github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-5/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-03-03T00:00:00Z", 7 "component" : { 8 "name" : "XYZ", 9 "type" : "application", 10 "bom-ref" : "product-XYZ" 11 } 12 }, 13 "vulnerabilities": [ 14 { 15 "id": "CVE-2021-44228", 16 "source": { 17 "name": "NVD", 18 "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" 19 }, 20 "ratings": [ 21 { 22 "source": { 23 "name": "NVD", 24 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&version=3.1" 25 }, 26 "score": 10.0, 27 "severity": "critical", 28 "method": "CVSSv31", 29 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" 30 } 31 ], 32 "analysis": { 33 "state": "in_triage" 34 }, 35 "affects": [ 36 { 37 "ref": "product-XYZ" 38 } 39 ] 40 } 41 ] 42 }