diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 0832fa8901..b985a3f544 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2504,6 +2561,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2547,6 +2605,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2592,6 +2651,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2635,6 +2695,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2679,6 +2740,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2722,6 +2784,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2765,6 +2828,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2810,6 +2874,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2857,6 +2922,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2900,6 +2966,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2943,6 +3010,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2988,6 +3056,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3034,6 +3103,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3076,7 +3146,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3115,7 +3186,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3156,6 +3228,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3199,6 +3272,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3242,6 +3316,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3285,6 +3360,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3328,6 +3404,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3372,6 +3449,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3415,6 +3493,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3458,6 +3537,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3501,6 +3581,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3546,6 +3627,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3589,6 +3671,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3632,6 +3715,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3677,6 +3761,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 9856f96ff8..90f3da63cd 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2504,6 +2561,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2547,6 +2605,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2592,6 +2651,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2635,6 +2695,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2679,6 +2740,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2722,6 +2784,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2765,6 +2828,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2810,6 +2874,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2857,6 +2922,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2900,6 +2966,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2943,6 +3010,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2988,6 +3056,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3034,6 +3103,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3076,7 +3146,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3115,7 +3186,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3156,6 +3228,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3199,6 +3272,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3242,6 +3316,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3285,6 +3360,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3328,6 +3404,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3372,6 +3449,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3415,6 +3493,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3458,6 +3537,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3501,6 +3581,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3546,6 +3627,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3589,6 +3671,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3632,6 +3715,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3677,6 +3761,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 46f39e0dda..f9f0dab584 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2510,6 +2567,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2553,6 +2611,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2598,6 +2657,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2641,6 +2701,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2685,6 +2746,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2728,6 +2790,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2771,6 +2834,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2816,6 +2880,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2863,6 +2928,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2906,6 +2972,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2949,6 +3016,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2994,6 +3062,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3040,6 +3109,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3082,7 +3152,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3121,7 +3192,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3162,6 +3234,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3205,6 +3278,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3248,6 +3322,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3291,6 +3366,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3334,6 +3410,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3378,6 +3455,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3421,6 +3499,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3470,6 +3549,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3513,6 +3593,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3558,6 +3639,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3601,6 +3683,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3644,6 +3727,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3689,6 +3773,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3721,7 +3806,7 @@ ] } ], - "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" + "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 446ebf3d81..8c66c31fa4 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2510,6 +2567,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2553,6 +2611,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2598,6 +2657,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2641,6 +2701,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2685,6 +2746,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2728,6 +2790,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2771,6 +2834,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2816,6 +2880,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2863,6 +2928,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2906,6 +2972,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2949,6 +3016,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2994,6 +3062,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3040,6 +3109,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3082,7 +3152,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3121,7 +3192,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3162,6 +3234,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3205,6 +3278,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3248,6 +3322,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3291,6 +3366,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3334,6 +3410,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3378,6 +3455,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3421,6 +3499,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3470,6 +3549,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3513,6 +3593,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3558,6 +3639,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3601,6 +3683,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3644,6 +3727,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3689,6 +3773,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3721,7 +3806,7 @@ ] } ], - "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" + "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 6d3b3d889f..6bc21c6975 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -25,22 +25,20 @@ "cwe": [ "CWE-611" ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z" + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski" }, "descriptions": [ { "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "Detail" + "label": "rationale" }, { "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "Recommendation" - }, - { - "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", - "label": "Credits" + "label": "fix" }, { "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", @@ -102,7 +100,7 @@ ] } ], - "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" + "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 71f655494d..b3bc91778f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -25,22 +25,20 @@ "cwe": [ "CWE-611" ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z" + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski" }, "descriptions": [ { "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "Detail" + "label": "rationale" }, { "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "Recommendation" - }, - { - "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", - "label": "Credits" + "label": "fix" }, { "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", @@ -102,7 +100,7 @@ ] } ], - "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" + "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 869e89ff20..2e7475d2ae 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -5,7 +5,9 @@ import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; import { + Credits, RatingRepository, + Source, Vulnerability, VulnerabilityRepository } from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; @@ -15,7 +17,8 @@ import { Component, ComponentRepository, OptionalBomProperties, - OptionalComponentProperties + OptionalComponentProperties, + ToolRepository } from '@cyclonedx/cyclonedx-library/dist.d/models'; type IntermediaryComponent = Omit & { @@ -342,6 +345,18 @@ export class CycloneDXSBOMMapper extends BaseConverter { path: 'bom-ref', transformer: filterString }, + ratings: { + path: 'ratings', + transformer: (input: RatingRepository): string | undefined => + input + ? [...input] + .map( + (rating) => + `${(rating.source as Source).name} - ${rating.severity}` + ) + .join(', ') + : undefined + }, created: { path: 'created', transformer: filterString @@ -357,23 +372,37 @@ export class CycloneDXSBOMMapper extends BaseConverter { rejected: { path: 'rejected', transformer: filterString + }, + credits: { + path: 'credits', + transformer: (input: Credits): string | undefined => + input + ? `${[...input.individuals].map((individual) => individual.name).join(', ')}` + : undefined + }, + tools: { + path: 'tools', + transformer: (input: ToolRepository): string | undefined => + input + ? [...input].map((tool) => tool.name).join(', ') + : undefined } }, descriptions: [ { path: 'detail', transformer: (input: string) => - input ? {data: input, label: 'Detail'} : undefined + input ? {data: input, label: 'rationale'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'recommendation', transformer: (input: string) => - input ? {data: input, label: 'Recommendation'} : undefined + input ? {data: input, label: 'fix'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'workaround', transformer: (input: string) => - input ? {data: input, label: 'Workaround'} : undefined + input ? {data: input, label: 'workaround'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'proofOfConcept', @@ -381,24 +410,10 @@ export class CycloneDXSBOMMapper extends BaseConverter { input ? { data: JSON.stringify(input, null, 2), - label: 'Proof of concept' + label: 'check' } : undefined } as unknown as ExecJSON.ControlDescription, - { - path: 'credits', - transformer: (input: Record) => - input - ? {data: JSON.stringify(input, null, 2), label: 'Credits'} - : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'tools', - transformer: (input: Record) => - input - ? {data: JSON.stringify(input, null, 2), label: 'Tools'} - : undefined - } as unknown as ExecJSON.ControlDescription, { path: 'analysis', transformer: (input: Record) =>