Added support for CVSSv4

stevespringett · stevespringett · commit 3e904c18f48a · 2023-03-18T23:53:30.000-05:00
Signed-off-by: Steve Springett &lt;steve@springett.us&gt;
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -651,6 +651,8 @@ enum ScoreMethod {
   SCORE_METHOD_OWASP = 4;
   // Other scoring method
   SCORE_METHOD_OTHER = 5;
+  // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/
+  SCORE_METHOD_CVSSV4 = 6;
 }
 
 message Advisory {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
@@ -1492,6 +1492,7 @@
         "CVSSv2",
         "CVSSv3",
         "CVSSv31",
+        "CVSSv4",
         "OWASP",
         "other"
       ]
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -2659,6 +2659,14 @@ limitations under the License.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
+            <xs:enumeration value="CVSSv4">
+                <xs:annotation>
+                    <xs:documentation xml:lang="en">
+                        The rating is based on CVSS v4.0 standard
+                        https://www.first.org/cvss/v4-0/
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
             <xs:enumeration value="OWASP">
                 <xs:annotation>
                     <xs:documentation xml:lang="en">

Original file line number	Diff line number	Diff line change
`@@ -651,6 +651,8 @@ enum ScoreMethod {`
`651`	`651`	`SCORE_METHOD_OWASP = 4;`
`652`	`652`	`// Other scoring method`
`653`	`653`	`SCORE_METHOD_OTHER = 5;`
	`654`	`+ // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/`
	`655`	`+ SCORE_METHOD_CVSSV4 = 6;`
`654`	`656`	`}`
`655`	`657`
`656`	`658`	`message Advisory {`