{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/api-evangelist/vanta/main/json-schema/vanta-vulnerability-schema.json", "title": "Vanta Vulnerability", "description": "A security vulnerability tracked in the Vanta compliance platform", "type": "object", "required": ["id", "title", "severity", "status"], "properties": { "id": { "type": "string", "description": "Unique vulnerability identifier assigned by Vanta" }, "title": { "type": "string", "description": "Human-readable vulnerability title" }, "description": { "type": "string", "description": "Detailed description of the vulnerability" }, "severity": { "type": "string", "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"], "description": "Vulnerability severity level based on CVSS or custom scoring" }, "status": { "type": "string", "enum": ["OPEN", "REMEDIATED", "ACCEPTED"], "description": "Current remediation status" }, "cvssScore": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS base score (0.0 to 10.0)" }, "cveId": { "type": ["string", "null"], "pattern": "^CVE-\\d{4}-\\d{4,}$", "description": "CVE identifier if this is a known CVE" }, "remediationSlaDate": { "type": ["string", "null"], "format": "date-time", "description": "SLA deadline by which the vulnerability must be remediated" }, "discoveredAt": { "type": "string", "format": "date-time", "description": "Timestamp when the vulnerability was first discovered" }, "remediatedAt": { "type": ["string", "null"], "format": "date-time", "description": "Timestamp when the vulnerability was remediated" }, "affectedResources": { "type": "array", "items": { "type": "string" }, "description": "List of Vanta resource IDs affected by this vulnerability" } }, "additionalProperties": false }