Skip to content

Commit 6b69a95

Browse files
alilleybrinkeralilleybrinker
committed
feat: Add support for OmniBOR Artifact IDs
Signed-off-by: Andrew Lilley Brinker <[email protected]>
1 parent f5dae04 commit 6b69a95

File tree

1 file changed

+26
-1
lines changed

1 file changed

+26
-1
lines changed

schema/CVE_Record_Format.json

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -539,17 +539,42 @@
539539
"items": {
540540
"$ref": "#/definitions/cpe_match"
541541
}
542+
},
543+
"omniborMatch": {
544+
"type": "array",
545+
"items": {
546+
"$ref": "#/definitions/omnibor_match"
547+
}
542548
}
543549
},
544550
"allOf": [
545551
{ "required": ["operator"] },
546552
{
547553
"anyOf": [
548-
{ "required": ["cpeMatch"] }
554+
{ "required": ["cpeMatch"] },
555+
{ "required": ["omniborMatch"] }
549556
]
550557
}
551558
]
552559
},
560+
"omnibor_match": {
561+
"description": "OmniBOR match string",
562+
"type": "object",
563+
"properties": {
564+
"vulnerable": {
565+
"type": "boolean"
566+
},
567+
"artifact_id": {
568+
"type": "string"
569+
},
570+
"target": {
571+
"type": "string",
572+
"enum": ["artifact", "build_input"]
573+
}
574+
},
575+
"required": ["vulnerable", "artifact_id"],
576+
"additionalProperties": false
577+
},
553578
"cpeApplicabilityElement": {
554579
"description": "Affected products defined using an implementation of the CPE Applicability Language, mostly copied/forked from the NIST NVD CVE API v2.0 schema (optional). An operator property allows AND or OR logic between CPEs or combinations of CPEs. The negate and vulnerable Boolean properties allow CPEs to be inverted and/or defined as vulnerable or not. Multiple version fields are provided for capturing ranges of products when defining a CPE Match String Range. NOTE: When defining a cpeApplicability block, it is recommended that it align with (as much as possible) the product data provided within the affected block.",
555580
"properties": {

0 commit comments

Comments
 (0)