SSVC #871
Merged
SSVC #871
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
tschmidtb51
commented
Feb 20, 2025
tschmidtb51
commented
- addresses parts of Include support for SSVC #803
- add SSVC decision point value selection 1.0.1 to schema
- add SSVC decision point value selection 1.0.1 file into referenced schemas
- adapt test scripts
- add SSVC link in informative references
- mention SSVC in design consideration principles
- add SSVC to metrics section
- add SSVC to guidance on size
- add conversion rule
- add mandatory test 6.1.43 to detect inconsistent SSVC IDs
- add SSVC schema to testscript for test data
- add mandatory test 6.1.44 for SSVC
- add mandatory test 6.1.45 for SSVC Decision Point Namespace
- add informative test 6.3.13 for Non-Latest SSVC decision point version
- add optional test 6.2.33 for unknown SSVC namespaces
- add optional test 6.2.34 for unknown SSVC roles
- add invalid examples
- add valid examples
- addresses parts of oasis-tcs#803 - add SSVC decision point value selection 1.0.1 to schema - add SSVC decision point value selection 1.0.1 file into referenced schemas - adapt test scripts
- addresses parts of oasis-tcs#803 - add SSVC link in informative references - mention SSVC in design consideration principles - add SSVC to metrics section
- addresses parts of oasis-tcs#803 - update SSVC key in schema to align with CVSS
- addresses parts of oasis-tcs#803 - update referenced SSVC schema to reflect change from CERTCC/SSVC#654 - reformat JSON schema
- addresses parts of oasis-tcs#803 - update referenced SSVC schema
- addresses parts of oasis-tcs#803 - add SSVC to guidance on size
…to ssvc - resolve conflict in guidance-on-size.md by correct sorting
- addresses parts of oasis-tcs#803 - update link as indicated by CERT/CC
- addresses parts of oasis-tcs#803 - add conversion rule
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.43 to detect inconsistent SSVC IDs - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - add SSVC schema to testscript for test data
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.44 for SSVC - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - correct that 6.1.43 and 6.1.44 just have a single relevant path, not multiple
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.45 for SSVC Decision Point Namespace - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - add informative test 6.3.13 for Non-Latest SSVC decision point version - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - add optional test 6.2.33 for unknown SSVC namespaces - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - improve wording by using registered namespaces instead of reserved
- addresses parts of oasis-tcs#803 - add optional test 6.2.34 for unknown SSVC roles - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - update with latest developments from SSVC
tschmidtb51
added
editor-revision
|
@sei-vsarvepalli Please review (especially the examples) |
|
This is in draft mode as we need to wait for the changes from CERTCC/SSVC#704 |
There was a problem hiding this comment.
Mostly reviewed and run locally to verify CSAF test with what we hope to produce as well. Will need to look at updating the schema JSON file ./csaf_2.1/referenced_schema/certcc/Decision_Point_Value_Selection-1-0-1.schema.json according to what will be published as non-breaking changes to the schema in https://certcc.github.io/SSVC/data/schema/v1/ location. location.
sthagen
reviewed
Feb 21, 2025
csaf_2.1/prose/edit/src/design-considerations-01-construction-principles.md
Show resolved
Hide resolved
- addresses review comment from oasis-tcs#871 - unify formatting - sort list lexiographically
|
Open ToDos:
|
sei-vsarvepalli
approved these changes
Feb 25, 2025
There was a problem hiding this comment.
Verified running all the tests and SSVC schema is up to date in our repo https://github.com/CERTCC/SSVC/
This is great! Thank you so much for verifying and testing @sei-vsarvepalli |
- addresses parts of oasis-tcs#803 - prepare merge from editor-revision-2025-02-26 - rename tests - adapt test data
- addresses parts of oasis-tcs#803 - update referenced schemas for SSVC
- addresses parts of oasis-tcs#803 - adapt test 6.1.48 to reflect registered namespaces - add invalid examples for namespace `cvss` - add valid examples for namespace `cvss`
- addresses parts of oasis-tcs#803 - add test 6.1.46 for invalid ssvc - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - add test 6.1.49 for inconsistent SSVC timestamp - add invalid examples - add valid examples
|
@sei-vsarvepalli, @sthagen Please review. I might add an optional test later, if the "private namespace" issue is resolved. |
|
Adding a link to the SSVC Issue here - CERTCC/SSVC#703 |
sthagen
approved these changes
Mar 4, 2025
tschmidtb51
merged commit ac5052f
into
oasis-tcs:editor-revision-2025-02-26
5 checks passed
|
@sei-vsarvepalli Merging now, happy to add the test to the next editor revision 2025-03-26 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.