Completed section and example mappings

- completed section mappings - completed example mappings - generated user facing derlivery items Signed-off-by: Stefan Hagen <[email protected]>
oasis-tcs · Mar 4, 2025 · 39939b9 · 39939b9
1 parent 5858221
commit 39939b9
Show file tree

Hide file tree

Showing 6 changed files with 2,087 additions and 776 deletions.
diff --git a/csaf_2.1/prose/edit/etc/example-global-to-local.json b/csaf_2.1/prose/edit/etc/example-global-to-local.json
@@ -15,158 +15,171 @@
   "13": "full-product-name-type-product-identification-helper-hashes-eg-3",
   "14": "full-product-name-type-product-identification-helper-model-numbers-eg-1",
   "15": "full-product-name-type-product-identification-helper-sbom-urls-eg-1",
-  "16": "full-product-name-type-product-identification-helper-generic-uris-eg-1",
-  "17": "full-product-name-type-product-identification-helper-generic-uris-eg-2",
-  "18": "language-type-eg-1",
-  "19": "notes-type-eg-1",
-  "20": "notes-type-eg-2",
-  "21": "product-group-id-type-eg-1",
-  "22": "product-id-type-eg-1",
-  "23": "version-type-eg-1",
-  "24": "version-type-semantic-versioning-eg-1",
-  "25": "version-type-semantic-versioning-eg-2",
-  "26": "version-type-semantic-versioning-eg-3",
-  "27": "version-type-semantic-versioning-eg-4",
-  "28": "version-type-semantic-versioning-eg-5",
-  "29": "version-type-semantic-versioning-eg-6",
-  "30": "document-property-aggregate-severity-eg-1",
-  "31": "document-property-category-eg-1",
-  "32": "document-property-distribution-eg-1",
-  "33": "document-property-distribution-text-eg-1",
-  "34": "document-property-distribution-tlp-eg-1",
-  "35": "document-property-publisher-contact-details-eg-1",
-  "36": "document-property-publisher-name-eg-1",
-  "37": "document-property-publisher-namespace-eg-1",
-  "38": "document-property-title-eg-1",
-  "39": "document-property-tracking-aliases-eg-1",
-  "40": "document-property-tracking-generator-eg-1",
-  "41": "document-property-tracking-generator-eg-2",
-  "42": "document-property-tracking-id-eg-1",
-  "43": "product-tree-property-product-groups-eg-1",
-  "44": "product-tree-property-relationships-eg-1",
-  "45": "vulnerabilities-property-cwes-eg-1",
-  "46": "vulnerabilities-property-cwes-eg-2",
-  "47": "vulnerabilities-property-cwes-eg-3",
-  "48": "vulnerabilities-property-ids-eg-1",
-  "49": "vulnerabilities-property-ids-eg-2",
-  "50": "filename-eg-1",
-  "51": "filename-eg-2",
-  "52": "hardware-and-software-within-the-product-tree-eg-1",
-  "53": "missing-definition-of-product-id-eg-1",
-  "54": "multiple-definition-of-product-id-eg-1",
-  "55": "circular-definition-of-product-id-eg-1",
-  "56": "missing-definition-of-product-group-id-eg-1",
-  "57": "multiple-definition-of-product-group-id-eg-1",
-  "58": "contradicting-product-status-eg-1",
-  "59": "multiple-scores-with-same-version-per-product-eg-1",
-  "60": "invalid-cvss-eg-1",
-  "61": "invalid-cvss-computation-eg-1",
-  "62": "inconsistent-cvss-eg-1",
-  "63": "mandatory-tests--cwe-eg-1",
-  "64": "language-eg-1",
-  "65": "purl-eg-1",
-  "66": "sorted-revision-history-eg-1",
-  "67": "translator-eg-1",
-  "68": "latest-document-version-eg-1",
-  "69": "document-status-draft-eg-1",
-  "70": "released-revision-history-eg-1",
-  "71": "revision-history-entries-for-pre-release-versions-eg-1",
-  "72": "non-draft-document-version-eg-1",
-  "73": "missing-item-in-revision-history-eg-1",
-  "74": "multiple-definition-in-revision-history-eg-1",
-  "75": "multiple-use-of-same-cve-eg-1",
-  "76": "multiple-definition-in-involvements-eg-1",
-  "77": "multiple-use-of-same-hash-algorithm-eg-1",
-  "78": "prohibited-document-category-name-eg-1",
-  "79": "prohibited-document-category-name-eg-2",
-  "80": "document-notes-eg-1",
-  "81": "document-references-eg-1",
-  "82": "vulnerabilities-for-informational-advisory-eg-1",
-  "83": "product-tree-eg-1",
-  "84": "vulnerability-notes-eg-1",
-  "85": "product-status-eg-1",
-  "86": "vex-product-status-eg-1",
-  "87": "vulnerability-id-eg-1",
