table"
17
- },
18
- {
19
- "$ref": "#/definitions/text"
20
- },
21
- {
22
- "$ref": "#/definitions/url"
23
- },
24
- {
25
- "$ref": "#/definitions/code"
26
- },
27
- {
28
- "$ref": "#/definitions/value"
29
- },
30
- {
31
- "$ref": "#/definitions/diff"
32
- },
33
- {
34
- "$ref": "#/definitions/markdown"
35
- },
36
- {
37
- "$ref": "#/definitions/commit"
38
- },
39
- {
40
- "$ref": "#/definitions/file_location"
41
- },
42
- {
43
- "$ref": "#/definitions/module_location"
44
- }
45
- ]
46
- },
47
- "text_value": {
48
- "type": "string"
49
- },
50
- "named_field": {
51
- "type": "object",
52
- "required": [
53
- "name"
54
- ],
55
- "properties": {
56
- "name": {
57
- "$ref": "#/definitions/text_value",
58
- "minLength": 1
59
- },
60
- "description": {
61
- "$ref": "#/definitions/text_value"
62
- }
63
- }
64
- },
65
- "named_list": {
66
- "type": "object",
67
- "description": "An object with named and typed fields",
68
- "required": [
69
- "type",
70
- "items"
71
- ],
72
- "properties": {
73
- "type": {
74
- "const": "named-list"
75
- },
76
- "items": {
77
- "type": "object",
78
- "patternProperties": {
79
- "^.*$": {
80
- "allOf": [
81
- {
82
- "$ref": "#/definitions/named_field"
83
- },
84
- {
85
- "$ref": "#/definitions/detail_type"
86
- }
87
- ]
88
- }
89
- }
90
- }
91
- }
92
- },
93
- "list": {
94
- "type": "object",
95
- "description": "A list of typed fields",
96
- "required": [
97
- "type",
98
- "items"
99
- ],
100
- "properties": {
101
- "type": {
102
- "const": "list"
103
- },
104
- "items": {
105
- "type": "array",
106
- "items": {
107
- "$ref": "#/definitions/detail_type"
108
- }
109
- }
110
- }
111
- },
112
- "table": {
113
- "type": "object",
114
- "description": "A table of typed fields",
115
- "required": [
116
- "type",
117
- "rows"
118
- ],
119
- "properties": {
120
- "type": {
121
- "const": "table"
122
- },
123
- "header": {
124
- "type": "array",
125
- "items": {
126
- "$ref": "#/definitions/detail_type"
127
- }
128
- },
129
- "rows": {
130
- "type": "array",
131
- "items": {
132
- "type": "array",
133
- "items": {
134
- "$ref": "#/definitions/detail_type"
135
- }
136
- }
137
- }
138
- }
139
- },
140
- "text": {
141
- "type": "object",
142
- "description": "Raw text",
143
- "required": [
144
- "type",
145
- "value"
146
- ],
147
- "properties": {
148
- "type": {
149
- "const": "text"
150
- },
151
- "value": {
152
- "$ref": "#/definitions/text_value"
153
- }
154
- }
155
- },
156
- "url": {
157
- "type": "object",
158
- "description": "A single URL",
159
- "required": [
160
- "type",
161
- "href"
162
- ],
163
- "properties": {
164
- "type": {
165
- "const": "url"
166
- },
167
- "text": {
168
- "$ref": "#/definitions/text_value"
169
- },
170
- "href": {
171
- "type": "string",
172
- "minLength": 1,
173
- "examples": [
174
- "http://mysite.com"
175
- ]
176
- }
177
- }
178
- },
179
- "code": {
180
- "type": "object",
181
- "description": "A codeblock",
182
- "required": [
183
- "type",
184
- "value"
185
- ],
186
- "properties": {
187
- "type": {
188
- "const": "code"
189
- },
190
- "value": {
191
- "type": "string"
192
- },
193
- "lang": {
194
- "type": "string",
195
- "description": "A programming language"
196
- }
197
- }
198
- },
199
- "value": {
200
- "type": "object",
201
- "description": "A field that can store a range of types of value",
202
- "required": [
203
- "type",
204
- "value"
205
- ],
206
- "properties": {
207
- "type": {
208
- "const": "value"
209
- },
210
- "value": {
211
- "type": [
212
- "number",
213
- "string",
214
- "boolean"
215
- ]
216
- }
217
- }
218
- },
219
- "diff": {
220
- "type": "object",
221
- "description": "A diff",
222
- "required": [
223
- "type",
224
- "before",
225
- "after"
226
- ],
227
- "properties": {
228
- "type": {
229
- "const": "diff"
230
- },
231
- "before": {
232
- "type": "string"
233
- },
234
- "after": {
235
- "type": "string"
236
- }
237
- }
238
- },
239
- "markdown": {
240
- "type": "object",
241
- "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html",
