Expand description
Full CSAF 2.0 and 2.1 document serde types.
These types are derived from the OASIS CSAF 2.1 JSON schema and the 15 test
advisory files in test/csaf/. They support both serialization and
deserialization with strict field validation.
Structsยง
- Branch
- A branch in the product tree hierarchy.
- Csaf
Document - A complete CSAF document (versions 2.0 and 2.1).
- Csaf
Meta - Lightweight metadata extracted from a CSAF document for listing and search.
- CvssV3
- CVSS v3.1 scoring data.
- CvssV4
- CVSS v4.0 scoring data.
- Cwe
- CWE (Common Weakness Enumeration) reference.
- Distribution
- Distribution restrictions (TLP labelling and free-form restrictions).
- Document
- Core document metadata section.
- Engine
- Generator engine identification.
- Flag
- Flag on a vulnerability.
- Full
Product Name - A full product name definition.
- Generator
- Generator engine metadata.
- Involvement
- Involvement information.
- Metric
- CVSS scoring metric container.
- Metric
Content - Metric content containing one or both CVSS versions.
- Note
- A textual note within the document or vulnerability.
- Product
Group - A grouping of products.
- Product
Status - Product status classifications for a vulnerability.
- Product
Tree - Product hierarchy tree.
- Publisher
- Publisher identity and role.
- Reference
- A reference to an external resource.
- Relationship
- A relationship between products.
- Remediation
- Remediation action for a vulnerability.
- Restart
Required - Restart requirement specification.
- Revision
- A single revision history entry.
- Threat
- Threat information.
- Tlp
- Traffic Light Protocol label.
- Tracking
- Document lifecycle tracking information.
- Vulnerability
- A vulnerability entry within a CSAF document.
- Vulnerability
Id - Additional vulnerability identifier.