gitlab-security_report_schemas 0.1.0.min15.0.0.max15.1.4 → 0.1.0.min15.1.0.max15.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (88) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +5 -3
  3. data/README.md +10 -14
  4. data/Rakefile +1 -1
  5. data/gem_version +1 -1
  6. data/lib/gitlab/security_report_schemas/configuration.rb +2 -2
  7. data/lib/gitlab/security_report_schemas/version.rb +2 -0
  8. data/supported_versions +0 -11
  9. metadata +2 -81
  10. data/RUNBOOK.md +0 -28
  11. data/schemas/15.0.0/cluster-image-scanning-report-format.json +0 -946
  12. data/schemas/15.0.0/container-scanning-report-format.json +0 -880
  13. data/schemas/15.0.0/coverage-fuzzing-report-format.json +0 -836
  14. data/schemas/15.0.0/dast-report-format.json +0 -1241
  15. data/schemas/15.0.0/dependency-scanning-report-format.json +0 -944
  16. data/schemas/15.0.0/sast-report-format.json +0 -831
  17. data/schemas/15.0.0/secret-detection-report-format.json +0 -854
  18. data/schemas/15.0.1/cluster-image-scanning-report-format.json +0 -980
  19. data/schemas/15.0.1/container-scanning-report-format.json +0 -914
  20. data/schemas/15.0.1/coverage-fuzzing-report-format.json +0 -870
  21. data/schemas/15.0.1/dast-report-format.json +0 -1275
  22. data/schemas/15.0.1/dependency-scanning-report-format.json +0 -978
  23. data/schemas/15.0.1/sast-report-format.json +0 -865
  24. data/schemas/15.0.1/secret-detection-report-format.json +0 -888
  25. data/schemas/15.0.2/cluster-image-scanning-report-format.json +0 -980
  26. data/schemas/15.0.2/container-scanning-report-format.json +0 -912
  27. data/schemas/15.0.2/coverage-fuzzing-report-format.json +0 -870
  28. data/schemas/15.0.2/dast-report-format.json +0 -1275
  29. data/schemas/15.0.2/dependency-scanning-report-format.json +0 -978
  30. data/schemas/15.0.2/sast-report-format.json +0 -865
  31. data/schemas/15.0.2/secret-detection-report-format.json +0 -888
  32. data/schemas/15.0.4/cluster-image-scanning-report-format.json +0 -984
  33. data/schemas/15.0.4/container-scanning-report-format.json +0 -916
  34. data/schemas/15.0.4/coverage-fuzzing-report-format.json +0 -874
  35. data/schemas/15.0.4/dast-report-format.json +0 -1279
  36. data/schemas/15.0.4/dependency-scanning-report-format.json +0 -982
  37. data/schemas/15.0.4/sast-report-format.json +0 -869
  38. data/schemas/15.0.4/secret-detection-report-format.json +0 -893
  39. data/schemas/15.0.5/cluster-image-scanning-report-format.json +0 -1035
  40. data/schemas/15.0.5/container-scanning-report-format.json +0 -967
  41. data/schemas/15.0.5/coverage-fuzzing-report-format.json +0 -925
  42. data/schemas/15.0.5/dast-report-format.json +0 -1330
  43. data/schemas/15.0.5/dependency-scanning-report-format.json +0 -1033
  44. data/schemas/15.0.5/sast-report-format.json +0 -920
  45. data/schemas/15.0.5/secret-detection-report-format.json +0 -944
  46. data/schemas/15.0.6/cluster-image-scanning-report-format.json +0 -1035
  47. data/schemas/15.0.6/container-scanning-report-format.json +0 -967
  48. data/schemas/15.0.6/coverage-fuzzing-report-format.json +0 -925
  49. data/schemas/15.0.6/dast-report-format.json +0 -1330
  50. data/schemas/15.0.6/dependency-scanning-report-format.json +0 -1033
  51. data/schemas/15.0.6/sast-report-format.json +0 -920
  52. data/schemas/15.0.6/secret-detection-report-format.json +0 -944
  53. data/schemas/15.0.7/cluster-image-scanning-report-format.json +0 -1085
  54. data/schemas/15.0.7/container-scanning-report-format.json +0 -1017
  55. data/schemas/15.0.7/coverage-fuzzing-report-format.json +0 -975
  56. data/schemas/15.0.7/dast-report-format.json +0 -1380
  57. data/schemas/15.0.7/dependency-scanning-report-format.json +0 -1083
  58. data/schemas/15.0.7/sast-report-format.json +0 -970
