diff --git a/content/en/security/guide/findings-schema.md b/content/en/security/guide/findings-schema.md index 52a394da5a4..80f0f175aa8 100644 --- a/content/en/security/guide/findings-schema.md +++ b/content/en/security/guide/findings-schema.md @@ -23,7056 +23,18 @@ All findings share a common schema that enables unified querying and analysis ac ## Examples There are eleven different categories for security findings. Click on a category to view a sample security finding belonging to that category. -{{< tabs >}} -{{% tab "API Security" %}} -```json -{ - "api_endpoint": { - "method": "GET", - "operation_name": "http.request", - "path": "/api/v2/users/{userID}/profile", - "resource_name": "GET /api/v2/users/{userID}/profile" - }, - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "The API endpoint exposes user profile data through a route that uses predictable sequential IDs, allowing an attacker to enumerate and access other users' profiles by incrementing the ID parameter.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "api_security", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "remediation": { - "is_available": false - }, - "resource_id": "api-endpoint-001", - "resource_name": "GET /api/v2/users/{userID}/profile", - "resource_type": "api_endpoint", - "rule": { - "default_rule_id": "def-000-abc", - "id": "api-sec-001", - "name": "Read operations on routes use predictable IDs", - "type": "api_security", - "version": 3 - }, - "service": { - "name": "chatbot-api" - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Read operations on routes use predictable IDs", - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` +{{< include-markdown "security/guide/findings-schema/generated/examples" >}} -{{% /tab %}} -{{% tab "Attack Path" %}} +## Linking to findings -```json -{ - "base_severity": "critical", - "cloud_resource": { - "account": { - "account": "Main production account", - "account_id": "123456789012" - }, - "cloud_provider": "AWS", - "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", - "configuration": { - "account_id": "123456789012", - "ami_launch_index": 0, - "architecture": "x86_64", - "aws_ami_key": "abcdef0123456789abcdef0123456789", - "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", - "aws_subnet_key": "abcdef0123456789abcdef0123456789", - "aws_vpc_key": "abcdef0123456789abcdef0123456789", - "block_device_mappings": [ - { - "device_name": "/dev/sdf", - "ebs": { - "attach_time": 1734064859000, - "delete_on_termination": true, - "status": "attached", - "volume_id": "vol-0123456789abcdef0" - } - } - ] - }, - "display_name": "i-012abcd34efghi56", - "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" - }, - "compliance": { - "evaluation": "fail" - }, - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A publicly accessible EC2 instance with an attached IAM role has overly permissive policies that allow lateral movement to sensitive S3 buckets containing production data.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "attack_path", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "resource_id": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56", - "resource_name": "i-012abcd34efghi56", - "resource_type": "aws_ec2_instance", - "risk_details": { - "is_publicly_accessible": { - "evidence": { - "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" - } - } - }, - "rule": { - "default_rule_id": "def-000-abc", - "id": "def-000-ap1", - "name": "EC2 instance with public access and overprivileged IAM role", - "type": "attack_path", - "version": 3 - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Publicly accessible instance with overprivileged IAM role", - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Host & Container Vulnerability" %}} - -```json -{ - "advisory": { - "aliases": [ - "CVE-2024-12345" - ], - "cve": "CVE-2024-12345", - "id": "TRIVY-CVE-2024-12345" - }, - "base_severity": "critical", - "cloud_resource": { - "account": { - "account": "Main production account", - "account_id": "123456789012" - }, - "cloud_provider": "AWS", - "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", - "configuration": { - "account_id": "123456789012", - "ami_launch_index": 0, - "architecture": "x86_64", - "aws_ami_key": "abcdef0123456789abcdef0123456789", - "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", - "aws_subnet_key": "abcdef0123456789abcdef0123456789", - "aws_vpc_key": "abcdef0123456789abcdef0123456789", - "block_device_mappings": [ - { - "device_name": "/dev/sdf", - "ebs": { - "attach_time": 1734064859000, - "delete_on_termination": true, - "status": "attached", - "volume_id": "vol-0123456789abcdef0" - } - } - ] - }, - "display_name": "i-012abcd34efghi56", - "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" - }, - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A buffer overflow vulnerability in the Linux kernel allows a local attacker to escalate privileges by exploiting a race condition in the netfilter subsystem.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "host_and_container_vulnerability", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "package": { - "name": "linux", - "normalized_name": "linux", - "version": "5.4.0-205.225" - }, - "remediation": { - "is_available": false - }, - "resource_id": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56", - "resource_name": "i-012abcd34efghi56", - "resource_type": "aws_ec2_instance", - "risk_details": { - "has_exploit_available": { - "evidence": { - "exploit_sources": [ - "GitHub" - ], - "exploit_urls": [ - "https://github.com/example/POC-CVE-2024-12345" - ] - } - }, - "has_high_exploitability_chance": { - "evidence": { - "epss_score": 0.70718, - "epss_severity": "high" - } - }, - "is_publicly_accessible": { - "evidence": { - "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" - } - } - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Buffer overflow in Linux kernel netfilter subsystem", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", - "stack": { - "ecosystem": "deb" - } - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "IaC Misconfiguration" %}} - -```json -{ - "base_severity": "critical", - "cloud_resource": { - "account": { - "account": "Main production account", - "account_id": "123456789012" - }, - "cloud_provider": "AWS", - "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", - "configuration": { - "account_id": "123456789012", - "ami_launch_index": 0, - "architecture": "x86_64", - "aws_ami_key": "abcdef0123456789abcdef0123456789", - "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", - "aws_subnet_key": "abcdef0123456789abcdef0123456789", - "aws_vpc_key": "abcdef0123456789abcdef0123456789", - "block_device_mappings": [ - { - "device_name": "/dev/sdf", - "ebs": { - "attach_time": 1734064859000, - "delete_on_termination": true, - "status": "attached", - "volume_id": "vol-0123456789abcdef0" - } - } - ] - }, - "display_name": "i-012abcd34efghi56", - "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" - }, - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A Terraform configuration defines an S3 bucket without server-side encryption enabled, leaving stored objects unencrypted at rest.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "iac_misconfiguration", - "first_seen_at": 1738575592659, - "git": { - "author": { - "authored_at": 1738575599859, - "email": "alice@example.com", - "name": "Alice" - }, - "branch": "main", - "committer": { - "committed_at": 1738575599859, - "email": "bob@example.com", - "name": "Bob" - }, - "default_branch": "main", - "is_default_branch": false, - "repository_id": "123456789", - "repository_url": "https://github.com/example-org/terraform/", - "sha": "abcdef1234567890abcdef1234567890abcdef12" - }, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "remediation": { - "is_available": false - }, - "resource_id": "github.com/example-org/terraform/main.tf:aws_s3_bucket.data", - "resource_name": "aws_s3_bucket.data", - "resource_type": "terraform_resource", - "rule": { - "default_rule_id": "def-000-abc", - "id": "def-000-iac", - "name": "S3 bucket should have server-side encryption enabled", - "type": "cloud_configuration", - "version": 3 - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "S3 bucket without server-side encryption", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Identity Risk" %}} - -```json -{ - "base_severity": "critical", - "cloud_resource": { - "account": { - "account": "Main production account", - "account_id": "123456789012" - }, - "cloud_provider": "AWS", - "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", - "configuration": { - "account_id": "123456789012", - "ami_launch_index": 0, - "architecture": "x86_64", - "aws_ami_key": "abcdef0123456789abcdef0123456789", - "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", - "aws_subnet_key": "abcdef0123456789abcdef0123456789", - "aws_vpc_key": "abcdef0123456789abcdef0123456789", - "block_device_mappings": [ - { - "device_name": "/dev/sdf", - "ebs": { - "attach_time": 1734064859000, - "delete_on_termination": true, - "status": "attached", - "volume_id": "vol-0123456789abcdef0" - } - } - ] - }, - "display_name": "i-012abcd34efghi56", - "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" - }, - "compliance": { - "evaluation": "fail" - }, - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "An IAM user account has not been used in over 90 days and still has active access keys with administrative privileges, creating an unnecessary attack surface.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "identity_risk", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "resource_id": "arn:aws:iam::123456789012:user/legacy-admin", - "resource_name": "legacy-admin", - "resource_type": "aws_iam_user", - "rule": { - "default_rule_id": "def-000-abc", - "id": "def-000-idr", - "name": "IAM user inactive for 90+ days with active access keys", - "type": "cloud_configuration", - "version": 3 - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Inactive IAM user with administrative access keys", - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Library Vulnerability" %}} - -```json -{ - "advisory": { - "aliases": [ - "CVE-2024-67890" - ], - "cve": "CVE-2024-67890", - "id": "TRIVY-CVE-2024-67890" - }, - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A remote code execution vulnerability in the logging library allows an attacker to execute arbitrary code by sending a crafted log message that exploits unsafe deserialization.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "library_vulnerability", - "first_seen_at": 1738575592659, - "git": { - "author": { - "authored_at": 1738575599859, - "email": "alice@example.com", - "name": "Alice" - }, - "branch": "main", - "committer": { - "committed_at": 1738575599859, - "email": "bob@example.com", - "name": "Bob" - }, - "default_branch": "main", - "is_default_branch": false, - "repository_id": "123456789", - "repository_url": "https://github.com/example-org/my-app/", - "sha": "abcdef1234567890abcdef1234567890abcdef12" - }, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "package": { - "name": "lodash", - "normalized_name": "lodash", - "scope": "production", - "version": "4.17.20" - }, - "remediation": { - "is_available": false - }, - "resource_id": "lodash:4.17.20", - "resource_name": "lodash", - "resource_type": "software_package", - "risk_details": { - "has_exploit_available": { - "evidence": { - "exploit_sources": [ - "GitHub" - ], - "exploit_urls": [ - "https://github.com/example/POC-CVE-2024-67890" - ] - } - }, - "has_high_exploitability_chance": { - "evidence": { - "epss_score": 0.70718, - "epss_severity": "high" - } - } - }, - "service": { - "name": "chatbot-api" - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Remote code execution in logging library", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", - "stack": { - "ecosystem": "npm" - } - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Misconfiguration" %}} - -```json -{ - "base_severity": "critical", - "cloud_resource": { - "account": { - "account": "Main production account", - "account_id": "123456789012" - }, - "cloud_provider": "AWS", - "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", - "configuration": { - "account_id": "123456789012", - "ami_launch_index": 0, - "architecture": "x86_64", - "aws_ami_key": "abcdef0123456789abcdef0123456789", - "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", - "aws_subnet_key": "abcdef0123456789abcdef0123456789", - "aws_vpc_key": "abcdef0123456789abcdef0123456789", - "block_device_mappings": [ - { - "device_name": "/dev/sdf", - "ebs": { - "attach_time": 1734064859000, - "delete_on_termination": true, - "status": "attached", - "volume_id": "vol-0123456789abcdef0" - } - } - ] - }, - "display_name": "i-012abcd34efghi56", - "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" - }, - "compliance": { - "evaluation": "fail" - }, - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "An AWS security group allows unrestricted inbound SSH access from any IP address (0.0.0.0/0), exposing the associated instances to brute-force and unauthorized access attempts.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "misconfiguration", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "resource_id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-0123456789abcdef0", - "resource_name": "sg-0123456789abcdef0", - "resource_type": "aws_security_group", - "risk_details": { - "is_publicly_accessible": { - "evidence": { - "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" - } - } - }, - "rule": { - "default_rule_id": "def-000-abc", - "id": "def-000-cfg", - "name": "Security group should not allow unrestricted SSH access", - "type": "cloud_configuration", - "version": 3 - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Security group allows unrestricted SSH access", - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Runtime Code Vulnerability" %}} - -```json -{ - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A SQL injection vulnerability was detected at runtime in the application's search endpoint. User-supplied input is concatenated directly into a SQL query without parameterized statements.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "runtime_code_vulnerability", - "first_seen_at": 1738575592659, - "git": { - "author": { - "authored_at": 1738575599859, - "email": "alice@example.com", - "name": "Alice" - }, - "branch": "main", - "committer": { - "committed_at": 1738575599859, - "email": "bob@example.com", - "name": "Bob" - }, - "default_branch": "main", - "is_default_branch": false, - "repository_id": "123456789", - "repository_url": "https://github.com/example-org/my-app/", - "sha": "abcdef1234567890abcdef1234567890abcdef12" - }, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "remediation": { - "is_available": false - }, - "resource_id": "my-app:/api/search", - "resource_name": "my-app", - "resource_type": "application_service", - "rule": { - "default_rule_id": "def-000-abc", - "id": "rtcv-001-sqli", - "name": "SQL injection detected in application endpoint", - "type": "application_code_vulnerability", - "version": 3 - }, - "service": { - "name": "chatbot-api" - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "SQL injection in search endpoint", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Secret" %}} - -```json -{ - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "An AWS access key was found hardcoded in a configuration file committed to the repository. Exposed credentials can be used to gain unauthorized access to cloud resources.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "secret", - "first_seen_at": 1738575592659, - "git": { - "author": { - "authored_at": 1738575599859, - "email": "alice@example.com", - "name": "Alice" - }, - "branch": "main", - "committer": { - "committed_at": 1738575599859, - "email": "bob@example.com", - "name": "Bob" - }, - "default_branch": "main", - "is_default_branch": false, - "repository_id": "123456789", - "repository_url": "https://github.com/example-org/my-app/", - "sha": "abcdef1234567890abcdef1234567890abcdef12" - }, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "remediation": { - "is_available": false - }, - "resource_id": "github.com/example-org/my-app/config/settings.py:42", - "resource_name": "settings.py", - "resource_type": "source_code_file", - "rule": { - "default_rule_id": "def-000-abc", - "id": "sct-001-aws", - "name": "AWS access key detected in source code", - "type": "credential_exposure", - "version": 3 - }, - "service": { - "name": "chatbot-api" - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Hardcoded AWS access key in configuration file", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Static Code Vulnerability" %}} - -```json -{ - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A cross-site scripting (XSS) vulnerability was found in the application's template rendering. User input is inserted into HTML output without proper escaping, allowing script injection.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "static_code_vulnerability", - "first_seen_at": 1738575592659, - "git": { - "author": { - "authored_at": 1738575599859, - "email": "alice@example.com", - "name": "Alice" - }, - "branch": "main", - "committer": { - "committed_at": 1738575599859, - "email": "bob@example.com", - "name": "Bob" - }, - "default_branch": "main", - "is_default_branch": false, - "repository_id": "123456789", - "repository_url": "https://github.com/example-org/my-app/", - "sha": "abcdef1234567890abcdef1234567890abcdef12" - }, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "remediation": { - "is_available": false - }, - "resource_id": "github.com/example-org/my-app/src/templates/profile.html:18", - "resource_name": "profile.html", - "resource_type": "source_code_file", - "rule": { - "default_rule_id": "def-000-abc", - "id": "sast-001-xss", - "name": "Reflected XSS via unescaped user input in template", - "type": "application_code_vulnerability", - "version": 3 - }, - "service": { - "name": "chatbot-api" - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Cross-site scripting in template rendering", - "vulnerability": { - "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - }, - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{% tab "Workload Activity" %}} - -```json -{ - "base_severity": "critical", - "container_image": { - "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", - "registries": [ - "123456789012.dkr.ecr.us-east-1.amazonaws.com" - ], - "repo_digests": [ - "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" - ] - }, - "description": "A container process executed a binary that was not part of the original container image. This unexpected process execution may indicate a compromised workload or unauthorized modification.", - "detection_changed_at": 1738575599859, - "exposure_time_seconds": 300, - "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", - "finding_type": "workload_activity", - "first_seen_at": 1738575592659, - "is_in_security_inbox": false, - "last_seen_at": 1738624280889, - "metadata": { - "schema_version": "2" - }, - "origin": [ - "agentless-scanner" - ], - "resource_id": "k8s-pod:default/my-app-7b9d5c8f4-x2k9m", - "resource_name": "my-app-7b9d5c8f4-x2k9m", - "resource_type": "kubernetes_pod", - "rule": { - "default_rule_id": "def-000-abc", - "id": "def-000-wka", - "name": "Process launched from unexpected path in container", - "type": "workload_security", - "version": 3 - }, - "severity": "critical", - "severity_details": { - "adjusted": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - }, - "base": { - "score": 9.8, - "value": "Critical", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" - } - }, - "status": "open", - "title": "Unexpected process execution in container", - "workflow": { - "auto_closed_at": 1738575600859, - "automations": { - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "rule_name": "mute misconfigs with free text query", - "rule_type": "mute" - }, - "due_date": { - "due_at": 1738575599859, - "is_overdue": false, - "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" - }, - "integrations": { - "cases": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "created_at": 1738575599859, - "created_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "jira_issue": { - "key": "PROJ-12345", - "status": "To Do", - "url": "https://your-org.atlassian.net/browse/PROJ-12345" - }, - "key": "CASE-42", - "status": "open", - "updated_at": 1738575599859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - }, - "mute": { - "description": "Free text", - "expire_at": 1738575599859, - "is_muted": false, - "is_muted_by_rule": false, - "muted_at": 1738575599859, - "muted_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - }, - "reason": "Resource deleted" - }, - "triage": { - "assignee": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice", - "updated_at": 1738575600859, - "updated_by": { - "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "name": "Alice" - } - } - } - }, - "tags": [ - "origin:agentless-scanner", - "source:vulnerability_management" - ] -} -``` - -{{% /tab %}} -{{< /tabs >}} +The direct URL for a finding in Datadog varies by finding type. Use `/security/finding/[finding_id]`, where `[finding_id]` is the root-level `finding_id` value, to open the finding in the appropriate explorer. Use this format when linking findings from AI agents or automations. ## Schema Reference The following sections describe all available attributes in the Security Findings schema, organized by namespace. -{{% collapse-content title="Core Attributes" level="h3" id="core-attributes" %}} - -These attributes are present on all security findings and describe the fundamental nature and status of the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
additional_resourcesarray (object)Path: @additional_resources
Additional resources. For example, an AWS EC2 instance can have security groups and Auto Scaling groups as additional resources.
base_severitystringPath: @base_severity
Base severity level of the finding before any adjustments. Valid values: critical, high, medium, low, info, none, unknown.
descriptionstringPath: @description
Human-readable explanation of the finding. May include Markdown formatting.
detection_changed_atintegerPath: @detection_changed_at
Timestamp in milliseconds (UTC) when the finding's evaluation or detection state last changed.
exposure_time_secondsintegerPath: @exposure_time_seconds
Indicates the time elapsed, in seconds, between when the finding was last closed and when it was first detected.
finding_idstringPath: @finding_id
Unique identifier of the finding.
finding_typestringPath: @finding_type
Category of the finding. Valid values: api_security, attack_path, runtime_code_vulnerability, static_code_vulnerability, host_and_container_vulnerability, iac_misconfiguration, identity_risk, library_vulnerability, misconfiguration, secret, workload_activity, sensitive_data.
first_seen_atintegerPath: @first_seen_at
Timestamp in milliseconds (UTC) when the finding was first detected.
is_in_security_inboxbooleanPath: @is_in_security_inbox
true if the finding appears in the Security Inbox; false otherwise.
last_detected_atintegerPath: @last_detected_at
Discovery timestamp in milliseconds (UTC) when the last detection was received by the finding platform.
last_seen_atintegerPath: @last_seen_at
Timestamp in milliseconds (UTC) when the finding was most recently detected.
originarray (string)Path: @origin
Detection origins that produced the finding, such as agentless scans, APM, SCA (Software Composition Analysis), or CI (Continuous Integration).
related_servicesarray (string)Path: @related_services
Services that are inferred from Source Code Integration (for example, for SAST findings).
resource_idstringPath: @resource_id
Unique identifier of the resource affected by the finding.
resource_namestringPath: @resource_name
Human-readable name of the resource affected by the finding.
resource_typestringPath: @resource_type
Type of the resource.
severitystringPath: @severity
Final severity level of the finding, after Datadog adjustments and any user-defined severity modifications. Valid values: critical, high, medium, low, info, none, unknown.
source_finding_raw_dataobjectPath: @source_finding_raw_data
Raw data from third-party integrations that generated the finding.
statusstringPath: @status
Workflow status of the finding. Valid values: open, muted, auto_closed, resolved, in-progress.
time_to_resolutionintegerPath: @time_to_resolution
Time in seconds between when the finding was first detected and when it was resolved.
titlestringPath: @title
Human-readable title for the finding.