242
- "required": [
243
- "type",
244
- "value"
245
- ],
246
- "properties": {
247
- "type": {
248
- "const": "markdown"
249
- },
250
- "value": {
251
- "$ref": "#/definitions/text_value",
252
- "examples": [
253
- "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
254
- ]
255
- }
256
- }
257
- },
258
- "commit": {
259
- "type": "object",
260
- "description": "A commit/tag/branch within the GitLab project",
261
- "required": [
262
- "type",
263
- "value"
264
- ],
265
- "properties": {
266
- "type": {
267
- "const": "commit"
268
- },
269
- "value": {
270
- "type": "string",
271
- "description": "The commit SHA",
272
- "minLength": 1
273
- }
274
- }
275
- },
276
- "file_location": {
277
- "type": "object",
278
- "description": "A location within a file in the project",
279
- "required": [
280
- "type",
281
- "file_name",
282
- "line_start"
283
- ],
284
- "properties": {
285
- "type": {
286
- "const": "file-location"
287
- },
288
- "file_name": {
289
- "type": "string",
290
- "minLength": 1
291
- },
292
- "line_start": {
293
- "type": "integer"
294
- },
295
- "line_end": {
296
- "type": "integer"
297
- }
298
- }
299
- },
300
- "module_location": {
301
- "type": "object",
302
- "description": "A location within a binary module of the form module+relative_offset",
303
- "required": [
304
- "type",
305
- "module_name",
306
- "offset"
307
- ],
308
- "properties": {
309
- "type": {
310
- "const": "module-location"
311
- },
312
- "module_name": {
313
- "type": "string",
314
- "minLength": 1,
315
- "examples": [
316
- "compiled_binary"
317
- ]
318
- },
319
- "offset": {
320
- "type": "integer",
321
- "examples": [
322
- 100
323
- ]
324
- }
325
- }
326
- }
327
- },
328
- "self": {
329
- "version": "15.0.0"
330
- },
331
- "required": [
332
- "scan",
333
- "version",
334
- "vulnerabilities"
335
- ],
336
- "additionalProperties": true,
337
- "properties": {
338
- "scan": {
339
- "type": "object",
340
- "required": [
341
- "analyzer",
342
- "end_time",
343
- "scanner",
344
- "start_time",
345
- "status",
346
- "type"
347
- ],
348
- "properties": {
349
- "end_time": {
350
- "type": "string",
351
- "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.",
352
- "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$",
353
- "examples": [
354
- "2020-01-28T03:26:02"
355
- ]
356
- },
357
- "messages": {
358
- "type": "array",
359
- "items": {
360
- "type": "object",
361
- "description": "Communication intended for the initiator of a scan.",
362
- "required": [
363
- "level",
364
- "value"
365
- ],
366
- "properties": {
367
- "level": {
368
- "type": "string",
369
- "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.",
370
- "enum": [
371
- "info",
372
- "warn",
373
- "fatal"
374
- ],
375
- "examples": [
376
- "info"
377
- ]
378
- },
379
- "value": {
380
- "type": "string",
381
- "description": "The message to communicate.",
382
- "minLength": 1,
383
- "examples": [
384
- "Permission denied, scanning aborted"
385
- ]
386
- }
387
- }
388
- }
389
- },
390
- "analyzer": {
391
- "type": "object",
392
- "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.",
393
- "required": [
394
- "id",
395
- "name",
396
- "version",
397
- "vendor"
398
- ],
399
- "properties": {
400
- "id": {
401
- "type": "string",
402
- "description": "Unique id that identifies the analyzer.",
403
- "minLength": 1,
404
- "examples": [
405
- "gitlab-dast"
406
- ]
407
- },
408
- "name": {
409
- "type": "string",
410
- "description": "A human readable value that identifies the analyzer, not required to be unique.",
411
- "minLength": 1,
412
- "examples": [
413
- "GitLab DAST"
414
- ]
415
- },
416
- "url": {
417
- "type": "string",
418
- "pattern": "^https?://.+",
419
- "description": "A link to more information about the analyzer.",
420
- "examples": [
421
- "https://docs.gitlab.com/ee/user/application_security/dast"
422
- ]
423
- },
424
- "vendor": {
425
- "description": "The vendor/maintainer of the analyzer.",
