AppLens API - Data Models

Overview of all entity and DTO classes used across the application.

Table of Contents

Entity

Vulnerability

com.applens.api.model | Table: vulnerabilities

The core JPA entity representing a normalized vulnerability record persisted to the database. Aggregates data from multiple sources (CISA KEV, Cisco PSIRT).

Identification

Field Type Constraints Description
id Long PK, auto-generated Internal primary key
cveId String unique, not null CVE identifier (e.g. CVE-2024-12345)

Vulnerability Details

Field Type Description
description String (TEXT) Vulnerability description / summary
vendorProject String (TEXT) Affected vendor or project name
product String (TEXT) Affected product name
vulnerabilityName String (TEXT) Human-readable vulnerability name
cvssBaseScore Double CVSS v3 base score (0.0 -- 10.0)
severity String (TEXT) Severity rating (e.g. Critical, High)
cweIds String (TEXT) Associated CWE identifiers (comma-separated)

Tracking & Remediation

Field Type Description
source String Data source (CISA_KEV, CISCO_PSIRT)
status String Advisory status
requiredAction String (TEXT) Recommended remediation action
knownRansomwareCampaignUse String Whether exploited in ransomware campaigns
notes String (TEXT) Additional notes

Dates

Field Type Description
dateAdded LocalDate Date the vulnerability was added to its catalog
dueDate LocalDate Remediation due date
discoveredAt LocalDateTime Timestamp when first ingested
lastUpdated LocalDateTime Timestamp of last update

DTOs: Cisco PSIRT

CiscoOAuthResponse

com.applens.api.dto.cisco

Response from the Cisco OAuth2 token endpoint.

Field Type JSON Property Description
accessToken String access_token Bearer token
tokenType String token_type Token type (e.g. Bearer)
expiresIn int expires_in Token TTL in seconds

CiscoPsirtResponse

com.applens.api.dto.cisco

Top-level wrapper for the Cisco PSIRT advisory API response.

Field Type Description
advisories List<CiscoPsirtAdvisory> List of security advisories

CiscoPsirtAdvisory

com.applens.api.dto.cisco

A single Cisco PSIRT security advisory.

Field Type Description
advisoryId String Cisco advisory identifier
advisoryTitle String Advisory title
cves List<String> Associated CVE IDs
cvssBaseScore String CVSS v3 base score
cwe List<String> Associated CWE identifiers
firstPublished String Initial publication date
lastUpdated String Last update date
status String Advisory status
sir String Security Impact Rating
summary String Advisory summary text
productNames List<String> Affected product names
publicationUrl String URL to the full advisory

DTOs: CISA KEV

CisaKevResponse

com.applens.api.dto.cisa

Top-level wrapper for the CISA Known Exploited Vulnerabilities catalog API response.

Field Type Description
title String Catalog title
catalogVersion String Catalog version string
dateReleased String Catalog release date
count int Total vulnerability count
vulnerabilities List<CisaKevVulnerability> List of KEV entries

CisaKevVulnerability

com.applens.api.dto.cisa

A single entry from the CISA Known Exploited Vulnerabilities catalog.

Field Type Description
cveID String CVE identifier
vendorProject String Affected vendor or project
product String Affected product
vulnerabilityName String Vulnerability name
dateAdded String Date added to the KEV catalog
shortDescription String Brief description
requiredAction String Required remediation action
dueDate String Remediation due date
knownRansomwareCampaignUse String Ransomware campaign usage indicator
notes String Additional notes
cwes List<String> Associated CWE identifiers