- -### Additional Resources - -Additional resources. For example, an AWS EC2 instance can have security groups and Auto Scaling groups as additional resources. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
categorystringPath: @additional_resources.category
Category of the additional resource. Valid values: cloud_resource, k8s, host, service, git, iac_resource.
configurationobjectPath: @additional_resources.configuration
Configuration of the additional resource.
keystringPath: @additional_resources.key
Canonical Cloud Resource Identifier (CCRID) of the additional resource when the resource is cloud-backed (for example, when category is cloud_resource). This field may be omitted for non-cloud categories such as k8s, host, service, or git.
- -{{% /collapse-content %}} - -{{% collapse-content title="Advisory" level="h3" id="advisory" %}} - -Ties a vulnerability to a set of specific software versions. Vulnerability findings with advisories indicate that a vulnerable version of the software was detected (typically through SBOMs). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
aliasesarray (string)Path: @advisory.aliases
Additional identifiers referring to the same vulnerability, created by other entities.
cvestringPath: @advisory.cve
Primary globally recognized identifier for a security vulnerability, following the CVE-YYYY-NNNN format.
first_remediation_available_atintegerPath: @advisory.first_remediation_available_at
Timestamp in milliseconds (UTC) when the first remediation for the advisory became available.
idstringPath: @advisory.id
Internal identifier for the advisory.
modified_atintegerPath: @advisory.modified_at
Timestamp in milliseconds (UTC) when the advisory was last updated.
published_atintegerPath: @advisory.published_at
Timestamp in milliseconds (UTC) when the advisory was published.
summarystringPath: @advisory.summary
Short summary of the advisory.
typestringPath: @advisory.type
Type of the advisory. Valid values: component_with_known_vulnerability, unmaintained, end_of_life, dangerous_workflows, risky_license, malicious_package.
- -{{% /collapse-content %}} - -{{% collapse-content title="API Endpoint" level="h3" id="api-endpoint" %}} - -HTTP endpoint representation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
methodstringPath: @api_endpoint.method
Method of the endpoint (HTTP verb or gRPC method).
operation_namestringPath: @api_endpoint.operation_name
Name of the entry point into a service (for example, http.request, grpc.server).
pathstringPath: @api_endpoint.path
Relative templated path of the endpoint.
request_pathstringPath: @api_endpoint.request_path
Relative path of the endpoint.
resource_namestringPath: @api_endpoint.resource_name
Internal identification of the endpoint in the format <method> <path>.
- -{{% /collapse-content %}} - -{{% collapse-content title="Cloud Resource" level="h3" id="cloud-resource" %}} - -Attributes identifying the cloud resource affected by the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
accountstringPath: @cloud_resource.account
Cloud account that owns the cloud resource (for example, AWS account, Azure subscription, GCP project, OCI tenancy).
account_namestringPath: @cloud_resource.account_name
Human-readable name of the cloud account owning the resource.
categorystringPath: @cloud_resource.category
Category the resource type belongs to.
cloud_providerstringPath: @cloud_resource.cloud_provider
Cloud provider hosting the resource. Valid values: aws, azure, gcp, oci.
cloud_provider_urlstringPath: @cloud_resource.cloud_provider_url
Link to the resource in the cloud provider console.
configurationobjectPath: @cloud_resource.configuration
Configuration of the cloud resource, as returned by the cloud provider.
contextobjectPath: @cloud_resource.context
Context for the cloud resource.
display_namestringPath: @cloud_resource.display_name
Display name of the resource.
keystringPath: @cloud_resource.key
Canonical Cloud Resource Identifier (CCRID).
public_accessibility_pathsarray (string)Path: @cloud_resource.public_accessibility_paths
Network paths through which the resource is accessible from the public internet.
public_port_rangesarray (object)Path: @cloud_resource.public_port_ranges
Port ranges on the resource that are exposed to the public internet.
regionstringPath: @cloud_resource.region
Cloud region where the resource is located.
- -### Public Port Ranges - -Port ranges on the resource that are exposed to the public internet. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
from_portintegerPath: @cloud_resource.public_port_ranges.from_port
Starting port number of the exposed range.
to_portintegerPath: @cloud_resource.public_port_ranges.to_port
Ending port number of the exposed range.
- -{{% /collapse-content %}} - -{{% collapse-content title="Code Location" level="h3" id="code-location" %}} - -Attributes pinpointing the specific file and line numbers where the finding is located. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @code_location.column_end
Ending column position.
column_startintegerPath: @code_location.column_start
Starting column position.
filenamestringPath: @code_location.filename
Relative path to the file.
is_test_filebooleanPath: @code_location.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @code_location.line_end
Ending line number.
line_startintegerPath: @code_location.line_start
Starting line number.
symbolstringPath: @code_location.symbol
Symbol name at the code location.
urlstringPath: @code_location.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -{{% /collapse-content %}} - -{{% collapse-content title="Compliance" level="h3" id="compliance" %}} - -Information specific to compliance findings, such as compliance rule or evaluation (`pass`/`fail`). - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
agentobjectPath: @compliance.agent
Metadata about the compliance agent that produced the finding.
evaluationstringPath: @compliance.evaluation
Compliance evaluation result. Valid values: pass (resource is properly configured), fail (resource is misconfigured).
frameworksarray (object)Path: @compliance.frameworks
Compliance frameworks mapped to the finding.
- -### Agent - -Metadata about the compliance agent that produced the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
agent_framework_idstringPath: @compliance.agent.agent_framework_id
Identifier of the compliance framework used by the agent.
agent_rule_idstringPath: @compliance.agent.agent_rule_id
Identifier of the agent rule that triggered the finding.
agent_versionstringPath: @compliance.agent.agent_version
Version of the compliance agent that produced the finding.
dataobjectPath: @compliance.agent.data
Additional data produced by the compliance agent evaluation.
evaluatorstringPath: @compliance.agent.evaluator
Name of the evaluator that assessed the compliance finding.
- -### Frameworks - -Compliance frameworks mapped to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
controlstringPath: @compliance.frameworks.control
Identifier of the control within the compliance framework.
frameworkstringPath: @compliance.frameworks.framework
Identifier of the compliance framework (e.g., cis, pci-dss).
is_defaultbooleanPath: @compliance.frameworks.is_default
true if this is the default framework mapping for the finding, false otherwise.
requirementstringPath: @compliance.frameworks.requirement
Identifier of the requirement within the control.
versionstringPath: @compliance.frameworks.version
Version of the compliance framework.
- -{{% /collapse-content %}} - -{{% collapse-content title="Container Image" level="h3" id="container-image" %}} - -Container image where the finding was detected, including registry, repository, and digest information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
architecturesarray (string)Path: @container_image.architectures
Architectures associated with the container image.
base_imageobjectPath: @container_image.base_image
Base image this container image is built on. A base image is itself a container image and may have its own base_image. Absent when no base image is identified.
git_repository_urlstringPath: @container_image.git_repository_url
URL of the Git repository for the code used to build the container image. Available only when Source Code Integration is configured.
image_layer_diff_idsarray (string)Path: @container_image.image_layer_diff_ids
Diff IDs of the image layers, in the order they were applied. Each diff ID is the SHA256 of the uncompressed layer contents.
image_layer_digestsarray (string)Path: @container_image.image_layer_digests
Digests of the image layers, in the order they were applied. Each digest is the SHA256 of the compressed layer blob.
namestringPath: @container_image.name
Full name of the container image.
osesarray (object)Path: @container_image.oses
Operating systems associated with the container image.
registriesarray (string)Path: @container_image.registries
Container registry where the image is stored or was pulled from.
repo_digestsarray (string)Path: @container_image.repo_digests
Repository digests of the container image where the finding was detected.
repositorystringPath: @container_image.repository
Repository of the container image.
tagsarray (string)Path: @container_image.tags
Tag part of the container image name (for example, latest or 1.2.3).
versionsarray (string)Path: @container_image.versions
Versions of the container image where the finding was detected.
- -### Operating Systems - -Operating systems associated with the container image. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
namestringPath: @container_image.oses.name
Operating system name.
versionstringPath: @container_image.oses.version
Operating system version.
- -{{% /collapse-content %}} - -{{% collapse-content title="Detection Tool" level="h3" id="detection-tool" %}} - -Information about the tool or engine responsible for detecting the finding. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
namestringPath: @detection_tool.name
Name of the detection tool or engine that generated the finding.
versionstringPath: @detection_tool.version
Version of the detection tool or engine that generated the finding.
- -{{% /collapse-content %}} - -{{% collapse-content title="Git" level="h3" id="git" %}} - -Git metadata linking a finding to source code context. Includes information about the repository, branch, commit, author, and committer. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
authorobjectPath: @git.author
Contains details about the original author of the commit, including name, email, and authoring timestamp. Remains unchanged when the commit is rebased, cherry-picked, or re-applied.
branchstringPath: @git.branch
Name of the Git branch related to the finding.
codeownersarray (string)Path: @git.codeowners
Code owner teams extracted from the SCM (Source Control Management) provider's CODEOWNERS file on platforms like GitHub.
committerobjectPath: @git.committer
Contains details about the person who last applied the commit to the repository, including name, email, and commit timestamp. May differ from the author when the commit is rebased, amended, or applied with git am.
default_branchstringPath: @git.default_branch
Default branch defined for the Git repository.
is_default_branchbooleanPath: @git.is_default_branch
true if the current branch is the default branch for the repository; false otherwise.
repository_idstringPath: @git.repository_id
Normalized identifier of the Git repository.
repository_urlstringPath: @git.repository_url
Git repository URL related to the finding.
repository_visibilitystringPath: @git.repository_visibility
Visibility of the repository. Valid values: public, private, not_detected.
shastringPath: @git.sha
Git commit identifier (SHA).
- -### Author - -Contains details about the original author of the commit, including name, email, and authoring timestamp. Remains unchanged when the commit is rebased, cherry-picked, or re-applied. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
authored_atintegerPath: @git.author.authored_at
Timestamp in milliseconds (UTC) when the original changes were made.
emailstringPath: @git.author.email
Email address of the commit author.
namestringPath: @git.author.name
Name of the commit author.
- -### Committer - -Contains details about the person who last applied the commit to the repository, including name, email, and commit timestamp. May differ from the author when the commit is rebased, amended, or applied with `git am`. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
committed_atintegerPath: @git.committer.committed_at
Timestamp in milliseconds (UTC) when the changes were last significantly modified (for example, during a rebase or amend operation).
emailstringPath: @git.committer.email
Email address of the committer.
namestringPath: @git.committer.name
Name of the committer.
- -{{% /collapse-content %}} - -{{% collapse-content title="Host" level="h3" id="host" %}} - -Information about the host machine where the finding was detected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
architecturesarray (string)Path: @host.architectures
Architectures associated with the host.
cloud_providerstringPath: @host.cloud_provider
Cloud provider the host belongs to.
imagestringPath: @host.image
Name of the host image used to build the host (for example, ami-1234).
keystringPath: @host.key
Canonical Cloud Resource Identifier (CCRID).
namestringPath: @host.name
Host name.
osobjectPath: @host.os
Attributes of the operating system running on the host.
- -### Operating System - -Attributes of the operating system running on the host. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
namestringPath: @host.os.name
Operating system name.
versionstringPath: @host.os.version
Operating system version.
- -{{% /collapse-content %}} - -{{% collapse-content title="IaC Resource" level="h3" id="iac-resource" %}} - -Attributes identifying the Infrastructure as Code (IaC) resource related to the finding. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
platformstringPath: @iac_resource.platform
IaC (Infrastructure as Code) platform the vulnerability was found on (for example, terraform, kubernetes).
providerstringPath: @iac_resource.provider
IaC (Infrastructure as Code) provider where the resource is defined (for example, aws, gcp, azure).
- -{{% /collapse-content %}} - -{{% collapse-content title="Kubernetes" level="h3" id="k8s" %}} - -Kubernetes information for findings generated against Kubernetes resources. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
cluster_idstringPath: @k8s.cluster_id
Kubernetes cluster identifier.
- -{{% /collapse-content %}} - -{{% collapse-content title="Metadata" level="h3" id="metadata" %}} - -Additional metadata about the finding, such as schema version or source context. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
schema_versionstringPath: @metadata.schema_version
Indicates the findings schema version used for the finding.
- -{{% /collapse-content %}} - -{{% collapse-content title="Package" level="h3" id="package" %}} - -Package manager information. A package manager automates the installation, upgrading, configuration, and removal of software packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
additional_namesarray (string)Path: @package.additional_names
Additional affected package names, if the cloud vulnerability impacted multiple packages derived from the same source package.
declarationobjectPath: @package.declaration
Code locations of the package definition.
dependency_location_textstringPath: @package.dependency_location_text
Text representation of the dependency location, such as the file path where the vulnerable package is declared.
dependency_typestringPath: @package.dependency_type
Whether the package is a direct dependency, transitive dependency, or not supported if the information cannot be retrieved.
has_suidbooleanPath: @package.has_suid
true if the package has the SUID bit set; false otherwise.
is_runningbooleanPath: @package.is_running
true if the package is currently running; false otherwise.
is_running_as_rootbooleanPath: @package.is_running_as_root
true if the package is currently running as root; false otherwise.
loading_typestringPath: @package.loading_type
Whether the component is always loaded and running (hot), running infrequently (cold), or loaded on demand (lazy).
managerstringPath: @package.manager
Package management ecosystem or source registry the vulnerable component originates from.
namestringPath: @package.name
Name of the package or library where the vulnerability was identified.
normalized_namestringPath: @package.normalized_name
Normalized name according to the ecosystem of the package or library where the vulnerability was identified.
root_parentsarray (object)Path: @package.root_parents
List of dependencies for which the package is a transitive dependency.
scopestringPath: @package.scope
Intended usage scope of the package (production or development).
versionstringPath: @package.version
Version of the package or library where the vulnerability was identified.
- -### Declaration - -Code locations of the package definition. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
blockobjectPath: @package.declaration.block
Location of the code that declares the whole dependency declaration.
nameobjectPath: @package.declaration.name
Location of the code that declares the dependency name.
versionobjectPath: @package.declaration.version
Version declared for the root parent.
- -### Block - -Location of the code that declares the whole dependency declaration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.block.column_end
Ending column position.
column_startintegerPath: @package.declaration.block.column_start
Starting column position.
filenamestringPath: @package.declaration.block.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.block.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.block.line_end
Ending line number.
line_startintegerPath: @package.declaration.block.line_start
Starting line number.
symbolstringPath: @package.declaration.block.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.block.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -### Name - -Location of the code that declares the dependency name. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.name.column_end
Ending column position.
column_startintegerPath: @package.declaration.name.column_start
Starting column position.
filenamestringPath: @package.declaration.name.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.name.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.name.line_end
Ending line number.
line_startintegerPath: @package.declaration.name.line_start
Starting line number.
symbolstringPath: @package.declaration.name.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.name.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -### Version - -Version declared for the root parent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.version.column_end
Ending column position.
column_startintegerPath: @package.declaration.version.column_start
Starting column position.
filenamestringPath: @package.declaration.version.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.version.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.version.line_end
Ending line number.
line_startintegerPath: @package.declaration.version.line_start
Starting line number.
symbolstringPath: @package.declaration.version.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.version.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -### Root Parents - -List of dependencies for which the package is a transitive dependency. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
declarationobjectPath: @package.root_parents.declaration
Location of the code that declares the version of a root parent.
languagestringPath: @package.root_parents.language
Dependency language for which the package is a transitive dependency.
namestringPath: @package.root_parents.name
Dependency name for which the package is a transitive dependency.
versionstringPath: @package.root_parents.version
Dependency version for which the package is a transitive dependency.
- -### Declaration - -Location of the code that declares the version of a root parent. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
blockobjectPath: @package.root_parents.declaration.block
Location of the code that declares the whole dependency declaration.
nameobjectPath: @package.root_parents.declaration.name
Location of the code that declares the dependency name.
versionobjectPath: @package.root_parents.declaration.version
Version declared for the root parent.
- -### Block - -Location of the code that declares the whole dependency declaration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.block.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.block.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.block.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.block.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.block.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.block.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.block.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.block.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -### Name - -Location of the code that declares the dependency name. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.name.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.name.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.name.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.name.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.name.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.name.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.name.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.name.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -### Version - -Version declared for the root parent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.version.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.version.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.version.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.version.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.version.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.version.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.version.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.version.url
URL to view the file online (for example, in GitHub), highlighting the code location.
- -{{% /collapse-content %}} - -{{% collapse-content title="Remediation" level="h3" id="remediation" %}} - -Information about the finding's remediation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
code_updateobjectPath: @remediation.code_update
Code changes to apply to remediate the finding.
codegenobjectPath: @remediation.codegen
Finding status for the code generation platform.
container_imageobjectPath: @remediation.container_image
Newer container image version that may remediate the vulnerability.
descriptionstringPath: @remediation.description
Description of the remediation.
host_imageobjectPath: @remediation.host_image
Latest host image version that may remediate the vulnerability.
is_availablebooleanPath: @remediation.is_available
true if a remediation is currently available for the finding; false otherwise.
microsoft_kbobjectPath: @remediation.microsoft_kb
Remediation strategy using a Microsoft Knowledge Base (KB) article.
packageobjectPath: @remediation.package
Remediation package information.
recommendedobjectPath: @remediation.recommended
Recommended remediation details.
recommended_typestringPath: @remediation.recommended_type
Recommended remediation type for the finding.
root_packageobjectPath: @remediation.root_package
Remediation root package information.
