Vulnerability is a JSON Structure definition published by Vanta.
{
"name": "Vulnerability",
"description": "Security vulnerability tracked in Vanta",
"fields": [
{ "name": "id", "type": "string", "required": true, "description": "Unique identifier" },
{ "name": "title", "type": "string", "required": true, "description": "Vulnerability title" },
{ "name": "description", "type": "string", "required": false, "description": "Detailed description" },
{ "name": "severity", "type": "enum", "required": true, "values": ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"], "description": "Severity level" },
{ "name": "status", "type": "enum", "required": true, "values": ["OPEN", "REMEDIATED", "ACCEPTED"], "description": "Remediation status" },
{ "name": "cvssScore", "type": "number", "required": false, "description": "CVSS score 0-10" },
{ "name": "cveId", "type": "string", "required": false, "description": "CVE identifier" },
{ "name": "remediationSlaDate", "type": "date-time", "required": false, "description": "SLA deadline" },
{ "name": "discoveredAt", "type": "date-time", "required": true, "description": "Discovery timestamp" },
{ "name": "remediatedAt", "type": "date-time", "required": false, "description": "Remediation timestamp" },
{ "name": "affectedResources", "type": "array<string>", "required": false, "description": "Affected resource IDs" }
]
}