  59. data/schemas/15.0.7/secret-detection-report-format.json +0 -994
  60. data/schemas/15.1.1/cluster-image-scanning-report-format.json +0 -1065
  61. data/schemas/15.1.1/container-scanning-for-registry-report-format.json +0 -0
  62. data/schemas/15.1.1/container-scanning-report-format.json +0 -998
  63. data/schemas/15.1.1/coverage-fuzzing-report-format.json +0 -975
  64. data/schemas/15.1.1/dast-report-format.json +0 -1380
  65. data/schemas/15.1.1/dependency-scanning-report-format.json +0 -986
  66. data/schemas/15.1.1/sast-report-format.json +0 -970
  67. data/schemas/15.1.1/secret-detection-report-format.json +0 -994
  68. data/schemas/15.1.2/cluster-image-scanning-report-format.json +0 -1190
  69. data/schemas/15.1.2/container-scanning-report-format.json +0 -1123
  70. data/schemas/15.1.2/coverage-fuzzing-report-format.json +0 -1100
  71. data/schemas/15.1.2/dast-report-format.json +0 -1505
  72. data/schemas/15.1.2/dependency-scanning-report-format.json +0 -1111
  73. data/schemas/15.1.2/sast-report-format.json +0 -1095
  74. data/schemas/15.1.2/secret-detection-report-format.json +0 -1119
  75. data/schemas/15.1.3/cluster-image-scanning-report-format.json +0 -1190
  76. data/schemas/15.1.3/container-scanning-report-format.json +0 -1123
  77. data/schemas/15.1.3/coverage-fuzzing-report-format.json +0 -1100
  78. data/schemas/15.1.3/dast-report-format.json +0 -1505
  79. data/schemas/15.1.3/dependency-scanning-report-format.json +0 -1111
  80. data/schemas/15.1.3/sast-report-format.json +0 -1095
  81. data/schemas/15.1.3/secret-detection-report-format.json +0 -1119
  82. data/schemas/15.1.4/cluster-image-scanning-report-format.json +0 -1190
  83. data/schemas/15.1.4/container-scanning-report-format.json +0 -1123
  84. data/schemas/15.1.4/coverage-fuzzing-report-format.json +0 -1100
  85. data/schemas/15.1.4/dast-report-format.json +0 -1505
  86. data/schemas/15.1.4/dependency-scanning-report-format.json +0 -1111
  87. data/schemas/15.1.4/sast-report-format.json +0 -1095
  88. data/schemas/15.1.4/secret-detection-report-format.json +0 -1119
@@ -1,1065 +0,0 @@
1
- {
2
- "$schema": "http://json-schema.org/draft-07/schema#",
3
- "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/cluster-image-scanning-report-format.json",
4
- "title": "Report format for GitLab Cluster Image Scanning",
5
- "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).",
6
- "definitions": {
7
- "detail_type": {
8
- "oneOf": [
9
- {
10
- "$ref": "#/definitions/named_list"
11
- },
12
- {
13
- "$ref": "#/definitions/list"
14
- },
15
- {
16
- "$ref": "#/definitions/table"
17
- },
18
- {
19
- "$ref": "#/definitions/text"
20
- },
21
- {
22
- "$ref": "#/definitions/url"
23
- },
24
- {
25
- "$ref": "#/definitions/code"
26
- },
27
- {
28
- "$ref": "#/definitions/value"
29
- },
30
- {
31
- "$ref": "#/definitions/diff"
32
- },
33
- {
34
- "$ref": "#/definitions/markdown"
35
- },
36
- {
37
- "$ref": "#/definitions/commit"
38
- },
39
- {
40
- "$ref": "#/definitions/file_location"
41
- },
42
- {
43
- "$ref": "#/definitions/module_location"
44
- }
45
- ]
46
- },
47
- "text_value": {
48
- "type": "string"
49
- },
50
- "named_field": {
51
- "type": "object",
52
- "required": [
53
- "name"
54
- ],
55
- "properties": {
56
- "name": {
57
- "$ref": "#/definitions/text_value",
58
- "type": "string",
59
- "minLength": 1
60
- },
61
- "description": {
62
- "$ref": "#/definitions/text_value"
63
- }
64
- }
65
- },
66
- "named_list": {
67
- "type": "object",
68
- "description": "An object with named and typed fields",
69
- "required": [
70
- "type",
71
- "items"
72
- ],
73
- "properties": {
74
- "type": {
75
- "const": "named-list"
76
- },
77
- "items": {
78
- "type": "object",
79
- "patternProperties": {
80