- -### Code Update - -Code changes to apply to remediate the finding. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
editsarray (object)Path: @remediation.code_update.edits
Code changes required to remediate the finding.
- -### Edits - -Code changes required to remediate the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
column_endintegerPath: @remediation.code_update.edits.column_end
Ending column position of the code change.
column_startintegerPath: @remediation.code_update.edits.column_start
Starting column position of the code change.
contentstringPath: @remediation.code_update.edits.content
Contents of the code change.
line_endintegerPath: @remediation.code_update.edits.line_end
Ending line number of the code change.
line_startintegerPath: @remediation.code_update.edits.line_start
Starting line number of the code change.
typestringPath: @remediation.code_update.edits.type
Nature of the code change.
- -### Codegen - -Finding status for the code generation platform. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @remediation.codegen.id
Identifier used to track the remediation in the code generation backend.
statusstringPath: @remediation.codegen.status
Status of the automated fix generation. Valid values: generated, not_available_non_default_branch, not_available_unsupported_tool, not_available_unsupported_rule, not_available_disabled, not_available_git_provider_not_supported, not_available_confidence_too_low, error, not_available_has_deterministic_fixes, not_available_unknown_reason, not_available_org_not_onboarded, not_available_repository_disabled, not_available_unsupported_resource_type, not_available_unsupported_ecosystem, not_available_severity_too_low, not_available_transitive_library, not_available_no_remediation, not_available_unsupported_vulnerability_type.
- -### Container Image - -Newer container image version that may remediate the vulnerability. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
closest_no_vulnerabilitiesobjectPath: @remediation.container_image.closest_no_vulnerabilities
Closest container image version with no vulnerabilities.
- -### Closest No Vulnerabilities - -Closest container image version with no vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
image_urlstringPath: @remediation.container_image.closest_no_vulnerabilities.image_url
URL of the container image that may remediate the vulnerability.
layer_digestsarray (string)Path: @remediation.container_image.closest_no_vulnerabilities.layer_digests
Layer digests of the currently vulnerable container image that needs to be upgraded.
namestringPath: @remediation.container_image.closest_no_vulnerabilities.name
Name of the container image that may remediate the vulnerability.
tagstringPath: @remediation.container_image.closest_no_vulnerabilities.tag
Tag of the container image that may remediate the vulnerability.
- -### Host Image - -Latest host image version that may remediate the vulnerability. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
latest_majorobjectPath: @remediation.host_image.latest_major
Information about the latest Amazon Machine Image (AMI) that may remediate the vulnerability.
- -### Latest Major - -Information about the latest Amazon Machine Image (AMI) that may remediate the vulnerability. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
namestringPath: @remediation.host_image.latest_major.name
Name of the latest Amazon Machine Image (for example, ami-12345678) that may remediate the vulnerability.
- -### Microsoft KB - -Remediation strategy using a Microsoft Knowledge Base (KB) article. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
closest_fix_advisoryobjectPath: @remediation.microsoft_kb.closest_fix_advisory
The closest patch available to address the current advisory.
- -### Closest Fix Advisory - -The closest patch available to address the current advisory. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
articlestringPath: @remediation.microsoft_kb.closest_fix_advisory.article
Article name for the closest patch.
- -### Package - -Remediation package information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
basearray (object)Path: @remediation.package.base
Current package version that the finding was detected on, before any remediation is applied.
closest_no_criticalarray (object)Path: @remediation.package.closest_no_critical
Closest package version with no critical vulnerabilities (based on base score).
closest_no_vulnerabilitiesarray (object)Path: @remediation.package.closest_no_vulnerabilities
Closest package version with no vulnerabilities.
latest_no_criticalarray (object)Path: @remediation.package.latest_no_critical
The latest remediation package version with no critical vulnerabilities (based on base score).
latest_no_vulnerabilitiesarray (object)Path: @remediation.package.latest_no_vulnerabilities
Latest package version with no vulnerabilities.
- -### Base - -Current package version that the finding was detected on, before any remediation is applied. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.base.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.base.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.base.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.base.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.base.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.base.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.base.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.base.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.remaining_advisories.id
Identifier of the advisory.
- -### Closest No Critical - -Closest package version with no critical vulnerabilities (based on base score). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.closest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.closest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.closest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.closest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.closest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.closest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.closest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.closest_no_critical.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.remaining_advisories.id
Identifier of the advisory.
- -### Closest No Vulnerabilities - -Closest package version with no vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.closest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.closest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.closest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.closest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.closest_no_vulnerabilities.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
- -### Latest No Critical - -The latest remediation package version with no critical vulnerabilities (based on base score). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.latest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.latest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.latest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.latest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.latest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.latest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.latest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.latest_no_critical.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.remaining_advisories.id
Identifier of the advisory.
- -### Latest No Vulnerabilities - -Latest package version with no vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.latest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.latest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.latest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.latest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.latest_no_vulnerabilities.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
- -### Root Package - -Remediation root package information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
basearray (object)Path: @remediation.root_package.base
Current package version that the finding was detected on, before any remediation is applied.
closest_no_criticalarray (object)Path: @remediation.root_package.closest_no_critical
Closest package version with no critical vulnerabilities (based on base score).
closest_no_vulnerabilitiesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities
Closest package version with no vulnerabilities.
latest_no_criticalarray (object)Path: @remediation.root_package.latest_no_critical
The latest remediation package version with no critical vulnerabilities (based on base score).
latest_no_vulnerabilitiesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities
Latest package version with no vulnerabilities.
- -### Base - -Current package version that the finding was detected on, before any remediation is applied. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.base.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.base.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.base.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.base.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.base.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.base.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.base.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.base.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.remaining_advisories.id
Identifier of the advisory.
- -### Closest No Critical - -Closest package version with no critical vulnerabilities (based on base score). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.closest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.closest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.closest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.closest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.closest_no_critical.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.remaining_advisories.id
Identifier of the advisory.
- -### Closest No Vulnerabilities - -Closest package version with no vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.closest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.closest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.closest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.closest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.closest_no_vulnerabilities.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
- -### Latest No Critical - -The latest remediation package version with no critical vulnerabilities (based on base score). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.latest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.latest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.latest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.latest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.latest_no_critical.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.remaining_advisories.id
Identifier of the advisory.
- -### Latest No Vulnerabilities - -Latest package version with no vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.latest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.latest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.latest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.latest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.latest_no_vulnerabilities.version
Recommended package version that fixes the finding.
- -### Fixed Advisories - -Advisories that the remediation will fix. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
- -### New Advisories - -Advisories that will appear if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
- -### Remaining Advisories - -Advisories that will remain unfixed if the remediation is applied. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
- -{{% /collapse-content %}} - -{{% collapse-content title="Risk" level="h3" id="risk" %}} - -Risk-related attributes for the finding. Each key must have a matching key in the `risk_details` namespace. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
has_exploit_availablebooleanPath: @risk.has_exploit_available
true if known exploits exist for the finding; false otherwise.
has_high_exploitability_chancebooleanPath: @risk.has_high_exploitability_chance
true if the EPSS (Exploit Prediction Scoring System) score is above 1%; false otherwise.
has_privileged_accessbooleanPath: @risk.has_privileged_access
true if the finding's resource is running with elevated privileges or has the ability to assume a privileged role; false otherwise.
has_sensitive_databooleanPath: @risk.has_sensitive_data
true if the finding has access to a resource that contains sensitive data; false otherwise.
is_authenticatedbooleanPath: @risk.is_authenticated
true if the API endpoint requires authentication to access; false if the endpoint does not require authentication. Omitted if authentication status is unknown.
is_crown_jewelbooleanPath: @risk.is_crown_jewel
true if the affected resource is critical to your business; false otherwise.
is_emergingbooleanPath: @risk.is_emerging
true if the vulnerability is linked to an advisory classified as an emerging vulnerability; false otherwise.
is_exposed_to_attacksbooleanPath: @risk.is_exposed_to_attacks
true if attacks have already been detected on the resource; false otherwise.
is_function_reachablebooleanPath: @risk.is_function_reachable
true if the vulnerable function can be executed; false otherwise.
is_image_runningbooleanPath: @risk.is_image_running
true if the image of the finding's resource has running containers or hosts; false otherwise.
is_kernel_runningbooleanPath: @risk.is_kernel_running
true if the vulnerability affects the kernel currently running on the host; false otherwise.
is_package_runningbooleanPath: @risk.is_package_running
true if the package of the finding's resource is running; false otherwise.
is_productionbooleanPath: @risk.is_production
true if the finding's resource is running in production; false otherwise.
is_publicly_accessiblebooleanPath: @risk.is_publicly_accessible
true if the finding's resource is publicly accessible; false otherwise.
is_tainted_from_databasebooleanPath: @risk.is_tainted_from_database
true if the string is tainted due to originating from an untrusted database source; false otherwise.
is_tainted_from_query_stringbooleanPath: @risk.is_tainted_from_query_string
true if the string is tainted with elements derived from an HTTP query string; false otherwise.
is_tainted_from_request_urlbooleanPath: @risk.is_tainted_from_request_url
true if the final URL contains tainted parts originating from the request URL; false otherwise.
is_using_sha1booleanPath: @risk.is_using_sha1
true if SHA1 is used in a weak hash; false otherwise.
- -{{% /collapse-content %}} - -{{% collapse-content title="Risk Details" level="h3" id="risk-details" %}} - -Contextual risk factors that help assess the potential impact of a finding. These fields describe characteristics like exposure, sensitivity, and signs of active exploitation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
has_exploit_availableobjectPath: @risk_details.has_exploit_available
Information about whether a known exploit exists for the finding advisory.
has_high_exploitability_chanceobjectPath: @risk_details.has_high_exploitability_chance
Evidence and indicators about whether the vulnerability is likely to be exploited based on EPSS (Exploit Prediction Scoring System).
has_privileged_accessobjectPath: @risk_details.has_privileged_access
Evidence and indicators about whether the resource has privileged access.
has_sensitive_dataobjectPath: @risk_details.has_sensitive_data
Evidence and indicators about whether the affected resource has sensitive data.
is_authenticatedobjectPath: @risk_details.is_authenticated
Evidence and indicators about whether the API endpoint requires authentication.
is_crown_jewelobjectPath: @risk_details.is_crown_jewel
Evidence and indicators about whether the affected resource is critical.
is_emergingobjectPath: @risk_details.is_emerging
Evidence and indicators about whether the vulnerability is classified as an emerging vulnerability.
is_exposed_to_attacksobjectPath: @risk_details.is_exposed_to_attacks
Evidence and indicators about whether the service where the finding was detected is exposed to attacks.
is_function_reachableobjectPath: @risk_details.is_function_reachable
Evidence and indicators about whether the vulnerable function or module is used in the code.
is_image_runningobjectPath: @risk_details.is_image_running
Evidence and indicators about whether the affected image has running containers or hosts.
is_kernel_runningobjectPath: @risk_details.is_kernel_running
Evidence and indicators about whether the vulnerability affects the kernel currently running on the host.
is_package_runningobjectPath: @risk_details.is_package_running
Evidence and indicators about whether the affected package is running.
is_productionobjectPath: @risk_details.is_production
Evidence and indicators about whether the resource associated with the finding is running in a production environment.
is_publicly_accessibleobjectPath: @risk_details.is_publicly_accessible
Information about whether the affected resource is accessible from the public internet.
is_tainted_from_databaseobjectPath: @risk_details.is_tainted_from_database
Information about whether tainted parts originate from a database.
is_tainted_from_query_stringobjectPath: @risk_details.is_tainted_from_query_string
Information about whether the tainted parts originated from a query string.
is_tainted_from_request_urlobjectPath: @risk_details.is_tainted_from_request_url
Information about whether the tainted parts originate from the request URL.
is_using_sha1objectPath: @risk_details.is_using_sha1
Information about whether SHA1 is used in a weak hash.
- -### Has Exploit Available - -Information about whether a known exploit exists for the finding advisory. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_exploit_available.evidence
Evidence of exploit availability.
impact_cvssstringPath: @risk_details.has_exploit_available.impact_cvss
How the availability of known exploits changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_exploit_available.value
true if known exploits exist for the finding; false otherwise.
- -### Evidence - -Evidence of exploit availability. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
exploit_sourcesarray (string)Path: @risk_details.has_exploit_available.evidence.exploit_sources
Exploit sources associated with the finding (for example, NIST, CISA, Exploit-DB).
exploit_urlsarray (string)Path: @risk_details.has_exploit_available.evidence.exploit_urls
Exploit URLs associated with the finding.
typestringPath: @risk_details.has_exploit_available.evidence.type
Type of exploit availability evidence. Valid values: production_ready, poc, unavailable.
- -### Has High Exploitability Chance - -Evidence and indicators about whether the vulnerability is likely to be exploited based on EPSS (Exploit Prediction Scoring System). - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_high_exploitability_chance.evidence
Evidence for the EPSS score.
impact_cvssstringPath: @risk_details.has_high_exploitability_chance.impact_cvss
How high exploitability chance affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_high_exploitability_chance.value
true if the EPSS score is above 1%; false otherwise.
- -### Evidence - -Evidence for the EPSS score. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
epss_scorenumberPath: @risk_details.has_high_exploitability_chance.evidence.epss_score
EPSS score as a percentage representing the chance of exploitation.
epss_severitystringPath: @risk_details.has_high_exploitability_chance.evidence.epss_severity
EPSS score severity level. Valid values: Critical, High, Medium, Low.
thresholdnumberPath: @risk_details.has_high_exploitability_chance.evidence.threshold
Minimum EPSS score required for a vulnerability to be considered as having a high exploitability chance.
- -### Has Privileged Access - -Evidence and indicators about whether the resource has privileged access. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_privileged_access.evidence
Evidence showing proof of privileged access.
impact_cvssstringPath: @risk_details.has_privileged_access.impact_cvss
How privileged access changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_privileged_access.value
true if the resource associated with the finding has privileged access; false otherwise.
- -### Evidence - -Evidence showing proof of privileged access. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
resource_keystringPath: @risk_details.has_privileged_access.evidence.resource_key
Canonical Cloud Resource Identifier with proof of privileged access.
- -### Has Sensitive Data - -Evidence and indicators about whether the affected resource has sensitive data. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_sensitive_data.evidence
Evidence supporting the presence of sensitive data.
impact_cvssstringPath: @risk_details.has_sensitive_data.impact_cvss
How sensitive data presence changes the CVSS score. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_sensitive_data.value
Same as risk.has_sensitive_data.
- -### Evidence - -Evidence supporting the presence of sensitive data. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
sds_idstringPath: @risk_details.has_sensitive_data.evidence.sds_id
Identifier of a sensitive data entry that Datadog Sensitive Data Scanner detected.
- -### Is Authenticated - -Evidence and indicators about whether the API endpoint requires authentication. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
valuebooleanPath: @risk_details.is_authenticated.value
Same as risk.is_authenticated.
- -### Is Crown Jewel - -Evidence and indicators about whether the affected resource is critical. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_crown_jewel.evidence
Evidence used to identify the resource as being critical.
impact_cvssstringPath: @risk_details.is_crown_jewel.impact_cvss
How resource criticality changes the CVSS score. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_crown_jewel.value
true if the resource is critical to your business; false otherwise.
- -### Evidence - -Evidence used to identify the resource as being critical. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
explanationstringPath: @risk_details.is_crown_jewel.evidence.explanation
Explanation detailing why the resource or related resource is identified as critical.
related_resource_namestringPath: @risk_details.is_crown_jewel.evidence.related_resource_name
Name of a long-lived critical asset, such as a critical service, that justifies why the affected resource is considered critical.
sensitive_dataarray (string)Path: @risk_details.is_crown_jewel.evidence.sensitive_data
Sensitive data types detected on the resource that contribute to its classification as a critical asset (for example, visa_credit_card).
- -### Is Emerging - -Evidence and indicators about whether the vulnerability is classified as an emerging vulnerability. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_emerging.impact_cvss
How emerging vulnerability status affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_emerging.value
Same as risk.is_emerging.
- -### Is Exposed To Attacks - -Evidence and indicators about whether the service where the finding was detected is exposed to attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_exposed_to_attacks.evidence
Evidence for the presence of attacks.
impact_cvssstringPath: @risk_details.is_exposed_to_attacks.impact_cvss
How the resource's exposure affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_exposed_to_attacks.value
Same as risk.is_exposed_to_attacks.
- -### Evidence - -Evidence for the presence of attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
attacks_detailsobjectPath: @risk_details.is_exposed_to_attacks.evidence.attacks_details
Details about one of the detected attacks.
trace_exampleobjectPath: @risk_details.is_exposed_to_attacks.evidence.trace_example
Example of a trace with attacks detected on the finding's resource.
trace_querystringPath: @risk_details.is_exposed_to_attacks.evidence.trace_query
Query used to find traces with attacks related to the finding's resource.
- -### Is Function Reachable - -Evidence and indicators about whether the vulnerable function or module is used in the code. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_function_reachable.evidence
Evidence used to determine whether the function is reachable.
impact_cvssstringPath: @risk_details.is_function_reachable.impact_cvss
How function reachability changes the CVSS risk assessment. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_function_reachable.value
true if the function is reachable; false otherwise.
- -### Evidence - -Evidence used to determine whether the function is reachable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
is_supportedbooleanPath: @risk_details.is_function_reachable.evidence.is_supported
true if reachability analysis is supported for this finding, false otherwise.
locationsarray (object)Path: @risk_details.is_function_reachable.evidence.locations
Array of code locations where the function is called.
not_supported_reasonstringPath: @risk_details.is_function_reachable.evidence.not_supported_reason
Reason why reachability analysis is not supported for this finding. Valid values: language_not_supported, vulnerable_symbol_not_available.
unreachable_atintegerPath: @risk_details.is_function_reachable.evidence.unreachable_at
Timestamp in milliseconds (UTC) at which the finding transitions to an unreachable state if the vulnerable function is not called.
- -### Locations - -Array of code locations where the function is called. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
filenamestringPath: @risk_details.is_function_reachable.evidence.locations.filename
Relative path to the file.
last_detected_atintegerPath: @risk_details.is_function_reachable.evidence.locations.last_detected_at
Timestamp in milliseconds (UTC) of the most recent detection of this function at the code location.
line_startintegerPath: @risk_details.is_function_reachable.evidence.locations.line_start
Starting line number.
symbolstringPath: @risk_details.is_function_reachable.evidence.locations.symbol
Symbol name at the code location.
