syntax = "proto3"; package resf.apollo.v1; import "google/protobuf/wrappers.proto"; option go_package = "peridot.resf.org/apollo/pb;apollopb"; message AffectedProduct { int64 product_id = 1; google.protobuf.StringValue cve_id = 2; string version = 3; enum State { STATE_UNKNOWN = 0; // CVE only affects downstream STATE_UNDER_INVESTIGATION_DOWNSTREAM = 1; // CVE affecting upstream and a fix still hasn't been issued STATE_UNDER_INVESTIGATION_UPSTREAM = 2; // CVE has been fixed upstream STATE_FIXED_UPSTREAM = 3; // CVE has been fixed downstream // At this stage the CVE can be included in errata STATE_FIXED_DOWNSTREAM = 4; // CVE will NOT be fixed upstream STATE_WILL_NOT_FIX_UPSTREAM = 5; // CVE will NOT be fixed downstream // This will probably never happen with Core, but may happen for SIGs STATE_WILL_NOT_FIX_DOWNSTREAM = 6; // CVE is out of support scope STATE_OUT_OF_SUPPORT_SCOPE = 7; // CVE affects product and upstream is working on a fix STATE_AFFECTED_UPSTREAM = 8; // CVE affects product and a fix is being worked out STATE_AFFECTED_DOWNSTREAM = 9; } State state = 4; string package = 5; google.protobuf.StringValue advisory = 6; }