From a36e57c75eec7d8d8ffc77fbe4aad3db3f877686 Mon Sep 17 00:00:00 2001 From: Davide Fucci Date: Mon, 8 Jul 2024 12:45:29 +0200 Subject: [PATCH] add VEX file with vulnerabilities information to SBOM (#2095) Co-authored-by: Davide Fucci --- .../camel-kamelets-sbom.vex.json | 145 ++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 camel-kamelets-sbom/camel-kamelets-sbom.vex.json diff --git a/camel-kamelets-sbom/camel-kamelets-sbom.vex.json b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json new file mode 100644 index 000000000..9557ae0d3 --- /dev/null +++ b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json @@ -0,0 +1,145 @@ +{ + "@context": "https://openvex.dev/ns/v0.2.0", + "@id": "https://openvex.dev/docs/public/vex-1825a239e56e9f5a1a6096a98c5f1d3a426a0eb6d4574e602b4a62c0101bbad1", + "author": "Davide Fucci (davide.fucci@bth.se)", + "timestamp": "2024-06-19T09:27:02.736293+02:00", + "last_updated": "2024-06-19T09:42:01.034645+02:00", + "version": 11, + "statements": [ + { + "vulnerability": { + "name": "CVE-2023-3635" + }, + "timestamp": "2024-06-19T09:27:02.736294+02:00", + "products": [ + { + "@id": "pkg:maven/com.squareup.okio/okio@1.15.0?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2023-39410" + }, + "timestamp": "2024-06-19T09:29:01.449532+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.avro/avro@1.8.2?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2019-10202" + }, + "timestamp": "2024-06-19T09:33:14.931683+02:00", + "products": [ + { + "@id": "pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2019-10172" + }, + "timestamp": "2024-06-19T09:34:26.033861+02:00", + "products": [ + { + "@id": "pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-25710" + }, + "timestamp": "2024-06-19T09:35:44.392635+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2021-35515" + }, + "timestamp": "2024-06-19T09:36:23.804341+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2021-35565" + }, + "timestamp": "2024-06-19T09:36:45.465007+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2018-11771" + }, + "timestamp": "2024-06-19T09:37:11.953898+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2021-36090" + }, + "timestamp": "2024-06-19T09:37:37.997898+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2021-35517" + }, + "timestamp": "2024-06-19T09:38:00.592205+02:00", + "products": [ + { + "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar" + } + ], + "status": "under_investigation" + }, + { + "vulnerability": { + "name": "CVE-2024-35255" + }, + "timestamp": "2024-06-19T09:42:01.034646+02:00", + "products": [ + { + "@id": "pkg:maven/com.microsoft.azure/msal4j@1.15.0?type=jar" + }, + { + @id: "pkg:maven/com.azure/azure-identity@1.12.0?type=jar" + } + ], + "status": "under_investigation" + } + ] +}