VexUnderInvestigationVulnAssessmentRelationship
Summary
Designates elements as products where the impact of a vulnerability is being investigated.
Description
VexUnderInvestigationVulnAssessmentRelationship links a vulnerability to a number of products stating the vulnerability's impact on them is being investigated. It represents the VEX under_investigation status.
Constraints
When linking elements using a VexUnderInvestigationVulnAssessmentRelationship the following requirements must be observed:
- Elements linked with a VexUnderInvestigationVulnAssessmentRelationship are constrained to using the underInvestigationFor relationship type.
- The from: end of the relationship must be a /Security/Vulnerability classed element.
Example
{
"type": "VexUnderInvestigationVulnAssessmentRelationship",
"spdxId": "urn:spdx.dev:vex-underInvestigation-1",
"relationshipType": "underInvestigationFor",
"from": "urn:spdx.dev:vuln-cve-2020-28498",
"to": ["urn:product-acme-application-1.3"],
"security_assessedElement": "urn:npm-elliptic-6.5.2",
"suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
"publishedTime": "2021-03-09T11:04:53Z"
}
Metadata
https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship
| Name | VexUnderInvestigationVulnAssessmentRelationship |
| Instantiability | Concrete |
| SubclassOf | VexVulnAssessmentRelationship |
Class hierarchy
/Core/Element
/Core/Relationship
/Security/VulnAssessmentRelationship
/Security/VexVulnAssessmentRelationship
/Security/VexUnderInvestigationVulnAssessmentRelationship
All properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| assessedElement | SoftwareArtifact | 0 | 1 |
| comment | xsd:string | 0 | 1 |
| completeness | RelationshipCompleteness | 0 | 1 |
| creationInfo | CreationInfo | 1 | 1 |
| description | xsd:string | 0 | 1 |
| endTime | DateTime | 0 | 1 |
| extension | Extension | 0 | * |
| externalIdentifier | ExternalIdentifier | 0 | * |
| externalRef | ExternalRef | 0 | * |
| from | Element | 1 | 1 |
| modifiedTime | DateTime | 0 | 1 |
| name | xsd:string | 0 | 1 |
| publishedTime | DateTime | 0 | 1 |
| relationshipType | RelationshipType | 1 | 1 |
| spdxId | xsd:anyURI | 1 | 1 |
| startTime | DateTime | 0 | 1 |
| statusNotes | xsd:string | 0 | 1 |
| summary | xsd:string | 0 | 1 |
| suppliedBy | Agent | 0 | 1 |
| to | Element | 1 | * |
| verifiedUsing | IntegrityMethod | 0 | * |
| vexVersion | xsd:string | 0 | 1 |
| withdrawnTime | DateTime | 0 | 1 |