- "^.*$": {
81
- "allOf": [
82
- {
83
- "$ref": "#/definitions/named_field"
84
- },
85
- {
86
- "$ref": "#/definitions/detail_type"
87
- }
88
- ]
89
- }
90
- }
91
- }
92
- }
93
- },
94
- "list": {
95
- "type": "object",
96
- "description": "A list of typed fields",
97
- "required": [
98
- "type",
99
- "items"
100
- ],
101
- "properties": {
102
- "type": {
103
- "const": "list"
104
- },
105
- "items": {
106
- "type": "array",
107
- "items": {
108
- "$ref": "#/definitions/detail_type"
109
- }
110
- }
111
- }
112
- },
113
- "table": {
114
- "type": "object",
115
- "description": "A table of typed fields",
116
- "required": [
117
- "type",
118
- "rows"
119
- ],
120
- "properties": {
121
- "type": {
122
- "const": "table"
123
- },
124
- "header": {
125
- "type": "array",
126
- "items": {
127
- "$ref": "#/definitions/detail_type"
128
- }
129
- },
130
- "rows": {
131
- "type": "array",
132
- "items": {
133
- "type": "array",
134
- "items": {
135
- "$ref": "#/definitions/detail_type"
136
- }
137
- }
138
- }
139
- }
140
- },
141
- "text": {
142
- "type": "object",
143
- "description": "Raw text",
144
- "required": [
145
- "type",
146
- "value"
147
- ],
148
- "properties": {
149
- "type": {
150
- "const": "text"
151
- },
152
- "value": {
153
- "$ref": "#/definitions/text_value"
154
- }
155
- }
156
- },
157
- "url": {
158
- "type": "object",
159
- "description": "A single URL",
160
- "required": [
161
- "type",
162
- "href"
163
- ],
164
- "properties": {
165
- "type": {
166
- "const": "url"
167
- },
168
- "text": {
169
- "$ref": "#/definitions/text_value"
170
- },
171
- "href": {
172
- "type": "string",
173
- "minLength": 1,
174
- "examples": [
175
- "http://mysite.com"
176
- ]
177
- }
178
- }
179
- },
180
- "code": {
181
- "type": "object",
182
- "description": "A codeblock",
183
- "required": [
184
- "type",
185
- "value"
186
- ],
187
- "properties": {
188
- "type": {
189
- "const": "code"
190
- },
191
- "value": {
192
- "type": "string"
193
- },
194
- "lang": {
195
- "type": "string",
196
- "description": "A programming language"
197
- }
198
- }
199
- },
200
- "value": {
201
- "type": "object",
202
- "description": "A field that can store a range of types of value",
203
- "required": [
204
- "type",
205
- "value"
206
- ],
207
- "properties": {
208
- "type": {
209
- "const": "value"
210
- },
211
- "value": {
212
- "type": [
213
- "number",
214
- "string",
215
- "boolean"
216
- ]
217
- }
218
- }
219
- },
220
- "diff": {
221
- "type": "object",
222
- "description": "A diff",
223
- "required": [
224
- "type",
225
- "before",
226
- "after"
227
- ],
228
- "properties": {
229
- "type": {
230
- "const": "diff"
231
- },
232
- "before": {
233
- "type": "string"
234
- },
235
- "after": {
236
- "type": "string"
237
- }
238
- }
239
- },
240
- "markdown": {
241
- "type": "object",
242
- "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html",
243
- "required": [
244
- "type",
245
- "value"
246
- ],
247
- "properties": {
248
- "type": {
249
- "const": "markdown"
250
- },
251
- "value": {
252
- "$ref": "#/definitions/text_value",
253
- "examples": [
254
- "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
255
- ]
256
- }
257
- }
258
- },
259
- "commit": {
260
- "type": "object",
261
- "description": "A commit/tag/branch within the GitLab project",
262
- "required": [
263
- "type",
264
- "value"
265
- ],
266
- "properties": {
267
- "type": {
268
- "const": "commit"
269
- },
270
- "value": {
271
- "type": "string",
272
- "description": "The commit SHA",
273
- "minLength": 1
274
- }
275
- }
276
- },
277
- "file_location": {
278
- "type": "object",
279
- "description": "A location within a file in the project",
280
- "required": [
281
- "type",
282
- "file_name",
283
- "line_start"
284
- ],
285
- "properties": {
