Affected Software Package

Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on.

The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a🍎safari:16.2.

The software package epoch. Epoch is a way to define weighted dependencies based on version numbers.

The software package version in which a reported vulnerability was patched/fixed.

Entity:FINGERPRINT
Cryptographic hash to identify the binary instance of a software component. This can include any component such file, package, or library.

The software license applied to this package.

The software package name.

The software packager manager utilized to manage a package on a system, e.g. npm, yum, dpkg etc.

The installation path of the affected package.

A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases.

Group:context
The event data as received from the event source.

Group:primary
Unique identifier for the object

Release is the number of times a version of the software has been packaged.

Describes the recommended remediation steps to address identified issue(s).

The type of software package, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source.

The type of software package.

• 0: Unknown (UNKNOWN)
• 1: Application (APPLICATION)
• 2: Operating System (OPERATING_SYSTEM)
• 99: Other (OTHER)

Data from the source that was not mapped into the schema.

The name of the vendor who published the software package.

The software package version.