- -### Is Image Running - -Evidence and indicators about whether the affected image has running containers or hosts. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_image_running.evidence
Evidence showing proof of running containers or hosts.
impact_cvssstringPath: @risk_details.is_image_running.impact_cvss
How running containers or hosts affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_image_running.value
true if the image of the finding's resource has running containers or hosts; false otherwise.
- -### Evidence - -Evidence showing proof of running containers or hosts. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
detected_atintegerPath: @risk_details.is_image_running.evidence.detected_at
Timestamp when the running containers or hosts were detected.
- -### Is Kernel Running - -Evidence and indicators about whether the vulnerability affects the kernel currently running on the host. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_kernel_running.evidence
Evidence showing proof that the vulnerability affects the running kernel.
valuebooleanPath: @risk_details.is_kernel_running.value
true if the vulnerability affects the kernel currently running on the host; false otherwise.
- -### Evidence - -Evidence showing proof that the vulnerability affects the running kernel. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
kernel_versionstringPath: @risk_details.is_kernel_running.evidence.kernel_version
Version of the kernel currently running on the host.
- -### Is Package Running - -Evidence and indicators about whether the affected package is running. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_package_running.impact_cvss
How a running package affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_package_running.value
true if the package of the finding's resource is running; false otherwise.
- -### Is Production - -Evidence and indicators about whether the resource associated with the finding is running in a production environment. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_production.evidence
The env tag value that determines whether the resource is in production.
impact_cvssstringPath: @risk_details.is_production.impact_cvss
How production environment status affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_production.value
Same as risk.is_production.
- -### Is Publicly Accessible - -Information about whether the affected resource is accessible from the public internet. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_publicly_accessible.evidence
Evidence showing proof of access from the internet.
impact_cvssstringPath: @risk_details.is_publicly_accessible.impact_cvss
How public accessibility affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_publicly_accessible.value
Same as risk.is_publicly_accessible.
- -### Evidence - -Evidence showing proof of access from the internet. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
resource_keystringPath: @risk_details.is_publicly_accessible.evidence.resource_key
Canonical Cloud Resource Identifier of the resource accessible from the internet.
- -### Is Tainted From Database - -Information about whether tainted parts originate from a database. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_database.impact_cvss
How database tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_database.value
true if the string is tainted due to originating from an untrusted database source; false otherwise.
- -### Is Tainted From Query String - -Information about whether the tainted parts originated from a query string. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_query_string.impact_cvss
How query string tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_query_string.value
true if the string contains elements derived from an HTTP query string; false otherwise.
- -### Is Tainted From Request Url - -Information about whether the tainted parts originate from the request URL. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_request_url.impact_cvss
How request URL tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_request_url.value
true if the final URL contains tainted parts originating from the request URL; false otherwise.
- -### Is Using SHA1 - -Information about whether SHA1 is used in a weak hash. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_using_sha1.impact_cvss
How SHA1 usage changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_using_sha1.value
true if SHA1 is used in a weak hash; false otherwise.
- -{{% /collapse-content %}} - -{{% collapse-content title="Rule" level="h3" id="rule" %}} - -How to discover a vulnerability. Vulnerability findings with rules indicate the vulnerability was detected in source code or running code. Rules are also used for non-vulnerability findings such as misconfigurations or API security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
default_rule_idstringPath: @rule.default_rule_id
Default rule identifier of the rule. Empty if it's a custom rule.
idstringPath: @rule.id
Identifier of the rule that generated the finding.
namestringPath: @rule.name
Name of the rule that generated the finding.
typestringPath: @rule.type
Type of the rule that generated the finding.
versionintegerPath: @rule.version
Version of the rule that generated the finding.
- -{{% /collapse-content %}} - -{{% collapse-content title="Runtime Context" level="h3" id="runtime-context" %}} - -Groups attributes related to runtime context. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
database_monitoringobjectPath: @runtime_context.database_monitoring
Contains database monitoring context associated with the finding.
span_idstringPath: @runtime_context.span_id
Span identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
stacktrace_idstringPath: @runtime_context.stacktrace_id
Stack trace identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
trace_idstringPath: @runtime_context.trace_id
Trace identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
vulnerable_servicesarray (object)Path: @runtime_context.vulnerable_services
Lists running service versions affected by the finding, each identified by deployment environment, version, and Git commit SHA.
- -### Database Monitoring - -Contains database monitoring context associated with the finding. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
database_instancesarray (string)Path: @runtime_context.database_monitoring.database_instances
Identifiers for the database instances affected by the finding.
query_signaturestringPath: @runtime_context.database_monitoring.query_signature
Hash of the normalized SQL query associated with the finding.
- -### Vulnerable Services - -Lists running service versions affected by the finding, each identified by deployment environment, version, and Git commit SHA. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
commit_shastringPath: @runtime_context.vulnerable_services.commit_sha
Contains the Git commit SHA of the vulnerable service.
envstringPath: @runtime_context.vulnerable_services.env
Indicates the deployment environment of the vulnerable service (for example, prod, staging).
service_namestringPath: @runtime_context.vulnerable_services.service_name
Contains the name of the vulnerable service.
versionstringPath: @runtime_context.vulnerable_services.version
Contains the version identifier of the vulnerable service.
- -{{% /collapse-content %}} - -{{% collapse-content title="Secret" level="h3" id="secret" %}} - -Information specific to secret findings, such as the secret's validation status. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
validation_statusstringPath: @secret.validation_status
Result of attempting to validate if the secret is active.
- -{{% /collapse-content %}} - -{{% collapse-content title="Sensitive Data" level="h3" id="sensitive-data" %}} - -Attributes specific to Sensitive Data Scanner (SDS) findings. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
match_action_typestringPath: @sensitive_data.match_action_type
Indicates the match action configured on the Sensitive Data Scanner rule, such as redact or hash.
- -{{% /collapse-content %}} - -{{% collapse-content title="Service" level="h3" id="service" %}} - -Information about the service where the finding was detected, including its name and source code metadata. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
git_commit_shastringPath: @service.git_commit_sha
Git commit SHA of the latest commit where the finding was detected for the service. Available only when Source Code Integration is configured.
git_repository_urlstringPath: @service.git_repository_url
URL of the Git repository for the service associated with the finding. Available only when Source Code Integration is configured.
namestringPath: @service.name
Name of the service where the finding was detected.
- -{{% /collapse-content %}} - -{{% collapse-content title="Severity Details" level="h3" id="severity-details" %}} - -Detailed severity information for the finding, including base and adjusted severity. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
adjustedobjectPath: @severity_details.adjusted
Adjusted severity of the finding after accounting for contextual or environmental factors.
baseobjectPath: @severity_details.base
Base severity of the finding as defined by the original rule, advisory, or scanner, before any contextual adjustments.
user_adjustedobjectPath: @severity_details.user_adjusted
Severity of the finding after application of user-defined severity modifications.
- -### Adjusted - -Adjusted severity of the finding after accounting for contextual or environmental factors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
scorenumberPath: @severity_details.adjusted.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.adjusted.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.adjusted.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
vectorstringPath: @severity_details.adjusted.vector
CVSS vector string.
- -### Base - -Base severity of the finding as defined by the original rule, advisory, or scanner, before any contextual adjustments. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
scorenumberPath: @severity_details.base.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.base.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.base.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
vectorstringPath: @severity_details.base.vector
CVSS vector string.
- -### User Adjusted - -Severity of the finding after application of user-defined severity modifications. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
scorenumberPath: @severity_details.user_adjusted.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.user_adjusted.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.user_adjusted.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
- -{{% /collapse-content %}} - -{{% collapse-content title="Vulnerability" level="h3" id="vulnerability" %}} - -Information specific to vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
confidencestringPath: @vulnerability.confidence
The assessed likelihood of the vulnerability being a true positive.
confidence_reasonstringPath: @vulnerability.confidence_reason
The rationale behind the assigned confidence level.
cwesarray (string)Path: @vulnerability.cwes
CWE (Common Weakness Enumeration) identifier associated with the vulnerability. Each entry must use the CWE-<id> format (for example, CWE-416).
first_commitstringPath: @vulnerability.first_commit
The commit in which the vulnerability was first introduced.
hashstringPath: @vulnerability.hash
Vulnerability hash used to correlate the same vulnerability across SCA (Software Composition Analysis) runtime and static analysis.
is_emergingbooleanPath: @vulnerability.is_emerging
true if the vulnerability is classified as an emerging threat; false otherwise.
is_inherited_from_base_imagebooleanPath: @vulnerability.is_inherited_from_base_image
true if the vulnerability originates in a base image layer, false if it originates in a layer added by the container image author.
last_commitstringPath: @vulnerability.last_commit
The commit in which the vulnerability was fixed.
owasp_top10_yearsarray (integer)Path: @vulnerability.owasp_top10_years
The years the vulnerability appeared in the OWASP Top 10 list of critical vulnerabilities.
stackobjectPath: @vulnerability.stack
The technological stack where the vulnerability was found.
- -### Stack - -The technological stack where the vulnerability was found. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
ecosystemstringPath: @vulnerability.stack.ecosystem
The package management ecosystem or source registry the vulnerable component originated from.
languagestringPath: @vulnerability.stack.language
The language where the vulnerability was found.
- -{{% /collapse-content %}} - -{{% collapse-content title="Workflow" level="h3" id="workflow" %}} - -All mutable information related to the management of a finding after it was detected. Includes fields that can be updated manually through the UI or automatically through pipelines. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
auto_closed_atintegerPath: @workflow.auto_closed_at
Timestamp in milliseconds (UTC) when the finding was automatically closed by the system.
automationsarray (object)Path: @workflow.automations
Information about any automation rules that apply to the finding.
due_dateobjectPath: @workflow.due_date
Due date rule applied to the finding.
integrationsobjectPath: @workflow.integrations
Integrations like Jira, Case Management, or ServiceNow used to triage and remediate the finding.
muteobjectPath: @workflow.mute
Muting information and metadata.
severity_overrideobjectPath: @workflow.severity_override
Metadata about user-defined severity modifications applied to the finding.
triageobjectPath: @workflow.triage
Assignment and status information. Assignment may be synchronized with case or Jira information.
- -### Automations - -Information about any automation rules that apply to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
rule_idstringPath: @workflow.automations.rule_id
Unique identifier for the automation rule.
rule_namestringPath: @workflow.automations.rule_name
Human-readable name of the automation rule applying to the finding.
rule_typestringPath: @workflow.automations.rule_type
Type of the automation rule applying to the finding. Valid values: due_date, mute, security_inbox, severity_modifier, ticket_creation.
- -### Due Date - -Due date rule applied to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
due_atintegerPath: @workflow.due_date.due_at
Timestamp in milliseconds (UTC) for the finding's due date.
is_overduebooleanPath: @workflow.due_date.is_overdue
true if the due date has been reached; false otherwise.
rule_idstringPath: @workflow.due_date.rule_id
Unique identifier for the due date rule applied to the finding.
- -### Integrations - -Integrations like Jira, Case Management, or ServiceNow used to triage and remediate the finding. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
casesarray (object)Path: @workflow.integrations.cases
Array of cases attached to the finding.
jiraarray (string)Path: @workflow.integrations.jira
Jira issue keys attached to the finding in the format <PROJECT>-<NUMBER> (for example, PROJ-123).
- -### Cases - -Array of cases attached to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
assigneeobjectPath: @workflow.integrations.cases.assignee
User assigned to the case.
created_atintegerPath: @workflow.integrations.cases.created_at
Timestamp in milliseconds (UTC) when the case was created.
created_byobjectPath: @workflow.integrations.cases.created_by
User who created the case.
idstringPath: @workflow.integrations.cases.id
Unique identifier of the case in UUID format.
jira_issueobjectPath: @workflow.integrations.cases.jira_issue
Jira issue attached to the case.
keystringPath: @workflow.integrations.cases.key
Human-readable identifier for the case in the format PROJECT-NUMBER (for example, CSMINV-66).
linear_issueobjectPath: @workflow.integrations.cases.linear_issue
Linear issue attached to the case.
servicenow_ticketobjectPath: @workflow.integrations.cases.servicenow_ticket
ServiceNow ticket attached to the case.
statusstringPath: @workflow.integrations.cases.status
Status of the case.
titlestringPath: @workflow.integrations.cases.title
Title of the case.
updated_atintegerPath: @workflow.integrations.cases.updated_at
Timestamp in milliseconds (UTC) when the case was last updated.
updated_byobjectPath: @workflow.integrations.cases.updated_by
User who last updated the case.
- -### Assignee - -User assigned to the case. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.assignee.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.assignee.name
Display name of the user.
- -### Created By - -User who created the case. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.created_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.created_by.name
Display name of the user.
- -### Jira Issue - -Jira issue attached to the case. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
keystringPath: @workflow.integrations.cases.jira_issue.key
Jira issue identifier in the format PROJECT-NUMBER (for example, CSMSEC-103991).
statusstringPath: @workflow.integrations.cases.jira_issue.status
Current status of the Jira issue.
urlstringPath: @workflow.integrations.cases.jira_issue.url
Full URL to the Jira issue.
- -### Linear Issue - -Linear issue attached to the case. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
keystringPath: @workflow.integrations.cases.linear_issue.key
Linear issue identifier in the format TEAM-NUMBER (for example, SEC-42).
statusstringPath: @workflow.integrations.cases.linear_issue.status
Current status of the Linear issue.
urlstringPath: @workflow.integrations.cases.linear_issue.url
Full URL to the Linear issue.
- -### Servicenow Ticket - -ServiceNow ticket attached to the case. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
statestringPath: @workflow.integrations.cases.servicenow_ticket.state
Current state of the ServiceNow ticket.
sys_idstringPath: @workflow.integrations.cases.servicenow_ticket.sys_id
ServiceNow 32-character hexadecimal ticket identifier (for example, 9f8c7e2d3b4a5c6d7e8f9a0b1c2d3e4f).
table_namestringPath: @workflow.integrations.cases.servicenow_ticket.table_name
The name of the table where the ticket is stored. Valid values: incident, em_event.
urlstringPath: @workflow.integrations.cases.servicenow_ticket.url
Direct URL to the ServiceNow ticket.
- -### Updated By - -User who last updated the case. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.updated_by.name
Display name of the user.
- -### Mute - -Muting information and metadata. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
descriptionstringPath: @workflow.mute.description
Free-text explanation for why the finding was muted.
expire_atintegerPath: @workflow.mute.expire_at
Timestamp in milliseconds (UTC) when the mute expires. If not set, the mute is permanent.
is_mutedbooleanPath: @workflow.mute.is_muted
true if the finding is muted; false if it is active.
is_muted_by_rulebooleanPath: @workflow.mute.is_muted_by_rule
true if the finding is muted by an automation rule; false otherwise. If true, the relevant automation rule is referenced in the workflow.automations section.
muted_atintegerPath: @workflow.mute.muted_at
Timestamp in milliseconds (UTC) when the finding was muted.
muted_byobjectPath: @workflow.mute.muted_by
User who muted the finding.
reasonstringPath: @workflow.mute.reason
Reason provided for muting the finding. Valid values: none, no_pending_fix, human_error, no_longer_accepted_risk, other, pending_fix, false_positive, accepted_risk, no_fix, duplicate, risk_accepted, muted_in_code.
rule_idstringPath: @workflow.mute.rule_id
Unique identifier for the automation rule that muted the finding. Only set when is_muted_by_rule is true.
rule_namestringPath: @workflow.mute.rule_name
Human-readable name of the automation rule that muted the finding. Only set when is_muted_by_rule is true.
- -### Muted By - -User who muted the finding. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.mute.muted_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.mute.muted_by.name
Display name of the user.
- -### Severity Override - -Metadata about user-defined severity modifications applied to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
descriptionstringPath: @workflow.severity_override.description
Description of the user-defined severity modification applied to the finding.
rule_idstringPath: @workflow.severity_override.rule_id
Identifier of the severity modifier automation rule that applied this severity override. Only set when the override was applied by an automation rule.
rule_namestringPath: @workflow.severity_override.rule_name
Name of the severity modifier automation rule that applied this severity override. Only set when the override was applied by an automation rule.
updated_atintegerPath: @workflow.severity_override.updated_at
Timestamp in milliseconds (UTC) when the manual severity override was applied.
updated_byobjectPath: @workflow.severity_override.updated_by
User who applied the manual severity override.
- -### Updated By - -User who applied the manual severity override. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.severity_override.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.severity_override.updated_by.name
Display name of the user.
- -### Triage - -Assignment and status information. Assignment may be synchronized with case or Jira information. - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
assigneeobjectPath: @workflow.triage.assignee
User assigned to the finding.
- -### Assignee - -User assigned to the finding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.triage.assignee.id
Unique identifier in UUID format for the assignee.
namestringPath: @workflow.triage.assignee.name
Display name of the assignee.
updated_atintegerPath: @workflow.triage.assignee.updated_at
Timestamp in milliseconds (UTC) when the assignee was last modified.
updated_byobjectPath: @workflow.triage.assignee.updated_by
User who last modified the assignee.
- -### Updated By - -User who last modified the assignee. - - - - - - - - - - - - - - - - - - - - - -
Attribute nameTypeDescription
idstringPath: @workflow.triage.assignee.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.triage.assignee.updated_by.name
Display name of the user.
