osv_schema

const (
	// CreditsTypeFinder FINDER: identified the vulnerability.
	CreditsTypeFinder CreditsType = "FINDER"

	// CreditsTypeReporter REPORTER: notified the vendor of the vulnerability to a CNA.
	CreditsTypeReporter CreditsType = "REPORTER"

	// CreditsTypeAnalyst ANALYST: validated the vulnerability to ensure accuracy or severity.
	CreditsTypeAnalyst CreditsType = "ANALYST"

	// CreditsTypeCoordinator COORDINATOR: facilitated the coordinated response process.
	CreditsTypeCoordinator CreditsType = "COORDINATOR"

	// CreditsTypeRemediationDeveloper REMEDIATION_DEVELOPER: prepared a code change or other remediation plans.
	CreditsTypeRemediationDeveloper CreditsType = "REMEDIATION_DEVELOPER"

	// CreditsTypeRemediationReviewer REMEDIATION_REVIEWER: reviewed vulnerability remediation plans or code changes for effectiveness and completeness.
	CreditsTypeRemediationReviewer CreditsType = "REMEDIATION_REVIEWER"

	// CreditsTypeRemediationVerifier REMEDIATION_VERIFIER: tested and verified the vulnerability or its remediation.
	CreditsTypeRemediationVerifier CreditsType = "REMEDIATION_VERIFIER"

	// CreditsTypeTool TOOL: names of tools used in vulnerability discovery or identification.
	CreditsTypeTool CreditsType = "TOOL"

	// CreditsTypeSponsor SPONSOR: supported the vulnerability identification or remediation activities.
	CreditsTypeSponsor CreditsType = "SPONSOR"

	// CreditsTypeOther OTHER: any other type or role that does not fall under the categories described above.
	CreditsTypeOther CreditsType = "OTHER"
)

const (

	// EcosystemGo Go	The Go ecosystem; the name field is a Go module path.
	EcosystemGo Ecosystem = "Go"

	// EcosystemNpm npm	The NPM ecosystem; the name field is an NPM package name.
	EcosystemNpm Ecosystem = "npm"

	// EcosystemOSSFuzz OSS-Fuzz	For reports from the OSS-Fuzz project that have no more appropriate ecosystem;
	// the name field is the name assigned by the OSS-Fuzz project, as recorded in the submitted fuzzing configuration.
	EcosystemOSSFuzz Ecosystem = "OSS-Fuzz"

	// EcosystemPyPI PyPI	the Python PyPI ecosystem; the name field is a normalized PyPI package name.
	EcosystemPyPI Ecosystem = "PyPI"

	// EcosystemRubyGems RubyGems	The RubyGems ecosystem; the name field is a gem name.
	EcosystemRubyGems Ecosystem = "RubyGems"

	// EcosystemCratesIo crates.io	The crates.io ecosystem for Rust; the name field is a crate name.
	EcosystemCratesIo Ecosystem = "crates.io"

	// EcosystemPackagist Packagist	The PHP package manager ecosystem; the name is a package name.
	EcosystemPackagist Ecosystem = "Packagist"

	// EcosystemMaven Maven	The Maven Java package ecosystem. The name field is a Maven package name.
	EcosystemMaven Ecosystem = "Maven"

	// EcosystemNuGet NuGet	The NuGet package ecosystem. The name field is a NuGet package name.
	EcosystemNuGet Ecosystem = "NuGet"

	// EcosystemLinux Linux	The Linux kernel. The only supported name is Kernel.
	EcosystemLinux Ecosystem = "Linux"

	// EcosystemDebian Debian	The Debian package ecosystem; the name is the name of the source package. The ecosystem
	// string might optionally have a :<RELEASE> suffix to scope the package to a particular Debian release. <RELEASE>
	// is a numeric version specified in the Debian distro-info-data. For example, the ecosystem string “Debian:7” refers
	// to the Debian 7 (wheezy) release.
	EcosystemDebian Ecosystem = "Debian"

	// EcosystemAlpine Alpine	The Alpine package ecosystem; the name is the name of the source package.
	// The ecosystem string must have a :v<RELEASE-NUMBER> suffix to scope the package to a particular Alpine release
	// branch (the v prefix is required). E.g. v3.16.
	EcosystemAlpine Ecosystem = "Alpine"

