Get FDA ready Services
Solutions
Guardian help Get a demo

How do I read a CPE string?

CPE format

CPE follows this format: cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>

  • cpe_version: This is the version of the CPE definition. As of this writing, the latest CPE definition version is 2.3.

  • part: This can be one of three values: a for Applications, h for Hardware, o for Operating systems. It is sometimes referred to as type.

  • vendor: This identifies the person or organization that manufactured or created this dependency component.

  • product: This is the name of the system/package/component.

  • version: This is the version of the system/package/component.

  • update: This shows any update or service pack information, also known as minor versions.

  • edition: This describes the build of the system/package/component beyond version.

  • sw_edition (2.3 only): This indicates the language of the system/package/component, such as en-us for US English.

  • target_sw (2.3 only): This indicates the language of the system/package/component, such as en-us for US English.

  • target_hw (2.3 only): This indicates the language of the system/package/component, such as en-us for US English.

  • other (2.3 only): This indicates the language of the system/package/component, such as en-us for US English.

What does a wildcard in a CPE string mean?

Anything that is a wildcard (*) means that no particular value was provided for that section, so it will encompass any applicable value in that section.

Examples

Application: If the URI is cpe:/a:microsoft:office:2007:sp2:professional then the CPE string is: cpe:2.3:a:microsoft:office:2007:sp2:-:*:professional:*:*:*

Operating system: If the URI is cpe:/o:microsoft:windows_7:-:sp1:x64 then the CPE string is: cpe:2.3:o:microsoft:windows_7:-:sp1:-:*:*:*:x64:*

Hardware (not supported in an SBOM): If the URI is cpe:/h:3com:3c13612 then the CPE string is: cpe:2.3:h:3com:3c13612:-:*:*:*:*:*:*:*

What does a wildcard indicate? Anything that is a wildcard (*) means that no particular value was provided for that section, so it will encompass any applicable value in that section.

PreviousWhat is CPE?NextAPI SDK feature preview

Last updated

© Copyright MedCrypt 2023, All rights reserved.