diff --git a/docs/schema.md b/docs/schema.md index 3786d76b..ae0478c9 100644 --- a/docs/schema.md +++ b/docs/schema.md @@ -143,8 +143,8 @@ string of the format `-`, where `DB` names the database and `ENTRYID` is in the format used by the database. For example: "OSV-2020-111", "CVE-2021-3114", or "GHSA-vp9c-fpxx-744v". -The `x_` prefix can be used to denote a local database that isn't aggregated -by OSV.dev, allowing external records to be schema-compliant. For example: +The `x_` prefix can be used to denote a local database that isn't aggregated +by OSV.dev, allowing external records to be schema-compliant. For example: "x_CUSTOM-0001". The defined database prefixes and their "home" databases are: @@ -359,6 +359,17 @@ The defined database prefixes and their "home" databases are: + + GLAM + GitLab Advisories for Malware + + + + GO Go Vulnerability Database @@ -1058,7 +1069,7 @@ Only **a single type** (either `introduced`, `fixed`, `last_affected`, `limit`) is allowed in each event object. For instance, `{"introduced": "1.0.0", "fixed": "1.0.2"}` is **invalid**. -Entries in the `events` array may be "last_affected" or "fixed" events, +Entries in the `events` array may be "last_affected" or "fixed" events, but not both. It's **strongly recommended** to use `fixed` instead of `last_affected` where possible, as it precisely identifies the version which contains the fix. `last_affected` should be thought of as the hard ceiling diff --git a/tools/osv-linter/internal/checks/schema_generated.json b/tools/osv-linter/internal/checks/schema_generated.json index 3b6bd182..633855be 100644 --- a/tools/osv-linter/internal/checks/schema_generated.json +++ b/tools/osv-linter/internal/checks/schema_generated.json @@ -392,7 +392,7 @@ "type": "string", "title": "Currently supported home database identifier prefixes", "description": "These home databases are also documented at https://ossf.github.io/osv-schema/#id-modified-fields", - "pattern": "^(x_|(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|AZL|BELL|BIT|CGA|CLEANSTART|CURL|CVE|DEBIAN|DHI|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSEC|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|ROOT|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-)" + "pattern": "^(x_|(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|AZL|BELL|BIT|CGA|CLEANSTART|CURL|CVE|DEBIAN|DHI|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GLAM|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSEC|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|ROOT|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-)" }, "severity": { "type": [ diff --git a/validation/schema.json b/validation/schema.json index 3b6bd182..633855be 100644 --- a/validation/schema.json +++ b/validation/schema.json @@ -392,7 +392,7 @@ "type": "string", "title": "Currently supported home database identifier prefixes", "description": "These home databases are also documented at https://ossf.github.io/osv-schema/#id-modified-fields", - "pattern": "^(x_|(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|AZL|BELL|BIT|CGA|CLEANSTART|CURL|CVE|DEBIAN|DHI|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSEC|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|ROOT|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-)" + "pattern": "^(x_|(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|AZL|BELL|BIT|CGA|CLEANSTART|CURL|CVE|DEBIAN|DHI|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GLAM|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSEC|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|ROOT|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-)" }, "severity": { "type": [