51 lines
1.5 KiB
C#
51 lines
1.5 KiB
C#
namespace StellaOps.Policy.Unknowns.Models;
|
|
|
|
/// <summary>
|
|
/// Canonical reason codes explaining why a component is marked as unknown.
|
|
/// Each code maps to a specific remediation action.
|
|
/// </summary>
|
|
public enum UnknownReasonCode
|
|
{
|
|
/// <summary>
|
|
/// U-RCH: Call path analysis is indeterminate.
|
|
/// The reachability analyzer cannot confirm or deny exploitability.
|
|
/// </summary>
|
|
Reachability,
|
|
|
|
/// <summary>
|
|
/// U-ID: Ambiguous package identity or missing digest.
|
|
/// Cannot uniquely identify the component (e.g., missing PURL, no checksum).
|
|
/// </summary>
|
|
Identity,
|
|
|
|
/// <summary>
|
|
/// U-PROV: Cannot map binary artifact to source repository.
|
|
/// Provenance chain is broken or unavailable.
|
|
/// </summary>
|
|
Provenance,
|
|
|
|
/// <summary>
|
|
/// U-VEX: VEX statements conflict or missing applicability data.
|
|
/// Multiple VEX sources disagree or no VEX coverage exists.
|
|
/// </summary>
|
|
VexConflict,
|
|
|
|
/// <summary>
|
|
/// U-FEED: Required knowledge source is missing or stale.
|
|
/// Advisory feed gap (e.g., no NVD/OSV data for this package).
|
|
/// </summary>
|
|
FeedGap,
|
|
|
|
/// <summary>
|
|
/// U-CONFIG: Feature flag or configuration not observable.
|
|
/// Cannot determine if vulnerable code path is enabled at runtime.
|
|
/// </summary>
|
|
ConfigUnknown,
|
|
|
|
/// <summary>
|
|
/// U-ANALYZER: Language or framework not supported by analyzer.
|
|
/// Static analysis tools do not cover this ecosystem.
|
|
/// </summary>
|
|
AnalyzerLimit
|
|
}
|