Skip to main content

VulnerabilityDetail

sbom_tools::diff

Struct VulnerabilityDetail 

Source 
pub struct VulnerabilityDetail {
Show 21 fields
    pub id: String,
    pub source: String,
    pub severity: String,
    pub cvss_score: Option<f32>,
    pub component_id: String,
    pub component_canonical_id: Option<CanonicalId>,
    pub component_ref: Option<ComponentRef>,
    pub component_name: String,
    pub version: Option<String>,
    pub cwes: Vec<String>,
    pub description: Option<String>,
    pub remediation: Option<String>,
    pub is_kev: bool,
    pub component_depth: Option<u32>,
    pub published_date: Option<String>,
    pub kev_due_date: Option<String>,
    pub days_since_published: Option<i64>,
    pub days_until_due: Option<i64>,
    pub vex_state: Option<VexState>,
    pub vex_justification: Option<VexJustification>,
    pub vex_impact_statement: Option<String>,

}
Expand description

Detailed vulnerability information

Fields§

§id: String

Vulnerability ID

§source: String

Source database

§severity: String

Severity level

§cvss_score: Option<f32>

CVSS score

§component_id: String

Affected component ID (string for serialization)

§component_canonical_id: Option<CanonicalId>

Typed canonical ID for the component (skipped in JSON for backward compat)

§component_ref: Option<ComponentRef>

Component reference with ID and name together

§component_name: String

Affected component name

§version: Option<String>

Affected version

§cwes: Vec<String>

CWE identifiers

§description: Option<String>

Description

§remediation: Option<String>

Remediation info

§is_kev: bool

Whether this vulnerability is in CISA’s Known Exploited Vulnerabilities catalog

§component_depth: Option<u32>

Dependency depth (1 = direct, 2+ = transitive, None = unknown)

§published_date: Option<String>

Date vulnerability was published (ISO 8601)

§kev_due_date: Option<String>

KEV due date (CISA mandated remediation deadline)

§days_since_published: Option<i64>

Days since published (positive = past)

§days_until_due: Option<i64>

Days until KEV due date (negative = overdue)

§vex_state: Option<VexState>

VEX state for this vulnerability’s component (if available)

§vex_justification: Option<VexJustification>

VEX justification (from per-vuln or component-level VEX)

§vex_impact_statement: Option<String>

VEX impact statement (from per-vuln or component-level VEX)

Implementations§

Source§

impl VulnerabilityDetail

Source

pub const fn is_vex_actionable(&self) -> bool

Whether this vulnerability is VEX-actionable (not resolved by vendor analysis).

Returns true if the VEX state is Affected, UnderInvestigation, or absent. Returns false if the VEX state is NotAffected or Fixed.

Source

pub fn from_ref(vuln: &VulnerabilityRef, component: &Component) -> Self

Create from a vulnerability reference and component

Source

pub fn from_ref_with_depth( vuln: &VulnerabilityRef, component: &Component, depth: Option<u32>, ) -> Self

Create from a vulnerability reference and component with known depth

Source

pub fn sla_status(&self) -> SlaStatus

Calculate SLA status based on KEV due date or severity-based policy

Priority order:

  1. KEV due date (CISA mandated deadline)
  2. Severity-based SLA (Critical=1d, High=7d, Medium=30d, Low=90d)
Source

pub fn get_component_id(&self) -> CanonicalId

Get the typed component canonical ID

Source

pub fn get_component_ref(&self) -> ComponentRef

Get a ComponentRef for the affected component

Trait Implementations§

Source§

impl Clone for VulnerabilityDetail

Source§

fn clone(&self) -> VulnerabilityDetail

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for VulnerabilityDetail

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for VulnerabilityDetail

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for VulnerabilityDetail

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,