- -{{% /collapse-content %}} +{{< include-markdown "security/guide/findings-schema/generated/schema-reference" >}} ## Tags diff --git a/content/en/security/guide/findings-schema/generated/examples.md b/content/en/security/guide/findings-schema/generated/examples.md new file mode 100644 index 00000000000..d971e9932bc --- /dev/null +++ b/content/en/security/guide/findings-schema/generated/examples.md @@ -0,0 +1,1741 @@ +--- +build: + render: never + list: never +--- +{{< tabs >}} +{{% tab "API Security" %}} + +```json +{ + "api_endpoint": { + "method": "GET", + "operation_name": "http.request", + "path": "/api/v2/users/{userID}/profile", + "resource_name": "GET /api/v2/users/{userID}/profile" + }, + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "The API endpoint exposes user profile data through a route that uses predictable sequential IDs, allowing an attacker to enumerate and access other users' profiles by incrementing the ID parameter.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "api_security", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "remediation": { + "is_available": false + }, + "resource_id": "api-endpoint-001", + "resource_name": "GET /api/v2/users/{userID}/profile", + "resource_type": "api_endpoint", + "rule": { + "default_rule_id": "def-000-abc", + "id": "api-sec-001", + "name": "Read operations on routes use predictable IDs", + "type": "api_security", + "version": 3 + }, + "service": { + "name": "chatbot-api" + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Read operations on routes use predictable IDs", + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Attack Path" %}} + +```json +{ + "base_severity": "critical", + "cloud_resource": { + "account": { + "account": "Main production account", + "account_id": "123456789012" + }, + "cloud_provider": "AWS", + "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", + "configuration": { + "account_id": "123456789012", + "ami_launch_index": 0, + "architecture": "x86_64", + "aws_ami_key": "abcdef0123456789abcdef0123456789", + "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", + "aws_subnet_key": "abcdef0123456789abcdef0123456789", + "aws_vpc_key": "abcdef0123456789abcdef0123456789", + "block_device_mappings": [ + { + "device_name": "/dev/sdf", + "ebs": { + "attach_time": 1734064859000, + "delete_on_termination": true, + "status": "attached", + "volume_id": "vol-0123456789abcdef0" + } + } + ] + }, + "display_name": "i-012abcd34efghi56", + "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" + }, + "compliance": { + "evaluation": "fail" + }, + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A publicly accessible EC2 instance with an attached IAM role has overly permissive policies that allow lateral movement to sensitive S3 buckets containing production data.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "attack_path", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "resource_id": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56", + "resource_name": "i-012abcd34efghi56", + "resource_type": "aws_ec2_instance", + "risk_details": { + "is_publicly_accessible": { + "evidence": { + "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" + } + } + }, + "rule": { + "default_rule_id": "def-000-abc", + "id": "def-000-ap1", + "name": "EC2 instance with public access and overprivileged IAM role", + "type": "attack_path", + "version": 3 + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Publicly accessible instance with overprivileged IAM role", + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Host & Container Vulnerability" %}} + +```json +{ + "advisory": { + "aliases": [ + "CVE-2024-12345" + ], + "cve": "CVE-2024-12345", + "id": "TRIVY-CVE-2024-12345" + }, + "base_severity": "critical", + "cloud_resource": { + "account": { + "account": "Main production account", + "account_id": "123456789012" + }, + "cloud_provider": "AWS", + "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", + "configuration": { + "account_id": "123456789012", + "ami_launch_index": 0, + "architecture": "x86_64", + "aws_ami_key": "abcdef0123456789abcdef0123456789", + "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", + "aws_subnet_key": "abcdef0123456789abcdef0123456789", + "aws_vpc_key": "abcdef0123456789abcdef0123456789", + "block_device_mappings": [ + { + "device_name": "/dev/sdf", + "ebs": { + "attach_time": 1734064859000, + "delete_on_termination": true, + "status": "attached", + "volume_id": "vol-0123456789abcdef0" + } + } + ] + }, + "display_name": "i-012abcd34efghi56", + "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" + }, + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A buffer overflow vulnerability in the Linux kernel allows a local attacker to escalate privileges by exploiting a race condition in the netfilter subsystem.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "host_and_container_vulnerability", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "package": { + "name": "linux", + "normalized_name": "linux", + "version": "5.4.0-205.225" + }, + "remediation": { + "is_available": false + }, + "resource_id": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56", + "resource_name": "i-012abcd34efghi56", + "resource_type": "aws_ec2_instance", + "risk_details": { + "has_exploit_available": { + "evidence": { + "exploit_sources": [ + "GitHub" + ], + "exploit_urls": [ + "https://github.com/example/POC-CVE-2024-12345" + ] + } + }, + "has_high_exploitability_chance": { + "evidence": { + "epss_score": 0.70718, + "epss_severity": "high" + } + }, + "is_publicly_accessible": { + "evidence": { + "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" + } + } + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Buffer overflow in Linux kernel netfilter subsystem", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", + "stack": { + "ecosystem": "deb" + } + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "IaC Misconfiguration" %}} + +```json +{ + "base_severity": "critical", + "cloud_resource": { + "account": { + "account": "Main production account", + "account_id": "123456789012" + }, + "cloud_provider": "AWS", + "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", + "configuration": { + "account_id": "123456789012", + "ami_launch_index": 0, + "architecture": "x86_64", + "aws_ami_key": "abcdef0123456789abcdef0123456789", + "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", + "aws_subnet_key": "abcdef0123456789abcdef0123456789", + "aws_vpc_key": "abcdef0123456789abcdef0123456789", + "block_device_mappings": [ + { + "device_name": "/dev/sdf", + "ebs": { + "attach_time": 1734064859000, + "delete_on_termination": true, + "status": "attached", + "volume_id": "vol-0123456789abcdef0" + } + } + ] + }, + "display_name": "i-012abcd34efghi56", + "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" + }, + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A Terraform configuration defines an S3 bucket without server-side encryption enabled, leaving stored objects unencrypted at rest.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "iac_misconfiguration", + "first_seen_at": 1738575592659, + "git": { + "author": { + "authored_at": 1738575599859, + "email": "alice@example.com", + "name": "Alice" + }, + "branch": "main", + "committer": { + "committed_at": 1738575599859, + "email": "bob@example.com", + "name": "Bob" + }, + "default_branch": "main", + "is_default_branch": false, + "repository_id": "123456789", + "repository_url": "https://github.com/example-org/terraform/", + "sha": "abcdef1234567890abcdef1234567890abcdef12" + }, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "remediation": { + "is_available": false + }, + "resource_id": "github.com/example-org/terraform/main.tf:aws_s3_bucket.data", + "resource_name": "aws_s3_bucket.data", + "resource_type": "terraform_resource", + "rule": { + "default_rule_id": "def-000-abc", + "id": "def-000-iac", + "name": "S3 bucket should have server-side encryption enabled", + "type": "cloud_configuration", + "version": 3 + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "S3 bucket without server-side encryption", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Identity Risk" %}} + +```json +{ + "base_severity": "critical", + "cloud_resource": { + "account": { + "account": "Main production account", + "account_id": "123456789012" + }, + "cloud_provider": "AWS", + "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", + "configuration": { + "account_id": "123456789012", + "ami_launch_index": 0, + "architecture": "x86_64", + "aws_ami_key": "abcdef0123456789abcdef0123456789", + "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", + "aws_subnet_key": "abcdef0123456789abcdef0123456789", + "aws_vpc_key": "abcdef0123456789abcdef0123456789", + "block_device_mappings": [ + { + "device_name": "/dev/sdf", + "ebs": { + "attach_time": 1734064859000, + "delete_on_termination": true, + "status": "attached", + "volume_id": "vol-0123456789abcdef0" + } + } + ] + }, + "display_name": "i-012abcd34efghi56", + "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" + }, + "compliance": { + "evaluation": "fail" + }, + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "An IAM user account has not been used in over 90 days and still has active access keys with administrative privileges, creating an unnecessary attack surface.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "identity_risk", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "resource_id": "arn:aws:iam::123456789012:user/legacy-admin", + "resource_name": "legacy-admin", + "resource_type": "aws_iam_user", + "rule": { + "default_rule_id": "def-000-abc", + "id": "def-000-idr", + "name": "IAM user inactive for 90+ days with active access keys", + "type": "cloud_configuration", + "version": 3 + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Inactive IAM user with administrative access keys", + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Library Vulnerability" %}} + +```json +{ + "advisory": { + "aliases": [ + "CVE-2024-67890" + ], + "cve": "CVE-2024-67890", + "id": "TRIVY-CVE-2024-67890" + }, + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A remote code execution vulnerability in the logging library allows an attacker to execute arbitrary code by sending a crafted log message that exploits unsafe deserialization.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "library_vulnerability", + "first_seen_at": 1738575592659, + "git": { + "author": { + "authored_at": 1738575599859, + "email": "alice@example.com", + "name": "Alice" + }, + "branch": "main", + "committer": { + "committed_at": 1738575599859, + "email": "bob@example.com", + "name": "Bob" + }, + "default_branch": "main", + "is_default_branch": false, + "repository_id": "123456789", + "repository_url": "https://github.com/example-org/my-app/", + "sha": "abcdef1234567890abcdef1234567890abcdef12" + }, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "package": { + "name": "lodash", + "normalized_name": "lodash", + "scope": "production", + "version": "4.17.20" + }, + "remediation": { + "is_available": false + }, + "resource_id": "lodash:4.17.20", + "resource_name": "lodash", + "resource_type": "software_package", + "risk_details": { + "has_exploit_available": { + "evidence": { + "exploit_sources": [ + "GitHub" + ], + "exploit_urls": [ + "https://github.com/example/POC-CVE-2024-67890" + ] + } + }, + "has_high_exploitability_chance": { + "evidence": { + "epss_score": 0.70718, + "epss_severity": "high" + } + } + }, + "service": { + "name": "chatbot-api" + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Remote code execution in logging library", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", + "stack": { + "ecosystem": "npm" + } + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Misconfiguration" %}} + +```json +{ + "base_severity": "critical", + "cloud_resource": { + "account": { + "account": "Main production account", + "account_id": "123456789012" + }, + "cloud_provider": "AWS", + "cloud_provider_url": "https://us-east-1.console.aws.amazon.com/ec2/home#Instances:instanceId=i-0123456789abcdef0", + "configuration": { + "account_id": "123456789012", + "ami_launch_index": 0, + "architecture": "x86_64", + "aws_ami_key": "abcdef0123456789abcdef0123456789", + "aws_iam_instance_profile_key": "abcdef0123456789abcdef0123456789", + "aws_subnet_key": "abcdef0123456789abcdef0123456789", + "aws_vpc_key": "abcdef0123456789abcdef0123456789", + "block_device_mappings": [ + { + "device_name": "/dev/sdf", + "ebs": { + "attach_time": 1734064859000, + "delete_on_termination": true, + "status": "attached", + "volume_id": "vol-0123456789abcdef0" + } + } + ] + }, + "display_name": "i-012abcd34efghi56", + "key": "arn:aws:ec2:us-east-1:123456789012:instance/i-012abcd34efghi56" + }, + "compliance": { + "evaluation": "fail" + }, + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "An AWS security group allows unrestricted inbound SSH access from any IP address (0.0.0.0/0), exposing the associated instances to brute-force and unauthorized access attempts.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "misconfiguration", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "resource_id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-0123456789abcdef0", + "resource_name": "sg-0123456789abcdef0", + "resource_type": "aws_security_group", + "risk_details": { + "is_publicly_accessible": { + "evidence": { + "resource_key": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef" + } + } + }, + "rule": { + "default_rule_id": "def-000-abc", + "id": "def-000-cfg", + "name": "Security group should not allow unrestricted SSH access", + "type": "cloud_configuration", + "version": 3 + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Security group allows unrestricted SSH access", + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Runtime Code Vulnerability" %}} + +```json +{ + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A SQL injection vulnerability was detected at runtime in the application's search endpoint. User-supplied input is concatenated directly into a SQL query without parameterized statements.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "runtime_code_vulnerability", + "first_seen_at": 1738575592659, + "git": { + "author": { + "authored_at": 1738575599859, + "email": "alice@example.com", + "name": "Alice" + }, + "branch": "main", + "committer": { + "committed_at": 1738575599859, + "email": "bob@example.com", + "name": "Bob" + }, + "default_branch": "main", + "is_default_branch": false, + "repository_id": "123456789", + "repository_url": "https://github.com/example-org/my-app/", + "sha": "abcdef1234567890abcdef1234567890abcdef12" + }, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "remediation": { + "is_available": false + }, + "resource_id": "my-app:/api/search", + "resource_name": "my-app", + "resource_type": "application_service", + "rule": { + "default_rule_id": "def-000-abc", + "id": "rtcv-001-sqli", + "name": "SQL injection detected in application endpoint", + "type": "application_code_vulnerability", + "version": 3 + }, + "service": { + "name": "chatbot-api" + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "SQL injection in search endpoint", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Secret" %}} + +```json +{ + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "An AWS access key was found hardcoded in a configuration file committed to the repository. Exposed credentials can be used to gain unauthorized access to cloud resources.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "secret", + "first_seen_at": 1738575592659, + "git": { + "author": { + "authored_at": 1738575599859, + "email": "alice@example.com", + "name": "Alice" + }, + "branch": "main", + "committer": { + "committed_at": 1738575599859, + "email": "bob@example.com", + "name": "Bob" + }, + "default_branch": "main", + "is_default_branch": false, + "repository_id": "123456789", + "repository_url": "https://github.com/example-org/my-app/", + "sha": "abcdef1234567890abcdef1234567890abcdef12" + }, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "remediation": { + "is_available": false + }, + "resource_id": "github.com/example-org/my-app/config/settings.py:42", + "resource_name": "settings.py", + "resource_type": "source_code_file", + "rule": { + "default_rule_id": "def-000-abc", + "id": "sct-001-aws", + "name": "AWS access key detected in source code", + "type": "credential_exposure", + "version": 3 + }, + "service": { + "name": "chatbot-api" + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Hardcoded AWS access key in configuration file", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Static Code Vulnerability" %}} + +```json +{ + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A cross-site scripting (XSS) vulnerability was found in the application's template rendering. User input is inserted into HTML output without proper escaping, allowing script injection.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "static_code_vulnerability", + "first_seen_at": 1738575592659, + "git": { + "author": { + "authored_at": 1738575599859, + "email": "alice@example.com", + "name": "Alice" + }, + "branch": "main", + "committer": { + "committed_at": 1738575599859, + "email": "bob@example.com", + "name": "Bob" + }, + "default_branch": "main", + "is_default_branch": false, + "repository_id": "123456789", + "repository_url": "https://github.com/example-org/my-app/", + "sha": "abcdef1234567890abcdef1234567890abcdef12" + }, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "remediation": { + "is_available": false + }, + "resource_id": "github.com/example-org/my-app/src/templates/profile.html:18", + "resource_name": "profile.html", + "resource_type": "source_code_file", + "rule": { + "default_rule_id": "def-000-abc", + "id": "sast-001-xss", + "name": "Reflected XSS via unescaped user input in template", + "type": "application_code_vulnerability", + "version": 3 + }, + "service": { + "name": "chatbot-api" + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Cross-site scripting in template rendering", + "vulnerability": { + "hash": "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + }, + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{% tab "Workload Activity" %}} + +```json +{ + "base_severity": "critical", + "container_image": { + "name": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.0.0", + "registries": [ + "123456789012.dkr.ecr.us-east-1.amazonaws.com" + ], + "repo_digests": [ + "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + ] + }, + "description": "A container process executed a binary that was not part of the original container image. This unexpected process execution may indicate a compromised workload or unauthorized modification.", + "detection_changed_at": 1738575599859, + "exposure_time_seconds": 300, + "finding_id": "AbCdEfGhIjKlMnOpQrStUvWx", + "finding_type": "workload_activity", + "first_seen_at": 1738575592659, + "is_in_security_inbox": false, + "last_seen_at": 1738624280889, + "metadata": { + "schema_version": "2" + }, + "origin": [ + "agentless-scanner" + ], + "resource_id": "k8s-pod:default/my-app-7b9d5c8f4-x2k9m", + "resource_name": "my-app-7b9d5c8f4-x2k9m", + "resource_type": "kubernetes_pod", + "rule": { + "default_rule_id": "def-000-abc", + "id": "def-000-wka", + "name": "Process launched from unexpected path in container", + "type": "workload_security", + "version": 3 + }, + "severity": "critical", + "severity_details": { + "adjusted": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + }, + "base": { + "score": 9.8, + "value": "Critical", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/RC:C" + } + }, + "status": "open", + "title": "Unexpected process execution in container", + "workflow": { + "auto_closed_at": 1738575600859, + "automations": { + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "rule_name": "mute misconfigs with free text query", + "rule_type": "mute" + }, + "due_date": { + "due_at": 1738575599859, + "is_overdue": false, + "rule_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + }, + "integrations": { + "cases": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "created_at": 1738575599859, + "created_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "jira_issue": { + "key": "PROJ-12345", + "status": "To Do", + "url": "https://your-org.atlassian.net/browse/PROJ-12345" + }, + "key": "CASE-42", + "status": "open", + "updated_at": 1738575599859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + }, + "mute": { + "description": "Free text", + "expire_at": 1738575599859, + "is_muted": false, + "is_muted_by_rule": false, + "muted_at": 1738575599859, + "muted_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + }, + "reason": "Resource deleted" + }, + "triage": { + "assignee": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice", + "updated_at": 1738575600859, + "updated_by": { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "name": "Alice" + } + } + } + }, + "tags": [ + "origin:agentless-scanner", + "source:vulnerability_management" + ] +} +``` + +{{% /tab %}} +{{< /tabs >}} diff --git a/content/en/security/guide/findings-schema/generated/schema-reference.md b/content/en/security/guide/findings-schema/generated/schema-reference.md new file mode 100644 index 00000000000..93e236c37e7 --- /dev/null +++ b/content/en/security/guide/findings-schema/generated/schema-reference.md @@ -0,0 +1,5592 @@ +--- +build: + render: never + list: never +--- +{{% collapse-content title="Core Attributes" level="h3" id="core-attributes" %}} + +These attributes are present on all security findings and describe the fundamental nature and status of the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
additional_resourcesarray (object)Path: @additional_resources
Additional resources. For example, an AWS EC2 instance can have security groups and Auto Scaling groups as additional resources.
base_severitystringPath: @base_severity
Base severity level of the finding before any adjustments. Valid values: critical, high, medium, low, info, none, unknown.
descriptionstringPath: @description
Human-readable explanation of the finding. May include Markdown formatting.
detection_changed_atintegerPath: @detection_changed_at
Timestamp in milliseconds (UTC) when the finding's evaluation or detection state last changed.
exposure_time_secondsintegerPath: @exposure_time_seconds
Indicates the time elapsed, in seconds, between when the finding was last closed and when it was first detected.
finding_idstringPath: @finding_id
Unique identifier of the finding.
finding_typestringPath: @finding_type
Category of the finding. Valid values: api_security, attack_path, runtime_code_vulnerability, static_code_vulnerability, host_and_container_vulnerability, iac_misconfiguration, identity_risk, library_vulnerability, misconfiguration, secret, workload_activity, sensitive_data.
first_seen_atintegerPath: @first_seen_at
Timestamp in milliseconds (UTC) when the finding was first detected.
is_in_security_inboxbooleanPath: @is_in_security_inbox
true if the finding appears in the Security Inbox; false otherwise.
last_detected_atintegerPath: @last_detected_at
Discovery timestamp in milliseconds (UTC) when the last detection was received by the finding platform.
last_seen_atintegerPath: @last_seen_at
Timestamp in milliseconds (UTC) when the finding was most recently detected.
originarray (string)Path: @origin
Detection origins that produced the finding, such as agentless scans, APM, SCA (Software Composition Analysis), or CI (Continuous Integration).
related_servicesarray (string)Path: @related_services
Services that are inferred from Source Code Integration (for example, for SAST findings).
resource_idstringPath: @resource_id
Unique identifier of the resource affected by the finding.
resource_namestringPath: @resource_name
Human-readable name of the resource affected by the finding.
resource_typestringPath: @resource_type
Type of the resource.
severitystringPath: @severity
Final severity level of the finding, after Datadog adjustments and any user-defined severity modifications. Valid values: critical, high, medium, low, info, none, unknown.
source_finding_raw_dataobjectPath: @source_finding_raw_data
Raw data from third-party integrations that generated the finding.
statusstringPath: @status
Workflow status of the finding. Valid values: open, muted, auto_closed, resolved, in-progress.
time_to_resolutionintegerPath: @time_to_resolution
Time in seconds between when the finding was first detected and when it was resolved.
titlestringPath: @title
Human-readable title for the finding.