426
- "type": "object",
427
- "required": [
428
- "name"
429
- ],
430
- "properties": {
431
- "name": {
432
- "type": "string",
433
- "description": "The name of the vendor.",
434
- "minLength": 1,
435
- "examples": [
436
- "GitLab"
437
- ]
438
- }
439
- }
440
- },
441
- "version": {
442
- "type": "string",
443
- "description": "The version of the analyzer.",
444
- "minLength": 1,
445
- "examples": [
446
- "1.0.2"
447
- ]
448
- }
449
- }
450
- },
451
- "scanner": {
452
- "type": "object",
453
- "description": "Object defining the scanner used to perform the scan.",
454
- "required": [
455
- "id",
456
- "name",
457
- "version",
458
- "vendor"
459
- ],
460
- "properties": {
461
- "id": {
462
- "type": "string",
463
- "description": "Unique id that identifies the scanner.",
464
- "minLength": 1,
465
- "examples": [
466
- "my-sast-scanner"
467
- ]
468
- },
469
- "name": {
470
- "type": "string",
471
- "description": "A human readable value that identifies the scanner, not required to be unique.",
472
- "minLength": 1,
473
- "examples": [
474
- "My SAST Scanner"
475
- ]
476
- },
477
- "url": {
478
- "type": "string",
479
- "description": "A link to more information about the scanner.",
480
- "examples": [
481
- "https://scanner.url"
482
- ]
483
- },
484
- "version": {
485
- "type": "string",
486
- "description": "The version of the scanner.",
487
- "minLength": 1,
488
- "examples": [
489
- "1.0.2"
490
- ]
491
- },
492
- "vendor": {
493
- "description": "The vendor/maintainer of the scanner.",
494
- "type": "object",
495
- "required": [
496
- "name"
497
- ],
498
- "properties": {
499
- "name": {
500
- "type": "string",
501
- "description": "The name of the vendor.",
502
- "minLength": 1,
503
- "examples": [
504
- "GitLab"
505
- ]
506
- }
507
- }
508
- }
509
- }
510
- },
511
- "start_time": {
512
- "type": "string",
513
- "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.",
514
- "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$",
515
- "examples": [
516
- "2020-02-14T16:01:59"
517
- ]
518
- },
519
- "status": {
520
- "type": "string",
521
- "description": "Result of the scan.",
522
- "enum": [
523
- "success",
524
- "failure"
525
- ]
526
- },
527
- "type": {
528
- "type": "string",
529
- "description": "Type of the scan.",
530
- "enum": [
531
- "cluster_image_scanning"
532
- ]
533
- }
534
- }
535
- },
536
- "schema": {
537
- "type": "string",
538
- "description": "URI pointing to the validating security report schema.",
539
- "pattern": "^https?://.+"
540
- },
541
- "version": {
542
- "type": "string",
543
- "description": "The version of the schema to which the JSON report conforms.",
544
- "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$"
545
- },
546
- "vulnerabilities": {
547
- "type": "array",
548
- "description": "Array of vulnerability objects.",
549
- "items": {
550
- "type": "object",
551
- "description": "Describes the vulnerability using GitLab Flavored Markdown",
552
- "required": [
553
- "id",
554
- "identifiers",
555
- "location"
556
- ],
557
- "properties": {
558
- "id": {
559
- "type": "string",
560
- "minLength": 1,
561
- "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.",
562
- "examples": [
563
- "642735a5-1425-428d-8d4e-3c854885a3c9"
564
- ]
565
- },
566
- "name": {
567
- "type": "string",
568
- "maxLength": 255,
569
- "description": "The name of the vulnerability. This must not include the finding's specific information."
570
- },
571
- "description": {
572
- "type": "string",
573
- "maxLength": 1048576,
574
- "description": "A long text section describing the vulnerability more fully."
575
- },
576
- "severity": {
577
- "type": "string",
578
- "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.",
579
- "enum": [
580
- "Info",
581
- "Unknown",
582
- "Low",
583
- "Medium",
584
- "High",
585
- "Critical"
586
- ]
587
- },
588
- "solution": {
589
- "type": "string",
590
- "maxLength": 7000,
591
- "description": "Explanation of how to fix the vulnerability."
