Merge pull request #311 from CVEProject/5.1.0

Merging 5.1.0 development branch into master

Author: ccoffin

.github/workflows/validate-schema.yml

@@ -9,8 +9,8 @@ on:
     branches:
       - master
 env:
-  CVE_SCHEMA_DIR: schema/v5.0
-  CVE_SCHEMA_FILENAME: CVE_JSON_5.0_schema.json
+  CVE_SCHEMA_DIR: schema
+  CVE_SCHEMA_FILENAME: CVE_Record_Format.json
 jobs:
   verify-json-validation:
     runs-on: ubuntu-latest
@@ -28,9 +28,11 @@ jobs:
           sed 's/file\://g' "${CVE_SCHEMA_DIR}/${CVE_SCHEMA_FILENAME}" > "${CVE_SCHEMA_DIR}/cve-schema.json"
       - name: Bundle schema for AJV
         run: |
-          node  "${CVE_SCHEMA_DIR}/support/schema2markmap/schema-bundle.js" "${CVE_SCHEMA_DIR}/cve-schema.json" > "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json"
+          node  "${CVE_SCHEMA_DIR}/support/schema2markmap/schema-bundle.js" "${CVE_SCHEMA_DIR}/cve-schema.json" "${CVE_SCHEMA_DIR}/docs/"
       - name: Validate JSON schema
         run: |
-          ajv compile -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json"
-          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-basic-example.json"
-          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-advanced-example.json"
+          ajv compile -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json"
+          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-basic-example.json"
+          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-advanced-example.json"
+          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json" -d "${CVE_SCHEMA_DIR}/docs/cnaContainer-advanced-example.json"
+          ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json" -d "${CVE_SCHEMA_DIR}/docs/cnaContainer-basic-example.json"

README.md

@@ -1,26 +1,41 @@
-# Current Version of CVE Schema
+# Current Version of CVE Record Format
 
-The latest version of the CVE JSON is 5.0. A single schema file with bundled dependencies is available [here](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/CVE_JSON_5.0_bundled.json).
+Major changes to cve-schema repo architecture!! if you have integrations that rely on the cve-schema repo structure, please review the changes here. The latest version of the CVE JSON record format is 5.1.0. A single schema file with bundled dependencies is available [here](https://github.com/CVEProject/cve-schema/blob/master/schema/docs/CVE_Record_Format_bundled.json).
 
-# CVE Schema Overview 
-cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of CVE JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit.
+Note: The ADP functionality in the current schema is not yet deployed in CVE Services. The ADP functionality is currently under development and is for future use.
 
-Learn more about the CVE program at [cve.org](https://www.cve.org/)
+Note: Please refer to the CVE Services page [here](https://www.cve.org/AllResources/CveServices) for known issues with the schema. 
 
-This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/)
+# CVE Record Format Overview
 
-A single schema file with bundled dependencies is at [CVE_JSON_5.0_bundled.json](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/CVE_JSON_5.0_bundled.json)
+cve-schema specifies the CVE record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record. Some examples of CVE record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit.
 
-Documentation about this format is available in [docs](https://cveproject.github.io/cve-schema/schema/v5.0/docs/)
+### Learn
 
-A mindmap version of the CVE record structure is at [mindmap](https://cveproject.github.io/cve-schema/schema/v5.0/docs/mindmap.html)
+Learn more about the CVE program at: https://www.cve.org/
 
-A basic example of a full record in 5.0 format with minimally required fields is available at [full-record-basic-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/full-record-basic-example.json)
+This CVE record format is defined using JSON Schema. Learn more about JSON Schema at: https://json-schema.org/ .
 
-An advanced example of a full record in 5.0 format is available at [full-record-advanced-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/full-record-advanced-example.json)
+### Latest
 
-A basic example of a cnaContainer, to be used with CVE Services, is available at [cnaContainer-basic-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/cnaContainer-basic-example.json)
+The latest version of the record format is 5.1.0. It is specified in the JSON schema at https://github.com/CVEProject/cve-schema/blob/master/schema/CVE_Record_Format.json
 
-An advanced example of a cnaContainer, to be used with CVE Services, is available at [cnaContainer-advanced-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/cnaContainer-advanced-example.json)
+A single schema file with bundled dependencies is at https://github.com/CVEProject/cve-schema/blob/master/schema/docs/CVE_Record_Format_bundled.json
 
-More details about Product and Version Encodings in CVE JSON 5.0 record is at [versions.md](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/versions.md)
+### Documentation and Guidance
+
+Documentation about this format is available at https://cveproject.github.io/cve-schema/schema/docs/
+
+A mindmap version of the CVE record structure is at https://cveproject.github.io/cve-schema/schema/docs/mindmap.html
+
+More details about Product and Version Encodings in CVE JSON 5.1.0 record is at https://github.com/CVEProject/cve-schema/blob/master/schema/docs/versions.md
+
+### Examples
+
+A basic example of a full record in 5.1.0 format with minimally required fields is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/full-record-basic-example.json
+
+An advanced example of a full record in 5.1.0 format is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/full-record-advanced-example.json
+
+A basic example of a cnaContainer, to be used with CVE Services, is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/cnaContainer-basic-example.json
+
+An advanced example of a cnaContainer, to be used with CVE Services, is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/cnaContainer-advanced-example.json