Skip to content

SSVC JSON Schema 2020-12 #654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahouseholder merged 2 commits into from
Dec 3, 2024
Merged

SSVC JSON Schema 2020-12 #654

ahouseholder merged 2 commits into from
Dec 3, 2024

Conversation

@tschmidtb51
Copy link
Contributor

@tschmidtb51 tschmidtb51 commented Nov 27, 2024
edited
Loading

@tschmidtb51
SSVC JSON Schema 2020-12
0bc22d3 
- change `definitions`to `$defs`
@tschmidtb51 tschmidtb51 mentioned this pull request Nov 27, 2024
Closed
@sei-vsarvepalli
Copy link
Contributor

sei-vsarvepalli commented Nov 27, 2024

Hello @tschmidtb51

I believe we have avoided $defs due to some limitations with CVE program not being able to have $ character in their schemas due to some restrictions in AWS implementation of MongoDB.

https://docs.aws.amazon.com/documentdb/latest/developerguide/functional-differences.html#functional-differences.field-name-restrictions

CVEProject/cve-schema#144

Do you require $defs specifically or is it a design preference? Let us know we are happy to support what will work for multiple consumers that can adopt our metrics.

Thanks
vijay

@sei-vsarvepalli
Copy link
Contributor

sei-vsarvepalli commented Nov 27, 2024

It looks like we are using $refs anyway as a key. May need to discuss with CVE schema to make sure there are no issues/concerns. And it looks like the

https://json-schema.org/draft/2020-12/schema

states

        "definitions": {
            "$comment": "\"definitions\" has been replaced by \"$defs\".",
            "type": "object",
            "additionalProperties": { "$dynamicRef": "#meta" },
            "deprecated": true,
            "default": {}
        }

@sei-vsarvepalli
Copy link
Contributor

sei-vsarvepalli commented Dec 2, 2024

Yeh after looking through Amazon documentation and CVE AWG implementation, this is not a concern. It looks like it is only a problem for generated and stored values from the schema that cannot have $ sign in their key values. So I will go ahead and approve the change.

sei-vsarvepalli
sei-vsarvepalli approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@sei-vsarvepalli sei-vsarvepalli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the test cases run okay we should publish this and later also push the main to publish for our website.

@ahouseholder ahouseholder merged commit 7a6b03a into CERTCC:main Dec 3, 2024
1 check passed
@ahouseholder ahouseholder added this to the 4Q24 milestone Jan 13, 2025
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this pull request Jan 16, 2025
@tschmidtb51
SSVC
789785c 
- addresses parts of oasis-tcs#803
- update referenced SSVC schema to reflect change from CERTCC/SSVC#654
- reformat JSON schema
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sei-vsarvepalli sei-vsarvepalli sei-vsarvepalli approved these changes

Assignees

@sei-vsarvepalli sei-vsarvepalli

Labels

None yet

Projects

None yet

Milestone

2024-12

Development

Successfully merging this pull request may close these issues.

CSAF / SSVC integration 2024

3 participants

@tschmidtb51 @sei-vsarvepalli @ahouseholder