286
- "type": {
287
- "const": "file-location"
288
- },
289
- "file_name": {
290
- "type": "string",
291
- "minLength": 1
292
- },
293
- "line_start": {
294
- "type": "integer"
295
- },
296
- "line_end": {
297
- "type": "integer"
298
- }
299
- }
300
- },
301
- "module_location": {
302
- "type": "object",
303
- "description": "A location within a binary module of the form module+relative_offset",
304
- "required": [
305
- "type",
306
- "module_name",
307
- "offset"
308
- ],
309
- "properties": {
310
- "type": {
311
- "const": "module-location"
312
- },
313
- "module_name": {
314
- "type": "string",
315
- "minLength": 1,
316
- "examples": [
317
- "compiled_binary"
318
- ]
319
- },
320
- "offset": {
321
- "type": "integer",
322
- "examples": [
323
- 100
324
- ]
325
- }
326
- }
327
- }
328
- },
329
- "self": {
330
- "version": "15.1.1"
331
- },
332
- "type": "object",
333
- "required": [
334
- "scan",
335
- "version",
336
- "vulnerabilities"
337
- ],
338
- "additionalProperties": true,
339
- "properties": {
340
- "scan": {
341
- "type": "object",
342
- "required": [
343
- "analyzer",
344
- "end_time",
345
- "scanner",
346
- "start_time",
347
- "status",
348
- "type"
349
- ],
350
- "properties": {
351
- "end_time": {
352
- "type": "string",
353
- "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.",
354
- "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$",
355
- "examples": [
356
- "2020-01-28T03:26:02"
357
- ]
358
- },
359
- "messages": {
360
- "type": "array",
361
- "items": {
362
- "type": "object",
363
- "description": "Communication intended for the initiator of a scan.",
364
- "required": [
365
- "level",
366
- "value"
367
- ],
368
- "properties": {
369
- "level": {
370
- "type": "string",
371
- "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.",
372
- "enum": [
373
- "info",
374
- "warn",
375
- "fatal"
376
- ],
377
- "examples": [
378
- "info"
379
- ]
380
- },
381
- "value": {
382
- "type": "string",
383
- "description": "The message to communicate.",
384
- "minLength": 1,
385
- "examples": [
386
- "Permission denied, scanning aborted"
387
- ]
388
- }
389
- }
390
- }
391
- },
392
- "options": {
393
- "type": "array",
394
- "items": {
395
- "type": "object",
396
- "description": "A configuration option used for this scan.",
397
- "required": [
398
- "name",
399
- "value"
400
- ],
401
- "properties": {
402
- "name": {
403
- "type": "string",
404
- "description": "The configuration option name.",
405
- "maxLength": 255,
406
- "minLength": 1,
407
- "examples": [
408
- "DAST_FF_ENABLE_BAS",
409
- "DOCKER_TLS_CERTDIR",
410
- "DS_MAX_DEPTH",
411
- "SECURE_LOG_LEVEL"
412
- ]
413
- },
414
- "source": {
415
- "type": "string",
416
- "description": "The source of this option.",
417
- "enum": [
418
- "argument",
419
- "file",
420
- "env_variable",
421
- "other"
422
- ]
423
- },
424
- "value": {
425
- "type": [
426
- "boolean",
427
- "integer",
428
- "null",
429
- "string"
430
- ],
431
- "description": "The value used for this scan.",
432
- "examples": [
433
- true,
434
- 2,
435
- null,
436
- "fatal",
437
- ""
438
- ]
439
- }
440
- }
441
- }
442
- },
443
- "analyzer": {
444
- "type": "object",
445
- "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.",
446
- "required": [
447
- "id",
448
- "name",
449
- "version",
450
- "vendor"
451
- ],
452
- "properties": {
453
- "id": {
454
- "type": "string",
455
- "description": "Unique id that identifies the analyzer.",
456
- "minLength": 1,
457
- "examples": [
458
- "gitlab-dast"
459
- ]
460
- },
461
- "name": {
462
- "type": "string",
463
- "description": "A human readable value that identifies the analyzer, not required to be unique.",
464
- "minLength": 1,
465
- "examples": [
466
- "GitLab DAST"
467
- ]
468
- },
469
- "url": {
470
