Affected Software Package
affected_package
The Affected Package object describes details about a software package identified as affected by a vulnerability/vulnerabilities.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Architecture | architecture | String | Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on. | ||
| Epoch | epoch | Integer | The software package epoch. Epoch is a way to define weighted dependencies based on version numbers. | ||
| Fixed In Version | fixed_in_version | String | The software package version in which a reported vulnerability was patched/fixed. | ||
| Software License | license | String | The software license applied to this package. | ||
| Name | name | String | The software package name. | ||
| Package Manager | package_manager | String | The software packager manager utilized to manage a package on a system, e.g. npm, yum, dpkg etc. | ||
| Path | path | String | The installation path of the affected package. | ||
| Package URL | purl | String | A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Software Release Details | release | String | Release is the number of times a version of the software has been packaged. | ||
| Remediation Guidance | remediation | Remediation | Describes the recommended remediation steps to address identified issue(s). | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| Version | version | String | The software package version. |
References
Referenced By
Context
JSON
{
"caption": "Affected Software Package",
"description": "The Affected Package object describes details about a software package identified as affected by a vulnerability/vulnerabilities.",
"extends": "package",
"name": "affected_package",
"attributes": {
"fixed_in_version": {
"requirement": "optional",
"caption": "Fixed In Version",
"description": "The software package version in which a reported vulnerability was patched/fixed.",
"type": "string_t"
},
"package_manager": {
"requirement": "optional",
"caption": "Package Manager",
"description": "The software packager manager utilized to manage a package on a system, e.g. npm, yum, dpkg etc.",
"type": "string_t"
},
"path": {
"description": "The installation path of the affected package.",
"requirement": "optional",
"caption": "Path",
"type": "string_t"
},
"remediation": {
"requirement": "optional",
"caption": "Remediation Guidance",
"description": "Describes the recommended remediation steps to address identified issue(s).",
"type": "remediation"
},
"architecture": {
"requirement": "recommended",
"caption": "Architecture",
"description": "Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on.",
"type": "string_t"
},
"epoch": {
"requirement": "optional",
"caption": "Epoch",
"description": "The software package epoch. Epoch is a way to define weighted dependencies based on version numbers.",
"type": "integer_t"
},
"license": {
"description": "The software license applied to this package.",
"requirement": "optional",
"caption": "Software License",
"type": "string_t"
},
"name": {
"description": "The software package name.",
"requirement": "required",
"caption": "Name",
"type": "string_t"
},
"purl": {
"requirement": "optional",
"caption": "Package URL",
"description": "A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases.",
"type": "string_t"
},
"release": {
"requirement": "optional",
"caption": "Software Release Details",
"description": "Release is the number of times a version of the software has been packaged.",
"type": "string_t"
},
"version": {
"description": "The software package version.",
"requirement": "required",
"caption": "Version",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
}
}