65 lines
1.8 KiB
JSON
65 lines
1.8 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stella.ops/predicates/vex@v1",
|
|
"title": "StellaOps VEX Attestation Predicate",
|
|
"description": "Predicate for VEX statements embedded in attestations.",
|
|
"type": "object",
|
|
"required": ["format", "statements"],
|
|
"properties": {
|
|
"format": {
|
|
"type": "string",
|
|
"enum": ["openvex", "csaf-vex", "cyclonedx-vex"],
|
|
"description": "VEX format specification."
|
|
},
|
|
"statements": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/$defs/vexStatement"
|
|
},
|
|
"minItems": 1,
|
|
"description": "VEX statements in this attestation."
|
|
},
|
|
"digest": {
|
|
"type": "string",
|
|
"pattern": "^sha256:[a-f0-9]{64}$",
|
|
"description": "Content-addressed digest of the VEX document."
|
|
},
|
|
"author": {
|
|
"type": "string",
|
|
"description": "Author of the VEX statements."
|
|
},
|
|
"timestamp": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"description": "When the VEX was issued."
|
|
}
|
|
},
|
|
"$defs": {
|
|
"vexStatement": {
|
|
"type": "object",
|
|
"required": ["vulnerability", "status"],
|
|
"properties": {
|
|
"vulnerability": {
|
|
"type": "string",
|
|
"description": "CVE or vulnerability identifier."
|
|
},
|
|
"status": {
|
|
"type": "string",
|
|
"enum": ["affected", "not_affected", "under_investigation", "fixed"],
|
|
"description": "VEX status."
|
|
},
|
|
"justification": {
|
|
"type": "string",
|
|
"description": "Justification for not_affected status."
|
|
},
|
|
"products": {
|
|
"type": "array",
|
|
"items": { "type": "string" },
|
|
"description": "Affected products (PURLs)."
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|