- "type": "string",
471
- "pattern": "^https?://.+",
472
- "description": "A link to more information about the analyzer.",
473
- "examples": [
474
- "https://docs.gitlab.com/ee/user/application_security/dast"
475
- ]
476
- },
477
- "vendor": {
478
- "description": "The vendor/maintainer of the analyzer.",
479
- "type": "object",
480
- "required": [
481
- "name"
482
- ],
483
- "properties": {
484
- "name": {
485
- "type": "string",
486
- "description": "The name of the vendor.",
487
- "minLength": 1,
488
- "examples": [
489
- "GitLab"
490
- ]
491
- }
492
- }
493
- },
494
- "version": {
495
- "type": "string",
496
- "description": "The version of the analyzer.",
497
- "minLength": 1,
498
- "examples": [
499
- "1.0.2"
500
- ]
501
- }
502
- }
503
- },
504
- "scanner": {
505
- "type": "object",
506
- "description": "Object defining the scanner used to perform the scan.",
507
- "required": [
508
- "id",
509
- "name",
510
- "version",
511
- "vendor"
512
- ],
513
- "properties": {
514
- "id": {
515
- "type": "string",
516
- "description": "Unique id that identifies the scanner.",
517
- "minLength": 1,
518
- "examples": [
519
- "my-sast-scanner"
520
- ]
521
- },
522
- "name": {
523
- "type": "string",
524
- "description": "A human readable value that identifies the scanner, not required to be unique.",
525
- "minLength": 1,
526
- "examples": [
527
- "My SAST Scanner"
528
- ]
529
- },
530
- "url": {
531
- "type": "string",
532
- "description": "A link to more information about the scanner.",
533
- "examples": [
534
- "https://scanner.url"
535
- ]
536
- },
537
- "version": {
538
- "type": "string",
539
- "description": "The version of the scanner.",
540
- "minLength": 1,
541
- "examples": [
542
- "1.0.2"
543
- ]
544
- },
545
- "vendor": {
546
- "description": "The vendor/maintainer of the scanner.",
547
- "type": "object",
548
- "required": [
549
- "name"
550
- ],
551
- "properties": {
552
- "name": {
553
- "type": "string",
554
- "description": "The name of the vendor.",
555
- "minLength": 1,
556
- "examples": [
557
- "GitLab"
558
- ]
559
- }
560
- }
561
- }
562
- }
563
- },
564
- "start_time": {
565
- "type": "string",
566
- "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.",
567
- "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$",
568
- "examples": [
569
- "2020-02-14T16:01:59"
570
- ]
571
- },
572
- "status": {
573
- "type": "string",
574
- "description": "Result of the scan.",
575
- "enum": [
576
- "success",
577
- "failure"
578
- ]
579
- },
580
- "type": {
581
- "type": "string",
582
- "description": "Type of the scan.",
583
- "enum": [
584
- "cluster_image_scanning"
585
- ]
586
- },
587
- "primary_identifiers": {
588
- "type": "array",
589
- "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results",
590
- "items": {
591
- "type": "object",
592
- "required": [
593
- "type",
594
- "name",
595
- "value"
596
- ],
597
- "properties": {
598
- "type": {
599
- "type": "string",
600
- "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).",
601
- "minLength": 1
602
- },
603
- "name": {
604
- "type": "string",
605
- "description": "Human-readable name of the identifier.",
606
- "minLength": 1
607
- },
608
- "url": {
609
- "type": "string",
610
- "description": "URL of the identifier's documentation.",
611
- "pattern": "^(https?|ftp)://.+"
612
- },
613
- "value": {
614
- "type": "string",
615
- "description": "Value of the identifier, for matching purpose.",
616
- "minLength": 1
617
- }
618
- }
619
- }
620
- }
621
- }
622
- },
623
- "schema": {
624
- "type": "string",
625
- "description": "URI pointing to the validating security report schema.",
626
- "pattern": "^https?://.+"
627
- },
628
- "version": {
629
- "type": "string",
630
- "description": "The version of the schema to which the JSON report conforms.",
