up

samples/linkset/lnm-22-001/README.md

@@ -0,0 +1,7 @@
+# SAMPLES-LNM-22-001 fixtures
+
+Two linkset/observation pairs illustrating disagreements and investigation state.
+- `observations.ndjson` — raw observations (NVD, GHSA, OSV) with evidence hashes and timestamps.
+- `linksets.ndjson` — merged linkset view showing conflicts (`affected` vs `not_affected`) and a separate under-investigation case.
+
+Determinism: sorted by vulnerabilityId then purl; timestamps in UTC; hashes are placeholders for demo use.

samples/linkset/lnm-22-001/linksets.ndjson

@@ -0,0 +1,2 @@
+{"tenant":"demo","linksetId":"CVE-2025-1000:pkg:maven/org.example/app@1.2.3","vulnerabilityId":"CVE-2025-1000","purl":"pkg:maven/org.example/app@1.2.3","statuses":["affected","not_affected"],"providers":["nvd","ghsa"],"conflicts":[{"providerId":"nvd","status":"affected"},{"providerId":"ghsa","status":"not_affected","justification":"component_not_present"}],"observations":["obs-nvd-0001","obs-ghsa-0001"],"createdAt":"2025-11-12T00:00:00Z"}
+{"tenant":"demo","linksetId":"CVE-2025-2000:pkg:npm/example/app@4.5.6","vulnerabilityId":"CVE-2025-2000","purl":"pkg:npm/example/app@4.5.6","statuses":["under_investigation"],"providers":["osv"],"conflicts":[],"observations":["obs-osv-0001"],"createdAt":"2025-11-12T00:00:00Z"}

samples/linkset/lnm-22-001/observations.ndjson

@@ -0,0 +1,3 @@
+{"tenant":"demo","source":"nvd","observationId":"obs-nvd-0001","vulnerabilityId":"CVE-2025-1000","purl":"pkg:maven/org.example/app@1.2.3","status":"affected","justification":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2025-1000"],"evidenceHash":"sha256:aaa111","createdAt":"2025-11-10T00:00:00Z"}
+{"tenant":"demo","source":"ghsa","observationId":"obs-ghsa-0001","vulnerabilityId":"CVE-2025-1000","purl":"pkg:maven/org.example/app@1.2.3","status":"not_affected","justification":"component_not_present","references":["https://github.com/advisories/GHSA-xxxx-xxxx"],"evidenceHash":"sha256:bbb222","createdAt":"2025-11-11T00:00:00Z"}
+{"tenant":"demo","source":"osv","observationId":"obs-osv-0001","vulnerabilityId":"CVE-2025-2000","purl":"pkg:npm/example/app@4.5.6","status":"under_investigation","justification":null,"references":["https://osv.dev/GHSA-yyyy"],"evidenceHash":"sha256:ccc333","createdAt":"2025-11-12T00:00:00Z"}

samples/linkset/lnm-22-002/README.md

@@ -0,0 +1,7 @@
+# SAMPLES-LNM-22-002 fixtures
+
+Excititor VEX observations demonstrating conflicting statuses for the same product/vulnerability.
+- `vex-observations.ndjson` — three providers: not_affected (component_not_present), under_investigation, and affected.
+- Includes linkset references and disagreements for downstream correlation.
+
+Determinism: ordered by createdAt; hashes are placeholders; UTC timestamps.

samples/linkset/lnm-22-002/vex-observations.ndjson

@@ -0,0 +1,3 @@
+{"tenant":"demo","providerId":"exc-supplier-a","observationId":"vex-obs-0001","vulnerabilityId":"CVE-2025-3000","productKey":"pkg:deb/demo/app@1.0.0","status":"not_affected","justification":"component_not_present","evidenceHash":"sha256:ddd444","createdAt":"2025-11-10T00:00:00Z","linkset":{"purls":["pkg:deb/demo/app@1.0.0"],"references":[{"type":"advisory","url":"https://example.com/advisory-3000"}]}}
+{"tenant":"demo","providerId":"exc-supplier-b","observationId":"vex-obs-0002","vulnerabilityId":"CVE-2025-3000","productKey":"pkg:deb/demo/app@1.0.0","status":"under_investigation","justification":null,"evidenceHash":"sha256:eee555","createdAt":"2025-11-11T00:00:00Z","linkset":{"purls":["pkg:deb/demo/app@1.0.0"],"references":[{"type":"cve","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3000"}]}}
+{"tenant":"demo","providerId":"exc-supplier-c","observationId":"vex-obs-0003","vulnerabilityId":"CVE-2025-3000","productKey":"pkg:deb/demo/app@1.0.0","status":"affected","justification":null,"evidenceHash":"sha256:fff666","createdAt":"2025-11-12T00:00:00Z","linkset":{"purls":["pkg:deb/demo/app@1.0.0"],"references":[{"type":"vendor","url":"https://vendor.example.com/notice"}],"disagreements":[{"providerId":"exc-supplier-a","status":"not_affected"}]}}