feat: Add container.create_time, vulnerability.offending_package, vulnerability.fixed_package, vulnerability.security_bulletin, vulnerability.cve.impact, vulnerability.cve.exploitation_activity, vulnerability.cve.observed_in_the_wild, vulnerability.cve.zero_day to finding's list of attributes
PiperOrigin-RevId: 611114785
diff --git a/google/cloud/securitycenter/v1/container.proto b/google/cloud/securitycenter/v1/container.proto
index dab20ae..5642e95 100644
--- a/google/cloud/securitycenter/v1/container.proto
+++ b/google/cloud/securitycenter/v1/container.proto
@@ -17,6 +17,7 @@
package google.cloud.securitycenter.v1;
import "google/cloud/securitycenter/v1/label.proto";
+import "google/protobuf/timestamp.proto";
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
@@ -41,4 +42,7 @@
// Container labels, as provided by the container runtime.
repeated Label labels = 4;
+
+ // The time that the container was created.
+ google.protobuf.Timestamp create_time = 5;
}
diff --git a/google/cloud/securitycenter/v1/vulnerability.proto b/google/cloud/securitycenter/v1/vulnerability.proto
index 457e88c..a4c2da3 100644
--- a/google/cloud/securitycenter/v1/vulnerability.proto
+++ b/google/cloud/securitycenter/v1/vulnerability.proto
@@ -16,6 +16,8 @@
package google.cloud.securitycenter.v1;
+import "google/protobuf/timestamp.proto";
+
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
@@ -29,11 +31,68 @@
// CVE stands for Common Vulnerabilities and Exposures
// (https://cve.mitre.org/about/)
Cve cve = 1;
+
+ // The offending package is relevant to the finding.
+ Package offending_package = 2;
+
+ // The fixed package is relevant to the finding.
+ Package fixed_package = 3;
+
+ // The security bulletin is relevant to this finding.
+ SecurityBulletin security_bulletin = 4;
}
// CVE stands for Common Vulnerabilities and Exposures.
-// More information: https://cve.mitre.org
+// Information from the [CVE
+// record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
+// vulnerability.
message Cve {
+ // The possible values of impact of the vulnerability if it was to be
+ // exploited.
+ enum RiskRating {
+ // Invalid or empty value.
+ RISK_RATING_UNSPECIFIED = 0;
+
+ // Exploitation would have little to no security impact.
+ LOW = 1;
+
+ // Exploitation would enable attackers to perform activities, or could allow
+ // attackers to have a direct impact, but would require additional steps.
+ MEDIUM = 2;
+
+ // Exploitation would enable attackers to have a notable direct impact
+ // without needing to overcome any major mitigating factors.
+ HIGH = 3;
+
+ // Exploitation would fundamentally undermine the security of affected
+ // systems, enable actors to perform significant attacks with minimal
+ // effort, with little to no mitigating factors to overcome.
+ CRITICAL = 4;
+ }
+
+ // The possible values of exploitation activity of the vulnerability in the
+ // wild.
+ enum ExploitationActivity {
+ // Invalid or empty value.
+ EXPLOITATION_ACTIVITY_UNSPECIFIED = 0;
+
+ // Exploitation has been reported or confirmed to widely occur.
+ WIDE = 1;
+
+ // Limited reported or confirmed exploitation activities.
+ CONFIRMED = 2;
+
+ // Exploit is publicly available.
+ AVAILABLE = 3;
+
+ // No known exploitation activity, but has a high potential for
+ // exploitation.
+ ANTICIPATED = 4;
+
+ // No known exploitation activity.
+ NO_KNOWN = 5;
+ }
+
// The unique identifier for the vulnerability. e.g. CVE-2021-34527
string id = 1;
@@ -47,6 +106,19 @@
// Whether upstream fix is available for the CVE.
bool upstream_fix_available = 4;
+
+ // The potential impact of the vulnerability if it was to be exploited.
+ RiskRating impact = 5;
+
+ // The exploitation activity of the vulnerability in the wild.
+ ExploitationActivity exploitation_activity = 6;
+
+ // Whether or not the vulnerability has been observed in the wild.
+ bool observed_in_the_wild = 7;
+
+ // Whether or not the vulnerability was zero day when the finding was
+ // published.
+ bool zero_day = 8;
}
// Additional Links
@@ -214,3 +286,31 @@
// component resulting from a successfully exploited vulnerability.
Impact availability_impact = 12;
}
+
+// Package is a generic definition of a package.
+message Package {
+ // The name of the package where the vulnerability was detected.
+ string package_name = 1;
+
+ // The CPE URI where the vulnerability was detected.
+ string cpe_uri = 2;
+
+ // Type of package, for example, os, maven, or go.
+ string package_type = 3;
+
+ // The version of the package.
+ string package_version = 4;
+}
+
+// SecurityBulletin are notifications of vulnerabilities of Google products.
+message SecurityBulletin {
+ // ID of the bulletin corresponding to the vulnerability.
+ string bulletin_id = 1;
+
+ // Submission time of this Security Bulletin.
+ google.protobuf.Timestamp submission_time = 2;
+
+ // This represents a version that the cluster receiving this notification
+ // should be upgraded to, based on its current version. For example, 1.15.0
+ string suggested_upgrade_version = 3;
+}