631
- "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$"
632
- },
633
- "vulnerabilities": {
634
- "type": "array",
635
- "description": "Array of vulnerability objects.",
636
- "items": {
637
- "type": "object",
638
- "description": "Describes the vulnerability using GitLab Flavored Markdown",
639
- "required": [
640
- "id",
641
- "identifiers",
642
- "location"
643
- ],
644
- "properties": {
645
- "id": {
646
- "type": "string",
647
- "minLength": 1,
648
- "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.",
649
- "examples": [
650
- "642735a5-1425-428d-8d4e-3c854885a3c9"
651
- ]
652
- },
653
- "name": {
654
- "type": "string",
655
- "maxLength": 255,
656
- "description": "The name of the vulnerability. This must not include the finding's specific information."
657
- },
658
- "description": {
659
- "type": "string",
660
- "maxLength": 1048576,
661
- "description": "A long text section describing the vulnerability more fully."
662
- },
663
- "severity": {
664
- "type": "string",
665
- "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.",
666
- "enum": [
667
- "Info",
668
- "Unknown",
669
- "Low",
670
- "Medium",
671
- "High",
672
- "Critical"
673
- ]
674
- },
675
- "solution": {
676
- "type": "string",
677
- "maxLength": 7000,
678
- "description": "Explanation of how to fix the vulnerability."
679
- },
680
- "identifiers": {
681
- "type": "array",
682
- "minItems": 1,
683
- "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.",
684
- "items": {
685
- "type": "object",
686
- "required": [
687
- "type",
688
- "name",
689
- "value"
690
- ],
691
- "properties": {
692
- "type": {
693
- "type": "string",
694
- "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).",
695
- "minLength": 1
696
- },
697
- "name": {
698
- "type": "string",
699
- "description": "Human-readable name of the identifier.",
700
- "minLength": 1
701
- },
702
- "url": {
703
- "type": "string",
704
- "description": "URL of the identifier's documentation.",
705
- "pattern": "^(https?|ftp)://.+"
706
- },
707
- "value": {
708
- "type": "string",
709
- "description": "Value of the identifier, for matching purpose.",
710
- "minLength": 1
711
- }
712
- }
713
- }
714
- },
715
- "cvss_vectors": {
716
- "type": "array",
717
- "minItems": 1,
718
- "maxItems": 10,
719
- "description": "An ordered array of CVSS vectors, each issued by a vendor to rate the vulnerability. The first item in the array is used as the primary CVSS vector, and is used to filter and sort the vulnerability.",
720
- "items": {
721
- "oneOf": [
722
- {
723
- "type": "object",
724
- "properties": {
725
- "vendor": {
726
- "type": "string",
727
- "minLength": 1,
728
- "default": "unknown"
729
- },
730
- "vector": {
731
- "type": "string",
732
- "minLength": 16,
733
- "maxLength": 128,
734
- "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$"
735
- }
736
- },
737
- "required": [
738
- "vendor",
739
- "vector"
740
- ]
741
- },
742
- {
743
- "type": "object",
744
- "properties": {
745
- "vendor": {
746
- "type": "string",
747
- "minLength": 1,
748
- "default": "unknown"
749
- },
750
- "vector": {
751
- "type": "string",
752
- "minLength": 32,
753
- "maxLength": 128,
754
- "pattern": "^CVSS:3[.][01]/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"
755
- }
756
- },
757
- "required": [
758
- "vendor",
759
- "vector"
760
- ]
761
- }
762
- ]
763
- }
764
- },
765
- "links": {
766
- "type": "array",
767
- "description": "An array of references to external documentation or articles that describe the vulnerability.",
768
- "items": {
769
- "type": "object",
770
- "required": [
771
- "url"
772
- ],
773
- "properties": {
774
- "name": {
775
- "type": "string",
776
- "description": "Name of the vulnerability details link."
