Package Export Schema

This is the schema Mondoo uses when exporting package data to JSONL.

Package type

object

Package properties

space_mrn property

Mondoo identifier for the space containing the asset

space_mrn

space_id property

Unique identifier for the space containing the asset

space_id

space_name property

Name of the space containing the asset

space_name

asset_id property

Space-unique asset identifier

asset_id

asset_mrn property

Globally unique asset MRN

asset_mrn

asset_name property

Asset display name

asset_name

package_name property

Package name

package_name

package_version property

Installed package version

package_version

fixed_version property

Version with fix available. Null if no fix is available.

fixed_version

vuln_mrns property

Associated vulnerability MRNs

vuln_mrns

vuln_ids property

Associated vulnerability IDs (CVE IDs or equivalent)

vuln_ids

first_detected_on property

Timestamp from when the vulnerable package was first detected. This is a date-time string matching RFC 3339, section 5.6.

first_detected_on

resolved_on property

Timestamp from when the vulnerability was resolved. This is a date-time string matching RFC 3339, section 5.6. Null if not yet resolved.

resolved_on

exported_at property

Timestamp when this data was exported. This is a date-time string matching RFC 3339, section 5.6.

exported_at

cvss_score property

Maximum CVSS score of associated vulnerabilities, in integer format (for example, 9.8 is represented as 98)

cvss_score

cvss_severity property

CVSS severity (Critical, High, Medium, Low, None)

cvss_severity

risk_factors property

Read Risk Factor Export Schema.

base_score property

Base score (0-100)

base_score

risk_score property

Risk score (0-100)

risk_score

risk_value property

Derived value: 100 - risk_score

risk_value

time_travel_id property

Point-in-time query ID

time_travel_id

remediation property

JSON remediation data

remediation

evidence property

Evidence objects

evidence

---