The type of the build tool is restricted to only two values MAVEN or UNSET. Use UNSET when the list of application dependencies is not Maven-related or is a mix of Maven and other ecosystems. This option is soon to be deprecated.
The compartment Oracle Cloud identifier (OCID) of the vulnerability audit.
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {@code {"foo-namespace": {"bar-key": "value"}}}
The name of the vulnerability audit.
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {@code {"bar-key": "value"}}
The Oracle Cloud identifier (OCID) of the vulnerability audit.
Indicates if an audit succeeded according to the configuration. The value is {@code null} if the audit is in the {@code CREATING} state.
The Oracle Cloud identifier (OCID) of the knowledge base.
Details on the lifecycle state.
The current lifecycle state of the vulnerability audit.
Maximum Common Vulnerability Scoring System Version 2 score observed for non-ignored vulnerable application dependencies. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Maximum Common Vulnerability Scoring System Version 2 score observed for vulnerable application dependencies including ignored ones. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Maximum Common Vulnerability Scoring System Version 3 score observed for non-ignored vulnerable application dependencies. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Maximum Common Vulnerability Scoring System Version 3 score observed for vulnerable application dependencies including ignored ones. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Maximum ADM Severity observed for non-ignored vulnerable application dependencies.
Maximum ADM Severity observed for vulnerable application dependencies including ignored ones.
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {@code {"orcl-cloud": {"free-tier-retained": "true"}}}
The creation date and time of the vulnerability audit (formatted according to RFC3339).
The update date and time of the vulnerability audit (formatted according to RFC3339).
List of vulnerabilities found in the vulnerability audit. If a vulnerability affects multiple dependencies, the metadata returned here consists of audit-wide aggregates.
Count of non-ignored vulnerable application dependencies. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Count of all vulnerable application dependencies. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
A vulnerability audit associates the application dependencies of a project with their associated Vulnerabilities. Each Vulnerability is associated with a score (Common Vulnerability Scoring System V2 or V3). A vulnerable application dependency can be ignored based on the configuration of the vulnerability audit. maxObservedCvssV2Score, maxObservedCvssV3Score and vulnerableArtifactsCount do not take into account non-vulnerable application dependency.