592
- },
593
- "identifiers": {
594
- "type": "array",
595
- "minItems": 1,
596
- "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.",
597
- "items": {
598
- "type": "object",
599
- "required": [
600
- "type",
601
- "name",
602
- "value"
603
- ],
604
- "properties": {
605
- "type": {
606
- "type": "string",
607
- "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).",
608
- "minLength": 1
609
- },
610
- "name": {
611
- "type": "string",
612
- "description": "Human-readable name of the identifier.",
613
- "minLength": 1
614
- },
615
- "url": {
616
- "type": "string",
617
- "description": "URL of the identifier's documentation.",
618
- "pattern": "^https?://.+"
619
- },
620
- "value": {
621
- "type": "string",
622
- "description": "Value of the identifier, for matching purpose.",
623
- "minLength": 1
624
- }
625
- }
626
- }
627
- },
628
- "links": {
629
- "type": "array",
630
- "description": "An array of references to external documentation or articles that describe the vulnerability.",
631
- "items": {
632
- "type": "object",
633
- "required": [
634
- "url"
635
- ],
636
- "properties": {
637
- "name": {
638
- "type": "string",
639
- "description": "Name of the vulnerability details link."
640
- },
641
- "url": {
642
- "type": "string",
643
- "description": "URL of the vulnerability details document.",
644
- "pattern": "^https?://.+"
645
- }
646
- }
647
- }
648
- },
649
- "details": {
650
- "$ref": "#/definitions/named_list/properties/items"
651
- },
652
- "tracking": {
653
- "description": "Describes how this vulnerability should be tracked as the project changes.",
654
- "oneOf": [
655
- {
656
- "description": "Declares that a series of items should be tracked using source-specific tracking methods.",
657
- "required": [
658
- "items"
659
- ],
660
- "properties": {
661
- "type": {
662
- "const": "source"
663
- },
664
- "items": {
665
- "type": "array",
666
- "items": {
667
- "description": "An item that should be tracked using source-specific tracking methods.",
668
- "type": "object",
669
- "required": [
670
- "signatures"
671
- ],
672
- "properties": {
673
- "file": {
674
- "type": "string",
675
- "description": "Path to the file where the vulnerability is located."
676
- },
677
- "start_line": {
678
- "type": "number",
679
- "description": "The first line of the file that includes the vulnerability."
680
- },
681
- "end_line": {
682
- "type": "number",
683
- "description": "The last line of the file that includes the vulnerability."
684
- },
685
- "signatures": {
686
- "type": "array",
687
- "description": "An array of calculated tracking signatures for this tracking item.",
688
- "minItems": 1,
689
- "items": {
690
- "description": "A calculated tracking signature value and metadata.",
691
- "required": [
692
- "algorithm",
693
- "value"
694
- ],
695
- "properties": {
696
- "algorithm": {
697
- "type": "string",
698
- "description": "The algorithm used to generate the signature."
699
- },
700
- "value": {
701
- "type": "string",
702
- "description": "The result of this signature algorithm."
703
- }
704
- }
705
- }
706
- }
707
- }
708
- }
709
- }
710
- }
711
- }
712
- ],
713
- "properties": {
714
- "type": {
715
- "type": "string",
716
- "description": "Each tracking type must declare its own type."
717
- }
718
- }
719
- },
720
- "flags": {
721
- "description": "Flags that can be attached to vulnerabilities.",
722
- "type": "array",
723
- "items": {
724
- "type": "object",
725
- "description": "Informational flags identified and assigned to a vulnerability.",
726
- "required": [
727
- "type",
728
- "origin",
729
- "description"
730
- ],
731
- "properties": {
732
- "type": {
733
- "type": "string",
734
- "minLength": 1,
735
- "description": "Result of the scan.",
736
- "enum": [
737
- "flagged-as-likely-false-positive"
738
- ]
739
- },
740
- "origin": {
741
- "minLength": 1,
742
- "description": "Tool that issued the flag.",
743
- "type": "string"
744
- },
745
- "description": {
746
- "minLength": 1,
747
- "description": "What the flag is about.",
748
- "type": "string"
749
- }
750
- }
751
- }
752
- },
753
- "location": {
754
- "type": "object",
755
- "description": "Identifies the vulnerability's location.",
756
- "required": [
757
- "dependency",
758
- "image",
759
- "kubernetes_resource"
760
- ],
761
- "properties": {
762
- "dependency": {
763
- "type": "object",
764
- "description": "Describes the dependency of a project where the vulnerability is located.",
765
- "required": [
766
- "package",
767
- "version"
768
- ],
769
- "properties": {
770
- "package": {
771
- "type": "object",
772
- "description": "Provides information on the package where the vulnerability is located.",
773
- "required": [
774
- "name"
775
- ],
776
- "properties": {
777
- "name": {
778
- "type": "string",
779
- "description": "Name of the package where the vulnerability is located."
