{
  lib,
}:

{
  options = {
    cve = lib.mkOption {
      type = lib.types.nullOr (lib.types.listOf lib.types.str);
      default = null;
      description = ''
        List of CVE identifiers to match. The whitelist rule is valid as long as the detected CVEs are a subset of the CVEs listed here.
        If additional CVEs are detected, this whitelist rule is not effective anymore. If null, all CVEs are matched.'';
    };
    until = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = ''
        Date in the form "YYYY-MM-DD" which confines this rule's lifetime. Null means forever.
        On the specified date and later, this whitelist rule is not effective anymore.'';
    };
    issueUrl = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = "URL or list of URLs that point to any issue tracker. Informational only.";
    };
  };
}