github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-5/vex.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-03-03T00:00:00Z",
     7      "component" : {
     8        "name" : "XYZ",
     9        "type" : "application",
    10        "bom-ref" : "product-XYZ"
    11      }
    12    },
    13    "vulnerabilities": [
    14      {
    15        "id": "CVE-2021-44228",
    16        "source": {
    17          "name": "NVD",
    18          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    19        },
    20        "ratings": [
    21          {
    22            "source": {
    23              "name": "NVD",
    24              "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&version=3.1"
    25            },
    26            "score": 10.0,
    27            "severity": "critical",
    28            "method": "CVSSv31",
    29            "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
    30          }
    31        ],
    32        "analysis": {
    33          "state": "in_triage"
    34        },
    35        "affects": [
    36          {
    37            "ref": "product-XYZ"
    38          }
    39        ]
    40      }
    41    ]
    42  }