Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ssvc-v1.0.1.json with just nominal changes from recommendation… #387

Open
wants to merge 1 commit into
base: feature-144-SSVC
Choose a base branch
from
Open

Update ssvc-v1.0.1.json with just nominal changes from recommendation… #387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 40 additions & 29 deletions schema/docs/CVE_Record_Format_bundled.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3168,73 +3168,80 @@
},
"ssvcV1_0_1": {
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.",
"$defs": {
"id": {
"type": "string",
"description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"description": "Identifier for the vulnerability that was evaluation, such as CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"examples": [
"CVE-1900-1234",
"VU#11111",
"GHSA-11a1-22b2-33c3"
]
],
"minLength": 1
},
"role": {
"type": "string",
"description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"description": "The role of the stakeholder performing the evaluation (e.g., Supplier, Deployer, Coordinator). See SSVC documentation for a currently identified list: https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"examples": [
"Supplier",
"Deployer",
"Coordinator"
]
],
"minLength": 1
},
"timestamp": {
"description": "Date and time in ISO format ISO 8601 format",
"description": "Date and time when the evaluation of the Vulnerability was performed according to RFC 3339, section 5.6.",
"type": "string",
"format": "date-time"
},
"schemaVersion": {
"description": "Schema version used to represent this evaluation",
"type": "string",
"enum": [
"1-0-1"
]
},
"SsvcdecisionpointselectionSchema": {
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation.",
"properties": {
"name": {
"description": "Name of the Decision Point that were evaluated",
"title": "name",
"type": "string",
"description": "A short label that identifies a Decision Point.",
"minLength": 1,
"examples": [
"Automatable",
"Exploitation"
"Exploitation",
"Automatable"
]
},
"namespace": {
"description": "SSVC Namespace that were used for defining the evaluated Decision Points",
"title": "namespace",
"type": "string",
"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.",
"pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$",
"examples": [
"ssvc",
"cvssv4"
"cvss",
"ssvc-jp",
"ssvc/acme",
"ssvc/example.com"
]
},
"values": {
"description": "Evaluated values of the Decision Point",
"description": "One or more Decision Point Values that were selected for this Decision Point. If the evaluation is uncertain, multiple values may be listed to reflect the potential range of possibilities.",
"title": "values",
"type": "array",
"minItems": 1,
"items": {
"description": "Each value that were down-selected for a Decision Point",
"title": "values",
"type": "string"
"type": "string",
"description": "A short label that identifies a Decision Point Value",
"minLength": 1,
"examples": [
"Public PoC",
"Yes"
]
}
},
"version": {
"description": "Version of the Decision Points that were evaluated",
"title": "version",
"type": "string"
"type": "string",
"description": "Version (a semantic version string) that identifies the version of a Decision Point.",
"pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
"examples": [
"1.0.1",
"1.0.1-alpha"
]
}
},
"type": "object",
Expand All @@ -3255,13 +3262,17 @@
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/role"
},
"schemaVersion": {
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/schemaVersion"
"description": "Schema version used to represent this Decision Point.",
"type": "string",
"enum": [
"1-0-1"
]
},
"timestamp": {
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/timestamp"
},
"selections": {
"description": "An array of Decision Points and their Values that were down-selected or evaluated ",
"description": "An array of Decision Points and their selected values for the identified Vulnerability. If a clear evaluation is uncertain, multiple values may be listed for a Decision Point instead of waiting for perfect clarity.",
"title": "selections",
"type": "array",
"minItems": 1,
Expand Down
69 changes: 40 additions & 29 deletions schema/docs/CVE_Record_Format_bundled_adpContainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3168,73 +3168,80 @@
},
"ssvcV1_0_1": {
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.",
"$defs": {
"id": {
"type": "string",
"description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"description": "Identifier for the vulnerability that was evaluation, such as CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"examples": [
"CVE-1900-1234",
"VU#11111",
"GHSA-11a1-22b2-33c3"
]
],
"minLength": 1
},
"role": {
"type": "string",
"description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"description": "The role of the stakeholder performing the evaluation (e.g., Supplier, Deployer, Coordinator). See SSVC documentation for a currently identified list: https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"examples": [
"Supplier",
"Deployer",
"Coordinator"
]
],
"minLength": 1
},
"timestamp": {
"description": "Date and time in ISO format ISO 8601 format",
"description": "Date and time when the evaluation of the Vulnerability was performed according to RFC 3339, section 5.6.",
"type": "string",
"format": "date-time"
},
"schemaVersion": {
"description": "Schema version used to represent this evaluation",
"type": "string",
"enum": [
"1-0-1"
]
},
"SsvcdecisionpointselectionSchema": {
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation.",
"properties": {
"name": {
"description": "Name of the Decision Point that were evaluated",
"title": "name",
"type": "string",
"description": "A short label that identifies a Decision Point.",
"minLength": 1,
"examples": [
"Automatable",
"Exploitation"
"Exploitation",
"Automatable"
]
},
"namespace": {
"description": "SSVC Namespace that were used for defining the evaluated Decision Points",
"title": "namespace",
"type": "string",
"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.",
"pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$",
"examples": [
"ssvc",
"cvssv4"
"cvss",
"ssvc-jp",
"ssvc/acme",
"ssvc/example.com"
]
},
"values": {
"description": "Evaluated values of the Decision Point",
"description": "One or more Decision Point Values that were selected for this Decision Point. If the evaluation is uncertain, multiple values may be listed to reflect the potential range of possibilities.",
"title": "values",
"type": "array",
"minItems": 1,
"items": {
"description": "Each value that were down-selected for a Decision Point",
"title": "values",
"type": "string"
"type": "string",
"description": "A short label that identifies a Decision Point Value",
"minLength": 1,
"examples": [
"Public PoC",
"Yes"
]
}
},
"version": {
"description": "Version of the Decision Points that were evaluated",
"title": "version",
"type": "string"
"type": "string",
"description": "Version (a semantic version string) that identifies the version of a Decision Point.",
"pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
"examples": [
"1.0.1",
"1.0.1-alpha"
]
}
},
"type": "object",
Expand All @@ -3255,13 +3262,17 @@
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/role"
},
"schemaVersion": {
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/schemaVersion"
"description": "Schema version used to represent this Decision Point.",
"type": "string",
"enum": [
"1-0-1"
]
},
"timestamp": {
"$ref": "#/definitions/metrics/items/properties/ssvcV1_0_1/%24defs/timestamp"
},
"selections": {
"description": "An array of Decision Points and their Values that were down-selected or evaluated ",
"description": "An array of Decision Points and their selected values for the identified Vulnerability. If a clear evaluation is uncertain, multiple values may be listed for a Decision Point instead of waiting for perfect clarity.",
"title": "selections",
"type": "array",
"minItems": 1,
Expand Down
Loading