NAME

SBOM::CycloneDX::Vulnerability - Vulnerability

SYNOPSIS

SBOM::CycloneDX::Vulnerability->new();

DESCRIPTION

SBOM::CycloneDX::Vulnerability Defines a weakness in a component or service that could be exploited or triggered by a threat source.

METHODS

SBOM::CycloneDX::Vulnerability inherits all methods from SBOM::CycloneDX::Base and implements the following new ones.

SBOM::CycloneDX::Vulnerability->new( %PARAMS )

Properties:

advisories, Published advisories of the vulnerability if provided.
affects, The components or services that are affected by the vulnerability.
analysis, An assessment of the impact and exploitability of the vulnerability.
bom_ref, An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM. Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.
created, The date and time (timestamp) when the vulnerability record was created in the vulnerability database.
credits, Individuals or organizations credited with the discovery of the vulnerability.
cwes, List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability.
description, A description of the vulnerability as provided by the source.
detail, If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause.
id, The identifier that uniquely identifies the vulnerability.
proof_of_concept, Evidence used to reproduce the vulnerability.
properties, Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy (https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.
published, The date and time (timestamp) when the vulnerability record was first published.
ratings, List of vulnerability ratings
recommendation, Recommendations of how the vulnerability can be remediated or mitigated.
references, Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.
rejected, The date and time (timestamp) when the vulnerability record was rejected (if applicable).
source, The source that published the vulnerability.
tools, The tool(s) used to identify, confirm, or score the vulnerability.
updated, The date and time (timestamp) when the vulnerability record was last updated.
workaround, A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments.

$vulnerability->advisories

$vulnerability->affects

$vulnerability->analysis

$vulnerability->bom_ref

$vulnerability->created

$vulnerability->credits

$vulnerability->cwes

$vulnerability->description

$vulnerability->detail

$vulnerability->id

$vulnerability->proof_of_concept

$vulnerability->properties

$vulnerability->published

$vulnerability->ratings

$vulnerability->recommendation

$vulnerability->references

$vulnerability->rejected

$vulnerability->source

$vulnerability->tools

$vulnerability->updated

$vulnerability->workaround

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-SBOM-CycloneDX

git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git

AUTHOR

Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install SBOM::CycloneDX, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SBOM::CycloneDX

CPAN shell

perl -MCPAN -e shell
install SBOM::CycloneDX

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)