777
- },
778
- "url": {
779
- "type": "string",
780
- "description": "URL of the vulnerability details document.",
781
- "pattern": "^(https?|ftp)://.+"
782
- }
783
- }
784
- }
785
- },
786
- "details": {
787
- "$ref": "#/definitions/named_list/properties/items"
788
- },
789
- "tracking": {
790
- "type": "object",
791
- "description": "Describes how this vulnerability should be tracked as the project changes.",
792
- "oneOf": [
793
- {
794
- "description": "Declares that a series of items should be tracked using source-specific tracking methods.",
795
- "required": [
796
- "items"
797
- ],
798
- "properties": {
799
- "type": {
800
- "const": "source"
801
- },
802
- "items": {
803
- "type": "array",
804
- "items": {
805
- "description": "An item that should be tracked using source-specific tracking methods.",
806
- "type": "object",
807
- "required": [
808
- "signatures"
809
- ],
810
- "properties": {
811
- "file": {
812
- "type": "string",
813
- "description": "Path to the file where the vulnerability is located."
814
- },
815
- "start_line": {
816
- "type": "number",
817
- "description": "The first line of the file that includes the vulnerability."
818
- },
819
- "end_line": {
820
- "type": "number",
821
- "description": "The last line of the file that includes the vulnerability."
822
- },
823
- "signatures": {
824
- "type": "array",
825
- "description": "An array of calculated tracking signatures for this tracking item.",
826
- "minItems": 1,
827
- "items": {
828
- "description": "A calculated tracking signature value and metadata.",
829
- "type": "object",
830
- "required": [
831
- "algorithm",
832
- "value"
833
- ],
834
- "properties": {
835
- "algorithm": {
836
- "type": "string",
837
- "description": "The algorithm used to generate the signature."
838
- },
839
- "value": {
840
- "type": "string",
841
- "description": "The result of this signature algorithm."
842
- }
843
- }
844
- }
845
- }
846
- }
847
- }
848
- }
849
- }
850
- }
851
- ],
852
- "properties": {
853
- "type": {
854
- "type": "string",
855
- "description": "Each tracking type must declare its own type."
856
- }
857
- }
858
- },
859
- "flags": {
860
- "description": "Flags that can be attached to vulnerabilities.",
861
- "type": "array",
862
- "items": {
863
- "type": "object",
864
- "description": "Informational flags identified and assigned to a vulnerability.",
865
- "required": [
866
- "type",
867
- "origin",
868
- "description"
869
- ],
870
- "properties": {
871
- "type": {
872
- "type": "string",
873
- "minLength": 1,
874
- "description": "Result of the scan.",
875
- "enum": [
876
- "flagged-as-likely-false-positive"
877
- ]
878
- },
879
- "origin": {
880
- "minLength": 1,
881
- "description": "Tool that issued the flag.",
882
- "type": "string"
883
- },
884
- "description": {
885
- "minLength": 1,
886
- "description": "What the flag is about.",
887
- "type": "string"
888
- }
889
- }
890
- }
891
- },
892
- "location": {
893
- "type": "object",
894
- "description": "Identifies the vulnerability's location.",
895
- "required": [
896
- "dependency",
897
- "image",
898
- "kubernetes_resource"
899
- ],
900
- "properties": {
901
- "dependency": {
902
- "type": "object",
903
- "description": "Describes the dependency of a project where the vulnerability is located.",
904
- "required": [
905
- "package",
906
- "version"
907
- ],
908
- "properties": {
909
- "package": {
910
- "type": "object",
911
- "description": "Provides information on the package where the vulnerability is located.",
912
- "required": [
913
- "name"
914
- ],
915
- "properties": {
916
- "name": {
917
- "type": "string",
918
- "description": "Name of the package where the vulnerability is located."
