Split Schema Implementation to Input and Output Schemas #385
Labels
bug
Something isn't working
enhancement
New feature or request
Needs Discussion
Discuss in a future QWG meeting or on mailing list
Comments
ccoffin
added
bug
|
To capture it from the QWG today. The desired behavior could be achieved by tagging a single schema appropriately such that input and output validation files/tool/whatevs can be mechanically derived from it. graph TD;
schema-->input_validation;
schema-->output_validation;
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The data submitted by CNAs has different fields than what is required for a valid CVE Record. CVE Services populates some fields (e.g., providerMetadata/orgId, see issue #312 ) during the submission process regardless of what the CNA provides in their submission.
A different (output) schema is needed when viewing/consuming CVE Records to ensure that all required data is present as intended. CVE consumers want to know that the data is there (see #334 and CVEProject/cvelistV5#66).
This could result in a CNA (input) schema and a CVE (output) schema.
The text was updated successfully, but these errors were encountered: