Updated
Mar 14, 2024, 1:12:48 PM
{
"$defs": {
"severity": {
"items": {
"properties": {
"score": {
"type": "string"
},
"type": {
"enum": [
"CVSS_V2",
"CVSS_V3",
"CVSS_V4"
],
"type": "string"
}
},
"required": [
"type",
"score"
],
"type": "object"
},
"type": [
"array",
"null"
]
},
"timestamp": {
"format": "date-time",
"pattern": "[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\\.[0-9]+)?Z",
"type": "string"
}
},
"$id": "https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"additionalProperties": false,
"description": "A schema for describing a vulnerability in an open source package.",
"properties": {
"affected": {
"items": {
"properties": {
"database_specific": {
"type": "object"
},
"ecosystem_specific": {
"type": "object"
},
"package": {
"properties": {
"ecosystem": {
"type": "string"
},
"name": {
"type": "string"
},
"purl": {
"type": "string"
}
},
"required": [
"ecosystem",
"name"
],
"type": "object"
},
"ranges": {
"items": {
"allOf": [
{
"if": {
"properties": {
"type": {
"const": "GIT"
}
}
},
"then": {
"required": [
"repo"
]
}
},
{
"if": {
"properties": {
"events": {
"contains": {
"required": [
"last_affected"
]
}
}
}
},
"then": {
"not": {
"properties": {
"events": {
"contains": {
"required": [
"fixed"
]
}
}
}
}
}
}
],
"properties": {
"database_specific": {
"type": "object"
},
"events": {
"contains": {
"required": [
"introduced"
]
},
"items": {
"oneOf": [
{
"properties": {
"introduced": {
"type": "string"
}
},
"required": [
"introduced"
],
"type": "object"
},
{
"properties": {
"fixed": {
"type": "string"
}
},
"required": [
"fixed"
],
"type": "object"
},
{
"properties": {
"last_affected": {
"type": "string"
}
},
"required": [
"last_affected"
],
"type": "object"
},
{
"properties": {
"limit": {
"type": "string"
}
},
"required": [
"limit"
],
"type": "object"
}
],
"type": "object"
},
"minItems": 1,
"type": "array"
},
"repo": {
"type": "string"
},
"type": {
"enum": [
"GIT",
"SEMVER",
"ECOSYSTEM"
],
"type": "string"
}
},
"required": [
"type",
"events"
],
"type": "object"
},
"type": "array"
},
"severity": {
"$ref": "#/$defs/severity"
},
"versions": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"type": [
"array",
"null"
]
},
"aliases": {
"items": {
"type": "string"
},
"type": [
"array",
"null"
]
},
"credits": {
"items": {
"properties": {
"contact": {
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"type": "string"
},
"type": {
"enum": [
"FINDER",
"REPORTER",
"ANALYST",
"COORDINATOR",
"REMEDIATION_DEVELOPER",
"REMEDIATION_REVIEWER",
"REMEDIATION_VERIFIER",
"TOOL",
"SPONSOR",
"OTHER"
],
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array"
},
"database_specific": {
"type": "object"
},
"details": {
"type": "string"
},
"id": {
"type": "string"
},
"modified": {
"$ref": "#/$defs/timestamp"
},
"published": {
"$ref": "#/$defs/timestamp"
},
"references": {
"items": {
"properties": {
"type": {
"enum": [
"ADVISORY",
"ARTICLE",
"DETECTION",
"DISCUSSION",
"REPORT",
"FIX",
"INTRODUCED",
"GIT",
"PACKAGE",
"EVIDENCE",
"WEB"
],
"type": "string"
},
"url": {
"format": "uri",
"type": "string"
}
},
"required": [
"type",
"url"
],
"type": "object"
},
"type": [
"array",
"null"
]
},
"related": {
"items": {
"type": "string"
},
"type": "array"
},
"schema_version": {
"type": "string"
},
"severity": {
"$ref": "#/$defs/severity"
},
"summary": {
"type": "string"
},
"withdrawn": {
"$ref": "#/$defs/timestamp"
}
},
"required": [
"id",
"modified"
],
"title": "Open Source Vulnerability",
"type": "object"
}