-  "88": "impact-statement-eg-1",
-  "89": "action-statement-eg-1",
-  "90": "vulnerabilities-for-security-advisory-or-vex-eg-1",
-  "91": "translation-eg-1",
-  "92": "remediation-without-product-reference-eg-1",
-  "93": "mixed-integer-and-semantic-versioning-eg-1",
-  "94": "version-range-in-product-version-eg-1",
-  "95": "flag-without-product-reference-eg-1",
-  "96": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
-  "97": "mandatory-tests--branches-recursion-depth-eg-1",
-  "98": "contradicting-remediations-eg-1",
-  "99": "contradicting-product-status-remediation-combination-eg-1",
-  "100": "mandatory-tests--date-and-time-eg-1",
-  "101": "non-public-sharing-group-with-max-uuid-eg-1",
-  "102": "public-sharing-group-with-no-max-uuid-eg-1",
-  "103": "invalid-sharing-group-name-eg-1",
-  "104": "missing-sharing-group-name-eg-1",
-  "105": "purl-qualifiers-eg-1",
-  "106": "unused-definition-of-product-id-eg-1",
-  "107": "missing-remediation-eg-1",
-  "108": "missing-metric-eg-1",
-  "109": "build-metadata-in-revision-history-eg-1",
-  "110": "older-initial-release-date-than-revision-history-eg-1",
-  "111": "older-current-release-date-than-revision-history-eg-1",
-  "112": "missing-date-in-involvements-eg-1",
-  "113": "use-of-md5-as-the-only-hash-algorithm-eg-1",
-  "114": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
-  "115": "missing-tlp-label-eg-1",
-  "116": "missing-canonical-url-eg-1",
-  "117": "missing-document-language-eg-1",
-  "118": "optional-tests--sorting-eg-1",
-  "119": "use-of-private-language-eg-1",
-  "120": "use-of-default-language-eg-1",
-  "121": "missing-product-identification-helper-eg-1",
-  "122": "cve-in-field-ids-eg-1",
-  "123": "product-version-range-without-vers-eg-1",
-  "124": "cvss-for-fixed-products-eg-1",
-  "125": "additional-properties-eg-1",
-  "126": "same-timestamps-in-revision-history-eg-1",
-  "127": "document-tracking-id-in-title-eg-1",
-  "128": "usage-of-deprecated-cwe-eg-1",
-  "129": "usage-of-non-latest-cwe-version-eg-1",
-  "130": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
-  "131": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
-  "132": "discouraged-product-status-remediation-combination-eg-1",
-  "133": "usage-of-max-uuid-eg-1",
-  "134": "usage-of-nil-uuid-eg-1",
-  "135": "usage-of-sharing-group-on-tlp-clear-eg-1",
-  "136": "hardware-and-software-eg-1",
-  "137": "use-of-same-product-identification-helper-for-different-products-eg-1",
-  "138": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
-  "139": "use-of-cvss-v3-0-eg-1",
-  "140": "missing-cve-eg-1",
-  "141": "missing-cwe-eg-1",
-  "142": "use-of-short-hash-eg-1",
-  "143": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
-  "144": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
-  "145": "spell-check-eg-1",
-  "146": "branch-categories-eg-1",
-  "147": "usage-of-product-version-range-eg-1",
-  "148": "usage-of-v-as-version-indicator-eg-1",
-  "149": "missing-cvss-v4-0-eg-1",
-  "150": "requirement-7-provider-metadata-json-eg-1",
-  "151": "requirement-8-security-txt-eg-1",
-  "152": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
-  "153": "requirement-11-one-folder-per-year-eg-1",
-  "154": "requirement-12-index-txt-eg-1",
-  "155": "requirement-13-changes-csv-eg-1",
-  "156": "requirement-15-rolie-feed-eg-1",
-  "157": "requirement-16-rolie-service-document-eg-1",
-  "158": "requirement-17-rolie-category-document-eg-1",
-  "159": "requirement-17-rolie-category-document-eg-2",
-  "160": "requirement-17-rolie-category-document-eg-3",
-  "161": "requirement-18-integrity-eg-1",
-  "162": "requirement-18-integrity-eg-2",
-  "163": "requirement-19-signatures-eg-1",
-  "164": "requirement-21-list-of-csaf-providers-eg-1",
-  "165": "requirement-23-mirror-eg-1",
-  "166": "conformance-clause-5-cvrf-csaf-converter-eg-1",
-  "167": "conformance-clause-5-cvrf-csaf-converter-eg-2",
-  "168": "conformance-clause-5-cvrf-csaf-converter-eg-3",
-  "169": "conformance-clause-5-cvrf-csaf-converter-eg-4"
