Vulnerability Export Schema
Vulnerability schema for the Mondoo JSONL export
This is the schema Mondoo uses when exporting vulnerability data to JSONL.
Vulnerability type
object
Vulnerability properties
| Property | Type | Required? | Nullable? |
|---|---|---|---|
| space_mrn | string | Yes | No |
| space_id | string | Yes | No |
| space_name | string | Yes | No |
| asset_id | string | Yes | No |
| asset_mrn | string | Yes | No |
| vuln_mrn | string | Yes | No |
| vuln_id | string | Yes | No |
| type | string | Yes | No |
| summary | string | Yes | No |
| cvss_score | integer | No | No |
| cvss_severity | string | No | No |
| first_detected_on | string | Yes | No |
| resolved_on | string | Yes | No |
| exported_at | string | Yes | No |
| risk_factors | JSON | No | Yes |
| references | JSON | No | Yes |
| base_score | integer | Yes | No |
| risk_score | integer | Yes | No |
space_mrn property
Mondoo identifier for the space containing the asset
space_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
space_id property
Unique identifier for the space containing the asset
space_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
space_name property
Name of the space containing the asset
space_name
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
asset_id property
Unique identifier for the asset
asset_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
asset_mrn property
Mondoo identifier for the asset
asset_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
vuln_mrn property
Mondoo identifier for the vulnerability
vuln_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
vuln_id property
Unique CVE number or advisory number
vuln_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
type property
The type of the vulnerability: CVE or Advisory
type
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
summary property
Brief summary of the vulnerability
summary
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
cvss_score property
CVSS score (0 to 10)
cvss_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |
cvss_severity property
CVSS severity (Critical, High, Medium, Low, None)
cvss_score
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
first_detected_on property
Timestamp from when the vulnerability was first detected. This is a date-time string matching RFC 3339, section 5.6.
first_detected_on
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
resolved_on property
Optional timestamp from when the vulnerability was resolved. This is a date-time string matching RFC 3339, section 5.6.
resolved_on
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
exported_at property
Timestamp from when this vulnerability data was exported. This is a date-time string matching RFC 3339, section 5.6.
exported_at
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
risk_factors property
Read Risk Factors.
references property
CVE and advisory references
references
| Type | Required? | Nullable? |
|---|---|---|
| String | No | Yes |
base_score property
CVE or advisory score based on the most recent policy-based scan
base_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |
risk_score property
CVE or advisory's risk score
risk_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |