Skip to content

Commit

Permalink
adding SSVC v1.0.1 production schema to the CVE Record metrics block.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ccoffin
ccoffin committed Oct 2, 2024
1 parent 30f59c7 commit 868b769
Show file tree
Hide file tree
Showing 2 changed files with 105 additions and 0 deletions.
4 changes: 4 additions & 0 deletions schema/CVE_Record_Format.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -859,6 +859,9 @@
{
"required": ["cvssV2_0"]
},
{
"required": ["ssvcV1_0_1"]
},
{
"required": ["other"]
}
Expand Down Expand Up @@ -898,6 +901,7 @@
"cvssV3_1": {"$ref": "file:imports/cvss/cvss-v3.1.json"},
"cvssV3_0": {"$ref": "file:imports/cvss/cvss-v3.0.json"},
"cvssV2_0": {"$ref": "file:imports/cvss/cvss-v2.0.json"},
"ssvcV1_0_1": {"$ref": "file:imports/ssvc/ssvc-v1.0.1.json"},
"other": {
"type": "object",
"description": "A non-standard impact description, may be prose or JSON block.",
Expand Down
101 changes: 101 additions & 0 deletions schema/imports/ssvc/ssvc-v1.0.1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json",
"definitions": {
"id": {
"type": "string",
"description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"examples": ["CVE-2024-101010","VU#11111","GHSA-11a1-22b2-33c3"]
},
"role": {
"type": "string",
"description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"examples": ["Supplier","Deployer","Coordinator"]
},
"timestamp" : {
"description": "Date and time in ISO format ISO 8601 format",
"type": "string",
"format": "date-time"
},
"schemaVersion": {
"description": "Schema version used to represent this evaluation",
"type": "string",
"enum": ["1-0-1"]
},
"SsvcdecisionpointselectionSchema": {
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
"properties": {
"name": {
"description": "Name of the Decision Point that were evaluated",
"title": "name",
"type": "string",
"examples": ["Automatable", "Exploitation"]
},
"namespace": {
"description": "SSVC Namespace that were used for defining the evaluated Decision Points",
"title": "namespace",
"type": "string",
"examples": ["ssvc","cvvsv4"]
},
"values": {
"description": "Evaluated values of the Decision Point",
"title": "values",
"type": "array",
"minItems": 1,
"items": {
"description": "Each value that were down-selected for a Decision Point",
"title": "values",
"type": "string"
}
},
"version": {
"description": "Version of the Decision Points that were evaluated",
"title": "version",
"type": "string"
}
},
"type": "object",
"required": [
"name",
"namespace",
"values",
"version"
],
"additionalProperties": false
},
"SsvcdecisionpointgroupselectionSchema": {
"properties": {
"id": {
"$ref": "#/definitions/id"
},
"role": {
"$ref": "#/definitions/role"
},
"schemaVersion": {
"$ref": "#/definitions/schemaVersion"
},
"timestamp": {
"$ref": "#/definitions/timestamp"
},
"selections": {
"description" : "An array of Decision Points and their Values that were down-selected or evaluated ",
"title": "selections",
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/definitions/SsvcdecisionpointselectionSchema"
}
}
},
"type": "object",
"required": [
"selections",
"id",
"timestamp",
"schemaVersion"
],
"additionalProperties": false
}
},
"$ref": "#/definitions/SsvcdecisionpointgroupselectionSchema"
}

0 comments on commit 868b769

Please sign in to comment.