pub const SCHEMA: &str = r#"
schema {
query: Query
}
type ActionsWorkflow {
"""Name of the workflow"""
name: String!
"""File path of the workflow (e.g. .github/workflows/foo.yml)"""
path: String!
"""
Base permissions of each job in the workflow.
If the workflow does not have `permissions:` field, this field will be null
and the workflow will work with organization-level/repository-level default permissions.
"""
permissions: ActionsWorkflowPermissions
"""Vulnerabilities of the workflow"""
dependencies: [ActionsWorkflowDependency!]!
"""Vulnerabilities of the workflow"""
vulnerabilities: [ActionsWorkflowVulnerability!]!
}
"""
A container image referenced by a `uses` field (e.g. `docker://{host}/{image}:{tag}`)
"""
type ActionsWorkflowContainerImageDependency implements ActionsWorkflowDependency {
"""The location of the dependency in a workflow file"""
foundAt: ActionsWorkflowDependencyFoundAt!
"""
The `{host}` part (e.g. `gcr.io`, `index.docker.io`).
If the original field is empty, `index.docker.io` will be set to this field.
"""
host: String!
"""The `{image}` part (e.g. `distroless/cc`)."""
image: String!
"""
The `{tag}` part (e.g. `latest`).
If the original field is empty, `latest` will be set to this field.
"""
tag: String!
}
"""Dependencies of a GitHub Action workflow"""
interface ActionsWorkflowDependency {
"""The location of the dependency in a workflow file"""
foundAt: ActionsWorkflowDependencyFoundAt!
}
type ActionsWorkflowDependencyFoundAt {
"""Line number of the vulnerability"""
line: Int!
"""Column number of the vulnerability"""
column: Int!
}
"""An external script referenced by a `run` field"""
type ActionsWorkflowExternalScriptDependency implements ActionsWorkflowDependency {
"""The location of the dependency in a workflow file"""
foundAt: ActionsWorkflowDependencyFoundAt!
"""The URL of the referenced script."""
url: String!
}
type ActionsWorkflowExternalScriptEvaluationVulnerability implements ActionsWorkflowVulnerability {
"""The location of the vulnerability in a workflow file"""
foundAt: ActionsWorkflowVulnerabilityFoundAt!
"""Code fragments fetching untrusted data"""
sources: [ActionsWorkflowExternalScriptEvaluationVulnerabilityFragment!]!
"""A code fragment evaluating the untrusted data"""
sink: ActionsWorkflowExternalScriptEvaluationVulnerabilityFragment!
}
type ActionsWorkflowExternalScriptEvaluationVulnerabilityFragment {
"""Code fragment"""
value: String!
"""The position at which fragment starts"""
start: ActionsWorkflowExternalScriptEvaluationVulnerabilityScriptPos!
"""The position at which this fragment ends"""
end: ActionsWorkflowExternalScriptEvaluationVulnerabilityScriptPos!
}
type ActionsWorkflowExternalScriptEvaluationVulnerabilityScriptPos {
"""Line number of the vulnerability"""
line: Int!
"""Column number of the vulnerability"""
column: Int!
}
type ActionsWorkflowHardcodedSecretVulnerability implements ActionsWorkflowVulnerability {
"""The location of the vulnerability in a workflow file"""
foundAt: ActionsWorkflowVulnerabilityFoundAt!
"""An additional hint for identifying the location of hardcoded secrets."""
locationHint: String!
}
"""A local action in the same repository referenced by a `uses` field ."""
type ActionsWorkflowLocalActionDependency implements ActionsWorkflowDependency {
"""The location of the dependency in a workflow file"""
foundAt: ActionsWorkflowDependencyFoundAt!
"""A file path in the repository"""
path: String!
}
enum ActionsWorkflowPermission {
READ
WRITE
NONE
}
type ActionsWorkflowPermissions {
actions: ActionsWorkflowPermission!
checks: ActionsWorkflowPermission!
contents: ActionsWorkflowPermission!
deployments: ActionsWorkflowPermission!
idToken: ActionsWorkflowPermission!
issues: ActionsWorkflowPermission!
discussions: ActionsWorkflowPermission!
packages: ActionsWorkflowPermission!
pages: ActionsWorkflowPermission!
pullRequests: ActionsWorkflowPermission!
repositoryProjects: ActionsWorkflowPermission!
securityEvents: ActionsWorkflowPermission!
statuses: ActionsWorkflowPermission!