+ +### Additional Resources + +Additional resources. For example, an AWS EC2 instance can have security groups and Auto Scaling groups as additional resources. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
categorystringPath: @additional_resources.category
Category of the additional resource. Valid values: cloud_resource, k8s, host, service, git, iac_resource.
configurationobjectPath: @additional_resources.configuration
Configuration of the additional resource.
keystringPath: @additional_resources.key
Canonical Cloud Resource Identifier (CCRID) of the additional resource when the resource is cloud-backed (for example, when category is cloud_resource). This field may be omitted for non-cloud categories such as k8s, host, service, or git.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Advisory" level="h3" id="advisory" %}} + +Ties a vulnerability to a set of specific software versions. Vulnerability findings with advisories indicate that a vulnerable version of the software was detected (typically through SBOMs). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
aliasesarray (string)Path: @advisory.aliases
Additional identifiers referring to the same vulnerability, created by other entities.
cvestringPath: @advisory.cve
Primary globally recognized identifier for a security vulnerability, following the CVE-YYYY-NNNN format.
first_remediation_available_atintegerPath: @advisory.first_remediation_available_at
Timestamp in milliseconds (UTC) when the first remediation for the advisory became available.
idstringPath: @advisory.id
Internal identifier for the advisory.
modified_atintegerPath: @advisory.modified_at
Timestamp in milliseconds (UTC) when the advisory was last updated.
published_atintegerPath: @advisory.published_at
Timestamp in milliseconds (UTC) when the advisory was published.
summarystringPath: @advisory.summary
Short summary of the advisory.
typestringPath: @advisory.type
Type of the advisory. Valid values: component_with_known_vulnerability, unmaintained, end_of_life, dangerous_workflows, risky_license, malicious_package.
+ +{{% /collapse-content %}} + +{{% collapse-content title="API Endpoint" level="h3" id="api-endpoint" %}} + +HTTP endpoint representation. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
methodstringPath: @api_endpoint.method
Method of the endpoint (HTTP verb or gRPC method).
operation_namestringPath: @api_endpoint.operation_name
Name of the entry point into a service (for example, http.request, grpc.server).
pathstringPath: @api_endpoint.path
Relative templated path of the endpoint.
request_pathstringPath: @api_endpoint.request_path
Relative path of the endpoint.
resource_namestringPath: @api_endpoint.resource_name
Internal identification of the endpoint in the format <method> <path>.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Cloud Resource" level="h3" id="cloud-resource" %}} + +Attributes identifying the cloud resource affected by the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
accountstringPath: @cloud_resource.account
Cloud account that owns the cloud resource (for example, AWS account, Azure subscription, GCP project, OCI tenancy).
account_namestringPath: @cloud_resource.account_name
Human-readable name of the cloud account owning the resource.
categorystringPath: @cloud_resource.category
Category the resource type belongs to.
cloud_providerstringPath: @cloud_resource.cloud_provider
Cloud provider hosting the resource. Valid values: aws, azure, gcp, oci.
cloud_provider_urlstringPath: @cloud_resource.cloud_provider_url
Link to the resource in the cloud provider console.
configurationobjectPath: @cloud_resource.configuration
Configuration of the cloud resource, as returned by the cloud provider.
contextobjectPath: @cloud_resource.context
Context for the cloud resource.
display_namestringPath: @cloud_resource.display_name
Display name of the resource.
keystringPath: @cloud_resource.key
Canonical Cloud Resource Identifier (CCRID).
public_accessibility_pathsarray (string)Path: @cloud_resource.public_accessibility_paths
Network paths through which the resource is accessible from the public internet.
public_port_rangesarray (object)Path: @cloud_resource.public_port_ranges
Port ranges on the resource that are exposed to the public internet.
regionstringPath: @cloud_resource.region
Cloud region where the resource is located.
+ +### Public Port Ranges + +Port ranges on the resource that are exposed to the public internet. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
from_portintegerPath: @cloud_resource.public_port_ranges.from_port
Starting port number of the exposed range.
to_portintegerPath: @cloud_resource.public_port_ranges.to_port
Ending port number of the exposed range.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Code Location" level="h3" id="code-location" %}} + +Attributes pinpointing the specific file and line numbers where the finding is located. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @code_location.column_end
Ending column position.
column_startintegerPath: @code_location.column_start
Starting column position.
filenamestringPath: @code_location.filename
Relative path to the file.
is_test_filebooleanPath: @code_location.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @code_location.line_end
Ending line number.
line_startintegerPath: @code_location.line_start
Starting line number.
symbolstringPath: @code_location.symbol
Symbol name at the code location.
urlstringPath: @code_location.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Compliance" level="h3" id="compliance" %}} + +Information specific to compliance findings, such as compliance rule or evaluation (`pass`/`fail`). + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
agentobjectPath: @compliance.agent
Metadata about the compliance agent that produced the finding.
evaluationstringPath: @compliance.evaluation
Compliance evaluation result. Valid values: pass (resource is properly configured), fail (resource is misconfigured).
frameworksarray (object)Path: @compliance.frameworks
Compliance frameworks mapped to the finding.
+ +### Agent + +Metadata about the compliance agent that produced the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
agent_framework_idstringPath: @compliance.agent.agent_framework_id
Identifier of the compliance framework used by the agent.
agent_rule_idstringPath: @compliance.agent.agent_rule_id
Identifier of the agent rule that triggered the finding.
agent_versionstringPath: @compliance.agent.agent_version
Version of the compliance agent that produced the finding.
dataobjectPath: @compliance.agent.data
Additional data produced by the compliance agent evaluation.
evaluatorstringPath: @compliance.agent.evaluator
Name of the evaluator that assessed the compliance finding.
+ +### Frameworks + +Compliance frameworks mapped to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
controlstringPath: @compliance.frameworks.control
Identifier of the control within the compliance framework.
frameworkstringPath: @compliance.frameworks.framework
Identifier of the compliance framework (e.g., cis, pci-dss).
is_defaultbooleanPath: @compliance.frameworks.is_default
true if this is the default framework mapping for the finding, false otherwise.
requirementstringPath: @compliance.frameworks.requirement
Identifier of the requirement within the control.
versionstringPath: @compliance.frameworks.version
Version of the compliance framework.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Container Image" level="h3" id="container-image" %}} + +Container image where the finding was detected, including registry, repository, and digest information. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
architecturesarray (string)Path: @container_image.architectures
Architectures associated with the container image.
base_imageobjectPath: @container_image.base_image
Base image this container image is built on. A base image is itself a container image and may have its own base_image. Absent when no base image is identified.
git_repository_urlstringPath: @container_image.git_repository_url
URL of the Git repository for the code used to build the container image. Available only when Source Code Integration is configured.
image_layer_diff_idsarray (string)Path: @container_image.image_layer_diff_ids
Diff IDs of the image layers, in the order they were applied. Each diff ID is the SHA256 of the uncompressed layer contents.
image_layer_digestsarray (string)Path: @container_image.image_layer_digests
Digests of the image layers, in the order they were applied. Each digest is the SHA256 of the compressed layer blob.
namestringPath: @container_image.name
Full name of the container image.
osesarray (object)Path: @container_image.oses
Operating systems associated with the container image.
registriesarray (string)Path: @container_image.registries
Container registry where the image is stored or was pulled from.
repo_digestsarray (string)Path: @container_image.repo_digests
Repository digests of the container image where the finding was detected.
repositorystringPath: @container_image.repository
Repository of the container image.
tagsarray (string)Path: @container_image.tags
Tag part of the container image name (for example, latest or 1.2.3).
versionsarray (string)Path: @container_image.versions
Versions of the container image where the finding was detected.
+ +### Operating Systems + +Operating systems associated with the container image. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
namestringPath: @container_image.oses.name
Operating system name.
versionstringPath: @container_image.oses.version
Operating system version.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Detection Tool" level="h3" id="detection-tool" %}} + +Information about the tool or engine responsible for detecting the finding. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
namestringPath: @detection_tool.name
Name of the detection tool or engine that generated the finding.
versionstringPath: @detection_tool.version
Version of the detection tool or engine that generated the finding.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Git" level="h3" id="git" %}} + +Git metadata linking a finding to source code context. Includes information about the repository, branch, commit, author, and committer. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
authorobjectPath: @git.author
Contains details about the original author of the commit, including name, email, and authoring timestamp. Remains unchanged when the commit is rebased, cherry-picked, or re-applied.
branchstringPath: @git.branch
Name of the Git branch related to the finding.
codeownersarray (string)Path: @git.codeowners
Code owner teams extracted from the SCM (Source Control Management) provider's CODEOWNERS file on platforms like GitHub.
committerobjectPath: @git.committer
Contains details about the person who last applied the commit to the repository, including name, email, and commit timestamp. May differ from the author when the commit is rebased, amended, or applied with git am.
default_branchstringPath: @git.default_branch
Default branch defined for the Git repository.
is_default_branchbooleanPath: @git.is_default_branch
true if the current branch is the default branch for the repository; false otherwise.
repository_idstringPath: @git.repository_id
Normalized identifier of the Git repository.
repository_urlstringPath: @git.repository_url
Git repository URL related to the finding.
repository_visibilitystringPath: @git.repository_visibility
Visibility of the repository. Valid values: public, private, not_detected.
shastringPath: @git.sha
Git commit identifier (SHA).
+ +### Author + +Contains details about the original author of the commit, including name, email, and authoring timestamp. Remains unchanged when the commit is rebased, cherry-picked, or re-applied. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
authored_atintegerPath: @git.author.authored_at
Timestamp in milliseconds (UTC) when the original changes were made.
emailstringPath: @git.author.email
Email address of the commit author.
namestringPath: @git.author.name
Name of the commit author.
+ +### Committer + +Contains details about the person who last applied the commit to the repository, including name, email, and commit timestamp. May differ from the author when the commit is rebased, amended, or applied with `git am`. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
committed_atintegerPath: @git.committer.committed_at
Timestamp in milliseconds (UTC) when the changes were last significantly modified (for example, during a rebase or amend operation).
emailstringPath: @git.committer.email
Email address of the committer.
namestringPath: @git.committer.name
Name of the committer.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Host" level="h3" id="host" %}} + +Information about the host machine where the finding was detected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
architecturesarray (string)Path: @host.architectures
Architectures associated with the host.
cloud_providerstringPath: @host.cloud_provider
Cloud provider the host belongs to.
imagestringPath: @host.image
Name of the host image used to build the host (for example, ami-1234).
keystringPath: @host.key
Canonical Cloud Resource Identifier (CCRID).
namestringPath: @host.name
Host name.
osobjectPath: @host.os
Attributes of the operating system running on the host.
+ +### Operating System + +Attributes of the operating system running on the host. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
namestringPath: @host.os.name
Operating system name.
versionstringPath: @host.os.version
Operating system version.
+ +{{% /collapse-content %}} + +{{% collapse-content title="IaC Resource" level="h3" id="iac-resource" %}} + +Attributes identifying the Infrastructure as Code (IaC) resource related to the finding. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
platformstringPath: @iac_resource.platform
IaC (Infrastructure as Code) platform the vulnerability was found on (for example, terraform, kubernetes).
providerstringPath: @iac_resource.provider
IaC (Infrastructure as Code) provider where the resource is defined (for example, aws, gcp, azure).
+ +{{% /collapse-content %}} + +{{% collapse-content title="Kubernetes" level="h3" id="k8s" %}} + +Kubernetes information for findings generated against Kubernetes resources. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
cluster_idstringPath: @k8s.cluster_id
Kubernetes cluster identifier.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Metadata" level="h3" id="metadata" %}} + +Additional metadata about the finding, such as schema version or source context. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
schema_versionstringPath: @metadata.schema_version
Indicates the findings schema version used for the finding.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Package" level="h3" id="package" %}} + +Package manager information. A package manager automates the installation, upgrading, configuration, and removal of software packages. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
additional_namesarray (string)Path: @package.additional_names
Additional affected package names, if the cloud vulnerability impacted multiple packages derived from the same source package.
declarationobjectPath: @package.declaration
Code locations of the package definition.
dependency_location_textstringPath: @package.dependency_location_text
Text representation of the dependency location, such as the file path where the vulnerable package is declared.
dependency_typestringPath: @package.dependency_type
Whether the package is a direct dependency, transitive dependency, or not supported if the information cannot be retrieved.
has_suidbooleanPath: @package.has_suid
true if the package has the SUID bit set; false otherwise.
is_runningbooleanPath: @package.is_running
true if the package is currently running; false otherwise.
is_running_as_rootbooleanPath: @package.is_running_as_root
true if the package is currently running as root; false otherwise.
loading_typestringPath: @package.loading_type
Whether the component is always loaded and running (hot), running infrequently (cold), or loaded on demand (lazy).
managerstringPath: @package.manager
Package management ecosystem or source registry the vulnerable component originates from.
namestringPath: @package.name
Name of the package or library where the vulnerability was identified.
normalized_namestringPath: @package.normalized_name
Normalized name according to the ecosystem of the package or library where the vulnerability was identified.
root_parentsarray (object)Path: @package.root_parents
List of dependencies for which the package is a transitive dependency.
scopestringPath: @package.scope
Intended usage scope of the package (production or development).
versionstringPath: @package.version
Version of the package or library where the vulnerability was identified.
+ +### Declaration + +Code locations of the package definition. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
blockobjectPath: @package.declaration.block
Location of the code that declares the whole dependency declaration.
nameobjectPath: @package.declaration.name
Location of the code that declares the dependency name.
versionobjectPath: @package.declaration.version
Version declared for the root parent.
+ +### Block + +Location of the code that declares the whole dependency declaration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.block.column_end
Ending column position.
column_startintegerPath: @package.declaration.block.column_start
Starting column position.
filenamestringPath: @package.declaration.block.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.block.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.block.line_end
Ending line number.
line_startintegerPath: @package.declaration.block.line_start
Starting line number.
symbolstringPath: @package.declaration.block.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.block.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +### Name + +Location of the code that declares the dependency name. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.name.column_end
Ending column position.
column_startintegerPath: @package.declaration.name.column_start
Starting column position.
filenamestringPath: @package.declaration.name.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.name.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.name.line_end
Ending line number.
line_startintegerPath: @package.declaration.name.line_start
Starting line number.
symbolstringPath: @package.declaration.name.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.name.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +### Version + +Version declared for the root parent. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.declaration.version.column_end
Ending column position.
column_startintegerPath: @package.declaration.version.column_start
Starting column position.
filenamestringPath: @package.declaration.version.filename
Relative path to the file.
is_test_filebooleanPath: @package.declaration.version.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.declaration.version.line_end
Ending line number.
line_startintegerPath: @package.declaration.version.line_start
Starting line number.
symbolstringPath: @package.declaration.version.symbol
Symbol name at the code location.
urlstringPath: @package.declaration.version.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +### Root Parents + +List of dependencies for which the package is a transitive dependency. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
declarationobjectPath: @package.root_parents.declaration
Location of the code that declares the version of a root parent.
languagestringPath: @package.root_parents.language
Dependency language for which the package is a transitive dependency.
namestringPath: @package.root_parents.name
Dependency name for which the package is a transitive dependency.
versionstringPath: @package.root_parents.version
Dependency version for which the package is a transitive dependency.
+ +### Declaration + +Location of the code that declares the version of a root parent. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
blockobjectPath: @package.root_parents.declaration.block
Location of the code that declares the whole dependency declaration.
nameobjectPath: @package.root_parents.declaration.name
Location of the code that declares the dependency name.
versionobjectPath: @package.root_parents.declaration.version
Version declared for the root parent.
+ +### Block + +Location of the code that declares the whole dependency declaration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.block.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.block.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.block.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.block.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.block.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.block.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.block.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.block.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +### Name + +Location of the code that declares the dependency name. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.name.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.name.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.name.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.name.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.name.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.name.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.name.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.name.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +### Version + +Version declared for the root parent. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @package.root_parents.declaration.version.column_end
Ending column position.
column_startintegerPath: @package.root_parents.declaration.version.column_start
Starting column position.
filenamestringPath: @package.root_parents.declaration.version.filename
Relative path to the file.
is_test_filebooleanPath: @package.root_parents.declaration.version.is_test_file
true if the code file is a test file; false otherwise.
line_endintegerPath: @package.root_parents.declaration.version.line_end
Ending line number.
line_startintegerPath: @package.root_parents.declaration.version.line_start
Starting line number.
symbolstringPath: @package.root_parents.declaration.version.symbol
Symbol name at the code location.
urlstringPath: @package.root_parents.declaration.version.url
URL to view the file online (for example, in GitHub), highlighting the code location.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Remediation" level="h3" id="remediation" %}} + +Information about the finding's remediation. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
code_updateobjectPath: @remediation.code_update
Code changes to apply to remediate the finding.
codegenobjectPath: @remediation.codegen
Finding status for the code generation platform.
container_imageobjectPath: @remediation.container_image
Newer container image version that may remediate the vulnerability.
descriptionstringPath: @remediation.description
Description of the remediation.
host_imageobjectPath: @remediation.host_image
Latest host image version that may remediate the vulnerability.
is_availablebooleanPath: @remediation.is_available
true if a remediation is currently available for the finding; false otherwise.
microsoft_kbobjectPath: @remediation.microsoft_kb
Remediation strategy using a Microsoft Knowledge Base (KB) article.
packageobjectPath: @remediation.package
Remediation package information.
recommendedobjectPath: @remediation.recommended
Recommended remediation details.
recommended_typestringPath: @remediation.recommended_type
Recommended remediation type for the finding.
root_packageobjectPath: @remediation.root_package
Remediation root package information.
+ +### Code Update + +Code changes to apply to remediate the finding. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
editsarray (object)Path: @remediation.code_update.edits
Code changes required to remediate the finding.
+ +### Edits + +Code changes required to remediate the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
column_endintegerPath: @remediation.code_update.edits.column_end
Ending column position of the code change.
column_startintegerPath: @remediation.code_update.edits.column_start
Starting column position of the code change.
contentstringPath: @remediation.code_update.edits.content
Contents of the code change.
line_endintegerPath: @remediation.code_update.edits.line_end
Ending line number of the code change.
line_startintegerPath: @remediation.code_update.edits.line_start
Starting line number of the code change.
typestringPath: @remediation.code_update.edits.type
Nature of the code change.
