cyclonedx.model.impact_analysis

This set of classes represents the data about Impact Analysis.

Impact Analysis is new for CycloneDX schema version 1.

Note

See the CycloneDX Schema extension definition https://cyclonedx.org/docs/1.6

Classes

ImpactAnalysisAffectedStatus

Enum object that defines the permissible impact analysis affected states.

ImpactAnalysisJustification

Enum object that defines the rationale of why the impact analysis state was asserted.

ImpactAnalysisResponse

Enum object that defines the valid rationales as to why the impact analysis state was asserted.

ImpactAnalysisState

Enum object that defines the permissible impact analysis states.

Module Contents

class cyclonedx.model.impact_analysis.ImpactAnalysisAffectedStatus

Bases: str, enum.Enum

Enum object that defines the permissible impact analysis affected states.

The vulnerability status of a given version or range of versions of a product.

The statuses ‘affected’ and ‘unaffected’ indicate that the version is affected or unaffected by the vulnerability.

The status ‘unknown’ indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an ‘unknown’ status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.

AFFECTED = 'affected'
UNAFFECTED = 'unaffected'
UNKNOWN = 'unknown'
class cyclonedx.model.impact_analysis.ImpactAnalysisJustification

Bases: str, enum.Enum

Enum object that defines the rationale of why the impact analysis state was asserted.

CODE_NOT_PRESENT = 'code_not_present'
CODE_NOT_REACHABLE = 'code_not_reachable'
PROTECTED_AT_PERIMITER = 'protected_at_perimeter'
PROTECTED_AT_RUNTIME = 'protected_at_runtime'
PROTECTED_BY_COMPILER = 'protected_by_compiler'
PROTECTED_BY_MITIGATING_CONTROL = 'protected_by_mitigating_control'
REQUIRES_CONFIGURATION = 'requires_configuration'
REQUIRES_DEPENDENCY = 'requires_dependency'
REQUIRES_ENVIRONMENT = 'requires_environment'
class cyclonedx.model.impact_analysis.ImpactAnalysisResponse

Bases: str, enum.Enum

Enum object that defines the valid rationales as to why the impact analysis state was asserted.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisResponsesType

CAN_NOT_FIX = 'can_not_fix'
ROLLBACK = 'rollback'
UPDATE = 'update'
WILL_NOT_FIX = 'will_not_fix'
WORKAROUND_AVAILABLE = 'workaround_available'
class cyclonedx.model.impact_analysis.ImpactAnalysisState

Bases: str, enum.Enum

Enum object that defines the permissible impact analysis states.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisStateType

RESOLVED = 'resolved'
RESOLVED_WITH_PEDIGREE = 'resolved_with_pedigree'
EXPLOITABLE = 'exploitable'
IN_TRIAGE = 'in_triage'
FALSE_POSITIVE = 'false_positive'
NOT_AFFECTED = 'not_affected'