github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-8/vex.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-8/vex.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-01-13T00:00:00Z",
     7      "component" : {
     8        "name" : "Acme Product",
     9        "type" : "application",
    10        "bom-ref" : "acme-product"
    11      }
    12    },
    13    "vulnerabilities": [
    14      {
    15        "id": "CVE-2020-25649",
    16        "source": {
    17          "name": "NVD",
    18          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
    19        },
    20        "analysis": {
    21          "state": "not_affected",
    22          "justification": "code_not_reachable",
    23          "response": ["will_not_fix", "update"],
    24          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    25        },
    26        "affects": [
    27          {
    28            "ref": "acme-product",
    29            "versions": [
    30              {
    31                "range": "vers:semver/>=2.0.0|<=2.7.0",
    32                "status": "unaffected"
    33              },
    34              {
    35                "range": "vers:semver/>=3.0.0|<=3.2.0",
    36                "status": "unaffected"
    37              },
    38              {
    39                "range": "vers:semver/>=3.8.0|<=4.1.0",
    40                "status": "unaffected"
    41              },
    42              {
    43                "version": "5.9.0",
    44                "status": "unaffected"
    45              }
    46            ]
    47          }
    48        ]
    49      }
    50    ]
    51  }