+ +### Codegen + +Finding status for the code generation platform. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @remediation.codegen.id
Identifier used to track the remediation in the code generation backend.
statusstringPath: @remediation.codegen.status
Status of the automated fix generation. Valid values: generated, not_available_non_default_branch, not_available_unsupported_tool, not_available_unsupported_rule, not_available_disabled, not_available_git_provider_not_supported, not_available_confidence_too_low, error, not_available_has_deterministic_fixes, not_available_unknown_reason, not_available_org_not_onboarded, not_available_repository_disabled, not_available_unsupported_resource_type, not_available_unsupported_ecosystem, not_available_severity_too_low, not_available_transitive_library, not_available_no_remediation, not_available_unsupported_vulnerability_type.
+ +### Container Image + +Newer container image version that may remediate the vulnerability. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
closest_no_vulnerabilitiesobjectPath: @remediation.container_image.closest_no_vulnerabilities
Closest container image version with no vulnerabilities.
+ +### Closest No Vulnerabilities + +Closest container image version with no vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
image_urlstringPath: @remediation.container_image.closest_no_vulnerabilities.image_url
URL of the container image that may remediate the vulnerability.
layer_digestsarray (string)Path: @remediation.container_image.closest_no_vulnerabilities.layer_digests
Layer digests of the currently vulnerable container image that needs to be upgraded.
namestringPath: @remediation.container_image.closest_no_vulnerabilities.name
Name of the container image that may remediate the vulnerability.
tagstringPath: @remediation.container_image.closest_no_vulnerabilities.tag
Tag of the container image that may remediate the vulnerability.
+ +### Host Image + +Latest host image version that may remediate the vulnerability. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
latest_majorobjectPath: @remediation.host_image.latest_major
Information about the latest Amazon Machine Image (AMI) that may remediate the vulnerability.
+ +### Latest Major + +Information about the latest Amazon Machine Image (AMI) that may remediate the vulnerability. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
namestringPath: @remediation.host_image.latest_major.name
Name of the latest Amazon Machine Image (for example, ami-12345678) that may remediate the vulnerability.
+ +### Microsoft KB + +Remediation strategy using a Microsoft Knowledge Base (KB) article. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
closest_fix_advisoryobjectPath: @remediation.microsoft_kb.closest_fix_advisory
The closest patch available to address the current advisory.
+ +### Closest Fix Advisory + +The closest patch available to address the current advisory. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
articlestringPath: @remediation.microsoft_kb.closest_fix_advisory.article
Article name for the closest patch.
+ +### Package + +Remediation package information. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
basearray (object)Path: @remediation.package.base
Current package version that the finding was detected on, before any remediation is applied.
closest_minimum_risk_only_no_fix_vulnerabilitiesarray (object)Path: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities
Closest package version that only contains vulnerabilities for which no fix is available, minimizing risk exposure.
closest_no_criticalarray (object)Path: @remediation.package.closest_no_critical
Closest package version with no critical vulnerabilities (based on base score).
closest_no_vulnerabilitiesarray (object)Path: @remediation.package.closest_no_vulnerabilities
Closest package version with no vulnerabilities.
latest_no_criticalarray (object)Path: @remediation.package.latest_no_critical
The latest remediation package version with no critical vulnerabilities (based on base score).
latest_no_vulnerabilitiesarray (object)Path: @remediation.package.latest_no_vulnerabilities
Latest package version with no vulnerabilities.
+ +### Base + +Current package version that the finding was detected on, before any remediation is applied. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.base.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.base.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.base.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.base.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.base.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.base.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.base.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.base.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.base.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.base.remaining_advisories.id
Identifier of the advisory.
+ +### Closest Minimum Risk Only No Fix Vulnerabilities + +Closest package version that only contains vulnerabilities for which no fix is available, minimizing risk exposure. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +### Closest No Critical + +Closest package version with no critical vulnerabilities (based on base score). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.closest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.closest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.closest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.closest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.closest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.closest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.closest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.closest_no_critical.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_critical.remaining_advisories.id
Identifier of the advisory.
+ +### Closest No Vulnerabilities + +Closest package version with no vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.closest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.closest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.closest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.closest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.closest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.closest_no_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.closest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.closest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +### Latest No Critical + +The latest remediation package version with no critical vulnerabilities (based on base score). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.latest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.latest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.latest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.latest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.latest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.latest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.latest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.latest_no_critical.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_critical.remaining_advisories.id
Identifier of the advisory.
+ +### Latest No Vulnerabilities + +Latest package version with no vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.package.latest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.package.latest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.package.latest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.package.latest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.package.latest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.package.latest_no_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.package.latest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.package.latest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +### Root Package + +Remediation root package information. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
basearray (object)Path: @remediation.root_package.base
Current package version that the finding was detected on, before any remediation is applied.
closest_minimum_risk_only_no_fix_vulnerabilitiesarray (object)Path: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities
Closest package version that only contains vulnerabilities for which no fix is available, minimizing risk exposure.
closest_no_criticalarray (object)Path: @remediation.root_package.closest_no_critical
Closest package version with no critical vulnerabilities (based on base score).
closest_no_vulnerabilitiesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities
Closest package version with no vulnerabilities.
latest_no_criticalarray (object)Path: @remediation.root_package.latest_no_critical
The latest remediation package version with no critical vulnerabilities (based on base score).
latest_no_vulnerabilitiesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities
Latest package version with no vulnerabilities.
+ +### Base + +Current package version that the finding was detected on, before any remediation is applied. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.base.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.base.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.base.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.base.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.base.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.base.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.base.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.base.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.base.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.base.remaining_advisories.id
Identifier of the advisory.
+ +### Closest Minimum Risk Only No Fix Vulnerabilities + +Closest package version that only contains vulnerabilities for which no fix is available, minimizing risk exposure. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_minimum_risk_only_no_fix_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +### Closest No Critical + +Closest package version with no critical vulnerabilities (based on base score). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.closest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.closest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.closest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.closest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.closest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.closest_no_critical.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_critical.remaining_advisories.id
Identifier of the advisory.
+ +### Closest No Vulnerabilities + +Closest package version with no vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.closest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.closest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.closest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.closest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.closest_no_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.closest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +### Latest No Critical + +The latest remediation package version with no critical vulnerabilities (based on base score). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.latest_no_critical.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.latest_no_critical.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.latest_no_critical.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.latest_no_critical.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.latest_no_critical.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.latest_no_critical.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_critical.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_critical.remaining_advisories.id
Identifier of the advisory.
+ +### Latest No Vulnerabilities + +Latest package version with no vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
fixed_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories
Advisories that the remediation will fix.
has_incomplete_databooleanPath: @remediation.root_package.latest_no_vulnerabilities.has_incomplete_data
Flag to indicate whether the remediation may have incomplete dependency data and therefore may not be 100% accurate.
is_auto_solvablebooleanPath: @remediation.root_package.latest_no_vulnerabilities.is_auto_solvable
Flag to indicate whether the remediation is autosolvable (only recompiling is needed)
namestringPath: @remediation.root_package.latest_no_vulnerabilities.name
Recommended package name that fixes the finding.
new_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.new_advisories
Advisories that will appear if the remediation is applied.
original_namestringPath: @remediation.root_package.latest_no_vulnerabilities.original_name
Original name of the recommended package that fixes the finding.
remaining_advisoriesarray (object)Path: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories
Advisories that will remain unfixed if the remediation is applied.
versionstringPath: @remediation.root_package.latest_no_vulnerabilities.version
Recommended package version that fixes the finding.
+ +### Fixed Advisories + +Advisories that the remediation will fix. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.fixed_advisories.id
Identifier of the advisory.
+ +### New Advisories + +Advisories that will appear if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.new_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.new_advisories.id
Identifier of the advisory.
+ +### Remaining Advisories + +Advisories that will remain unfixed if the remediation is applied. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
base_severitystringPath: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories.base_severity
Base severity of the advisory.
idstringPath: @remediation.root_package.latest_no_vulnerabilities.remaining_advisories.id
Identifier of the advisory.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Risk" level="h3" id="risk" %}} + +Risk-related attributes for the finding. Each key must have a matching key in the `risk_details` namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
has_exploit_availablebooleanPath: @risk.has_exploit_available
true if known exploits exist for the finding; false otherwise.
has_high_exploitability_chancebooleanPath: @risk.has_high_exploitability_chance
true if the EPSS (Exploit Prediction Scoring System) score is above 1%; false otherwise.
has_privileged_accessbooleanPath: @risk.has_privileged_access
true if the finding's resource is running with elevated privileges or has the ability to assume a privileged role; false otherwise.
has_sensitive_databooleanPath: @risk.has_sensitive_data
true if the finding has access to a resource that contains sensitive data; false otherwise.
is_authenticatedbooleanPath: @risk.is_authenticated
true if the API endpoint requires authentication to access; false if the endpoint does not require authentication. Omitted if authentication status is unknown.
is_crown_jewelbooleanPath: @risk.is_crown_jewel
true if the affected resource is critical to your business; false otherwise.
is_emergingbooleanPath: @risk.is_emerging
true if the vulnerability is linked to an advisory classified as an emerging vulnerability; false otherwise.
is_exposed_to_attacksbooleanPath: @risk.is_exposed_to_attacks
true if attacks have already been detected on the resource; false otherwise.
is_function_reachablebooleanPath: @risk.is_function_reachable
true if the vulnerable function can be executed; false otherwise.
is_image_runningbooleanPath: @risk.is_image_running
true if the image of the finding's resource has running containers or hosts; false otherwise.
is_kernel_runningbooleanPath: @risk.is_kernel_running
true if the vulnerability affects the kernel currently running on the host; false otherwise.
is_package_runningbooleanPath: @risk.is_package_running
true if the package of the finding's resource is running; false otherwise.
is_productionbooleanPath: @risk.is_production
true if the finding's resource is running in production; false otherwise.
is_publicly_accessiblebooleanPath: @risk.is_publicly_accessible
true if the finding's resource is publicly accessible; false otherwise.
is_tainted_from_databasebooleanPath: @risk.is_tainted_from_database
true if the string is tainted due to originating from an untrusted database source; false otherwise.
is_tainted_from_query_stringbooleanPath: @risk.is_tainted_from_query_string
true if the string is tainted with elements derived from an HTTP query string; false otherwise.
is_tainted_from_request_urlbooleanPath: @risk.is_tainted_from_request_url
true if the final URL contains tainted parts originating from the request URL; false otherwise.
is_using_sha1booleanPath: @risk.is_using_sha1
true if SHA1 is used in a weak hash; false otherwise.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Risk Details" level="h3" id="risk-details" %}} + +Contextual risk factors that help assess the potential impact of a finding. These fields describe characteristics like exposure, sensitivity, and signs of active exploitation. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
has_exploit_availableobjectPath: @risk_details.has_exploit_available
Information about whether a known exploit exists for the finding advisory.
has_high_exploitability_chanceobjectPath: @risk_details.has_high_exploitability_chance
Evidence and indicators about whether the vulnerability is likely to be exploited based on EPSS (Exploit Prediction Scoring System).
has_privileged_accessobjectPath: @risk_details.has_privileged_access
Evidence and indicators about whether the resource has privileged access.
has_sensitive_dataobjectPath: @risk_details.has_sensitive_data
Evidence and indicators about whether the affected resource has sensitive data.
is_authenticatedobjectPath: @risk_details.is_authenticated
Evidence and indicators about whether the API endpoint requires authentication.
is_crown_jewelobjectPath: @risk_details.is_crown_jewel
Evidence and indicators about whether the affected resource is critical.
is_emergingobjectPath: @risk_details.is_emerging
Evidence and indicators about whether the vulnerability is classified as an emerging vulnerability.
is_exposed_to_attacksobjectPath: @risk_details.is_exposed_to_attacks
Evidence and indicators about whether the service where the finding was detected is exposed to attacks.
is_function_reachableobjectPath: @risk_details.is_function_reachable
Evidence and indicators about whether the vulnerable function or module is used in the code.
is_image_runningobjectPath: @risk_details.is_image_running
Evidence and indicators about whether the affected image has running containers or hosts.
is_kernel_runningobjectPath: @risk_details.is_kernel_running
Evidence and indicators about whether the vulnerability affects the kernel currently running on the host.
is_package_runningobjectPath: @risk_details.is_package_running
Evidence and indicators about whether the affected package is running.
is_productionobjectPath: @risk_details.is_production
Evidence and indicators about whether the resource associated with the finding is running in a production environment.
is_publicly_accessibleobjectPath: @risk_details.is_publicly_accessible
Information about whether the affected resource is accessible from the public internet.
is_tainted_from_databaseobjectPath: @risk_details.is_tainted_from_database
Information about whether tainted parts originate from a database.
is_tainted_from_query_stringobjectPath: @risk_details.is_tainted_from_query_string
Information about whether the tainted parts originated from a query string.
is_tainted_from_request_urlobjectPath: @risk_details.is_tainted_from_request_url
Information about whether the tainted parts originate from the request URL.
is_using_sha1objectPath: @risk_details.is_using_sha1
Information about whether SHA1 is used in a weak hash.
+ +### Has Exploit Available + +Information about whether a known exploit exists for the finding advisory. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_exploit_available.evidence
Evidence of exploit availability.
impact_cvssstringPath: @risk_details.has_exploit_available.impact_cvss
How the availability of known exploits changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_exploit_available.value
true if known exploits exist for the finding; false otherwise.
+ +### Evidence + +Evidence of exploit availability. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
exploit_sourcesarray (string)Path: @risk_details.has_exploit_available.evidence.exploit_sources
Exploit sources associated with the finding (for example, NIST, CISA, Exploit-DB).
exploit_urlsarray (string)Path: @risk_details.has_exploit_available.evidence.exploit_urls
Exploit URLs associated with the finding.
typestringPath: @risk_details.has_exploit_available.evidence.type
Type of exploit availability evidence. Valid values: production_ready, poc, unavailable.
+ +### Has High Exploitability Chance + +Evidence and indicators about whether the vulnerability is likely to be exploited based on EPSS (Exploit Prediction Scoring System). + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_high_exploitability_chance.evidence
Evidence for the EPSS score.
impact_cvssstringPath: @risk_details.has_high_exploitability_chance.impact_cvss
How high exploitability chance affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_high_exploitability_chance.value
true if the EPSS score is above 1%; false otherwise.
+ +### Evidence + +Evidence for the EPSS score. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
epss_scorenumberPath: @risk_details.has_high_exploitability_chance.evidence.epss_score
EPSS score as a percentage representing the chance of exploitation.
epss_severitystringPath: @risk_details.has_high_exploitability_chance.evidence.epss_severity
EPSS score severity level. Valid values: Critical, High, Medium, Low.
thresholdnumberPath: @risk_details.has_high_exploitability_chance.evidence.threshold
Minimum EPSS score required for a vulnerability to be considered as having a high exploitability chance.
+ +### Has Privileged Access + +Evidence and indicators about whether the resource has privileged access. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_privileged_access.evidence
Evidence showing proof of privileged access.
impact_cvssstringPath: @risk_details.has_privileged_access.impact_cvss
How privileged access changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_privileged_access.value
true if the resource associated with the finding has privileged access; false otherwise.
+ +### Evidence + +Evidence showing proof of privileged access. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
resource_keystringPath: @risk_details.has_privileged_access.evidence.resource_key
Canonical Cloud Resource Identifier with proof of privileged access.
+ +### Has Sensitive Data + +Evidence and indicators about whether the affected resource has sensitive data. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.has_sensitive_data.evidence
Evidence supporting the presence of sensitive data.
impact_cvssstringPath: @risk_details.has_sensitive_data.impact_cvss
How sensitive data presence changes the CVSS score. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.has_sensitive_data.value
Same as risk.has_sensitive_data.
+ +### Evidence + +Evidence supporting the presence of sensitive data. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
sds_idstringPath: @risk_details.has_sensitive_data.evidence.sds_id
Identifier of a sensitive data entry that Datadog Sensitive Data Scanner detected.
+ +### Is Authenticated + +Evidence and indicators about whether the API endpoint requires authentication. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
valuebooleanPath: @risk_details.is_authenticated.value
Same as risk.is_authenticated.
+ +### Is Crown Jewel + +Evidence and indicators about whether the affected resource is critical. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_crown_jewel.evidence
Evidence used to identify the resource as being critical.
impact_cvssstringPath: @risk_details.is_crown_jewel.impact_cvss
How resource criticality changes the CVSS score. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_crown_jewel.value
true if the resource is critical to your business; false otherwise.
+ +### Evidence + +Evidence used to identify the resource as being critical. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
explanationstringPath: @risk_details.is_crown_jewel.evidence.explanation
Explanation detailing why the resource or related resource is identified as critical.
related_resource_namestringPath: @risk_details.is_crown_jewel.evidence.related_resource_name
Name of a long-lived critical asset, such as a critical service, that justifies why the affected resource is considered critical.
sensitive_dataarray (string)Path: @risk_details.is_crown_jewel.evidence.sensitive_data
Sensitive data types detected on the resource that contribute to its classification as a critical asset (for example, visa_credit_card).
+ +### Is Emerging + +Evidence and indicators about whether the vulnerability is classified as an emerging vulnerability. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_emerging.impact_cvss
How emerging vulnerability status affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_emerging.value
Same as risk.is_emerging.
+ +### Is Exposed To Attacks + +Evidence and indicators about whether the service where the finding was detected is exposed to attacks. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_exposed_to_attacks.evidence
Evidence for the presence of attacks.
impact_cvssstringPath: @risk_details.is_exposed_to_attacks.impact_cvss
How the resource's exposure affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_exposed_to_attacks.value
Same as risk.is_exposed_to_attacks.
+ +### Evidence + +Evidence for the presence of attacks. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
attacks_detailsobjectPath: @risk_details.is_exposed_to_attacks.evidence.attacks_details
Details about one of the detected attacks.
trace_exampleobjectPath: @risk_details.is_exposed_to_attacks.evidence.trace_example
Example of a trace with attacks detected on the finding's resource.
trace_querystringPath: @risk_details.is_exposed_to_attacks.evidence.trace_query
Query used to find traces with attacks related to the finding's resource.
+ +### Is Function Reachable + +Evidence and indicators about whether the vulnerable function or module is used in the code. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_function_reachable.evidence
Evidence used to determine whether the function is reachable.
impact_cvssstringPath: @risk_details.is_function_reachable.impact_cvss
How function reachability changes the CVSS risk assessment. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_function_reachable.value
true if the function is reachable; false otherwise.