+  "16": "full-product-name-type-product-identification-helper-serial-numbers-eg-1",
+  "17": "full-product-name-type-product-identification-helper-skus-numbers-eg-1",
+  "18": "full-product-name-type-product-identification-helper-generic-uris-eg-1",
+  "19": "full-product-name-type-product-identification-helper-generic-uris-eg-2",
+  "20": "language-type-eg-1",
+  "21": "notes-type-eg-1",
+  "22": "notes-type-eg-2",
+  "23": "product-group-id-type-eg-1",
+  "24": "product-id-type-eg-1",
+  "25": "version-type-eg-1",
+  "26": "version-type-semantic-versioning-eg-1",
+  "27": "version-type-semantic-versioning-eg-2",
+  "28": "version-type-semantic-versioning-eg-3",
+  "29": "version-type-semantic-versioning-eg-4",
+  "30": "version-type-semantic-versioning-eg-5",
+  "31": "version-type-semantic-versioning-eg-6",
+  "32": "document-property-aggregate-severity-eg-1",
+  "33": "document-property-category-eg-1",
+  "34": "document-property-distribution-eg-1",
+  "35": "document-property-distribution-text-eg-1",
+  "36": "document-property-distribution-tlp-eg-1",
+  "37": "document-property-publisher-contact-details-eg-1",
+  "38": "document-property-publisher-name-eg-1",
+  "39": "document-property-publisher-namespace-eg-1",
+  "40": "document-property-title-eg-1",
+  "41": "document-property-tracking-aliases-eg-1",
+  "42": "document-property-tracking-generator-eg-1",
+  "43": "document-property-tracking-generator-eg-2",
+  "44": "document-property-tracking-id-eg-1",
+  "45": "product-tree-property-product-groups-eg-1",
+  "46": "product-tree-property-relationships-eg-1",
+  "47": "vulnerabilities-property-cwes-eg-1",
+  "48": "vulnerabilities-property-cwes-eg-2",
+  "49": "vulnerabilities-property-cwes-eg-3",
+  "50": "vulnerabilities-property-ids-eg-1",
+  "51": "vulnerabilities-property-ids-eg-2",
+  "52": "filename-eg-1",
+  "53": "filename-eg-2",
+  "54": "hardware-and-software-within-the-product-tree-eg-1",
+  "55": "missing-definition-of-product-id-eg-1",
+  "56": "multiple-definition-of-product-id-eg-1",
+  "57": "circular-definition-of-product-id-eg-1",
+  "58": "missing-definition-of-product-group-id-eg-1",
+  "59": "multiple-definition-of-product-group-id-eg-1",
+  "60": "contradicting-product-status-eg-1",
+  "61": "multiple-scores-with-same-version-per-product-eg-1",
+  "62": "invalid-cvss-eg-1",
+  "63": "invalid-cvss-computation-eg-1",
+  "64": "inconsistent-cvss-eg-1",
+  "65": "mandatory-tests--cwe-eg-1",
+  "66": "language-eg-1",
+  "67": "purl-eg-1",
+  "68": "sorted-revision-history-eg-1",
+  "69": "translator-eg-1",
+  "70": "latest-document-version-eg-1",
+  "71": "document-status-draft-eg-1",
+  "72": "released-revision-history-eg-1",
+  "73": "revision-history-entries-for-pre-release-versions-eg-1",
+  "74": "non-draft-document-version-eg-1",
+  "75": "missing-item-in-revision-history-eg-1",
+  "76": "multiple-definition-in-revision-history-eg-1",
+  "77": "multiple-use-of-same-cve-eg-1",
+  "78": "multiple-definition-in-involvements-eg-1",
+  "79": "multiple-use-of-same-hash-algorithm-eg-1",
+  "80": "prohibited-document-category-name-eg-1",
+  "81": "prohibited-document-category-name-eg-2",
+  "82": "document-notes-eg-1",
+  "83": "document-references-eg-1",
+  "84": "vulnerabilities-for-informational-advisory-eg-1",
+  "85": "product-tree-eg-1",
+  "86": "vulnerability-notes-eg-1",
+  "87": "product-status-eg-1",
+  "88": "vex-product-status-eg-1",
+  "89": "vulnerability-id-eg-1",
+  "90": "impact-statement-eg-1",
+  "91": "action-statement-eg-1",
+  "92": "vulnerabilities-for-security-advisory-or-vex-eg-1",
+  "93": "translation-eg-1",
+  "94": "remediation-without-product-reference-eg-1",
+  "95": "mixed-integer-and-semantic-versioning-eg-1",
+  "96": "version-range-in-product-version-eg-1",
+  "97": "flag-without-product-reference-eg-1",
+  "98": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
+  "99": "mandatory-tests--branches-recursion-depth-eg-1",
+  "100": "contradicting-remediations-eg-1",
