{
  "@context": "https://openvex.dev/ns/v0.2.0",
  "@id": "https://stellaops.example/vex/2025-12-13/CVE-2023-XXXXX-not-affected",
  "author": "StellaOps Policy Engine",
  "role": "automated-scanner",
  "timestamp": "2025-12-13T10:00:00Z",
  "version": 1,
  "tooling": "StellaOps/1.0.0",
  "statements": [
    {
      "vulnerability": {
        "@id": "CVE-2023-XXXXX",
        "name": "CVE-2023-XXXXX",
        "description": "Example vulnerability in deprecated API."
      },
      "products": [
        {
          "@id": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd",
          "identifiers": {
            "purl": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd"
          },
          "subcomponents": [
            {
              "@id": "pkg:maven/com.example/deprecated-lib@1.0.0",
              "identifiers": {
                "purl": "pkg:maven/com.example/deprecated-lib@1.0.0"
              }
            }
          ]
        }
      ],
      "status": "not_affected",
      "justification": "vulnerable_code_not_in_execute_path",
      "impact_statement": "The deprecated API containing the vulnerable code path is not reachable from any entry point. Static analysis found no paths, and runtime probes observed zero invocations over 72 hours.",
      "stellaops:reachability": {
        "state": "CU",
        "state_description": "ConfirmedUnreachable",
        "confidence": 0.88,
        "graph_hash": "blake3:d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
        "graph_cas_uri": "cas://reachability/graphs/d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
        "dsse_uri": "cas://reachability/graphs/d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5.dsse",
        "path": [],
        "path_length": 0,
        "evidence": {
          "static": {
            "graph_hash": "blake3:d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
            "path_length": 0,
            "confidence": 0.85,
            "analysis_note": "No path found from any root to vulnerable symbol"
          },
          "runtime": {
            "probe_id": "probe:jfr:scan-456-001",
            "hit_count": 0,
            "observed_at": "2025-12-13T09:45:00Z",
            "observation_window": "72h",
            "analysis_note": "Zero invocations observed during 72-hour monitoring window"
          }
        },
        "fact_digest": "sha256:f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7",
        "fact_version": 2,
        "analyzer": {
          "name": "scanner.java",
          "version": "1.2.0"
        }
      }
    }
  ]
}