SSVC JSON Schema 2020-12

[tschmidtb51]

• change definitionsto $defs
• fixes CSAF / SSVC integration #640 (comment)

[sei-vsarvepalli]

Hello @tschmidtb51

I believe we have avoided $defs due to some limitations with CVE program not being able to have $ character in their schemas due to some restrictions in AWS implementation of MongoDB.

https://docs.aws.amazon.com/documentdb/latest/developerguide/functional-differences.html#functional-differences.field-name-restrictions

CVEProject/cve-schema#144

Do you require $defs specifically or is it a design preference? Let us know we are happy to support what will work for multiple consumers that can adopt our metrics.

Thanks
vijay

[sei-vsarvepalli]

It looks like we are using $refs anyway as a key. May need to discuss with CVE schema to make sure there are no issues/concerns. And it looks like the

https://json-schema.org/draft/2020-12/schema

states

        "definitions": {
            "$comment": "\"definitions\" has been replaced by \"$defs\".",
            "type": "object",
            "additionalProperties": { "$dynamicRef": "#meta" },
            "deprecated": true,
            "default": {}
        }
        

[sei-vsarvepalli]

Yeh after looking through Amazon documentation and CVE AWG implementation, this is not a concern. It looks like it is only a problem for generated and stored values from the schema that cannot have $ sign in their key values. So I will go ahead and approve the change.

[sei-vsarvepalli]

If the test cases run okay we should publish this and later also push the main to publish for our website.