VulnerabilityReport
aquasecurity.github.io / v1alpha1
apiVersion: aquasecurity.github.io/v1alpha1
kind: VulnerabilityReport
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
report object required
Report is the actual vulnerability report data.
artifact object required
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
digest
string
Digest is a unique and immutable identifier of an Artifact.
mimeType
string
MimeType represents a type and format of an Artifact.
repository
string
Repository is the name of the repository in the Artifact registry.
tag
string
Tag is a mutable, human-readable string used to identify an Artifact.
os object required
OS information of the artifact
eosl
boolean
Eosl is true if OS version has reached end of service life
family
string
Operating System Family
name
string
Name or version of the OS
registry object
Registry is the registry the Artifact was pulled from.
server
string
Server the FQDN of registry server.
scanner object required
Scanner is the scanner that generated this report.
name
string required
Name the name of the scanner.
vendor
string required
Vendor the name of the vendor providing the scanner.
version
string required
Version the version of the scanner.
summary object required
Summary is a summary of Vulnerability counts grouped by Severity.
criticalCount
integer required
CriticalCount is the number of vulnerabilities with Critical Severity.
minimum:
0
highCount
integer required
HighCount is the number of vulnerabilities with High Severity.
minimum:
0
lowCount
integer required
LowCount is the number of vulnerabilities with Low Severity.
minimum:
0
mediumCount
integer required
MediumCount is the number of vulnerabilities with Medium Severity.
minimum:
0
noneCount
integer
NoneCount is the number of packages without any vulnerability.
minimum:
0
unknownCount
integer required
UnknownCount is the number of vulnerabilities with unknown severity.
minimum:
0
updateTimestamp
string required
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
format:
date-timevulnerabilities []object required
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
class
string
cvss
object
cvsssource
string
description
string
fixedVersion
string required
FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
installedVersion
string required
InstalledVersion indicates the installed version of the Resource.
lastModifiedDate
string required
LastModifiedDate indicates the last date CVE has been modified.
links
[]string
packagePURL
string
packagePath
string
packageType
string
primaryLink
string
publishedDate
string required
PublishedDate indicates the date of published CVE.
resource
string required
Resource is a vulnerable package, application, or library.
score
number
severity
string required
Severity level of a vulnerability or a configuration audit check.
enum:
CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN
target
string
title
string required
vulnerabilityID
string required
VulnerabilityID the vulnerability identifier.
No matches. Try .report.artifact for an exact path