{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://jfrog.com/schemas/security-vulnerability",
  "title": "JFrog Security Vulnerability",
  "description": "Represents a security vulnerability as reported by JFrog Xray, including CVE details, severity scoring, affected components, and remediation information.",
  "type": "object",
  "properties": {
    "issue_id": {
      "type": "string",
      "description": "Unique Xray issue identifier",
      "examples": [
        "XRAY-12345"
      ]
    },
    "cve": {
      "type": "string",
      "description": "CVE identifier",
      "pattern": "^CVE-\\d{4}-\\d{4,}$",
      "examples": [
        "CVE-2021-44228",
        "CVE-2023-0001"
      ]
    },
    "severity": {
      "type": "string",
      "description": "Vulnerability severity level",
      "enum": [
        "Low",
        "Medium",
        "High",
        "Critical"
      ]
    },
    "cvss_v2_score": {
      "type": "number",
      "description": "CVSS v2 score",
      "minimum": 0,
      "maximum": 10
    },
    "cvss_v3_score": {
      "type": "number",
      "description": "CVSS v3 score",
      "minimum": 0,
      "maximum": 10
    },
    "cvss_v3_vector": {
      "type": "string",
      "description": "CVSS v3 vector string",
      "examples": [
        "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
      ]
    },
    "summary": {
      "type": "string",
      "description": "Brief summary of the vulnerability"
    },
    "description": {
      "type": "string",
      "description": "Detailed description of the vulnerability"
    },
    "issue_type": {
      "type": "string",
      "description": "Type of the security issue",
      "enum": [
        "security",
        "license",
        "operational_risk"
      ]
    },
    "provider": {
      "type": "string",
      "description": "Vulnerability data provider",
      "examples": [
        "JFrog",
        "NVD"
      ]
    },
    "published": {
      "type": "string",
      "format": "date-time",
      "description": "Date the vulnerability was first published"
    },
    "updated": {
      "type": "string",
      "format": "date-time",
      "description": "Date the vulnerability information was last updated"
    },
    "references": {
      "type": "array",
      "description": "External references for the vulnerability",
      "items": {
        "type": "string",
        "format": "uri"
      }
    },
    "fixed_versions": {
      "type": "array",
      "description": "Component versions that fix this vulnerability",
      "items": {
        "type": "string"
      }
    },
    "impacted_artifacts": {
      "type": "array",
      "description": "Artifacts impacted by this vulnerability",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string"
          },
          "display_name": {
            "type": "string"
          },
          "path": {
            "type": "string"
          },
          "sha256": {
            "type": "string"
          },
          "pkg_type": {
            "type": "string"
          }
        }
      }
    },
    "component": {
      "type": "object",
      "description": "The affected component details",
      "properties": {
        "component_id": {
          "type": "string",
          "description": "Component identifier",
          "examples": [
            "npm://lodash:4.17.20",
            "maven://org.apache.logging.log4j:log4j-core:2.14.1"
          ]
        },
        "package_type": {
          "type": "string",
          "description": "Package ecosystem type"
        },
        "name": {
          "type": "string"
        },
        "version": {
          "type": "string"
        },
        "fixed_version": {
          "type": "string"
        }
      }
    }
  },
  "required": [
    "issue_id",
    "severity",
    "summary"
  ]
}