+ +### Evidence + +Evidence used to determine whether the function is reachable. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
is_supportedbooleanPath: @risk_details.is_function_reachable.evidence.is_supported
true if reachability analysis is supported for this finding, false otherwise.
locationsarray (object)Path: @risk_details.is_function_reachable.evidence.locations
Array of code locations where the function is called.
not_supported_reasonstringPath: @risk_details.is_function_reachable.evidence.not_supported_reason
Reason why reachability analysis is not supported for this finding. Valid values: language_not_supported, vulnerable_symbol_not_available.
unreachable_atintegerPath: @risk_details.is_function_reachable.evidence.unreachable_at
Timestamp in milliseconds (UTC) at which the finding transitions to an unreachable state if the vulnerable function is not called.
+ +### Locations + +Array of code locations where the function is called. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
filenamestringPath: @risk_details.is_function_reachable.evidence.locations.filename
Relative path to the file.
last_detected_atintegerPath: @risk_details.is_function_reachable.evidence.locations.last_detected_at
Timestamp in milliseconds (UTC) of the most recent detection of this function at the code location.
line_startintegerPath: @risk_details.is_function_reachable.evidence.locations.line_start
Starting line number.
symbolstringPath: @risk_details.is_function_reachable.evidence.locations.symbol
Symbol name at the code location.
+ +### Is Image Running + +Evidence and indicators about whether the affected image has running containers or hosts. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_image_running.evidence
Evidence showing proof of running containers or hosts.
impact_cvssstringPath: @risk_details.is_image_running.impact_cvss
How running containers or hosts affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_image_running.value
true if the image of the finding's resource has running containers or hosts; false otherwise.
+ +### Evidence + +Evidence showing proof of running containers or hosts. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
detected_atintegerPath: @risk_details.is_image_running.evidence.detected_at
Timestamp when the running containers or hosts were detected.
+ +### Is Kernel Running + +Evidence and indicators about whether the vulnerability affects the kernel currently running on the host. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_kernel_running.evidence
Evidence showing proof that the vulnerability affects the running kernel.
valuebooleanPath: @risk_details.is_kernel_running.value
true if the vulnerability affects the kernel currently running on the host; false otherwise.
+ +### Evidence + +Evidence showing proof that the vulnerability affects the running kernel. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
kernel_versionstringPath: @risk_details.is_kernel_running.evidence.kernel_version
Version of the kernel currently running on the host.
+ +### Is Package Running + +Evidence and indicators about whether the affected package is running. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_package_running.impact_cvss
How a running package affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_package_running.value
true if the package of the finding's resource is running; false otherwise.
+ +### Is Production + +Evidence and indicators about whether the resource associated with the finding is running in a production environment. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_production.evidence
The env tag value that determines whether the resource is in production.
impact_cvssstringPath: @risk_details.is_production.impact_cvss
How production environment status affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_production.value
Same as risk.is_production.
+ +### Is Publicly Accessible + +Information about whether the affected resource is accessible from the public internet. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
evidenceobjectPath: @risk_details.is_publicly_accessible.evidence
Evidence showing proof of access from the internet.
impact_cvssstringPath: @risk_details.is_publicly_accessible.impact_cvss
How public accessibility affects the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_publicly_accessible.value
Same as risk.is_publicly_accessible.
+ +### Evidence + +Evidence showing proof of access from the internet. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
resource_keystringPath: @risk_details.is_publicly_accessible.evidence.resource_key
Canonical Cloud Resource Identifier of the resource accessible from the internet.
+ +### Is Tainted From Database + +Information about whether tainted parts originate from a database. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_database.impact_cvss
How database tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_database.value
true if the string is tainted due to originating from an untrusted database source; false otherwise.
+ +### Is Tainted From Query String + +Information about whether the tainted parts originated from a query string. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_query_string.impact_cvss
How query string tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_query_string.value
true if the string contains elements derived from an HTTP query string; false otherwise.
+ +### Is Tainted From Request Url + +Information about whether the tainted parts originate from the request URL. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_tainted_from_request_url.impact_cvss
How request URL tainting changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_tainted_from_request_url.value
true if the final URL contains tainted parts originating from the request URL; false otherwise.
+ +### Is Using SHA1 + +Information about whether SHA1 is used in a weak hash. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
impact_cvssstringPath: @risk_details.is_using_sha1.impact_cvss
How SHA1 usage changes the CVSS scoring. Valid values: riskier, neutral, safer, unknown.
valuebooleanPath: @risk_details.is_using_sha1.value
true if SHA1 is used in a weak hash; false otherwise.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Rule" level="h3" id="rule" %}} + +How to discover a vulnerability. Vulnerability findings with rules indicate the vulnerability was detected in source code or running code. Rules are also used for non-vulnerability findings such as misconfigurations or API security. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
default_rule_idstringPath: @rule.default_rule_id
Default rule identifier of the rule. Empty if it's a custom rule.
idstringPath: @rule.id
Identifier of the rule that generated the finding.
namestringPath: @rule.name
Name of the rule that generated the finding.
typestringPath: @rule.type
Type of the rule that generated the finding.
versionintegerPath: @rule.version
Version of the rule that generated the finding.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Runtime Context" level="h3" id="runtime-context" %}} + +Groups attributes related to runtime context. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
database_monitoringobjectPath: @runtime_context.database_monitoring
Contains database monitoring context associated with the finding.
span_idstringPath: @runtime_context.span_id
Span identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
stacktrace_idstringPath: @runtime_context.stacktrace_id
Stack trace identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
trace_idstringPath: @runtime_context.trace_id
Trace identifier where the finding was detected. Available only for IAST (Interactive Application Security Testing).
vulnerable_servicesarray (object)Path: @runtime_context.vulnerable_services
Lists running service versions affected by the finding, each identified by deployment environment, version, and Git commit SHA.
+ +### Database Monitoring + +Contains database monitoring context associated with the finding. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
database_instancesarray (string)Path: @runtime_context.database_monitoring.database_instances
Identifiers for the database instances affected by the finding.
query_signaturestringPath: @runtime_context.database_monitoring.query_signature
Hash of the normalized SQL query associated with the finding.
+ +### Vulnerable Services + +Lists running service versions affected by the finding, each identified by deployment environment, version, and Git commit SHA. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
commit_shastringPath: @runtime_context.vulnerable_services.commit_sha
Contains the Git commit SHA of the vulnerable service.
envstringPath: @runtime_context.vulnerable_services.env
Indicates the deployment environment of the vulnerable service (for example, prod, staging).
service_namestringPath: @runtime_context.vulnerable_services.service_name
Contains the name of the vulnerable service.
versionstringPath: @runtime_context.vulnerable_services.version
Contains the version identifier of the vulnerable service.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Secret" level="h3" id="secret" %}} + +Information specific to secret findings, such as the secret's validation status. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
validation_statusstringPath: @secret.validation_status
Result of attempting to validate if the secret is active.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Sensitive Data" level="h3" id="sensitive-data" %}} + +Attributes specific to Sensitive Data Scanner (SDS) findings. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
match_action_typestringPath: @sensitive_data.match_action_type
Indicates the match action configured on the Sensitive Data Scanner rule, such as redact or hash.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Service" level="h3" id="service" %}} + +Information about the service where the finding was detected, including its name and source code metadata. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
git_commit_shastringPath: @service.git_commit_sha
Git commit SHA of the latest commit where the finding was detected for the service. Available only when Source Code Integration is configured.
git_repository_urlstringPath: @service.git_repository_url
URL of the Git repository for the service associated with the finding. Available only when Source Code Integration is configured.
namestringPath: @service.name
Name of the service where the finding was detected.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Severity Details" level="h3" id="severity-details" %}} + +Detailed severity information for the finding, including base and adjusted severity. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
adjustedobjectPath: @severity_details.adjusted
Adjusted severity of the finding after accounting for contextual or environmental factors.
baseobjectPath: @severity_details.base
Base severity of the finding as defined by the original rule, advisory, or scanner, before any contextual adjustments.
user_adjustedobjectPath: @severity_details.user_adjusted
Severity of the finding after application of user-defined severity modifications.
+ +### Adjusted + +Adjusted severity of the finding after accounting for contextual or environmental factors. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
scorenumberPath: @severity_details.adjusted.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.adjusted.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.adjusted.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
vectorstringPath: @severity_details.adjusted.vector
CVSS vector string.
+ +### Base + +Base severity of the finding as defined by the original rule, advisory, or scanner, before any contextual adjustments. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
scorenumberPath: @severity_details.base.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.base.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.base.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
vectorstringPath: @severity_details.base.vector
CVSS vector string.
+ +### User Adjusted + +Severity of the finding after application of user-defined severity modifications. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
scorenumberPath: @severity_details.user_adjusted.score
Numeric severity score (CVSS scale).
valuestringPath: @severity_details.user_adjusted.value
Severity level. Valid values: critical, high, medium, low, info, none, unknown.
value_idintegerPath: @severity_details.user_adjusted.value_id
Numeric representation of the severity. Values: critical = 10, high = 9, medium = 7, low = 4, none = 0.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Vulnerability" level="h3" id="vulnerability" %}} + +Information specific to vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
confidencestringPath: @vulnerability.confidence
The assessed likelihood of the vulnerability being a true positive.
confidence_reasonstringPath: @vulnerability.confidence_reason
The rationale behind the assigned confidence level.
cwesarray (string)Path: @vulnerability.cwes
CWE (Common Weakness Enumeration) identifier associated with the vulnerability. Each entry must use the CWE-<id> format (for example, CWE-416).
first_commitstringPath: @vulnerability.first_commit
The commit in which the vulnerability was first introduced.
hashstringPath: @vulnerability.hash
Vulnerability hash used to correlate the same vulnerability across SCA (Software Composition Analysis) runtime and static analysis.
is_emergingbooleanPath: @vulnerability.is_emerging
true if the vulnerability is classified as an emerging threat; false otherwise.
is_inherited_from_base_imagebooleanPath: @vulnerability.is_inherited_from_base_image
true if the vulnerability originates in a base image layer, false if it originates in a layer added by the container image author.
last_commitstringPath: @vulnerability.last_commit
The commit in which the vulnerability was fixed.
owasp_top10_yearsarray (integer)Path: @vulnerability.owasp_top10_years
The years the vulnerability appeared in the OWASP Top 10 list of critical vulnerabilities.
stackobjectPath: @vulnerability.stack
The technological stack where the vulnerability was found.
+ +### Stack + +The technological stack where the vulnerability was found. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
ecosystemstringPath: @vulnerability.stack.ecosystem
The package management ecosystem or source registry the vulnerable component originated from.
languagestringPath: @vulnerability.stack.language
The language where the vulnerability was found.
+ +{{% /collapse-content %}} + +{{% collapse-content title="Workflow" level="h3" id="workflow" %}} + +All mutable information related to the management of a finding after it was detected. Includes fields that can be updated manually through the UI or automatically through pipelines. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
auto_closed_atintegerPath: @workflow.auto_closed_at
Timestamp in milliseconds (UTC) when the finding was automatically closed by the system.
automationsarray (object)Path: @workflow.automations
Information about any automation rules that apply to the finding.
due_dateobjectPath: @workflow.due_date
Due date rule applied to the finding.
integrationsobjectPath: @workflow.integrations
Integrations like Jira, Case Management, or ServiceNow used to triage and remediate the finding.
muteobjectPath: @workflow.mute
Muting information and metadata.
severity_overrideobjectPath: @workflow.severity_override
Metadata about user-defined severity modifications applied to the finding.
triageobjectPath: @workflow.triage
Assignment and status information. Assignment may be synchronized with case or Jira information.
+ +### Automations + +Information about any automation rules that apply to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
rule_idstringPath: @workflow.automations.rule_id
Unique identifier for the automation rule.
rule_namestringPath: @workflow.automations.rule_name
Human-readable name of the automation rule applying to the finding.
rule_typestringPath: @workflow.automations.rule_type
Type of the automation rule applying to the finding. Valid values: due_date, mute, security_inbox, severity_modifier, ticket_creation.
+ +### Due Date + +Due date rule applied to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
due_atintegerPath: @workflow.due_date.due_at
Timestamp in milliseconds (UTC) for the finding's due date.
is_overduebooleanPath: @workflow.due_date.is_overdue
true if the due date has been reached; false otherwise.
rule_idstringPath: @workflow.due_date.rule_id
Unique identifier for the due date rule applied to the finding.
+ +### Integrations + +Integrations like Jira, Case Management, or ServiceNow used to triage and remediate the finding. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
casesarray (object)Path: @workflow.integrations.cases
Array of cases attached to the finding.
jiraarray (string)Path: @workflow.integrations.jira
Jira issue keys attached to the finding in the format <PROJECT>-<NUMBER> (for example, PROJ-123).
+ +### Cases + +Array of cases attached to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
assigneeobjectPath: @workflow.integrations.cases.assignee
User assigned to the case.
created_atintegerPath: @workflow.integrations.cases.created_at
Timestamp in milliseconds (UTC) when the case was created.
created_byobjectPath: @workflow.integrations.cases.created_by
User who created the case.
idstringPath: @workflow.integrations.cases.id
Unique identifier of the case in UUID format.
jira_issueobjectPath: @workflow.integrations.cases.jira_issue
Jira issue attached to the case.
keystringPath: @workflow.integrations.cases.key
Human-readable identifier for the case in the format PROJECT-NUMBER (for example, CSMINV-66).
linear_issueobjectPath: @workflow.integrations.cases.linear_issue
Linear issue attached to the case.
servicenow_ticketobjectPath: @workflow.integrations.cases.servicenow_ticket
ServiceNow ticket attached to the case.
statusstringPath: @workflow.integrations.cases.status
Status of the case.
titlestringPath: @workflow.integrations.cases.title
Title of the case.
updated_atintegerPath: @workflow.integrations.cases.updated_at
Timestamp in milliseconds (UTC) when the case was last updated.
updated_byobjectPath: @workflow.integrations.cases.updated_by
User who last updated the case.
+ +### Assignee + +User assigned to the case. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.assignee.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.assignee.name
Display name of the user.
+ +### Created By + +User who created the case. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.created_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.created_by.name
Display name of the user.
+ +### Jira Issue + +Jira issue attached to the case. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
keystringPath: @workflow.integrations.cases.jira_issue.key
Jira issue identifier in the format PROJECT-NUMBER (for example, CSMSEC-103991).
statusstringPath: @workflow.integrations.cases.jira_issue.status
Current status of the Jira issue.
urlstringPath: @workflow.integrations.cases.jira_issue.url
Full URL to the Jira issue.
+ +### Linear Issue + +Linear issue attached to the case. + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
keystringPath: @workflow.integrations.cases.linear_issue.key
Linear issue identifier in the format TEAM-NUMBER (for example, SEC-42).
statusstringPath: @workflow.integrations.cases.linear_issue.status
Current status of the Linear issue.
urlstringPath: @workflow.integrations.cases.linear_issue.url
Full URL to the Linear issue.
+ +### Servicenow Ticket + +ServiceNow ticket attached to the case. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
statestringPath: @workflow.integrations.cases.servicenow_ticket.state
Current state of the ServiceNow ticket.
sys_idstringPath: @workflow.integrations.cases.servicenow_ticket.sys_id
ServiceNow 32-character hexadecimal ticket identifier (for example, 9f8c7e2d3b4a5c6d7e8f9a0b1c2d3e4f).
table_namestringPath: @workflow.integrations.cases.servicenow_ticket.table_name
The name of the table where the ticket is stored. Valid values: incident, em_event.
urlstringPath: @workflow.integrations.cases.servicenow_ticket.url
Direct URL to the ServiceNow ticket.
+ +### Updated By + +User who last updated the case. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.integrations.cases.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.integrations.cases.updated_by.name
Display name of the user.
+ +### Mute + +Muting information and metadata. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
descriptionstringPath: @workflow.mute.description
Free-text explanation for why the finding was muted.
expire_atintegerPath: @workflow.mute.expire_at
Timestamp in milliseconds (UTC) when the mute expires. If not set, the mute is permanent.
is_mutedbooleanPath: @workflow.mute.is_muted
true if the finding is muted; false if it is active.
is_muted_by_rulebooleanPath: @workflow.mute.is_muted_by_rule
true if the finding is muted by an automation rule; false otherwise. If true, the relevant automation rule is referenced in the workflow.automations section.
muted_atintegerPath: @workflow.mute.muted_at
Timestamp in milliseconds (UTC) when the finding was muted.
muted_byobjectPath: @workflow.mute.muted_by
User who muted the finding.
reasonstringPath: @workflow.mute.reason
Reason provided for muting the finding. Valid values: none, no_pending_fix, human_error, no_longer_accepted_risk, other, pending_fix, false_positive, accepted_risk, no_fix, duplicate, risk_accepted, muted_in_code.
rule_idstringPath: @workflow.mute.rule_id
Unique identifier for the automation rule that muted the finding. Only set when is_muted_by_rule is true.
rule_namestringPath: @workflow.mute.rule_name
Human-readable name of the automation rule that muted the finding. Only set when is_muted_by_rule is true.
+ +### Muted By + +User who muted the finding. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.mute.muted_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.mute.muted_by.name
Display name of the user.
+ +### Severity Override + +Metadata about user-defined severity modifications applied to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
descriptionstringPath: @workflow.severity_override.description
Description of the user-defined severity modification applied to the finding.
rule_idstringPath: @workflow.severity_override.rule_id
Identifier of the severity modifier automation rule that applied this severity override. Only set when the override was applied by an automation rule.
rule_namestringPath: @workflow.severity_override.rule_name
Name of the severity modifier automation rule that applied this severity override. Only set when the override was applied by an automation rule.
updated_atintegerPath: @workflow.severity_override.updated_at
Timestamp in milliseconds (UTC) when the manual severity override was applied.
updated_byobjectPath: @workflow.severity_override.updated_by
User who applied the manual severity override.
+ +### Updated By + +User who applied the manual severity override. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.severity_override.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.severity_override.updated_by.name
Display name of the user.
+ +### Triage + +Assignment and status information. Assignment may be synchronized with case or Jira information. + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
assigneeobjectPath: @workflow.triage.assignee
User assigned to the finding.
+ +### Assignee + +User assigned to the finding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.triage.assignee.id
Unique identifier in UUID format for the assignee.
namestringPath: @workflow.triage.assignee.name
Display name of the assignee.
updated_atintegerPath: @workflow.triage.assignee.updated_at
Timestamp in milliseconds (UTC) when the assignee was last modified.
updated_byobjectPath: @workflow.triage.assignee.updated_by
User who last modified the assignee.
+ +### Updated By + +User who last modified the assignee. + + + + + + + + + + + + + + + + + + + + + +
Attribute nameTypeDescription
idstringPath: @workflow.triage.assignee.updated_by.id
Unique identifier of the user in UUID format.
namestringPath: @workflow.triage.assignee.updated_by.name
Display name of the user.
+ +{{% /collapse-content %}}