github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/Use-Cases/Case-9/vex.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "vulnerabilities": [
     6      {
     7        "id": "CVE-2020-11896",
     8        "analysis": {
     9          "state": "not_affected",
    10          "justification": "code_not_reachable",
    11          "response": ["will_not_fix", "update"],
    12          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    13        },
    14        "affects": [
    15          {
    16            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
    17          },
    18          {
    19            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
    20          },
    21          {
    22            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
    23          }
    24        ]
    25      },
    26      {
    27        "id": "CVE-2020-11897",
    28        "analysis": {
    29          "state": "not_affected",
    30          "justification": "code_not_reachable",
    31          "response": ["will_not_fix", "update"],
    32          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    33        },
    34        "affects": [
    35          {
    36            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
    37          },
    38          {
    39            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
    40          },
    41          {
    42            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
    43          }
    44        ]
    45      },
    46      {
    47        "id": "CVE-2020-11898",
    48        "analysis": {
    49          "state": "not_affected",
    50          "justification": "code_not_reachable",
    51          "response": ["will_not_fix", "update"],
    52          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    53        },
    54        "affects": [
    55          {
    56            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
    57          },
    58          {
    59            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
    60          },
    61          {
    62            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
    63          }
    64        ]
    65      },
    66      {
    67        "id": "CVE-2020-11899",
    68        "analysis": {
    69          "state": "not_affected",
    70          "justification": "code_not_reachable",
    71          "response": ["will_not_fix", "update"],
    72          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    73        },
    74        "affects": [
    75          {
    76            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
    77          },
    78          {
    79            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
    80          },
    81          {
    82            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
    83          }
    84        ]
    85      },
    86      {
    87        "id": "CVE-2020-11900",
    88        "analysis": {
    89          "state": "not_affected",
    90          "justification": "code_not_reachable",
    91          "response": ["will_not_fix", "update"],
    92          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
    93        },
    94        "affects": [
    95          {
    96            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
    97          },
    98          {
    99            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   100          },
   101          {
   102            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   103          }
   104        ]
   105      },
   106      {
   107        "id": "CVE-2020-11901",
   108        "analysis": {
   109          "state": "not_affected",
   110          "justification": "code_not_reachable",
   111          "response": ["will_not_fix", "update"],
   112          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   113        },
   114        "affects": [
   115          {
   116            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   117          },
   118          {
   119            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   120          },
   121          {
   122            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   123          }
   124        ]
   125      },
   126      {
   127        "id": "CVE-2020-11902",
   128        "analysis": {
   129          "state": "not_affected",
   130          "justification": "code_not_reachable",
   131          "response": ["will_not_fix", "update"],
   132          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   133        },
   134        "affects": [
   135          {
   136            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   137          },
   138          {
   139            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   140          },
   141          {
   142            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   143          }
   144        ]
   145      },
   146      {
   147        "id": "CVE-2020-11903",
   148        "analysis": {
   149          "state": "not_affected",
   150          "justification": "code_not_reachable",
   151          "response": ["will_not_fix", "update"],
   152          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   153        },
   154        "affects": [
   155          {
   156            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   157          },
   158          {
   159            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   160          },
   161          {
   162            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   163          }
   164        ]
   165      },
   166      {
   167        "id": "CVE-2020-11904",
   168        "analysis": {
   169          "state": "not_affected",
   170          "justification": "code_not_reachable",
   171          "response": ["will_not_fix", "update"],
   172          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   173        },
   174        "affects": [
   175          {
   176            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   177          },
   178          {
   179            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   180          },
   181          {
   182            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   183          }
   184        ]
   185      },
   186      {
   187        "id": "CVE-2020-11905",
   188        "analysis": {
   189          "state": "not_affected",
   190          "justification": "code_not_reachable",
   191          "response": ["will_not_fix", "update"],
   192          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   193        },
   194        "affects": [
   195          {
   196            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   197          },
   198          {
   199            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   200          },
   201          {
   202            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   203          }
   204        ]
   205      },
   206      {
   207        "id": "CVE-2020-11906",
   208        "analysis": {
   209          "state": "not_affected",
   210          "justification": "code_not_reachable",
   211          "response": ["will_not_fix", "update"],
   212          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   213        },
   214        "affects": [
   215          {
   216            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   217          },
   218          {
   219            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   220          },
   221          {
   222            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   223          }
   224        ]
   225      },
   226      {
   227        "id": "CVE-2020-11907",
   228        "analysis": {
   229          "state": "not_affected",
   230          "justification": "code_not_reachable",
   231          "response": ["will_not_fix", "update"],
   232          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   233        },
   234        "affects": [
   235          {
   236            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   237          },
   238          {
   239            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   240          },
   241          {
   242            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   243          }
   244        ]
   245      },
   246      {
   247        "id": "CVE-2020-11908",
   248        "analysis": {
   249          "state": "not_affected",
   250          "justification": "code_not_reachable",
   251          "response": ["will_not_fix", "update"],
   252          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   253        },
   254        "affects": [
   255          {
   256            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   257          },
   258          {
   259            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   260          },
   261          {
   262            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   263          }
   264        ]
   265      },
   266      {
   267        "id": "CVE-2020-11909",
   268        "analysis": {
   269          "state": "not_affected",
   270          "justification": "code_not_reachable",
   271          "response": ["will_not_fix", "update"],
   272          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   273        },
   274        "affects": [
   275          {
   276            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   277          },
   278          {
   279            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   280          },
   281          {
   282            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   283          }
   284        ]
   285      },
   286      {
   287        "id": "CVE-2020-11910",
   288        "analysis": {
   289          "state": "not_affected",
   290          "justification": "code_not_reachable",
   291          "response": ["will_not_fix", "update"],
   292          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   293        },
   294        "affects": [
   295          {
   296            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   297          },
   298          {
   299            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   300          },
   301          {
   302            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   303          }
   304        ]
   305      },
   306      {
   307        "id": "CVE-2020-11911",
   308        "analysis": {
   309          "state": "not_affected",
   310          "justification": "code_not_reachable",
   311          "response": ["will_not_fix", "update"],
   312          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   313        },
   314        "affects": [
   315          {
   316            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   317          },
   318          {
   319            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   320          },
   321          {
   322            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   323          }
   324        ]
   325      },
   326      {
   327        "id": "CVE-2020-11912",
   328        "analysis": {
   329          "state": "not_affected",
   330          "justification": "code_not_reachable",
   331          "response": ["will_not_fix", "update"],
   332          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   333        },
   334        "affects": [
   335          {
   336            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   337          },
   338          {
   339            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   340          },
   341          {
   342            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   343          }
   344        ]
   345      },
   346      {
   347        "id": "CVE-2020-11913",
   348        "analysis": {
   349          "state": "not_affected",
   350          "justification": "code_not_reachable",
   351          "response": ["will_not_fix", "update"],
   352          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   353        },
   354        "affects": [
   355          {
   356            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   357          },
   358          {
   359            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   360          },
   361          {
   362            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   363          }
   364        ]
   365      },
   366      {
   367        "id": "CVE-2020-11914",
   368        "analysis": {
   369          "state": "not_affected",
   370          "justification": "code_not_reachable",
   371          "response": ["will_not_fix", "update"],
   372          "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly."
   373        },
   374        "affects": [
   375          {
   376            "ref": "urn:cdx:2c385cf7-e1ee-46e9-a51c-13de1ecb380a/1#acme-product-1"
   377          },
   378          {
   379            "ref": "urn:cdx:6ffac0b2-5246-4fb9-a6fe-7993041856a0/1#acme-product-2"
   380          },
   381          {
   382            "ref": "urn:cdx:240b5b0b-917d-4f48-816c-97e1944d8079/1#acme-product-3"
   383          }
   384        ]
   385      }
   386    ]
   387  }