github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-11/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-01-13T00:00:00Z", 7 "component" : { 8 "name" : "Acme Product", 9 "version": "2.2.0", 10 "type" : "application", 11 "bom-ref" : "acme-product" 12 } 13 }, 14 "vulnerabilities": [ 15 { 16 "id": "CVE-2020-11896", 17 "analysis": { 18 "state": "not_affected", 19 "justification": "code_not_reachable", 20 "response": ["will_not_fix", "update"], 21 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 22 }, 23 "affects": [ 24 { 25 "ref": "acme-product" 26 } 27 ] 28 }, 29 { 30 "id": "CVE-2020-11897", 31 "analysis": { 32 "state": "not_affected", 33 "justification": "code_not_reachable", 34 "response": ["will_not_fix", "update"], 35 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 36 }, 37 "affects": [ 38 { 39 "ref": "acme-product" 40 } 41 ] 42 }, 43 { 44 "id": "CVE-2020-11898", 45 "analysis": { 46 "state": "not_affected", 47 "justification": "code_not_reachable", 48 "response": ["will_not_fix", "update"], 49 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 50 }, 51 "affects": [ 52 { 53 "ref": "acme-product" 54 } 55 ] 56 }, 57 { 58 "id": "CVE-2020-11899", 59 "analysis": { 60 "state": "not_affected", 61 "justification": "code_not_reachable", 62 "response": ["will_not_fix", "update"], 63 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 64 }, 65 "affects": [ 66 { 67 "ref": "acme-product" 68 } 69 ] 70 }, 71 { 72 "id": "CVE-2020-11900", 73 "analysis": { 74 "state": "not_affected", 75 "justification": "code_not_reachable", 76 "response": ["will_not_fix", "update"], 77 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 78 }, 79 "affects": [ 80 { 81 "ref": "acme-product" 82 } 83 ] 84 }, 85 { 86 "id": "CVE-2020-11901", 87 "analysis": { 88 "state": "not_affected", 89 "justification": "code_not_reachable", 90 "response": ["will_not_fix", "update"], 91 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 92 }, 93 "affects": [ 94 { 95 "ref": "acme-product" 96 } 97 ] 98 }, 99 { 100 "id": "CVE-2020-11902", 101 "analysis": { 102 "state": "not_affected", 103 "justification": "code_not_reachable", 104 "response": ["will_not_fix", "update"], 105 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 106 }, 107 "affects": [ 108 { 109 "ref": "acme-product" 110 } 111 ] 112 }, 113 { 114 "id": "CVE-2020-11903", 115 "analysis": { 116 "state": "not_affected", 117 "justification": "code_not_reachable", 118 "response": ["will_not_fix", "update"], 119 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 120 }, 121 "affects": [ 122 { 123 "ref": "acme-product" 124 } 125 ] 126 }, 127 { 128 "id": "CVE-2020-11904", 129 "analysis": { 130 "state": "not_affected", 131 "justification": "code_not_reachable", 132 "response": ["will_not_fix", "update"], 133 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 134 }, 135 "affects": [ 136 { 137 "ref": "acme-product" 138 } 139 ] 140 }, 141 { 142 "id": "CVE-2020-11905", 143 "analysis": { 144 "state": "not_affected", 145 "justification": "code_not_reachable", 146 "response": ["will_not_fix", "update"], 147 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 148 }, 149 "affects": [ 150 { 151 "ref": "acme-product" 152 } 153 ] 154 }, 155 { 156 "id": "CVE-2020-11906", 157 "analysis": { 158 "state": "not_affected", 159 "justification": "code_not_reachable", 160 "response": ["will_not_fix", "update"], 161 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 162 }, 163 "affects": [ 164 { 165 "ref": "acme-product" 166 } 167 ] 168 }, 169 { 170 "id": "CVE-2020-11907", 171 "analysis": { 172 "state": "not_affected", 173 "justification": "code_not_reachable", 174 "response": ["will_not_fix", "update"], 175 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 176 }, 177 "affects": [ 178 { 179 "ref": "acme-product" 180 } 181 ] 182 }, 183 { 184 "id": "CVE-2020-11908", 185 "analysis": { 186 "state": "not_affected", 187 "justification": "code_not_reachable", 188 "response": ["will_not_fix", "update"], 189 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 190 }, 191 "affects": [ 192 { 193 "ref": "acme-product" 194 } 195 ] 196 }, 197 { 198 "id": "CVE-2020-11909", 199 "analysis": { 200 "state": "not_affected", 201 "justification": "code_not_reachable", 202 "response": ["will_not_fix", "update"], 203 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 204 }, 205 "affects": [ 206 { 207 "ref": "acme-product" 208 } 209 ] 210 }, 211 { 212 "id": "CVE-2020-11910", 213 "analysis": { 214 "state": "not_affected", 215 "justification": "code_not_reachable", 216 "response": ["will_not_fix", "update"], 217 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 218 }, 219 "affects": [ 220 { 221 "ref": "acme-product" 222 } 223 ] 224 }, 225 { 226 "id": "CVE-2020-11911", 227 "analysis": { 228 "state": "not_affected", 229 "justification": "code_not_reachable", 230 "response": ["will_not_fix", "update"], 231 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 232 }, 233 "affects": [ 234 { 235 "ref": "acme-product" 236 } 237 ] 238 }, 239 { 240 "id": "CVE-2020-11912", 241 "analysis": { 242 "state": "not_affected", 243 "justification": "code_not_reachable", 244 "response": ["will_not_fix", "update"], 245 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 246 }, 247 "affects": [ 248 { 249 "ref": "acme-product" 250 } 251 ] 252 }, 253 { 254 "id": "CVE-2020-11913", 255 "analysis": { 256 "state": "not_affected", 257 "justification": "code_not_reachable", 258 "response": ["will_not_fix", "update"], 259 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 260 }, 261 "affects": [ 262 { 263 "ref": "acme-product" 264 } 265 ] 266 }, 267 { 268 "id": "CVE-2020-11914", 269 "analysis": { 270 "state": "not_affected", 271 "justification": "code_not_reachable", 272 "response": ["will_not_fix", "update"], 273 "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." 274 }, 275 "affects": [ 276 { 277 "ref": "acme-product" 278 } 279 ] 280 } 281 ] 282 }