All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.vulnerability.enrichment;

import com.metaeffekt.artifact.analysis.diffmerge.VulnerabilityDiffer;
import com.metaeffekt.mirror.contents.eol.export.ExportedCycleState;
import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
import org.metaeffekt.core.inventory.processor.model.Artifact;

/**
 * More attributes for the inventory artifacts that are not in core.
 */
public enum InventoryAttribute implements AbstractModelBase.Attribute {
    @Deprecated
    CERTFR("CertFr"),
    @Deprecated // stored in the REVIEWED_ADVISORIES field now
    REVIEWED_CERTFR("Reviewed CertFr"),
    @Deprecated
    CERTSEI("CertSei"),
    @Deprecated // stored in the REVIEWED_ADVISORIES field now
    REVIEWED_CERTSEI("Reviewed CertSei"),
    REVIEWED_ADVISORIES("Reviewed Advisories"),
    @Deprecated
    ADVISORIES("Advisories"),
    /**
     * The vulnerability description text.
     */
    DESCRIPTION("Description"),
    @Deprecated // use the TAG csv attribute
    ADDED_VIA_STATUS("Added by status file"),
    VULNERABILITIES_FIXED_BY_KB("Vulnerability fixed by KB"),
    IS_CUSTOM_VULNERABILITY("Is custom vulnerability"),
    /**
     * Contains a JSON Object representing a vulnerability status.
     */
    VULNERABILITY_STATUS("Vulnerability Status"),
    STATUS_TITLE("Title"),
    STATUS_HISTORY("Status history"),
    STATUS_ACCEPTED("Accepted by"),
    STATUS_REPORTED("Reported by"),
    MEASURES("Measures"),
    @Deprecated
    MS_VULNERABILITY_INFORMATION("MSRC"),
    KEYWORDS("Matched Keyword Sets"),
    KEYWORDS_SCORE("Matched Keyword Total Score"),
    /**
     * All cpes that match the current artifact version.
     */
    MATCHED_CPES("Matched CPEs"),
    /**
     * Still WIP, unused
     */
    CVE_INDICATION("CVE Indication"),
    /**
     * Package URLs added by e.g. the CycloneDX converter.
     */
    PURL("PURL"),
    /**
     * By adding a dependency track findings file, the cpe findings will be added in this column.
     */
    DT_PURL_FINDINGS("DT PURL Findings"),
    /**
     * The ecosystem of the artifact. Extracted by e.g. the CycloneDX converter from PURLs.
     */
    ECOSYSTEM("Ecosystem"),
    /**
     * By adding a dependency track findings file, the cve findings will be added in this column.
     */
    DT_CVE_FINDINGS("DT CVE Findings"),
    /**
     * The MS product id is used to match MS vulnerabilities.
     */
    MS_PRODUCT_ID("MS Product ID"),
    /**
     * A comma separated list of microsoft knowledge base ids that will exclude MS vulnerabilities.
     */
    MS_KB_IDENTIFIER("MS Knowledge Base ID"),
    /**
     * MS advisories identifiers.
* Now stored in the regular vulnerability field. */ @Deprecated MS_ADVISORIES("MS Advisories"), /** * KB identifiers that have been superseded by the given KB identifiers. */ MS_SUPERSEDED_KB_IDENTIFIER("MS Superseded Knowledge Base ID"), MS_FIXING_KB_IDENTIFIER("MS Fixing Knowledge Base ID"), /** * An array list containing the MS CVE remediations applicable to at least one artifact. */ MS_REMEDIATIONS("MS Remediations"), MS_AFFECTED_PRODUCTS("MS Affected Products"), MS_THREATS("MS Threats"), /** * Cpe uris that will be removed from the derived cpe uris. */ INAPPLICABLE_CPE("Inapplicable CPE URIs"), /** * Cpe uris that will be added to the derived cpe uris. */ ADDITIONAL_CPE("Additional CPE URIs"), /** * Key for getting the manually added CPE URIs in an artifact.
* If initial cpe uris are given, they will override the derived cpe uris. */ INITIAL_CPE_URIS("CPE URIs"), /** * Cpe uris that have been derived from the artifact information. */ DERIVED_CPE_URIS("Derived CPE URIs"), /** * Contains a JSON Object that contains details on what parts of what artifact attribute caused a certain CPE to match on the artifact.