+  "101": "contradicting-product-status-remediation-combination-eg-1",
+  "102": "mandatory-tests--date-and-time-eg-1",
+  "103": "non-public-sharing-group-with-max-uuid-eg-1",
+  "104": "public-sharing-group-with-no-max-uuid-eg-1",
+  "105": "invalid-sharing-group-name-eg-1",
+  "106": "missing-sharing-group-name-eg-1",
+  "107": "purl-qualifiers-eg-1",
+  "108": "use-of-multiple-stars-in-model-number-eg-1",
+  "109": "use-of-multiple-stars-in-serial-number-eg-1",
+  "110": "inconsistent-disclosure-date-eg-1",
+  "111": "invalid-ssvc-eg-1",
+  "112": "inconsistent-ssvc-id-eg-1",
+  "113": "ssvc-decision-points-eg-1",
+  "114": "inconsistent-ssvc-timestamp-eg-1",
+  "115": "unused-definition-of-product-id-eg-1",
+  "116": "missing-remediation-eg-1",
+  "117": "missing-metric-eg-1",
+  "118": "build-metadata-in-revision-history-eg-1",
+  "119": "older-initial-release-date-than-revision-history-eg-1",
+  "120": "older-current-release-date-than-revision-history-eg-1",
+  "121": "missing-date-in-involvements-eg-1",
+  "122": "use-of-md5-as-the-only-hash-algorithm-eg-1",
+  "123": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
+  "124": "missing-tlp-label-eg-1",
+  "125": "missing-canonical-url-eg-1",
+  "126": "missing-document-language-eg-1",
+  "127": "optional-tests--sorting-eg-1",
+  "128": "use-of-private-language-eg-1",
+  "129": "use-of-default-language-eg-1",
+  "130": "missing-product-identification-helper-eg-1",
+  "131": "cve-in-field-ids-eg-1",
+  "132": "product-version-range-without-vers-eg-1",
+  "133": "cvss-for-fixed-products-eg-1",
+  "134": "additional-properties-eg-1",
+  "135": "same-timestamps-in-revision-history-eg-1",
+  "136": "document-tracking-id-in-title-eg-1",
+  "137": "usage-of-deprecated-cwe-eg-1",
+  "138": "usage-of-non-latest-cwe-version-eg-1",
+  "139": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
+  "140": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
+  "141": "discouraged-product-status-remediation-combination-eg-1",
+  "142": "usage-of-max-uuid-eg-1",
+  "143": "usage-of-nil-uuid-eg-1",
+  "144": "usage-of-sharing-group-on-tlp-clear-eg-1",
+  "145": "hardware-and-software-eg-1",
+  "146": "use-of-same-product-identification-helper-for-different-products-eg-1",
+  "147": "disclosure-date-newer-than-revision-history-eg-1",
+  "148": "usage-of-unknown-ssvc-decision-point-namespace-eg-1",
+  "149": "usage-of-unknown-ssvc-role-eg-1",
+  "150": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
+  "151": "use-of-cvss-v3-0-eg-1",
+  "152": "missing-cve-eg-1",
+  "153": "missing-cwe-eg-1",
+  "154": "use-of-short-hash-eg-1",
+  "155": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
+  "156": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
+  "157": "spell-check-eg-1",
+  "158": "branch-categories-eg-1",
+  "159": "usage-of-product-version-range-eg-1",
+  "160": "usage-of-v-as-version-indicator-eg-1",
+  "161": "missing-cvss-v4-0-eg-1",
+  "162": "usage-of-non-latest-ssvc-decision-point-version-eg-1",
+  "163": "requirement-7-provider-metadata-json-eg-1",
+  "164": "requirement-8-security-txt-eg-1",
+  "165": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
+  "166": "requirement-11-one-folder-per-year-eg-1",
+  "167": "requirement-12-index-txt-eg-1",
+  "168": "requirement-13-changes-csv-eg-1",
+  "169": "requirement-15-rolie-feed-eg-1",
+  "170": "requirement-16-rolie-service-document-eg-1",
+  "171": "requirement-17-rolie-category-document-eg-1",
+  "172": "requirement-17-rolie-category-document-eg-2",
+  "173": "requirement-17-rolie-category-document-eg-3",
+  "174": "requirement-18-integrity-eg-1",
+  "175": "requirement-18-integrity-eg-2",
+  "176": "requirement-19-signatures-eg-1",
+  "177": "requirement-21-list-of-csaf-providers-eg-1",
+  "178": "requirement-23-mirror-eg-1",
+  "179": "conformance-clause-5-cvrf-csaf-converter-eg-1",
+  "180": "conformance-clause-5-cvrf-csaf-converter-eg-2",
+  "181": "conformance-clause-5-cvrf-csaf-converter-eg-3",
+  "182": "conformance-clause-5-cvrf-csaf-converter-eg-4"
 }