Skip to content

Commit

Permalink
add few links to examples
Browse files Browse the repository at this point in the history
Signed-off-by: Hector Fernandez <[email protected]>
  • Loading branch information
hectorj2f committed Aug 26, 2023
1 parent 89b4d48 commit 1defc95
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions spec/predicates/vuln.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ The fields that make up this predicate type are:
The `subject` contains whatever software artifacts are to be associated with this vulnerability report document.
The `predicate` contains a JSON-encoded data with the following fields:

**scanner** object
**scanner** object, optional

> There are lots of container image scanners such as Trivy, Grype, Clair, etc.
> This field describes which scanner is used while performing a container image scan,
Expand All @@ -68,33 +68,33 @@ The `predicate` contains a JSON-encoded data with the following fields:

> > > The timestamp of when the vulnerability DB was updated last time.
**scanner.result** list
**scanner.result, required** list

> > The result contains a list of vulnerabilities.
> > The result contains a list of vulnerabilities. Note that an empty list means the **scanner** found no vulnerabilities.
> > This is the most important part of this field because it'll store the scan result as a whole. So, people might want
> > to use this field to take decisions based on them by making use of Policy Engines tooling whether allow or deny these images.
**scanner.result.[*].vulnerability** object
**scanner.result.[*].vulnerability** object, optional

> > > The vulnerability object defines information about each one of the vulnerabilities found by the scanner.
**scanner.result.[*].vulnerability.id** string
**scanner.result.[*].vulnerability.id, required** string

> > > > This is the identifier of the vulnerability, e.g. GHSA-r9p9-mrjm-926w, CVE-123.
> > > > This is the identifier of the vulnerability, e.g. [GHSA-fxph-q3j8-mv87](https://github.com/advisories/GHSA-fxph-q3j8-mv87) whose CVE id is [CVE-2017-5645](https://nvd.nist.gov/vuln/detail/CVE-2017-5645).
**scanner.result.[*].vulnerability.severity** object
**scanner.result.[*].vulnerability.severity, required** object

> > > > The severity contains a list to describe the severity of a vulnerability using one or more quantitative scoring method.
**scanner.result.[*].vulnerability.severity.type** string
**scanner.result.[*].vulnerability.severity.method, required** string

> > > > > The type describes the quantitative method used to calculate the associated.
> > > > > The method describes the quantitative method used to calculate the associated severity score such as nvd, cvss and others.
**scanner.result.[*].vulnerability.severity.score** string
**scanner.result.[*].vulnerability.severity.score, required** string

> > > > > This is a string representing the severity score based on the selected method.
**scanner.result.[*].vulnerability.annotations** list
**scanner.result.[*].vulnerability.annotations** list, optional

> > > > > This is a list of key/value pairs where scanners can add additional custom information.
Expand All @@ -110,18 +110,18 @@ The `predicate` contains a JSON-encoded data with the following fields:

```jsonc
{
"_type": "https://in-toto.io/Statement/v0.1",
"_type": "https://in-toto.io/Statement/v1",
"subject": [
{
...
"name": "foo.jar",
"digest": {"sha256": "fe4fe40ac7250263c5dbe1cf3138912f3f416140aa248637a60d65fe22c47da4"}
}
],
// Predicate:
"predicateType": "https://in-toto.io/attestation/vulns/attribute-report/v0.1",
"predicateType": "https://in-toto.io/attestation/vulns/v0.1",
"predicate": {
"invocation": {
"parameters": [],
// [ "--format=json", "--skip-db-update" ]
"uri": "",
// https://github.com/developer-guy/alpine/actions/runs/1071875574
"event_id": "",
Expand All @@ -146,8 +146,8 @@ The `predicate` contains a JSON-encoded data with the following fields:
{
"id": "CVE-123",
"severity": [
{ "type": "nvd", "score": "medium"},
{ "type": "cvss_score", "score", "5.2" }
{ "method": "nvd", "score": "medium"},
{ "method": "cvss_score", "score", "5.2" }
]
},
{...}
Expand Down

0 comments on commit 1defc95

Please sign in to comment.