github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-affected.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-affected.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-03-03T00:00:00Z",
     7      "component" : {
     8        "name" : "DEF",
     9        "version": "1.0",
    10        "type" : "application",
    11        "bom-ref" : "product-DEF"
    12      }
    13    },
    14    "vulnerabilities": [
    15      {
    16        "id": "CVE-2021-44228",
    17        "source": {
    18          "name": "NVD",
    19          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    20        },
    21        "analysis": {
    22          "state": "exploitable",
    23          "response": ["will_not_fix", "update"],
    24          "detail": "This version of Product DEF is affected by the vulnerability. Customers are advised to upgrade to the latest release."
    25        },
    26        "affects": [
    27          {
    28            "ref": "product-DEF"
    29          }
    30        ]
    31      }
    32    ]
    33  }