From b2b5c41b8fc986dae532e517be3cd7206867a0b0 Mon Sep 17 00:00:00 2001 From: Davide Fucci Date: Wed, 16 Oct 2024 18:01:29 +0200 Subject: [PATCH] add VEX file with vulnerabilities information to SBOM --- sbom/cve-bin-tool-py3.9.spdx.vex.json | 70 +++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 sbom/cve-bin-tool-py3.9.spdx.vex.json diff --git a/sbom/cve-bin-tool-py3.9.spdx.vex.json b/sbom/cve-bin-tool-py3.9.spdx.vex.json new file mode 100644 index 0000000000..0d608be106 --- /dev/null +++ b/sbom/cve-bin-tool-py3.9.spdx.vex.json @@ -0,0 +1,70 @@ +{ + "@context": "https://openvex.dev/ns/v0.2.0", + "@id": "https://openvex.dev/docs/public/vex-d7971dad596bf8f0395a9da7c1c0a039ad75e431414c45d09dbcc3c2d4f9c989", + "author": "Unknown Author", + "timestamp": "2024-10-04T15:31:21.082828+02:00", + "last_updated": "2024-10-04T15:31:21.194452+02:00", + "version": 5, + "statements": [ + { + "vulnerability": { + "name": "CVE-2024-35195" + }, + "timestamp": "2024-10-04T15:31:21.082828+02:00", + "products": [ + { + "@id": "pkg:pypi/requests@2.31.0" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-37891" + }, + "timestamp": "2024-10-04T15:31:21.112094+02:00", + "products": [ + { + "@id": "pkg:pypi/urllib3@2.2.1" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-39689" + }, + "timestamp": "2024-10-04T15:31:21.13969+02:00", + "products": [ + { + "@id": "pkg:pypi/certifi@2024.2.2" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-42367" + }, + "timestamp": "2024-10-04T15:31:21.166505+02:00", + "products": [ + { + "@id": "pkg:pypi/aiohttp@3.9.5" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-5569" + }, + "timestamp": "2024-10-04T15:31:21.194452+02:00", + "products": [ + { + "@id": "pkg:pypi/zipp@3.18.2" + } + ], + "status": "under_investigation" + } + ] +}