Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a schema identifier to CSAF v2.1 and later data files #616

Closed
sthagen opened this issue Mar 12, 2023 · 1 comment · Fixed by #784
Closed

Add a schema identifier to CSAF v2.1 and later data files #616

sthagen opened this issue Mar 12, 2023 · 1 comment · Fixed by #784
Assignees
@sthagen
Labels
csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision motion_passed A motion has passed

Comments

@sthagen
Copy link
Contributor

sthagen commented Mar 12, 2023
edited
Loading

Proposal

Add a schema identifier to CSAF v2.1 (and later) data files with a MAY (to minimize backward incompatibility for strict CSAF v2.0 files which are not allowed to carry extra keys)

Ideally this should be simply something like SARIF does with a $schema key and a value of type URL. Example of such a SARIF file:

{
  "version": "2.1.0",
  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json",
...

The canonical value will be the matching eternal schema URL hosted at docs.oasis-open.org

Rationale

Currently the consumer of CSAF files has to know what schema they relate to.
@sthagen sthagen added email To be sent via email to the TC tc-discussion-needed csaf 2.1 csaf 2.1 work labels Mar 12, 2023
@sthagen sthagen self-assigned this Mar 12, 2023
@santosomar
Copy link
Contributor

santosomar commented Nov 29, 2023
edited
Loading

Thomas Schmidt proposed a motion, as detailed in this OASIS mailing list archive, to incorporate a schema identifier into CSAF v2.1 and subsequent data files, in line with the suggestion made in this GitHub issue. Thomas Schaffer seconded the motion. There were no discussions or objections raised, and consequently, the motion was automatically passed on November 1, 2023, at 20:00 UTC.

@tschmidtb51 tschmidtb51 removed email To be sent via email to the TC tc-discussion-needed labels Nov 29, 2023
@tschmidtb51 tschmidtb51 added the motion_passed A motion has passed label May 29, 2024
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Jun 24, 2024
@tschmidtb51
Schema
b96e201 
- addresses parts of oasis-tcs#616
- add `$schema` to JSON schema
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Jun 24, 2024
@tschmidtb51
Schema
9b16fd2 
- addresses parts of oasis-tcs#616
- adopt prose to match schema
- add additional sections
- update profiles and guidance on size
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Jun 24, 2024
@tschmidtb51
Schema
6429d45 
- addresses parts of oasis-tcs#616
- update examples to reflect schema
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Jun 24, 2024
@tschmidtb51
Schema
c3d6662 
- addresses parts of oasis-tcs#616
- update testfiles to reflect schema
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Jun 24, 2024
@tschmidtb51
Schema
9a0d365 
- addresses parts of oasis-tcs#616
- add conversion rule
- update places where conformance still referred to 2.0
@tschmidtb51 tschmidtb51 mentioned this issue Jun 24, 2024
Merged
@tschmidtb51 tschmidtb51 mentioned this issue Jul 2, 2024
Merged
@tschmidtb51 tschmidtb51 added the editor-revision already worked on in the editor revision label Jul 2, 2024
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Aug 26, 2024
@tschmidtb51
Schema
ae7f752 
- addresses parts of oasis-tcs#616
- add `$schema` to PMD JSON schema
- adapt examples to reflect schema change
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Aug 26, 2024
@tschmidtb51
Schema
61f0e77 
- addresses parts of oasis-tcs#616
- add `$schema` to Aggregator JSON schema
- adapt examples to reflect schema change
@tschmidtb51 tschmidtb51 mentioned this issue Aug 26, 2024
Merged
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Sep 25, 2024
@tschmidtb51
Schema
a7fceb8 
- addresses parts of oasis-tcs#616
- correct editorial inconsistency 5 vs 64
This was referenced Sep 25, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sthagen sthagen

Labels
csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision motion_passed A motion has passed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Editor revision for TC meeting 2024-08-28 oasis-tcs/csaf
3 participants
@sthagen @santosomar @tschmidtb51