Cloud Resource Identifier
Templates
A machine-readable format for identifying cloud resources affected by
known vulnerabilities. CVSS-style for cloud-native CVEs.
In-browser validator
Paste a CRIT record or a CVE 5.x record with x_crit. Instant JSON Schema validation, vector round-trip checks, dictionary resolution. No data leaves your browser.
Vector strings
CVSS-style compact encoding. CRITv0.3.0/CP:AW/VS:FX/FP:RR/SR:SH/RL:SM/EV:T/PP:…/SA:…#CVE-2024-21626:eks:cluster — deterministic, parseable, signable.
30+ provider dictionaries
AWS, Azure, GCP, Cloudflare, Oracle, Salesforce, SAP, ServiceNow plus 20+ extended providers covering Tier-2 IaaS and Tier-3 SaaS — all shipped in the spec library.
CVE 5.x ADP integration
CRIT records embed in CVE 5.x via the ADP container’s x_crit array. The validator parses both single-record and CVE-with-x_crit shapes.
VEX-aware
vex_status, fix_propagation, shared_responsibility, resource_lifecycle — all spec-bound enums with cross-field consistency rules the validator checks.
Open standard
Independent submission to the IETF — draft-vulnetix-crit-03. Published under the Trust Provisions. Apache 2.0 implementation reference.