Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a schema identifier to CSAF v2.1 and later data files #616

Open
sthagen opened this issue Mar 12, 2023 · 1 comment
Open

Add a schema identifier to CSAF v2.1 and later data files #616

sthagen opened this issue Mar 12, 2023 · 1 comment
Assignees
@sthagen
Labels
csaf 2.1 csaf 2.1 work motion_passed A motion has passed

Comments

@sthagen
Copy link
Contributor

sthagen commented Mar 12, 2023
edited

Proposal

Add a schema identifier to CSAF v2.1 (and later) data files with a MAY (to minimize backward incompatibility for strict CSAF v2.0 files which are not allowed to carry extra keys)

Ideally this should be simply something like SARIF does with a $schema key and a value of type URL. Example of such a SARIF file:

{
  "version": "2.1.0",
  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json",
...

The canonical value will be the matching eternal schema URL hosted at docs.oasis-open.org

Rationale

Currently the consumer of CSAF files has to know what schema they relate to.
@sthagen sthagen added email To be sent via email to the TC tc-discussion-needed csaf 2.1 csaf 2.1 work labels Mar 12, 2023
@sthagen sthagen self-assigned this Mar 12, 2023
@santosomar
Copy link
Contributor

santosomar commented Nov 29, 2023
edited

Thomas Schmidt proposed a motion, as detailed in this OASIS mailing list archive, to incorporate a schema identifier into CSAF v2.1 and subsequent data files, in line with the suggestion made in this GitHub issue. Thomas Schaffer seconded the motion. There were no discussions or objections raised, and consequently, the motion was automatically passed on November 1, 2023, at 20:00 UTC.

@tschmidtb51 tschmidtb51 removed email To be sent via email to the TC tc-discussion-needed labels Nov 29, 2023
@tschmidtb51 tschmidtb51 added the motion_passed A motion has passed label May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sthagen sthagen

Labels
csaf 2.1 csaf 2.1 work motion_passed A motion has passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sthagen @santosomar @tschmidtb51