github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-7/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata": { 6 "timestamp": "2020-04-13T20:20:39+00:00", 7 "manufacture": { 8 "name": "Acme, Inc.", 9 "url": [ 10 "https://example.com" 11 ] 12 }, 13 "supplier": { 14 "name": "Acme, Inc.", 15 "url": [ 16 "https://example.com" 17 ] 18 } 19 }, 20 "vulnerabilities": [ 21 { 22 "id": "CVE-2020-25649", 23 "source": { 24 "name": "NVD", 25 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" 26 }, 27 "ratings": [ 28 { 29 "source": { 30 "name": "NVD", 31 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1" 32 }, 33 "score": 7.5, 34 "severity": "high", 35 "method": "CVSSv31", 36 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" 37 }, 38 { 39 "source": { 40 "name": "Acme Inc", 41 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 42 }, 43 "score": 0.0, 44 "severity": "none", 45 "method": "CVSSv31", 46 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 47 } 48 ], 49 "analysis": { 50 "state": "not_affected", 51 "justification": "code_not_reachable", 52 "response": ["will_not_fix", "update"], 53 "detail": "This vulnerability is not exploitable in any current version of any product." 54 } 55 } 56 ] 57 }