}
"""
A public action referenced by a `uses` field (e.g. `{owner}/{repo}/{path}:{ref}`)
"""
type ActionsWorkflowPublicActionDependency implements ActionsWorkflowDependency {
"""The location of the dependency in a workflow file"""
foundAt: ActionsWorkflowDependencyFoundAt!
"""The `{owner}` part (e.g. `actions`)"""
owner: String!
"""The `{repo}` part (e.g. `cache`)"""
repo: String!
"""The `{path}` part"""
path: String!
"""The `{ref}` part (e.g. `v3`)"""
ref: String!
}
type ActionsWorkflowScriptInjectionVulnerability implements ActionsWorkflowVulnerability {
"""The location of the vulnerability in a workflow file"""
foundAt: ActionsWorkflowVulnerabilityFoundAt!
"""Parameters to inject scripts to the workflow (e.g. `github.event.*`)."""
abusableFields: [String!]!
}
interface ActionsWorkflowVulnerability {
"""The location of the vulnerability in a workflow file"""
foundAt: ActionsWorkflowVulnerabilityFoundAt!
}
type ActionsWorkflowVulnerabilityFoundAt {
"""Line number of the vulnerability"""
line: Int!
"""Column number of the vulnerability"""
column: Int!
}
scalar Any
scalar Date
scalar DateTime
type DetailedPackage {
"""Name of the package"""
name: String!
"""Version of the package"""
version: String!
"""Language of the package"""
language: PackageLanguage!
"""Type of the package"""
type: PackageType!
"""P-URL of the package"""
purl: String!
"""Where the package was found (e.g. a path to package.json)"""
found_at: [String!]!
"""Known vulnerability related to the package"""
vulnerabilities: [PackageVulnerability!]!
}
type GitHub {
organizations: [GitHubOrganization!]!
organization(login: String!): GitHubOrganization!
event: GitHubEvent
}
type GitHubBranchProtectionRule {
"""Can this branch be deleted."""
allowsDeletions: Boolean!
"""Are force pushes allowed on this branch."""
allowsForcePushes: Boolean!
"""Is branch creation a protected operation."""
blocksCreations: Boolean!
"""
Whether the branch protection rule has conflicts with other branch protection rules
"""
hasConflicts: Boolean!
"""TODO"""
isForcePushProtectionBypassable: Boolean!
"""TODO"""
hasBypassableActors: Boolean!
"""
Will new commits pushed to matching branches dismiss pull request review approvals.
"""
dismissesStaleReviews: Boolean!
"""Can admins overwrite branch protection."""
isAdminEnforced: Boolean!
"""Identifies the protection rule pattern."""
pattern: String!
"""TODO"""
isPushProtectionBypassable: Boolean!
"""Number of approving reviews required to update matching branches."""
requiredApprovingReviewCount: Int
"""
List of required status check contexts that must pass for commits to be accepted to matching branches.
"""
requiredStatusCheckContexts: [String]
"""Are approving reviews required to update matching branches."""
requiresApprovingReviews: Boolean!
"""Are reviews from code owners required to update matching branches."""
requiresCodeOwnerReviews: Boolean!
"""Are commits required to be signed."""
requiresCommitSignatures: Boolean!
"""Are conversations required to be resolved before merging."""
requiresConversationResolution: Boolean!
"""Are merge commits prohibited from being pushed to this branch."""
requiresLinearHistory: Boolean!
"""Are status checks required to update matching branches."""
requiresStatusChecks: Boolean!
"""Are branches required to be up to date before merging."""
requiresStrictStatusChecks: Boolean!
"""Is pushing to matching branches restricted."""
restrictsPushes: Boolean!
"""Is dismissal of pull request reviews restricted."""
restrictsReviewDismissals: Boolean!
}
enum GitHubDefaultRepositoryPermission {
NONE
READ
WRITE
ADMIN
}
union GitHubEvent = GitHubPushEvent | GitHubPullRequestEvent | GitHubRepositoryInstallationEvent
type GitHubOrganization {
policyReportId: ID!
"""The organization's login name."""
login: String!
"""The organization's public profile name."""
name: String!
"""The organization's public profile company."""
company: String!
"""The organization's public profile location."""
location: String
"""The organization's public email."""
email: String
"""The email used for sending billing receipts."""
billingEmail: String
"""The organization's Twitter username."""
twitterUsername: String
"""The organization's public profile description."""
description: String
"""The number of the organization's public repositories."""
publicReposCount: Int!
