diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py
index 9ad3d52f..eadf1e64 100644
--- a/cyclonedx/model/vulnerability.py
+++ b/cyclonedx/model/vulnerability.py
@@ -235,11 +235,15 @@ def __init__(
justification: Optional[ImpactAnalysisJustification] = None,
responses: Optional[Iterable[ImpactAnalysisResponse]] = None,
detail: Optional[str] = None,
+ first_issued: Optional[datetime] = None,
+ last_updated: Optional[datetime] = None,
) -> None:
self.state = state
self.justification = justification
self.responses = responses or [] # type:ignore[assignment]
self.detail = detail
+ self.first_issued = first_issued
+ self.last_updated = last_updated
@property
@serializable.xml_sequence(1)
@@ -307,29 +311,33 @@ def detail(self) -> Optional[str]:
def detail(self, detail: Optional[str]) -> None:
self._detail = detail
- # @property
- # @serializable.view(SchemaVersion1Dot5)
- # @serializable.xml_sequence(5)
- # def first_issued(self) -> ...:
- # ... # TODO since CDX 1.5
- #
- # @first_issued.setter
- # def first_issued(self, ...) -> None:
- # ... # TODO since CDX 1.5
+ @property
+ @serializable.view(SchemaVersion1Dot5)
+ @serializable.view(SchemaVersion1Dot6)
+ @serializable.type_mapping(serializable.helpers.XsdDateTime)
+ @serializable.xml_sequence(5)
+ def first_issued(self) -> Optional[datetime]:
+ return self._first_issued
- # @property
- # @serializable.view(SchemaVersion1Dot5)
- # @serializable.xml_sequence(6)
- # def last_updated(self) -> ...:
- # ... # TODO since CDX 1.5
- #
- # @last_updated.setter
- # def last_updated(self, ...) -> None:
- # ... # TODO since CDX 1.5
+ @first_issued.setter
+ def first_issued(self, first_issue: Optional[datetime]) -> None:
+ self._first_issued = first_issue
+
+ @property
+ @serializable.view(SchemaVersion1Dot5)
+ @serializable.view(SchemaVersion1Dot6)
+ @serializable.type_mapping(serializable.helpers.XsdDateTime)
+ @serializable.xml_sequence(6)
+ def last_updated(self) -> Optional[datetime]:
+ return self._last_updated
+
+ @last_updated.setter
+ def last_updated(self, last_updated: Optional[datetime]) -> None:
+ self._last_updated = last_updated
def __comparable_tuple(self) -> _ComparableTuple:
return _ComparableTuple((
- self.state, self.justification, tuple(self.responses), self.detail
+ self.state, self.justification, tuple(self.responses), self.detail, self.first_issued, self.last_updated
))
def __eq__(self, other: object) -> bool:
diff --git a/tests/_data/models.py b/tests/_data/models.py
index a312178a..6a25c552 100644
--- a/tests/_data/models.py
+++ b/tests/_data/models.py
@@ -503,7 +503,11 @@ def get_bom_with_component_setuptools_with_vulnerability() -> Bom:
)),
analysis=VulnerabilityAnalysis(
state=ImpactAnalysisState.EXPLOITABLE, justification=ImpactAnalysisJustification.REQUIRES_ENVIRONMENT,
- responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail'
+ responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail',
+ first_issued=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+ tzinfo=timezone.utc),
+ last_updated=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+ tzinfo=timezone.utc)
),
affects=[
BomTarget(
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
index acfdf772..14b92331 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
@@ -59,7 +59,9 @@
],
"analysis": {
"detail": "Some extra detail",
+ "firstIssued": "2018-09-01T10:50:42.051979+00:00",
"justification": "requires_environment",
+ "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
"response": [
"can_not_fix"
],
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
index 719e696d..09e41d34 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
@@ -120,6 +120,8 @@
can_not_fix
Some extra detail
+ 2018-09-01T10:50:42.051979+00:00
+ 2018-09-01T10:50:42.051979+00:00
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
index 0931367c..69742402 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
@@ -59,7 +59,9 @@
],
"analysis": {
"detail": "Some extra detail",
+ "firstIssued": "2018-09-01T10:50:42.051979+00:00",
"justification": "requires_environment",
+ "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
"response": [
"can_not_fix"
],
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
index 9d46b7c0..36cb8aa0 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
@@ -126,6 +126,8 @@
can_not_fix
Some extra detail
+ 2018-09-01T10:50:42.051979+00:00
+ 2018-09-01T10:50:42.051979+00:00