stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4a98dfef353e6065bb8daaa43c05943205fd49
git.stella-ops.org/docs/modules/signals/events/advisoryai.evidence.bundle@1.schema.json
master 4789027317 docs consolidation and others
2026-01-06 19:07:48 +02:00

212 lines
7.0 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.org/schemas/events/advisoryai.evidence.bundle@1.schema.json",
"title": "AdvisoryAI Evidence Bundle Schema v1",
"description": "Schema for AdvisoryAI evidence bundles containing advisory observations with CVSS vectors and optional signatures. Used by ExportCenter and Timeline services for evidence aggregation.",
"type": "object",
"required": ["bundleId", "advisoryId", "tenant", "generatedAt", "schemaVersion"],
"$defs": {
"cvssVector": {
"type": "object",
"title": "CVSS Vector",
"description": "Common Vulnerability Scoring System vector and score",
"properties": {
"vector": {
"type": ["string", "null"],
"description": "CVSS vector string (v2, v3.0, v3.1, or v4.0)",
"examples": [
"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
]
},
"score": {
"type": ["number", "null"],
"minimum": 0,
"maximum": 10,
"description": "CVSS base score (0.0 to 10.0)"
}
},
"additionalProperties": false
},
"signatureInfo": {
"type": "object",
"title": "Signature Information",
"description": "Cryptographic signature for bundle authentication",
"required": ["signature", "keyId"],
"properties": {
"signature": {
"type": "string",
"description": "Base64-encoded cryptographic signature"
},
"keyId": {
"type": "string",
"description": "Identifier of the signing key",
"examples": ["sha256:abc123...", "stellaops-prod-2025"]
},
"algorithm": {
"type": ["string", "null"],
"description": "Signature algorithm used",
"examples": ["ECDSA-P256-SHA256", "RSA-PSS-SHA256", "Ed25519"]
}
},
"additionalProperties": false
},
"advisoryObservation": {
"type": "object",
"title": "Advisory Observation",
"description": "An individual advisory observation within the bundle",
"required": ["observationId", "source"],
"properties": {
"observationId": {
"type": "string",
"description": "Unique identifier for this observation",
"minLength": 1
},
"source": {
"type": "string",
"description": "Source of the observation (e.g., scanner, user, vex-lens)",
"examples": ["scanner", "manual", "vex-lens", "advisoryai", "concelier"]
},
"purl": {
"type": ["string", "null"],
"description": "Package URL identifying the affected component",
"pattern": "^pkg:[a-z]+/",
"examples": ["pkg:npm/lodash@4.17.21", "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"]
},
"cve": {
"type": ["string", "null"],
"description": "CVE identifier",
"pattern": "^CVE-[0-9]{4}-[0-9]+$",
"examples": ["CVE-2021-44228", "CVE-2024-12345"]
},
"severity": {
"type": ["string", "null"],
"description": "Severity level",
"enum": ["critical", "high", "medium", "low", "info", "unknown", null]
},
"cvss": {
"oneOf": [
{ "$ref": "#/$defs/cvssVector" },
{ "type": "null" }
],
"description": "CVSS vector and score"
},
"summary": {
"type": ["string", "null"],
"description": "Brief summary of the observation"
},
"evidence": {
"type": ["object", "null"],
"additionalProperties": true,
"description": "Arbitrary evidence data attached to the observation",
"examples": [
{
"reachability": "reachable",
"callPaths": ["main() -> vulnerable_func()"],
"exploitMaturity": "poc"
}
]
}
},
"additionalProperties": false
}
},
"properties": {
"bundleId": {
"type": "string",
"description": "Unique identifier for this evidence bundle",
"minLength": 1,
"examples": ["bundle-550e8400-e29b-41d4-a716-446655440000"]
},
"advisoryId": {
"type": "string",
"description": "Identifier of the related advisory or assessment",
"minLength": 1,
"examples": ["advisory-2025-001", "assessment-abc123"]
},
"tenant": {
"type": "string",
"description": "Tenant identifier (may be UUID or name)",
"minLength": 1,
"examples": ["00000000-0000-0000-0000-000000000001", "acme-corp"]
},
"generatedAt": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 timestamp when the bundle was generated"
},
"schemaVersion": {
"type": "integer",
"minimum": 0,
"description": "Schema version number for this bundle format",
"default": 1
},
"observations": {
"type": "array",
"items": {
"$ref": "#/$defs/advisoryObservation"
},
"default": [],
"description": "List of advisory observations in this bundle"
},
"signatures": {
"type": ["array", "null"],
"items": {
"$ref": "#/$defs/signatureInfo"
},
"description": "Optional cryptographic signatures for bundle verification"
}
},
"additionalProperties": false,
"examples": [
{
"bundleId": "bundle-550e8400-e29b-41d4-a716-446655440000",
"advisoryId": "assessment-log4shell-2024",
"tenant": "00000000-0000-0000-0000-000000000001",
"generatedAt": "2025-12-07T10:30:00Z",
"schemaVersion": 1,
"observations": [
{
"observationId": "obs-001",
"source": "scanner",
"purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1",
"cve": "CVE-2021-44228",
"severity": "critical",
"cvss": {
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"score": 10.0
},
"summary": "Log4Shell RCE vulnerability detected in log4j-core",
"evidence": {
"reachability": "reachable",
"callPaths": [
"com.example.App.main() -> org.apache.logging.log4j.Logger.error()"
],
"exploitMaturity": "weaponized",
"kevListed": true
}
},
{
"observationId": "obs-002",
"source": "vex-lens",
"purl": "pkg:maven/org.apache.logging.log4j/log4j-api@2.14.1",
"cve": "CVE-2021-45105",
"severity": "high",
"cvss": {
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"score": 5.9
},
"summary": "Log4j2 infinite recursion DoS vulnerability"
}
],
"signatures": [
{
"signature": "MEUCIQDx...",
"keyId": "sha256:abc123def456...",
"algorithm": "ECDSA-P256-SHA256"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink