github.com/wolfi-dev/wolfictl@v0.16.11/pkg/configs/advisory/v2/testdata/full.advisories.yaml (about)

     1  schema-version: 2.0.2
     2  
     3  package:
     4    name: full
     5  
     6  advisories:
     7    - id: CVE-2000-0001
     8      aliases:
     9        - GHSA-xxxx-xxxx-xxx9
    10        - GO-2000-0001
    11      events:
    12        - timestamp: 2000-01-01T00:00:00Z
    13          type: detection
    14          data:
    15            type: manual
    16        - timestamp: 2000-01-01T00:00:00Z
    17          type: detection
    18          data:
    19            type: nvdapi
    20            data:
    21              cpeSearched: cpe:2.3:a:*:tinyxml:*:*:*:*:*:*:*:*
    22              cpeFound: cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*
    23        - timestamp: 2000-01-01T00:00:00Z
    24          type: detection
    25          data:
    26            type: scan/v1
    27            data:
    28              subpackageName: test-sub
    29              componentID: fe8053a3adedc5d0
    30              componentName: github.com/docker/distribution
    31              componentVersion: v2.8.1+incompatible
    32              componentType: go-module
    33              componentLocation: /usr/bin/crane
    34              scanner: grype
    35        - timestamp: 2000-01-01T00:00:00Z
    36          type: true-positive-determination
    37          data:
    38            note: Something something true positive.
    39        - timestamp: 2000-01-01T00:00:00Z
    40          type: false-positive-determination
    41          data:
    42            type: vulnerability-record-analysis-contested
    43            note: Something something false positive.
    44        - timestamp: 2000-01-01T00:00:00Z
    45          type: false-positive-determination
    46          data:
    47            type: component-vulnerability-mismatch
    48            note: Something something false positive.
    49        - timestamp: 2000-01-01T00:00:00Z
    50          type: false-positive-determination
    51          data:
    52            type: vulnerable-code-version-not-used
    53            note: Something something false positive.
    54        - timestamp: 2000-01-01T00:00:00Z
    55          type: false-positive-determination
    56          data:
    57            type: vulnerable-code-not-included-in-package
    58            note: Something something false positive.
    59        - timestamp: 2000-01-01T00:00:00Z
    60          type: false-positive-determination
    61          data:
    62            type: vulnerable-code-not-in-execution-path
    63            note: Something something false positive.
    64        - timestamp: 2000-01-01T00:00:00Z
    65          type: false-positive-determination
    66          data:
    67            type: vulnerable-code-cannot-be-controlled-by-adversary
    68            note: Something something false positive.
    69        - timestamp: 2000-01-01T00:00:00Z
    70          type: false-positive-determination
    71          data:
    72            type: inline-mitigations-exist
    73            note: Something something false positive.
    74        - timestamp: 2000-01-01T00:00:00Z
    75          type: fixed
    76          data:
    77            fixed-version: 1.2.3-r4
    78        - timestamp: 2000-01-01T00:00:00Z
    79          type: analysis-not-planned
    80          data:
    81            note: Something something analysis not planned.
    82        - timestamp: 2000-01-01T00:00:00Z
    83          type: fix-not-planned
    84          data:
    85            note: Something something fix not planned.
    86        - timestamp: 2000-01-01T00:00:00Z
    87          type: pending-upstream-fix
    88          data:
    89            note: Something something pending upstream fix.