github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-not_affected.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-not_affected.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-03-03T00:00:00Z",
     7      "component" : {
     8        "name" : "ABC",
     9        "version": "4.2",
    10        "type" : "application",
    11        "bom-ref" : "product-ABC"
    12      }
    13    },
    14    "vulnerabilities": [
    15      {
    16        "id": "CVE-2021-44228",
    17        "source": {
    18          "name": "NVD",
    19          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    20        },
    21        "analysis": {
    22          "state": "not_affected",
    23          "justification": "code_not_present",
    24          "response": ["will_not_fix"],
    25          "detail": "This version of Product ABC is not affected by the vulnerability. Class with vulnerable code was removed before shipping."
    26        },
    27        "affects": [
    28          {
    29            "ref": "product-ABC"
    30          }
    31        ]
    32      }
    33    ]
    34  }