This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git
The following commit(s) were added to refs/heads/main by this push:
new a36e57c7 add VEX file with vulnerabilities information to SBOM (#2095)
a36e57c7 is described below
commit a36e57c75eec7d8d8ffc77fbe4aad3db3f877686
Author: Davide Fucci <dfu...@users.noreply.github.com>
AuthorDate: Mon Jul 8 12:45:29 2024 +0200
add VEX file with vulnerabilities information to SBOM (#2095)
Co-authored-by: Davide Fucci <m...@dfucci.co>
---
camel-kamelets-sbom/camel-kamelets-sbom.vex.json | 145 +++++++++++++++++++++++
1 file changed, 145 insertions(+)
diff --git a/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
new file mode 100644
index 00000000..9557ae0d
--- /dev/null
+++ b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
@@ -0,0 +1,145 @@
+{
+ "@context": "https://openvex.dev/ns/v0.2.0";,
+ "@id":
"https://openvex.dev/docs/public/vex-1825a239e56e9f5a1a6096a98c5f1d3a426a0eb6d4574e602b4a62c0101bbad1";,
+ "author": "Davide Fucci (davide.fu...@bth.se)",
+ "timestamp": "2024-06-19T09:27:02.736293+02:00",
+ "last_updated": "2024-06-19T09:42:01.034645+02:00",
+ "version": 11,
+ "statements": [
+ {
+ "vulnerability": {
+ "name": "CVE-2023-3635"
+ },
+ "timestamp": "2024-06-19T09:27:02.736294+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/com.squareup.okio/okio@1.15.0?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2023-39410"
+ },
+ "timestamp": "2024-06-19T09:29:01.449532+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.avro/avro@1.8.2?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2019-10202"
+ },
+ "timestamp": "2024-06-19T09:33:14.931683+02:00",
+ "products": [
+ {
+ "@id":
"pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2019-10172"
+ },
+ "timestamp": "2024-06-19T09:34:26.033861+02:00",
+ "products": [
+ {
+ "@id":
"pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2024-25710"
+ },
+ "timestamp": "2024-06-19T09:35:44.392635+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2021-35515"
+ },
+ "timestamp": "2024-06-19T09:36:23.804341+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2021-35565"
+ },
+ "timestamp": "2024-06-19T09:36:45.465007+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2018-11771"
+ },
+ "timestamp": "2024-06-19T09:37:11.953898+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2021-36090"
+ },
+ "timestamp": "2024-06-19T09:37:37.997898+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2021-35517"
+ },
+ "timestamp": "2024-06-19T09:38:00.592205+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/org.apache.commons/commons-compress@1.8.1?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ },
+ {
+ "vulnerability": {
+ "name": "CVE-2024-35255"
+ },
+ "timestamp": "2024-06-19T09:42:01.034646+02:00",
+ "products": [
+ {
+ "@id": "pkg:maven/com.microsoft.azure/msal4j@1.15.0?type=jar"
+ },
+ {
+ @id: "pkg:maven/com.azure/azure-identity@1.12.0?type=jar"
+ }
+ ],
+ "status": "under_investigation"
+ }
+ ]
+}
