github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-10/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-01-13T00:00:00Z", 7 "component" : { 8 "name" : "Acme Product", 9 "type" : "application", 10 "bom-ref" : "acme-product" 11 } 12 }, 13 "vulnerabilities": [ 14 { 15 "id": "CVE-2020-25649", 16 "source": { 17 "name": "NVD", 18 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" 19 }, 20 "ratings": [ 21 { 22 "source": { 23 "name": "NVD", 24 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1" 25 }, 26 "score": 7.5, 27 "severity": "high", 28 "method": "CVSSv31", 29 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" 30 }, 31 { 32 "source": { 33 "name": "Acme Inc", 34 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 35 }, 36 "score": 0.0, 37 "severity": "none", 38 "method": "CVSSv31", 39 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 40 } 41 ], 42 "analysis": { 43 "state": "not_affected", 44 "justification": "code_not_reachable", 45 "response": ["will_not_fix", "update"], 46 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 47 }, 48 "affects": [ 49 { 50 "ref": "acme-product", 51 "versions": [ 52 { 53 "version": "2.2.0", 54 "status": "unaffected" 55 }, 56 { 57 "version": "2.2.1", 58 "status": "unaffected" 59 }, 60 { 61 "version": "2.2.2", 62 "status": "unaffected" 63 }, 64 { 65 "version": "2.3.0", 66 "status": "unaffected" 67 }, 68 { 69 "version": "2.3.1", 70 "status": "unaffected" 71 }, 72 { 73 "version": "2.3.1", 74 "status": "unaffected" 75 }, 76 { 77 "version": "2.3.2", 78 "status": "unaffected" 79 }, 80 { 81 "version": "2.3.3", 82 "status": "unaffected" 83 }, 84 { 85 "version": "2.3.4", 86 "status": "unaffected" 87 }, 88 { 89 "version": "2.3.5", 90 "status": "unaffected" 91 }, 92 { 93 "version": "2.3.6", 94 "status": "unaffected" 95 }, 96 { 97 "version": "2.3.7", 98 "status": "unaffected" 99 }, 100 { 101 "version": "2.4.0", 102 "status": "unaffected" 103 } 104 ] 105 } 106 ] 107 } 108 ] 109 }