github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-under_investigation.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/vex-under_investigation.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-03-03T00:00:00Z",
     7      "component" : {
     8        "name" : "GHI",
     9        "version": "17.4",
    10        "type" : "application",
    11        "bom-ref" : "product-GHI"
    12      }
    13    },
    14    "vulnerabilities": [
    15      {
    16        "id": "CVE-2021-44228",
    17        "source": {
    18          "name": "NVD",
    19          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    20        },
    21        "analysis": {
    22          "state": "in_triage",
    23          "detail": "This version of Product GHI is under investigation to determine if product is affected."
    24        },
    25        "affects": [
    26          {
    27            "ref": "product-GHI"
    28          }
    29        ]
    30      }
    31    ]
    32  }