forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
/
VulnerabilityResolutionReason.kt
63 lines (55 loc) · 2.09 KB
/
VulnerabilityResolutionReason.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*
* Copyright (C) 2021 Bosch.IO GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* License-Filename: LICENSE
*/
package org.ossreviewtoolkit.model.config
import org.ossreviewtoolkit.model.Vulnerability
/**
* Possible reasons for resolving an [Vulnerability] using a [VulnerabilityResolution].
*/
enum class VulnerabilityResolutionReason {
/**
* No remediation is available for this vulnerability, e.g., because it requires a change to be made
* by a third party that is not responsive.
*/
CANT_FIX_VULNERABILITY,
/**
* The code in which the vulnerability was found is neither invoked in the project's code nor indirectly
* via another open source component.
*/
INEFFECTIVE_VULNERABILITY,
/**
* The vulnerability is irrelevant due to a tooling or database mismatch, e.g., the package version used
* does not match the version for which the vulnerability provider has reported a vulnerability.
*/
INVALID_MATCH_VULNERABILITY,
/**
* The vulnerability is valid but has been mitigated, e.g., measures have been taken to ensure
* this vulnerability can not be exploited.
*/
MITIGATED_VULNERABILITY,
/**
* This vulnerability will never be fixed, e.g., because the package which is affected is orphaned,
* declared end-of-life, or otherwise deprecated.
*/
WILL_NOT_FIX_VULNERABILITY,
/**
* The vulnerability is valid but a temporary workaround has been put in place to avoid exposure
* to the vulnerability.
*/
WORKAROUND_FOR_VULNERABILITY
}