919
- }
920
- }
921
- },
922
- "version": {
923
- "type": "string",
924
- "description": "Version of the vulnerable package."
925
- },
926
- "direct": {
927
- "type": "boolean",
928
- "description": "Tells whether this is a direct, top-level dependency of the scanned project."
929
- }
930
- }
931
- },
932
- "operating_system": {
933
- "type": "string",
934
- "minLength": 1,
935
- "maxLength": 255,
936
- "description": "The operating system that contains the vulnerable package."
937
- },
938
- "image": {
939
- "type": "string",
940
- "minLength": 1,
941
- "description": "The analyzed Docker image.",
942
- "examples": [
943
- "index.docker.io/library/nginx:1.21"
944
- ]
945
- },
946
- "kubernetes_resource": {
947
- "type": "object",
948
- "description": "The specific Kubernetes resource that was scanned.",
949
- "required": [
950
- "namespace",
951
- "kind",
952
- "name",
953
- "container_name"
954
- ],
955
- "properties": {
956
- "namespace": {
957
- "type": "string",
958
- "minLength": 1,
959
- "maxLength": 255,
960
- "description": "The Kubernetes namespace the resource that had its image scanned.",
961
- "examples": [
962
- "default",
963
- "staging",
964
- "production"
965
- ]
966
- },
967
- "kind": {
968
- "type": "string",
969
- "minLength": 1,
970
- "maxLength": 255,
971
- "description": "The Kubernetes kind the resource that had its image scanned.",
972
- "examples": [
973
- "Deployment",
974
- "DaemonSet"
975
- ]
976
- },
977
- "name": {
978
- "type": "string",
979
- "minLength": 1,
980
- "maxLength": 255,
981
- "description": "The name of the resource that had its image scanned.",
982
- "examples": [
983
- "nginx-ingress"
984
- ]
985
- },
986
- "container_name": {
987
- "type": "string",
988
- "minLength": 1,
989
- "maxLength": 255,
990
- "description": "The name of the container that had its image scanned.",
991
- "examples": [
992
- "nginx"
993
- ]
994
- },
995
- "agent_id": {
996
- "type": "string",
997
- "minLength": 1,
998
- "maxLength": 255,
999
- "description": "The GitLab ID of the Kubernetes Agent which performed the scan.",
1000
- "examples": [
1001
- "1234"
1002
- ]
1003
- },
1004
- "cluster_id": {
1005
- "type": "string",
1006
- "minLength": 1,
1007
- "maxLength": 255,
1008
- "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.",
1009
- "examples": [
1010
- "1234"
1011
- ]
1012
- }
1013
- }
1014
- }
1015
- }
1016
- }
1017
- }
1018
- }
1019
- },
1020
- "remediations": {
1021
- "type": "array",
1022
- "description": "An array of objects containing information on available remediations, along with patch diffs to apply.",
1023
- "items": {
1024
- "type": "object",
1025
- "required": [
1026
- "fixes",
1027
- "summary",
1028
- "diff"
1029
- ],
1030
- "properties": {
1031
- "fixes": {
1032
- "type": "array",
1033
- "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.",
1034
- "items": {
1035
- "type": "object",
1036
- "required": [
1037
- "id"
1038
- ],
1039
- "properties": {
1040
- "id": {
1041
- "type": "string",
1042
- "minLength": 1,
1043
- "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.",
1044
- "examples": [
1045
- "642735a5-1425-428d-8d4e-3c854885a3c9"
1046
- ]
1047
- }
1048
- }
1049
- }
1050
- },
1051
- "summary": {
1052
- "type": "string",
1053
- "minLength": 1,
1054
- "description": "An overview of how the vulnerabilities were fixed."
1055
- },
1056
- "diff": {
1057
- "type": "string",
1058
- "minLength": 1,
1059
- "description": "A base64-encoded remediation code diff, compatible with git apply."
1060
- }
1061
- }
1062
- }
1063
- }
1064
- }
1065
- }