780
- }
781
- }
782
- },
783
- "version": {
784
- "type": "string",
785
- "description": "Version of the vulnerable package."
786
- },
787
- "iid": {
788
- "description": "ID that identifies the dependency in the scope of a dependency file.",
789
- "type": "number"
790
- },
791
- "direct": {
792
- "type": "boolean",
793
- "description": "Tells whether this is a direct, top-level dependency of the scanned project."
794
- },
795
- "dependency_path": {
796
- "type": "array",
797
- "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.",
798
- "items": {
799
- "type": "object",
800
- "required": [
801
- "iid"
802
- ],
803
- "properties": {
804
- "iid": {
805
- "type": "number",
806
- "description": "ID that is unique in the scope of a parent object, and specific to the resource type."
807
- }
808
- }
809
- }
810
- }
811
- }
812
- },
813
- "operating_system": {
814
- "type": "string",
815
- "minLength": 1,
816
- "maxLength": 255,
817
- "description": "The operating system that contains the vulnerable package."
818
- },
819
- "image": {
820
- "type": "string",
821
- "minLength": 1,
822
- "description": "The analyzed Docker image.",
823
- "examples": [
824
- "index.docker.io/library/nginx:1.21"
825
- ]
826
- },
827
- "kubernetes_resource": {
828
- "type": "object",
829
- "description": "The specific Kubernetes resource that was scanned.",
830
- "required": [
831
- "namespace",
832
- "kind",
833
- "name",
834
- "container_name"
835
- ],
836
- "properties": {
837
- "namespace": {
838
- "type": "string",
839
- "minLength": 1,
840
- "maxLength": 255,
841
- "description": "The Kubernetes namespace the resource that had its image scanned.",
842
- "examples": [
843
- "default",
844
- "staging",
845
- "production"
846
- ]
847
- },
848
- "kind": {
849
- "type": "string",
850
- "minLength": 1,
851
- "maxLength": 255,
852
- "description": "The Kubernetes kind the resource that had its image scanned.",
853
- "examples": [
854
- "Deployment",
855
- "DaemonSet"
856
- ]
857
- },
858
- "name": {
859
- "type": "string",
860
- "minLength": 1,
861
- "maxLength": 255,
862
- "description": "The name of the resource that had its image scanned.",
863
- "examples": [
864
- "nginx-ingress"
865
- ]
866
- },
867
- "container_name": {
868
- "type": "string",
869
- "minLength": 1,
870
- "maxLength": 255,
871
- "description": "The name of the container that had its image scanned.",
872
- "examples": [
873
- "nginx"
874
- ]
875
- },
876
- "agent_id": {
877
- "type": "string",
878
- "minLength": 1,
879
- "maxLength": 255,
880
- "description": "The GitLab ID of the Kubernetes Agent which performed the scan.",
881
- "examples": [
882
- "1234"
883
- ]
884
- },
885
- "cluster_id": {
886
- "type": "string",
887
- "minLength": 1,
888
- "maxLength": 255,
889
- "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.",
890
- "examples": [
891
- "1234"
892
- ]
893
- }
894
- }
895
- }
896
- }
897
- }
898
- }
899
- }
900
- },
901
- "remediations": {
902
- "type": "array",
903
- "description": "An array of objects containing information on available remediations, along with patch diffs to apply.",
904
- "items": {
905
- "type": "object",
906
- "required": [
907
- "fixes",
908
- "summary",
909
- "diff"
910
- ],
911
- "properties": {
912
- "fixes": {
913
- "type": "array",
914
- "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.",
915
- "items": {
916
- "type": "object",
917
- "required": [
918
- "id"
919
- ],
920
- "properties": {
921
- "id": {
922
- "type": "string",
923
- "minLength": 1,
924
- "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.",
925
- "examples": [
926
- "642735a5-1425-428d-8d4e-3c854885a3c9"
927
- ]
928
- }
929
- }
930
- }
931
- },
932
- "summary": {
933
- "type": "string",
934
- "minLength": 1,
935
- "description": "An overview of how the vulnerabilities were fixed."
936
- },
937
- "diff": {
938
- "type": "string",
939
- "minLength": 1,
940
- "description": "A base64-encoded remediation code diff, compatible with git apply."
941
- }
942
- }
943
- }
944
- }
945
- }
946
- }