-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathSSVC_Computed.schema.json
78 lines (75 loc) · 2.66 KB
/
SSVC_Computed.schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://democert.org/ssvc/SVC_Computed_v2.03.schema.json",
"title": "Computed SSVC score representing the path in the decision tree",
"description": "This schema represents the full path in the decision tree taken by an analyst with a specific role. The representation of the full decision tree is optional",
"type": "object",
"properties": {
"computed": {
"type": "string",
"description": "An optional short vector representation of a SSV computed decision score. This will be useful in providing permalink and other ways to provide quick read and access to a SSVC decision made"
},
"options": {
"type": "array",
"items": {
"type": "object",
"patternProperties": {
".*": {
"type": ["array","string"],
"items": {
"type": "string"
}
}
}
},
"minItems": 1,
"uniqueItems": true
},
"timestamp" : {
"description": "Date and time in ISO format ISO 8601 format",
"type": "string",
"format": "date-time"
},
"role": {
"type": "string",
"description": "Roles are defined in SSVC spec and optional in SSVC provision schema"
},
"version": {
"type": "string",
"description":"Version of the SSVC that was used in this decision. This version is of the semver format major.minor.patch The major.minor should identify SSVC version being used. The specific tree being used should be in the patch number For example: \"Applier Tree 2.0.3\" would be the identity of the version of SSVC being \"2.0\" and the version of the Applier Tree to be \"3\"."
},
"decision_tree": {
"description": "The full decision tree that was used for this SSVC computed score",
"$ref": "https://democert.org/ssvc/SSVC_Provision_v2.03.schema.json"
},
"id": {
"type": "string",
"description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq etc."
},
"decision_tree_url": {
"type": "string",
"format": "uri",
"description": "A URL that points to the decision tree that was used to make this \"Computed\" decision"
},
"$schema": {
"type": "string",
"format": "uri",
"description": "A URL that points to the schema that was used for the decision tree that was used to make this \"Computed\" decision"
},
"generator": {
"type": "string",
"description": "Identify the software or tool that was used to generate this Computed JSON output. Optionally append the version of the tool. ",
"examples": [
"Dryad version 5.01.1"
]
}
},
"required": [
"options",
"timestamp",
"role",
"id",
"version"
],
"additionalProperties": false
}