forked from MrRefactoring/jira.js
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgetVulnerabilityById.ts
115 lines (115 loc) · 4.75 KB
/
getVulnerabilityById.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/**
* Data related to a specific vulnerability in a specific workspace that the vulnerability is present in. Must specify
* at least one association.*
*/
export interface GetVulnerabilityById {
/**
* The VulnerabilityData schema version used for this vulnerability data.
*
* Placeholder to support potential schema changes in the future.
*/
schemaVersion: '1.0' | string;
/** The identifier for the Vulnerability. Must be unique for a given Provider. */
id: string;
/**
* An ID used to apply an ordering to updates for this Vulnerability in the case of out-of-order receipt of update
* requests.
*
* This can be any monotonically increasing number. A suggested implementation is to use epoch millis from the
* Provider system, but other alternatives are valid (e.g. a Provider could store a counter against each Vulnerability
* and increment that on each update to Jira).
*
* Updates for a Vulnerability that are received with an updateSequenceId lower than what is currently stored will be
* ignored.
*/
updateSequenceNumber: number;
/**
* The identifier of the Container where this Vulnerability was found. Must be unique for a given Provider. This must
* follow this regex pattern: `[a-zA-Z0-9\\-_.~@:{}=]+(/[a-zA-Z0-9\\-_.~@:{}=]+)*`
*/
containerId: string;
/**
* The human-readable name for the Vulnerability. Will be shown in the UI.
*
* If not provided, will use the ID for display.
*/
displayName: string;
/**
* A description of the issue in markdown format that will be shown in the UI and used when creating Jira Issues. HTML
* tags are not supported in the markdown format. For creating a new line `\n` can be used. Read more about the
* accepted markdown transformations
* [here](https://atlaskit.atlassian.com/packages/editor/editor-markdown-transformer).
*/
description: string;
/**
* A URL users can use to link to a summary view of this vulnerability, if appropriate.
*
* This could be any location that makes sense in the Provider system (e.g. if the summary information comes from a
* specific project, it might make sense to link the user to the vulnerability in that project).
*/
url: string;
/** The type of Vulnerability detected. */
type: 'sca' | 'sast' | 'dast' | 'unknown' | string;
/**
* The timestamp to present to the user that shows when the Vulnerability was introduced.
*
* Expected format is an RFC3339 formatted string.
*/
introducedDate: string;
/**
* The last-updated timestamp to present to the user the last time the Vulnerability was updated.
*
* Expected format is an RFC3339 formatted string.
*/
lastUpdated: string;
/**
* Severity information for a single Vulnerability.
*
* This is the severity information that will be presented to the user on e.g. the Jira Security screen.
*/
severity: {
/** The severity level of the Vulnerability. */
level: 'critical' | 'high' | 'medium' | 'low' | 'unknown' | string;
};
/** The identifying information for the Vulnerability. */
identifiers?: {
/** The display name of the Vulnerability identified. */
displayName: string;
/** A URL users can use to link to the definition of the Vulnerability identified. */
url: string;
}[];
/** The current status of the Vulnerability. */
status: 'open' | 'closed' | 'ignored' | 'unknown' | string;
/** Extra information (optional). This data will be shown in the security feature under the vulnerability displayName. */
additionalInfo?: {
/** The content of the additionalInfo. */
content: string;
/** Optional URL linking to the information */
url?: string;
};
/**
* The associations (e.g. Jira issue) to add in addition to the currently stored associations of the Security
* Vulnerability.
*/
addAssociations?: {}[];
/** The associations (e.g. Jira issue) to remove from currently stored associations of the Security Vulnerability. */
removeAssociations?: {}[];
/**
* An ISO-8601 Date-time string representing the last time the provider updated associations on this entity.
*
* Expected format is an RFC3339 formatted string.
*/
associationsLastUpdated?: string;
/**
* A sequence number to compare when writing entity associations to the database.
*
* This can be any monotonically increasing number. A highly recommended implementation is to use epoch millis.
*
* This is an optional field. If it is not provided it will default to being equal to the corresponding entity's
* `updateSequenceNumber`.
*
* Associations are written following a LastWriteWins strategy, association that are received with an
* associationsUpdateSequenceNumber lower than what is currently stored will be ignored.
*/
associationsUpdateSequenceNumber?: number;
}