git.stella-ops.org/src/StellaOps.Concelier.Connector.StellaOpsMirror.Tests/Fixtures/mirror-bundle.sample.json

{
  "advisories": [
    {
      "advisoryKey": "CVE-2025-1111",
      "affectedPackages": [
        {
          "type": "semver",
          "identifier": "pkg:npm/example@1.0.0",
          "platform": null,
          "versionRanges": [
            {
              "fixedVersion": "1.2.0",
              "introducedVersion": "1.0.0",
              "lastAffectedVersion": null,
              "primitives": {
                "evr": null,
                "hasVendorExtensions": false,
                "nevra": null,
                "semVer": {
                  "constraintExpression": ">=1.0.0,<1.2.0",
                  "exactValue": null,
                  "fixed": "1.2.0",
                  "fixedInclusive": false,
                  "introduced": "1.0.0",
                  "introducedInclusive": true,
                  "lastAffected": null,
                  "lastAffectedInclusive": true,
                  "style": "range"
                },
                "vendorExtensions": null
              },
              "provenance": {
                "source": "ghsa",
                "kind": "map",
                "value": "range",
                "decisionReason": null,
                "recordedAt": "2025-10-19T12:00:00+00:00",
                "fieldMask": [
                  "affectedpackages[].versionranges[]"
                ]
              },
              "rangeExpression": ">=1.0.0,<1.2.0",
              "rangeKind": "semver"
            }
          ],
          "normalizedVersions": [
            {
              "scheme": "semver",
              "type": "range",
              "min": "1.0.0",
              "minInclusive": true,
              "max": "1.2.0",
              "maxInclusive": false,
              "value": null,
              "notes": null
            }
          ],
          "statuses": [
            {
              "provenance": {
                "source": "ghsa",
                "kind": "map",
                "value": "status",
                "decisionReason": null,
                "recordedAt": "2025-10-19T12:00:00+00:00",
                "fieldMask": [
                  "affectedpackages[].statuses[]"
                ]
              },
              "status": "fixed"
            }
          ],
          "provenance": [
            {
              "source": "ghsa",
              "kind": "map",
              "value": "package",
              "decisionReason": null,
              "recordedAt": "2025-10-19T12:00:00+00:00",
              "fieldMask": [
                "affectedpackages[]"
              ]
            }
          ]
        }
      ],
      "aliases": [
        "GHSA-xxxx-xxxx-xxxx"
      ],
      "canonicalMetricId": "cvss::ghsa::CVE-2025-1111",
      "credits": [
        {
          "displayName": "Security Researcher",
          "role": "reporter",
          "contacts": [
            "mailto:researcher@example.com"
          ],
          "provenance": {
            "source": "ghsa",
            "kind": "map",
            "value": "credit",
            "decisionReason": null,
            "recordedAt": "2025-10-19T12:00:00+00:00",
            "fieldMask": [
              "credits[]"
            ]
          }
        }
      ],
      "cvssMetrics": [
        {
          "baseScore": 9.8,
          "baseSeverity": "critical",
          "provenance": {
            "source": "ghsa",
            "kind": "map",
            "value": "cvss",
            "decisionReason": null,
            "recordedAt": "2025-10-19T12:00:00+00:00",
            "fieldMask": [
              "cvssmetrics[]"
            ]
          },
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      ],
      "cwes": [
        {
          "taxonomy": "cwe",
          "identifier": "CWE-79",
          "name": "Cross-site Scripting",
          "uri": "https://cwe.mitre.org/data/definitions/79.html",
          "provenance": [
            {
              "source": "ghsa",
              "kind": "map",
              "value": "cwe",
              "decisionReason": null,
              "recordedAt": "2025-10-19T12:00:00+00:00",
              "fieldMask": [
                "cwes[]"
              ]
            }
          ]
        }
      ],
      "description": "Deterministic test payload distributed via mirror.",
      "exploitKnown": false,
      "language": "en",
      "modified": "2025-10-11T00:00:00+00:00",
      "provenance": [
        {
          "source": "ghsa",
          "kind": "map",
          "value": "advisory",
          "decisionReason": null,
          "recordedAt": "2025-10-19T12:00:00+00:00",
          "fieldMask": [
            "advisory"
          ]
        }
      ],
      "published": "2025-10-10T00:00:00+00:00",
      "references": [
        {
          "kind": "advisory",
          "provenance": {
            "source": "ghsa",
            "kind": "map",
            "value": "reference",
            "decisionReason": null,
            "recordedAt": "2025-10-19T12:00:00+00:00",
            "fieldMask": [
              "references[]"
            ]
          },
          "sourceTag": "vendor",
          "summary": "Vendor bulletin",
          "url": "https://example.com/advisory"
        }
      ],
      "severity": "high",
      "summary": "Upstream advisory replicated through StellaOps mirror.",
      "title": "Sample Mirror Advisory"
    }
  ],
  "advisoryCount": 1,
  "displayName": "Primary Mirror",
  "domainId": "primary",
  "generatedAt": "2025-10-19T12:00:00+00:00",
  "schemaVersion": 1,
  "sources": [
    {
      "advisoryCount": 1,
      "firstRecordedAt": "2025-10-19T12:00:00+00:00",
      "lastRecordedAt": "2025-10-19T12:00:00+00:00",
      "source": "ghsa"
    }
  ],
  "targetRepository": "mirror-primary"
}