	// EcosystemHex Hex	The package manager for the Erlang ecosystem; the name is a Hex package name.
	EcosystemHex Ecosystem = "Hex"

	// EcosystemAndroid Android	The Android ecosystem; the name field is the Android component name that the patch
	// applies to, as shown in the Android Security Bulletins such as Framework, Media Framework and Kernel Component.
	// The exhaustive list of components can be found at the Appendix.
	EcosystemAndroid Ecosystem = "Android"

	// EcosystemGitHubActions GitHub Actions	The GitHub Actions ecosystem; the name field is the action’s repository
	// name with owner e.g. {owner}/{repo}.
	EcosystemGitHubActions Ecosystem = "GitHub Actions"

	// EcosystemPub Pub	The package manager for the Dart ecosystem; the name field is a Dart package name.
	EcosystemPub Ecosystem = "Pub"

	// EcosystemConanCenter ConanCenter	The ConanCenter ecosystem for C and C++; the name field is a Conan package name.
	EcosystemConanCenter Ecosystem = "ConanCenter"

	// EcosystemRocky Rocky Linux	The Rocky Linux package ecosystem; the name is the name of the source package.
	// The ecosystem string might optionally have a :<RELEASE> suffix to scope the package to a particular Rocky Linux
	// release. <RELEASE> is a numeric version.
	EcosystemRocky Ecosystem = "Rocky"

	// EcosystemAlmaLinux AlmaLinux package ecosystem; the name is the name of the source package. The ecosystem string
	// might optionally have a :<RELEASE> suffix to scope the package to a particular AlmaLinux release. <RELEASE> is a
	// numeric version.
	EcosystemAlmaLinux Ecosystem = "AlmaLinux"
)

const (

	// ReferenceTypeAdvisory A published security advisory for the vulnerability.
	ReferenceTypeAdvisory ReferenceType = "ADVISORY"

	// ReferenceTypeArticle An article or blog post describing the vulnerability.
	ReferenceTypeArticle ReferenceType = "ARTICLE"

	// ReferenceTypeDetection A tool, script, scanner, or other mechanism that allows for detection of the vulnerability
	// in production environments. e.g. YARA rules, hashes, virus signature, or other scanners.
	ReferenceTypeDetection ReferenceType = "DETECTION"

	// ReferenceTypeDiscussion A social media discussion regarding the vulnerability, e.g. a Twitter, Mastodon, Hacker News,
	// or Reddit thread.
	ReferenceTypeDiscussion ReferenceType = "DISCUSSION"

	// ReferenceTypeReport A report, typically on a bug or issue tracker, of the vulnerability.
	ReferenceTypeReport ReferenceType = "REPORT"

	// ReferenceTypeFix A source code browser link to the fix (e.g., a GitHub commit) Note that the fix type is meant for
	// viewing by people using web browsers. Programs interested in analyzing the exact commit range would do better to use
	// the GIT-typed affected[].ranges entries (described above).
	ReferenceTypeFix ReferenceType = "FIX"

	// ReferenceTypeIntroduced A source code browser link to the introduction of the vulnerability (e.g., a GitHub commit)
	// Note that the introduced type is meant for viewing by people using web browsers. Programs interested in analyzing the
	// exact commit range would do better to use the GIT-typed affected[].ranges entries (described above).
	ReferenceTypeIntroduced ReferenceType = "introduced"

	// ReferenceTypePackage A home web page for the package.
	ReferenceTypePackage ReferenceType = "PACKAGE"

	// ReferenceTypeEvidence A demonstration of the validity of a vulnerability claim, e.g. app.any.run replaying the
	// exploitation of the vulnerability.
	ReferenceTypeEvidence ReferenceType = "evidence"

	// ReferenceTypeWeb A web page of some unspecified kind.
	ReferenceTypeWeb ReferenceType = "WEB"
)

const (

	// SeverityTypeCVSS2 e.g."AV:L/AC:M/Au:N/C:N/I:P/A:C"
	SeverityTypeCVSS2 SeverityType = "CVSS_V2"

	// SeverityTypeCVSS3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
	SeverityTypeCVSS3 SeverityType = "CVSS_V3"
)