The Scope metric captures whether a vulnerability in one
vulnerable component impacts resources in components beyond its
security scope.
Values:
SCOPE_UNSPECIFIED (0):
Invalid value.
SCOPE_UNCHANGED (1):
An exploited vulnerability can only affect
resources managed by the same security
authority.
SCOPE_CHANGED (2):
An exploited vulnerability can affect
resources beyond the security scope managed by
the security authority of the vulnerable
component.