"""The number of the organization's private repositories."""
totalPrivateReposCount: Int
"""The number of the organization's private repositories."""
ownedPrivateReposCount: Int
"""The number of the organization's public gists."""
publicGistsCount: Int!
"""The number of the organization's private gists."""
privateGistsCount: Int
"""The number of the organization's followers."""
followersCount: Int!
"""The date and time when the object was created."""
createdAt: DateTime!
"""The date and time when the object was last updated."""
updatedAt: DateTime!
"""The number of kilobytes this repository occupies on disk."""
diskUsage: Int!
"""The number of the organization's collaborators."""
collaboratorsCount: Int!
"""The billing plan for the organization."""
plan: GitHubOrganizationPlan!
"""Whether the organization has verified its profile email and website."""
isVerified: Boolean!
"""Whether the organization has orgainzation projects."""
hasOrganizationProjects: Boolean!
"""Whether the organization has repository projects."""
hasRepositoryProjects: Boolean!
"""
When true the organization requires all members, billing managers, and outside
collaborators to enable two-factor authentication.
"""
requiresTwoFactorAuthentication: Boolean!
"""The base repository permissions for repositories in the organizations."""
defaultRepositoryPermission: GitHubDefaultRepositoryPermission!
"""Whether members of the organization can create repositories."""
canMembersCreateRepositories: Boolean!
"""Whether members of the organization can create internal repositories."""
canMembersCreateInternalRepositories: Boolean!
"""Whether members of the organization can create private repositories."""
canMembersCreatePrivateRepositories: Boolean!
"""Whether members of the organization can create public repositories."""
canMembersCreatePublicRepositories: Boolean!
"""Members can fork private repositories in this organization"""
canMembersForkPrivateRepositories: Boolean!
"""Whether members of the organization can create pages."""
canMembersCreatePages: Boolean!
"""Whether members of the organization can create public pages."""
canMembersCreatePublicPages: Boolean!
"""Whether members of the organization can create private pages."""
canMembersCreatePrivatePages: Boolean!
blog: String!
repositories(privacy: GitHubRepositoryVisibility): [GitHubRepository!]!
members: [GitHubOrganizationMember!]!
}
type GitHubOrganizationMember {
policyReportId: ID!
"""The username used to login."""
login: String!
"""The user's public profile name."""
name: String
"""The user's publicly visible profile email."""
email: String!
"""The user's role in the organization."""
role: GitHubOrganizationMemberRole!
}
enum GitHubOrganizationMemberRole {
"""A user with full administrative access to the organization."""
OWNER
"""A user who is a direct member of the organization."""
DIRECT_MEMBER
}
type GitHubOrganizationPlan {
name: String
space: Int
collaborators: Int
privateRepos: Int
filledSeats: Int
seats: Int
}
"""A repository pull request."""
type GitHubPullRequest {
"""The base commit of this pull request."""
base: GitHubPullRequestBase!
"""The head commit of this pull request."""
head: GitHubPullRequestHead!
"""The body as Markdown."""
body: String!
"""The number of changed files in this pull request."""
changedFiles: Int!
"""`true` if the pull request is closed"""
closed: Boolean!
"""Identifies the date and time when the object was closed."""
closedAt: DateTime
"""Identifies the date and time when the object was created."""
createdAt: DateTime!
"""Identifies if the pull request is a draft."""
isDraft: Boolean!
"""`true` if the pull request is locked"""
locked: Boolean!
"""
Whether or not the pull request can be merged based on the existence of merge conflicts.
"""
mergeable: Boolean
"""Whether or not the pull request was merged."""
merged: Boolean!
"""The date and time that the pull request was merged."""
mergedAt: DateTime
"""Identifies the pull request number."""
number: Int!
"""Identifies the state of the pull request."""
state: GitHubPullRequestState!
"""Identifies the pull request title."""
title: String!
"""Identifies the date and time when the object was last updated."""
updatedAt: DateTime!
"""The HTTP URL for this pull request."""
url: String!
}
type GitHubPullRequestBase {
"""Identifies the base Ref associated with the pull request."""
ref: String!
"""
Identifies the oid of the base ref associated with the pull request, even if the ref has been deleted.
"""
SHA: String!
"""
The owner of the repository associated with this pull request's base Ref.
"""
ownerLogin: String!
"""
The owner of the repository associated with this pull request's base Ref.
"""
ownerId: Int!
"""The ID of the repository associated with this pull request's base Ref."""
repositoryId: Int!
