Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Decision Point Value Selection schema with an example #599

Merged
merged 4 commits into from
Jul 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 0 additions & 60 deletions data/schema/Decision_Point.schema.json

This file was deleted.

79 changes: 0 additions & 79 deletions data/schema/Decision_Point_Group.schema.json

This file was deleted.

1 change: 1 addition & 0 deletions data/schema/current/Decision_Point.schema.json
1 change: 1 addition & 0 deletions data/schema/current/Decision_Point_Group.schema.json
79 changes: 79 additions & 0 deletions data/schema/v1/Decision_Point-1-0-1.schema.json
ahouseholder marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "Decision Point schema definition",
"$id": "https://certcc.github.io/data/schema/v1/Decision_Point.schema-1-0-1.json",
"description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.",
"definitions": {
"schemaVersion": {
"description": "Schema version used to represent this Decision Point",
"type": "string",
"enum": ["1-0-1"]
},
"decision_point_value": {
"type": "object",
"additionalProperties": false,
"properties": {
"key": {
"type": "string",
"description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
},
"name": {
"type": "string",
"description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
},
"description": {
"type": "string",
"description": "Description of the Decision Point Value"
}
},
"required" : [
"key",
"name",
"description"
]
},
"decision_point": {
"type": "object",
"additionalProperties": false,
"properties": {
"namespace": {
"type": "string",
"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
},
"version": {
"type": "string",
"description": "Version (a semantic version string) that identifies this object"
},
"key": {
"type": "string",
"description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
},
"name": {
"type": "string",
"description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
},
"description": {
"type": "string",
"description": "q Description of the Decision Point or the Group of Decision Points as defined."
},
"values": {
"description": "Decision Point Values are valid results from a Decision Point",
"uniqueItems": true,
"type": "array",
"items": {
"$ref": "#/definitions/decision_point_value"
}
}
},
"required": [
"namespace",
"version",
"key",
"name",
"description",
"values"
]
}
},
"$ref": "#/definitions/decision_point"
}
44 changes: 44 additions & 0 deletions data/schema/v1/Decision_Point_Group-1-0-1.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "Decision Points Group schema definition",
"$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group-1-0-1.schema.json",
"definitions": {
"schemaVersion": {
"description": "Schema version used to represent Decision Point Group",
"type": "string",
"enum": ["1-0-1"]
},
"decision_point_group": {
"type": "object",
"additionalProperties": false,
"properties": {
"version": {
"type": "string",
"description": "Version (a semantic version string) that identifies this object"
},
"name": {
"type": "string",
"description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
},
"description": {
"type": "string",
"description": "Description of the Decision Point or the Group of Decision Points."
},
"decision_points": {
"type": "array",
"items": {
"$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json"
}
}
},
"required": [
"version",
"name",
"description",
"decision_points"
]
}
},
"$ref": "#/definitions/decision_point_group"

}
99 changes: 99 additions & 0 deletions data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json",
"definitions": {
"id": {
"type": "string",
"description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
"examples": ["CVE-2024-101010","VU#11111","GHSA-11a1-22b2-33c3"]
},
"role": {
"type": "string",
"description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
"examples": ["Supplier","Deployer","Coordinator"]
},
"timestamp" : {
"description": "Date and time in ISO format ISO 8601 format",
"type": "string",
"format": "date-time"
},
"schemaVersion": {
"description": "Schema version used to represent this evaluation",
"type": "string",
"enum": ["1-0-1"]
},
"SsvcdecisionpointselectionSchema": {
"description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
"properties": {
"name": {
"description": "Name of the Decision Point that were evaluated",
"title": "name",
"type": "string",
"examples": ["Automatable", "Exploitation"]
},
"namespace": {
"description": "SSVC Namespace that were used for defining the evaluated Decision Points",
"title": "namespace",
"type": "string",
"examples": ["ssvc","cvvsv4"]
},
"values": {
"description": "Evaluated values of the Decision Point",
"title": "values",
"type": "array",
"items": {
"description": "Each value that were down-selected for a Decision Point",
"title": "values",
"type": "string"
}
},
"version": {
"description": "Version of the Decision Points that were evaluated",
"title": "version",
"type": "string"
}
},
"type": "object",
"required": [
"name",
"namespace",
"values",
"version"
],
"additionalProperties": false
},
"SsvcdecisionpointgroupselectionSchema": {
"properties": {
"id": {
"$ref": "#/definitions/id"
},
"role": {
"$ref": "#/definitions/role"
},
"schemaVersion": {
"$ref": "#/definitions/schemaVersion"
},
"timestamp": {
"$ref": "#/definitions/timestamp"
},
"selections": {
"description" : "An array of Decision Points and their Values that were down-selected or evaluated ",
"title": "selections",
"type": "array",
"items": {
"$ref": "#/definitions/SsvcdecisionpointselectionSchema"
}
}
},
"type": "object",
"required": [
"selections",
"id",
"timestamp",
"schemaVersion"
],
"additionalProperties": false
}
},
"$ref": "#/definitions/SsvcdecisionpointgroupselectionSchema"
}
Loading