feat(spec1-5): add support for firstIssued and lastUpdated in vul…

…n analysis Signed-off-by: nscuro <nscuro@protonmail.com>
CycloneDX · May 21, 2023 · 861c438 · 861c438
1 parent 56f6336
commit 861c438
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 2 deletions.
diff --git a/cyclonedx.go b/cyclonedx.go
@@ -527,6 +527,8 @@ type VulnerabilityAnalysis struct {
 	Justification ImpactAnalysisJustification `json:"justification,omitempty" xml:"justification,omitempty"`
 	Response      *[]ImpactAnalysisResponse   `json:"response,omitempty" xml:"responses>response,omitempty"`
 	Detail        string                      `json:"detail,omitempty" xml:"detail,omitempty"`
+	FirstIssued   string                      `json:"firstIssued,omitempty" xml:"firstIssued,omitempty"`
+	LastUpdated   string                      `json:"lastUpdated,omitempty" xml:"lastUpdated,omitempty"`
 }
 
 type VulnerabilityRating struct {

diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json
@@ -99,7 +99,9 @@
           "will_not_fix",
           "update"
         ],
-        "detail": "An optional explanation of why the application is not affected by the vulnerable component."
+        "detail": "An optional explanation of why the application is not affected by the vulnerable component.",
+        "firstIssued": "2022-01-01T00:00:00.000Z",
+        "lastUpdated": "2022-02-01T00:00:00.000Z"
       },
       "affects": [
         {

diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml
@@ -96,6 +96,8 @@
           <response>update</response>
         </responses>
         <detail>An optional explanation of why the application is not affected by the vulnerable component.</detail>
+        <firstIssued>2022-01-01T00:00:00.000Z</firstIssued>
+        <lastUpdated>2022-02-01T00:00:00.000Z</lastUpdated>
       </analysis>
       <affects>
         <target>

diff --git a/testdata/valid-vulnerability.json b/testdata/valid-vulnerability.json
@@ -97,7 +97,9 @@
         "state": "not_affected",
         "justification": "code_not_reachable",
         "response": ["will_not_fix", "update"],
-        "detail": "An optional explanation of why the application is not affected by the vulnerable component."
+        "detail": "An optional explanation of why the application is not affected by the vulnerable component.",
+        "firstIssued": "2022-01-01T00:00:00.000Z",
+        "lastUpdated": "2022-02-01T00:00:00.000Z"
       },
       "affects": [
         {

diff --git a/testdata/valid-vulnerability.xml b/testdata/valid-vulnerability.xml
@@ -97,6 +97,8 @@
                     <response>update</response>
                 </responses>
                 <detail>An optional explanation of why the application is not affected by the vulnerable component.</detail>
+                <firstIssued>2022-01-01T00:00:00.000Z</firstIssued>
+                <lastUpdated>2022-02-01T00:00:00.000Z</lastUpdated>
             </analysis>
             <affects>
                 <target>