"""
Packages detected in the base ref; available only after scanning completed
"""
packages(condition: PackageCondition): [DetailedPackage!]!
"""
Workflows on GitHub Actions detected in the base ref; available only after scanning completed
"""
actionsWorkflows: [ActionsWorkflow!]!
}
"""
https://docs.github.com/en/enterprise-cloud@latest/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
"""
type GitHubPullRequestEvent {
"""
The action that was performed. Can be one of:
- assigned
- auto_merge_disabled
- auto_merge_enabled
- closed: If the action is closed and the merged key is false, the pull
request was closed with unmerged commits. If the action is closed and the
merged key is true, the pull request was merged.
- converted_to_draft
- edited
- labeled
- locked
- opened
- ready_for_review
- reopened
- review_request_removed
- review_requested
- synchronize: Triggered when a pull request's head branch is updated. For
example, when the head branch is updated from the base branch, when new
commits are pushed to the head branch, or when the base branch is changed.
- unassigned
- unlabeled
- unlocked
"""
action: String!
"""The pull request number."""
number: Int!
"""The pull request itself."""
pull_request: GitHubPullRequest!
"""The repository where the event occurred."""
repository: GitHubPullRequestEventRepository!
}
type GitHubPullRequestEventChange {
"""The previous version of the title if the action was edited."""
from: String!
}
type GitHubPullRequestEventRepository {
policyReportId: ID!
"""The owner's login name."""
ownerLogin: String!
"""The name of the repository."""
name: ID!
}
type GitHubPullRequestHead {
"""Identifies the head Ref associated with the pull request."""
ref: String!
"""
Identifies the oid of the head ref associated with the pull request, even if the ref has been deleted.
"""
SHA: String!
"""
The owner of the repository associated with this pull request's head Ref.
"""
ownerLogin: String!
"""
The owner of the repository associated with this pull request's head Ref.
"""
ownerId: Int!
"""The ID of the repository associated with this pull request's head Ref."""
repositoryId: Int!
"""
Packages detected in the head ref; available only after scanning completed
"""
packages(condition: PackageCondition): [DetailedPackage!]
"""
Workflows on GitHub Actions detected in the head ref; available only after scanning completed
"""
actionsWorkflows: [ActionsWorkflow!]!
}
"""The possible states of a pull request."""
enum GitHubPullRequestState {
"""A pull request that has been closed"""
CLOSED
"""A pull request that is in an unknown state"""
UNKNOWN
"""A pull request that is still open."""
OPEN
}
"""
https://docs.github.com/en/enterprise-cloud@latest/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
"""
type GitHubPushEvent {
"""
The full git ref that was pushed. Example: refs/heads/main or refs/tags/v3.14.1.
"""
ref: String!
"""The SHA of the most recent commit on ref before the push."""
before: String!
"""The SHA of the most recent commit on ref after the push."""
after: String!
"""Whether this push created the ref."""
created: Boolean!
"""Whether this push deleted the ref."""
deleted: Boolean!
"""Whether this push was a force push of the ref."""
forced: Boolean!
"""
For pushes where after is or points to a commit object, an expanded
representation of that commit. For pushes where after refers to an annotated
tag object, an expanded representation of the commit pointed to by the annotated tag.
"""
headCommit: GitHubPushEventCommit!
"""
URL that shows the changes in this ref update, from the before commit to the
after commit. For a newly created ref that is directly based on the default
branch, this is the comparison between the head of the default branch and the
after commit. Otherwise, this shows all commits until the after commit.
"""
compare: String!
"""
An array of commit objects describing the pushed commits. (Pushed commits are
all commits that are included in the compare between the before commit and the after commit.)
"""
commits: [GitHubPushEventCommit!]!
"""The user who pushed the commits."""
pusher: GitHubPushEventPusher!
"""The repository where the event occurred."""
repository: GitHubPushEventRepository!
}
type GitHubPushEventCommit {
"""The SHA of the commit."""
id: String!
"""The ISO 8601 timestamp of the commit."""
timestamp: String!
"""The commit message."""
message: String!
"""The git author of the commit."""
author: GitHubPushEventCommitAuthor!
"""URL that points to the commit API resource."""
url: String!
"""Whether this commit is distinct from any that have been pushed before."""
distinct: Boolean!
"""An array of files added in the commit."""
added: [String!]!
"""An array of files modified by the commit."""
modified: [String!]!
"""An array of files removed in the commit."""
removed: [String!]!
