Vulnerability Export Schema
Reference the vulnerability object schema and properties used in Mondoo JSONL exports.
This is the schema Mondoo uses when exporting vulnerability data to JSONL.
Vulnerability type
object
Vulnerability properties
| Property | Type | Required? | Nullable? |
|---|---|---|---|
| space_mrn | string | Yes | No |
| space_id | string | Yes | No |
| space_name | string | Yes | No |
| asset_id | string | Yes | No |
| asset_mrn | string | Yes | No |
| asset_name | string | Yes | No |
| vuln_mrn | string | Yes | No |
| vuln_id | string | Yes | No |
| type | string | Yes | No |
| summary | string | Yes | No |
| first_detected_on | string | Yes | No |
| resolved_on | string | Yes | Yes |
| published_date | string | No | Yes |
| exported_at | string | Yes | No |
| time_travel_id | string | Yes | No |
| url | string | Yes | No |
| cvss_score | integer | No | No |
| cvss_severity | string | No | No |
| cvss_vector | string | No | No |
| risk_factors | JSON | No | Yes |
| risk_score | integer | Yes | No |
| risk_value | integer | Yes | No |
| base_score | integer | Yes | No |
| references | JSON | No | Yes |
| cve_refs | JSON | No | Yes |
| remediation | JSON | No | Yes |
| evidence | JSON | No | Yes |
| epss_score | number | No | Yes |
| epss_percentile | number | No | Yes |
space_mrn property
Mondoo identifier for the space containing the asset
space_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
space_id property
Unique identifier for the space containing the asset
space_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
space_name property
Name of the space containing the asset
space_name
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
asset_id property
Space-unique asset identifier
asset_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
asset_mrn property
Globally unique asset MRN
asset_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
asset_name property
Asset display name
asset_name
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
vuln_mrn property
Mondoo identifier for the vulnerability
vuln_mrn
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
vuln_id property
CVE ID or equivalent advisory number
vuln_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
type property
The type of the vulnerability (CVE, Package, etc.)
type
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
summary property
Brief description of the vulnerability
summary
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
first_detected_on property
Timestamp from when the vulnerability was first detected. This is a date-time string matching RFC 3339, section 5.6.
first_detected_on
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
resolved_on property
Timestamp from when the vulnerability was resolved. This is a date-time string matching RFC 3339, section 5.6. Null if the vulnerability is not yet resolved.
resolved_on
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | Yes |
published_date property
Public disclosure date. This is a date-time string matching RFC 3339, section 5.6. Null if the date is not available.
published_date
| Type | Required? | Nullable? |
|---|---|---|
| String | No | Yes |
exported_at property
Timestamp from when this vulnerability data was exported. This is a date-time string matching RFC 3339, section 5.6.
exported_at
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
time_travel_id property
Point-in-time query ID
time_travel_id
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
url property
Console URL for the vulnerability
url
| Type | Required? | Nullable? |
|---|---|---|
| String | Yes | No |
cvss_score property
CVSS score in integer format (for example, 9.8 is represented as 98)
cvss_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | No | No |
cvss_severity property
CVSS severity (Critical, High, Medium, Low, None)
cvss_severity
| Type | Required? | Nullable? |
|---|---|---|
| String | No | No |
cvss_vector property
CVSS vector string
cvss_vector
| Type | Required? | Nullable? |
|---|---|---|
| String | No | No |
risk_factors property
Read Risk Factor Export Schema.
risk_score property
Risk score (0-100)
risk_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |
risk_value property
Derived value: 100 - risk_score
risk_value
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |
base_score property
Base score (0-100)
base_score
| Type | Required? | Nullable? |
|---|---|---|
| Integer | Yes | No |
references property
Reference URLs for CVEs and advisories
references
| Type | Required? | Nullable? |
|---|---|---|
| JSON | No | Yes |
cve_refs property
Cross-referenced CVE IDs
cve_refs
| Type | Required? | Nullable? |
|---|---|---|
| JSON | No | Yes |
remediation property
JSON remediation data
remediation
| Type | Required? | Nullable? |
|---|---|---|
| JSON | No | Yes |
evidence property
Evidence objects
evidence
| Type | Required? | Nullable? |
|---|---|---|
| JSON | No | Yes |
epss_score property
Exploit Prediction Scoring System score (0.0-1.0)
epss_score
| Type | Required? | Nullable? |
|---|---|---|
| Number | No | Yes |
epss_percentile property
EPSS percentile (0.0-100.0)
epss_percentile
| Type | Required? | Nullable? |
|---|---|---|
| Number | No | Yes |