diff --git a/model/src/main/kotlin/config/VulnerabilityResolutionReason.kt b/model/src/main/kotlin/config/VulnerabilityResolutionReason.kt index 268c12d6daac8..1f421ba1285ef 100644 --- a/model/src/main/kotlin/config/VulnerabilityResolutionReason.kt +++ b/model/src/main/kotlin/config/VulnerabilityResolutionReason.kt @@ -31,16 +31,28 @@ enum class VulnerabilityResolutionReason { */ CANT_FIX_VULNERABILITY, + /** + * The finding is not actionable because it is an error, out of scope, or intended behavior. + */ + FALSE_POSITIVE_VULNERABILITY, + + /** + * The required fix (e.g. patch, update) has been successfully applied and verified, eliminating the vulnerability. + */ + FIXED_VULNERABILITY, + /** * The code in which the vulnerability was found is neither invoked in the project's code nor indirectly * via another open source component. */ + @Deprecated("Use NOT_EXPLOITABLE_VULNERABILITY instead", replaceWith = ReplaceWith("NOT_EXPLOITABLE_VULNERABILITY")) INEFFECTIVE_VULNERABILITY, /** * The vulnerability is irrelevant due to a tooling or database mismatch, e.g., the package version used * does not match the version for which the vulnerability provider has reported a vulnerability. */ + @Deprecated("Use FALSE_POSITIVE_VULNERABILITY instead", replaceWith = ReplaceWith("FALSE_POSITIVE_VULNERABILITY")) INVALID_MATCH_VULNERABILITY, /** @@ -55,6 +67,17 @@ enum class VulnerabilityResolutionReason { */ NOT_A_VULNERABILITY, + /** + * The vulnerability exists in a component, but is not exploitable due to the product's specific architecture or + * configuration. + */ + NOT_EXPLOITABLE_VULNERABILITY, + + /** + * The vulnerability is acknowledged, but a conscious, documented decision is made to not apply a fix or mitigation. + */ + RISK_ACCEPTED_VULNERABILITY, + /** * This vulnerability will never be fixed, e.g., because the package which is affected is orphaned, * declared end-of-life, or otherwise deprecated.