"""Packages detected in the commit"""
packages(condition: PackageCondition): [DetailedPackage!]!
"""Workflows on GitHub Actions detected in the commit"""
actionsWorkflows: [ActionsWorkflow!]!
}
type GitHubPushEventCommitAuthor {
"""The git author's name."""
name: String!
"""The git author's email address."""
email: String!
}
type GitHubPushEventPusher {
"""The pusher's name."""
name: String!
"""The pusher's email address."""
email: String!
}
type GitHubPushEventRepository {
policyReportId: ID!
"""The owner's login name."""
ownerLogin: String!
"""The name of the repository."""
name: ID!
}
type GitHubRepository {
policyReportId: ID!
"""The name of the repository."""
name: ID!
"""TODO"""
branchProtections: [GitHubBranchProtectionRule!]!
"""The interaction ability settings for this user."""
interactionAbility: GitHubRepositoryInteractionAbility
"""The Ref associated with the repository's default branch."""
defaultBranchRef: GitHubRepositoryRef
"""
Whether or not branches are automatically deleted when merged in this repository.
"""
deleteBranchOnMerge: Boolean!
"""The description of the repository."""
description: String
"""
Returns how many forks there are of this repository in the whole network.
"""
forkCount: Int!
"""Whether this repository allows forks."""
forkingAllowed: Boolean!
"""Indicates if the repository has issues feature enabled."""
hasIssuesEnabled: Boolean!
"""Indicates if the repository has the Projects feature enabled."""
hasProjectsEnabled: Boolean!
"""Indicates if the repository has wiki feature enabled."""
hasWikiEnabled: Boolean!
"""Indicates if the repository is unmaintained."""
isArchived: Boolean!
"""Returns true if blank issue creation is allowed"""
isBlankIssuesEnabled: Boolean!
"""Returns whether or not this repository disabled."""
isDisabled: Boolean!
"""Returns whether or not this repository is empty."""
isEmpty: Boolean!
"""Identifies if the repository is a fork."""
isFork: Boolean!
"""
Indicates if a repository is either owned by an organization, or is a private fork of an organization repository.
"""
isInOrganization: Boolean!
"""Indicates if the repository has been locked or not."""
isLocked: Boolean!
"""Identifies if the repository is a mirror."""
isMirror: Boolean!
"""Identifies if the repository is private or internal."""
isPrivate: Boolean!
"""Returns true if this repository has a security policy"""
isSecurityPolicyEnabled: Boolean
"""
Identifies if the repository is a template that can be used to generate new repositories.
"""
isTemplate: Boolean!
"""Is this repository a user configuration repository?"""
isUserConfigurationRepository: Boolean!
"""Whether or not PRs are merged with a merge commit on this repository."""
mergeCommitAllowed: Boolean!
"""Whether or not rebase-merging is enabled on this repository."""
rebaseMergeAllowed: Boolean!
"""Returns a count of how many stargazers there are on this object"""
stargazerCount: Int!
"""Identifies the date and time when the object was created."""
createdAt: DateTime!
"""Identifies the date and time when the object was last updated."""
updatedAt: DateTime!
"""Indicates the repository's visibility level."""
visibility: GitHubRepositoryVisibility!
"""A list of collaborators"""
collaborators: [GitHubRepositoryCollaborator!]!
"""
A list of outside collaborators for the repository; may be unavailable depending on the plan of the GitHub organization
"""
outsideCollaborators: [GitHubRepositoryCollaborator!]!
"""Whether or not the repository has collaborators"""
hasCollaborators: Boolean!
"""
Whether or not the repository has outside collaborators; may be unavailable
depending on the plan of the GitHub organization
"""
hasOutsideCollaborators: Boolean!
"""Packages detected in this repository so far"""
packages(onlyVulnerablePackages: Boolean): [Package!]!
}
type GitHubRepositoryCollaborator {
"""The username used to login."""
login: String!
"""The user's public profile name."""
name: String
"""The user's publicly visible profile email."""
email: String!
"""The user's permission in the repository."""
permission: GitHubRepositoryPermission!
}
"""
https://docs.github.com/en/enterprise-cloud@latest/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
"""
type GitHubRepositoryInstallationEvent {
"""The HEAD commit of the default branch"""
headCommit: GitHubRepositoryInstallationEventHeadCommit!
"""The repository where the event occurred."""
repository: GitHubRepositoryInstallationEventRepository!
}
type GitHubRepositoryInstallationEventHeadCommit {
"""The SHA of the commit."""
id: String!
