{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "#Weakness", "description": "A security weakness identified by a Common Weakness Enumeration (CWE) identifier.", "type": "object", "allOf": [ { "$ref": "#RecordEntity" }, { "properties": { "category": { "description": "The category of the vulnerability finding", "type": "string", "examples": ["application", "system", "infrastructure", "other"] }, "exploitability": { "description": "Indicates the likelihood of exploit.", "type": "string" }, "references": { "description": "The array of links to references.", "type": "array", "items": { "type": "string" } }, "open": { "description": "Indicates whether the CWE weakness is currently open (unresolved) against the entity. This boolean field is true when the weakness is active and false when it is resolved or no longer applicable. If the open status is not provided, it defaults to true.", "type": ["boolean"], "default": true }, "cweId": { "description": "The Common Weakness Enumeration (CWE) identifier of the weakness as a string formatted exactly as CWE-NNN, where NNN is one or more digits. This field must contain only the CWE ID with no additional text or context. For example, CWE-117 is valid, but 'cwe-117: FeedbackSubmit.java (Line: 142)' is invalid.", "oneOf": [ { "type": "string", "pattern": "^CWE-\\d+$" }, { "type": "null" } ] } }, "required": ["open", "cweId"] } ] }