JFrog · Schema
JFrog Security Vulnerability
Represents a security vulnerability as reported by JFrog Xray, including CVE details, severity scoring, affected components, and remediation information.
ArtifactoryCI/CDContainer RegistryDevOpsMLOpsPackage ManagementSecuritySoftware Supply Chain
Properties
| Name | Type | Description |
|---|---|---|
| issue_id | string | Unique Xray issue identifier |
| cve | string | CVE identifier |
| severity | string | Vulnerability severity level |
| cvss_v2_score | number | CVSS v2 score |
| cvss_v3_score | number | CVSS v3 score |
| cvss_v3_vector | string | CVSS v3 vector string |
| summary | string | Brief summary of the vulnerability |
| description | string | Detailed description of the vulnerability |
| issue_type | string | Type of the security issue |
| provider | string | Vulnerability data provider |
| published | string | Date the vulnerability was first published |
| updated | string | Date the vulnerability information was last updated |
| references | array | External references for the vulnerability |
| fixed_versions | array | Component versions that fix this vulnerability |
| impacted_artifacts | array | Artifacts impacted by this vulnerability |
| component | object | The affected component details |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://jfrog.com/schemas/security-vulnerability",
"title": "JFrog Security Vulnerability",
"description": "Represents a security vulnerability as reported by JFrog Xray, including CVE details, severity scoring, affected components, and remediation information.",
"type": "object",
"properties": {
"issue_id": {
"type": "string",
"description": "Unique Xray issue identifier",
"examples": [
"XRAY-12345"
]
},
"cve": {
"type": "string",
"description": "CVE identifier",
"pattern": "^CVE-\\d{4}-\\d{4,}$",
"examples": [
"CVE-2021-44228",
"CVE-2023-0001"
]
},
"severity": {
"type": "string",
"description": "Vulnerability severity level",
"enum": [
"Low",
"Medium",
"High",
"Critical"
]
},
"cvss_v2_score": {
"type": "number",
"description": "CVSS v2 score",
"minimum": 0,
"maximum": 10
},
"cvss_v3_score": {
"type": "number",
"description": "CVSS v3 score",
"minimum": 0,
"maximum": 10
},
"cvss_v3_vector": {
"type": "string",
"description": "CVSS v3 vector string",
"examples": [
"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
]
},
"summary": {
"type": "string",
"description": "Brief summary of the vulnerability"
},
"description": {
"type": "string",
"description": "Detailed description of the vulnerability"
},
"issue_type": {
"type": "string",
"description": "Type of the security issue",
"enum": [
"security",
"license",
"operational_risk"
]
},
"provider": {
"type": "string",
"description": "Vulnerability data provider",
"examples": [
"JFrog",
"NVD"
]
},
"published": {
"type": "string",
"format": "date-time",
"description": "Date the vulnerability was first published"
},
"updated": {
"type": "string",
"format": "date-time",
"description": "Date the vulnerability information was last updated"
},
"references": {
"type": "array",
"description": "External references for the vulnerability",
"items": {
"type": "string",
"format": "uri"
}
},
"fixed_versions": {
"type": "array",
"description": "Component versions that fix this vulnerability",
"items": {
"type": "string"
}
},
"impacted_artifacts": {
"type": "array",
"description": "Artifacts impacted by this vulnerability",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"display_name": {
"type": "string"
},
"path": {
"type": "string"
},
"sha256": {
"type": "string"
},
"pkg_type": {
"type": "string"
}
}
}
},
"component": {
"type": "object",
"description": "The affected component details",
"properties": {
"component_id": {
"type": "string",
"description": "Component identifier",
"examples": [
"npm://lodash:4.17.20",
"maven://org.apache.logging.log4j:log4j-core:2.14.1"
]
},
"package_type": {
"type": "string",
"description": "Package ecosystem type"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
},
"fixed_version": {
"type": "string"
}
}
}
},
"required": [
"issue_id",
"severity",
"summary"
]
}