github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-3/vex.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-3/vex.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-01-13T00:00:00Z",
     7      "component" : {
     8        "name" : "Acme Product",
     9        "version": "2.4.0",
    10        "type" : "application",
    11        "bom-ref" : "acme-product"
    12      }
    13    },
    14    "vulnerabilities": [
    15      {
    16        "id": "CVE-2020-25649",
    17        "source": {
    18          "name": "NVD",
    19          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
    20        },
    21        "ratings": [
    22          {
    23            "source": {
    24              "name": "NVD",
    25              "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1"
    26            },
    27            "score": 7.5,
    28            "severity": "high",
    29            "method": "CVSSv31",
    30            "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
    31          }
    32        ],
    33        "analysis": {
    34          "state": "in_triage"
    35        },
    36        "affects": [
    37          {
    38            "ref": "acme-product"
    39          }
    40        ]
    41      }
    42    ]
    43  }