Vulnerability

avidtools.datamodels.vulnerability

A vulnerability (vuln) is a high-level evidence of an AI failure mode, in line with the NIST CVEs. These are linked to the taxonomy through multiple tags, denoting the AI risk domains (Security, Ethics, Performance) this vulnerability pertains to, (sub)categories under that domain, as well as AI lifecycle stages.

Class definitions for AVID vulnerability.

class VulnMetadata(*, vuln_id: str)[source]

Metadata class for a vulnerability.

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class ReportSummary(*, report_id: str, type: TypeEnum, name: str)[source]

Summary of a report connected to a vuln.

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class Vulnerability(*, data_type: str = 'AVID', data_version: str | None = None, metadata: VulnMetadata | None = None, affects: Affects | None = None, problemtype: Problemtype | None = None, references: List[Reference] | None = None, description: LangValue | None = None, reports: List[ReportSummary] | None = None, impact: Impact | None = None, credit: List[LangValue] | None = None, published_date: date | None = None, last_modified_date: date | None = None)[source]

Top-level class to store an AVID vulnerability.

data_type: str

Namespace for the report. Set to AVID by default, change this only if you’re adopting these datamodels to stand up your own vulnerability database.

data_version: str | None

Latest version of the data.

metadata: VulnMetadata | None

Metadata for the vuln.

affects: Affects | None

Information on Artifact(s) affected by this report.

problemtype: Problemtype | None

Description of the problem a report is concerned with.

references: List[Reference] | None

References and their details.

description: LangValue | None

High-level description.

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

reports: List[ReportSummary] | None

Brief summary of all reports connected to a vuln.

impact: Impact | None

Impact information, e.g. different taxonomy mappings, harm and severity scores.

credit: List[LangValue] | None

People credited for this vuln.

published_date: date | None

Date published.

last_modified_date: date | None

Date last modified.

save(location)[source]

Save a report as a json file.

Parameters:

location (str) – output *.json filename including location.