{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://api-evangelist.github.io/sysdig/json-schema/sysdig-vulnerability-schema.json",
  "title": "Sysdig Vulnerability",
  "description": "Schema for a Sysdig Secure vulnerability finding",
  "type": "object",
  "properties": {
    "vuln": {
      "type": "string",
      "description": "CVE identifier (e.g., CVE-2021-44228)"
    },
    "severity": {
      "type": "string",
      "description": "Vulnerability severity level",
      "enum": ["Critical", "High", "Medium", "Low", "Negligible"]
    },
    "package": {
      "type": "string",
      "description": "Affected software package name"
    },
    "packageVersion": {
      "type": "string",
      "description": "Installed version of the affected package"
    },
    "fixVersion": {
      "type": "string",
      "description": "Version that resolves the vulnerability, if available"
    },
    "url": {
      "type": "string",
      "format": "uri",
      "description": "Link to vulnerability advisory or NVD entry"
    },
    "description": {
      "type": "string",
      "description": "Human-readable description of the vulnerability"
    }
  },
  "required": ["vuln", "severity", "package"]
}