SsvcVulnAssessmentRelationship
Summary
Provides an SSVC assessment for a vulnerability.
Description
An SsvcVulnAssessmentRelationship describes the decision made using the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree as defined by CISA Stakeholder-Specific Vulnerability Categorization Guide.
It is intended to communicate the results of using the CISA SSVC Calculator.
Constraints
- The relationship type must be set to hasAssessmentFor.
Example
{
"@type": "SsvcVulnAssessmentRelationship",
"@id": "urn:spdx.dev:ssvc-1",
"relationshipType": "hasAssessmentFor",
"security_decisionType": "act",
"from": "urn:spdx.dev:vuln-cve-2020-28498",
"to": ["urn:product-acme-application-1.3"],
"security_assessedElement": "urn:npm-elliptic-6.5.2",
"suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
"publishedTime": "2021-03-09T11:04:53Z"
}
Metadata
https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship
Name | SsvcVulnAssessmentRelationship |
Instantiability | Concrete |
SubclassOf | VulnAssessmentRelationship |
Superclasses
/Core/Element
/Core/Relationship
/Security/VulnAssessmentRelationship
/Security/SsvcVulnAssessmentRelationship
Properties
Property | Type | minCount | maxCount |
---|---|---|---|
decisionType | SsvcDecisionType | 1 | 1 |
All properties
Property | Type | minCount | maxCount |
---|---|---|---|
assessedElement | SoftwareArtifact | 0 | 1 |
comment | xsd:string | 0 | 1 |
completeness | RelationshipCompleteness | 0 | 1 |
creationInfo | CreationInfo | 1 | 1 |
decisionType | SsvcDecisionType | 1 | 1 |
description | xsd:string | 0 | 1 |
endTime | DateTime | 0 | 1 |
extension | Extension | 0 | * |
externalIdentifier | ExternalIdentifier | 0 | * |
externalRef | ExternalRef | 0 | * |
from | Element | 1 | 1 |
modifiedTime | DateTime | 0 | 1 |
name | xsd:string | 0 | 1 |
publishedTime | DateTime | 0 | 1 |
relationshipType | RelationshipType | 1 | 1 |
spdxId | xsd:anyURI | 1 | 1 |
startTime | DateTime | 0 | 1 |
summary | xsd:string | 0 | 1 |
suppliedBy | Agent | 0 | 1 |
to | Element | 1 | * |
verifiedUsing | IntegrityMethod | 0 | * |
withdrawnTime | DateTime | 0 | 1 |