Justification
Justification provides the justification when the state of the assessment if NOT_AFFECTED.
| JSON representation |
|---|
{"justificationType":enum ( |
| Fields | |
|---|---|
justificationType |
The justification type for this vulnerability. |
details |
Additional details on why this justification was chosen. |
JustificationType
Provides the type of justification.
| Enums | |
|---|---|
JUSTIFICATION_TYPE_UNSPECIFIED | JUSTIFICATION_TYPE_UNSPECIFIED. |
COMPONENT_NOT_PRESENT | The vulnerable component is not present in the product. |
VULNERABLE_CODE_NOT_PRESENT | The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code. |
VULNERABLE_CODE_NOT_IN_EXECUTE_PATH | The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code. |
VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY | The vulnerable code cannot be controlled by an attacker to exploit the vulnerability. |
INLINE_MITIGATIONS_ALREADY_EXIST | The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors. |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-06-13 UTC.