Package org.ossreviewtoolkit.model.vulnerabilities

Class VulnerabilityReference

  • All Implemented Interfaces:
    
public final class VulnerabilityReference

    A data class representing detailed information about a vulnerability obtained from a specific source.

    A single vulnerability can be listed by multiple sources using different scoring systems to denote its severity. So when ORT queries different providers for vulnerability information it may well find multiple records for a single vulnerability, which could even contain contradicting information. To model this, a Vulnerability is associated with a list of references; each reference points to the source of the information and has some detailed information provided by this source.

    • Constructor Detail

      • VulnerabilityReference

        VulnerabilityReference(URI url, String scoringSystem, String severity)

    • Method Detail

      • getUrl

         final URI getUrl()

        The URI pointing to details of this vulnerability. This can also be used to derive the source of this information.

      • getScoringSystem

         final String getScoringSystem()

        The name of the scoring system to express the severity of this vulnerability if available.

      • getSeverity

         final String getSeverity()

        The severity assigned to the vulnerability by this reference. Note that this is a plain string, whose meaning depends on the concrete scoring system. It could be a number, but also a constant like LOW or HIGH. A null value is possible as well, meaning that this reference does not contain any information about the severity.