"""Packages detected in the commit"""
packages(condition: PackageCondition): [DetailedPackage!]
"""Workflows on GitHub Actions detected in the commit"""
actionsWorkflows: [ActionsWorkflow!]!
}
type GitHubRepositoryInstallationEventRepository {
policyReportId: ID!
"""The owner's login name."""
ownerLogin: String!
"""The name of the repository."""
name: ID!
}
"""Repository interaction limit that applies to this object."""
type GitHubRepositoryInteractionAbility {
"""The time the currently active limit expires."""
expiresAt: DateTime
"""The current limit that is enabled on this object."""
limit: GitHubRepositoryInteractionLimit!
"""The origin of the currently active interaction limit."""
origin: GitHubRepositoryInteractionLimitOrigin!
}
"""A repository interaction limit."""
enum GitHubRepositoryInteractionLimit {
"""
Users that are not collaborators will not be able to interact with the repository.
"""
COLLABORATORS_ONLY
"""
Users that have not previously committed to a repository’s default branch will be unable to interact with the repository.
"""
CONTRIBUTORS_ONLY
"""
Users that have recently created their account will be unable to interact with the repository.
"""
EXISTING_USERS
"""No interaction limits are enabled."""
NO_LIMIT
}
"""Indicates where an interaction limit is configured."""
enum GitHubRepositoryInteractionLimitOrigin {
"""A limit that is configured at the organization level."""
ORGANIZATION
"""A limit that is configured at the repository level."""
REPOSITORY
"""A limit that is configured at the user-wide level."""
USER
}
"""The access level to a repository"""
enum GitHubRepositoryPermission {
"""
Can read, clone, and push to this repository. Can also manage issues, pull
requests, and repository settings, including adding collaborators
"""
ADMIN
"""
Can read, clone, and push to this repository. They can also manage issues, pull requests, and some repository settings
"""
MAINTAIN
"""
Can read and clone this repository. Can also open and comment on issues and pull requests
"""
READ
"""
Can read and clone this repository. Can also manage issues and pull requests
"""
TRIAGE
"""
Can read, clone, and push to this repository. Can also manage issues and pull requests
"""
WRITE
}
type GitHubRepositoryRef {
name: String!
prefix: String!
target: GitHubRepositoryRefTarget!
}
type GitHubRepositoryRefTarget {
"""The SHA of the commit."""
id: String!
"""Packages detected in the commit"""
packages(condition: PackageCondition): [DetailedPackage!]
"""Workflows on GitHub Actions detected in the commit"""
actionsWorkflows: [ActionsWorkflow!]!
}
enum GitHubRepositoryVisibility {
PUBLIC
PRIVATE
INTERNAL
}
scalar Map
type Package {
"""Name of the package"""
name: String!
"""Version of the package"""
version: String!
"""Language of the package"""
language: PackageLanguage!
"""Type of the package"""
type: PackageType!
"""P-URL of the package"""
purl: String!
}
input PackageCondition {
onlyVulnerablePackages: Boolean
vulnerability: PackageVulnerabilityCondition
}
enum PackageLanguage {
UNKNOWN
PYTHON
PHP
RUBY
GO
DART
DOTNET
JAVASCRIPT
CPP
JAVA
RUST
}
enum PackageType {
PkgUnknown
RUST_CRATE
DART_PUB
GO_MOD
PHP_COMPOSER
MSRC_KB
PYTHON
ALPM
RPM
NPM
JENKINS_PLUGIN
GEM
DEB
JAVA_ARCHIVE
DOTNET
CONAN
APK
}
type PackageVulnerability {
constraint: String!
cpes: [String!]!
reference: VulnerabilityReference!
fix: VulnerabilityFix!
advisories: [VulnerabilityAdvisory!]!
related: [VulnerabilityReference!]!
dataSource: String
recordSource: String
severity: VulnerabilitySeverity
description: String
}
input PackageVulnerabilityCondition {
state: [VulnerabilityState!]
}
type Query {
github: GitHub!
}
type VulnerabilityAdvisory {
id: String!
link: String!
}
type VulnerabilityFix {
versions: [String!]!
state: VulnerabilityState!
}
type VulnerabilityReference {
id: String!
namespace: String!
}
enum VulnerabilitySeverity {
Unknown
Info
Low
Medium
High
Critical
}
enum VulnerabilityState {
SUnknown
SFixed
SNotFixed
SWontFix
}
"#;