* This data is only added to the inventory if the {@link com.metaeffekt.artifact.enrichment.configurations.CpeDerivationEnrichmentConfiguration#setAddDetailedMatchingInformation(boolean)} attribute is set to true. */ DERIVED_CPE_URIS_MATCHING_DETAILS("Derived CPE URIs Details"), /** * Will remove these cve from the matched vulnerabilities. */ INAPPLICABLE_CVE("Inapplicable CVE"), /** * Will add these cve to the matched vulnerabilities. */ ADDON_CVES("Addon CVEs"), @Deprecated // use the Tags csv attribute IS_MARKER_VULNERABILITY("Is Marker"), /** * Represents an EPSS Data point, which can be parsed by the {@link com.metaeffekt.mirror.contents.epss.EpssData} class.* */ EPSS_DATA("EPSS Data"), /** * Used in {@link VulnerabilityDiffer} to store the vulnerability * status of the other inventory. */ VULNERABILITY_DIFF_NEW_STATUS("New Status"), /** * Used in {@link VulnerabilityDiffer} to indicate the type of status * change that has been detected. */ VULNERABILITY_DIFF_STATUS_CHANGE("Status change"), /** * Represents a KEV entry that can be parsed by the {@link com.metaeffekt.mirror.contents.kev.KevData} class. */ KEV_DATA("KEV Data"), /** * Represents an EOL (End-of-Line) identifier to be used my the {@link com.metaeffekt.artifact.enrichment.other.EolEnrichment}. */ EOL_ID("EOL Id"), EOL_OVERWRITE_CYCLE_QUERY_VERSION("EOL Overwrite Cycle Query Version"), EOL_OVERWRITE_LATEST_VERSION_QUERY_VERSION("EOL Overwrite Latest Version Query Version"), /** * Filled by {@link com.metaeffekt.artifact.enrichment.other.EolEnrichment}. Contains a JSON object with the EOL * information built by the {@link ExportedCycleState#toJson()} method. */ EOL_FULL_STATE("EOL State"), EOL_RECOMMENDED_CYCLE_VERSION("EOL Latest Cycle Version"), EOL_RECOMMENDED_LIFECYCLE_VERSION("EOL Latest Lifecycle Version"), EOL_RECOMMENDED_NEXT_SUPPORTED_VERSION("EOL Next Supported Version"), EOL_RECOMMENDED_NEXT_SUPPORTED_EXTENDED_VERSION("EOL Next Extended Supported Version"), EOL_RECOMMENDED_CLOSEST_SUPPORTED_LTS_VERSION("EOL Closest Supported LTS Version"), EOL_RECOMMENDED_LATEST_SUPPORTED_LTS_VERSION("EOL Latest Supported LTS Version"), EOL_IS_EOL("EOL Is EOL"), EOL_IS_SUPPORTED("EOL Is Support"), EOL_IS_SUPPORTED_EXTENDED("EOL Is Extended Support"), EOL_RATING("EOL Rating"), INVENTORY_CONTEXT("Context"), /** * CSV attribute for marking entries with tags. *
    *
  • marker
  • *
  • added by status
  • *
*/ TAGS("Tags"), VULNERABILITY_UPDATED_DATE_TIMESTAMP("Last Updated Timestamp"), VULNERABILITY_UPDATED_DATE_FORMATTED("Last Updated Date"), VULNERABILITY_CREATED_DATE_TIMESTAMP("Created Timestamp"), VULNERABILITY_CREATED_DATE_FORMATTED("Created Date"), /** * Stores Ids of referenced content, such as advisories. * @deprecated Use the {@link org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData.Attribute#REFERENCED_VULNERABILITIES} * and {@link org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData.Attribute#REFERENCED_SECURITY_ADVISORIES} instead. */ @Deprecated VULNERABILITY_REFERENCED_CONTENT_IDS("Referenced Ids"), /** * @deprecated Use the {@link Artifact.Attribute#TYPE} instead. */ @Deprecated ARTIFACT_TYPE("Type"), VAD_DETAIL_LEVEL_CONFIGURATIONS("VAD Detail Level Configurations"), ; private final String key; InventoryAttribute(String key) { this.key = key; } @Override public String getKey() { return key; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy