Skip to content

Commit 0252430

Browse files
puercopuerco
committed
spec: Add tables for identifier and hash catalogs
This commit adds reference tables for the hash names and identifier labels to be used in the product data structure. Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
1 parent ed174d5 commit 0252430

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

OPENVEX-SPEC.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -594,10 +594,44 @@ the project could issue an OpenVEX document as follows:
594594
VEX-enabled security scanners could use the vex document to turn off the security
595595
alert and dashboards could present users with the official guidance from the project.
596596

597+
## Appendix A: Hash Names Table
598+
599+
The following list of hash names can be used as keys in the `hashes` field of the
600+
product field. These labels follow and extend the
601+
[Hash Function Textual Names](https://www.iana.org/assignments/named-information/named-information.xhtml)
602+
document from IANA.
603+
604+
| Hash Label |
605+
| --- |
606+
| md5 |
607+
| sha1 |
608+
| sha-256 |
609+
| sha-384 |
610+
| sha-512 |
611+
| sha3-224 |
612+
| sha3-256 |
613+
| sha3-384 |
614+
| sha3-512 |
615+
| blake2s-256 |
616+
| blake2b-256 |
617+
| blake2b-512 |
618+
619+
## Appendix B: Software Identifier Types Table
620+
621+
The following labels can be used as keys when enumerating software identifiers
622+
in the product data structure.
623+
624+
| Type Label | Identifier type |
625+
| --- | --- |
626+
| purl | [Package URL](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst) |
627+
| cpe22 | [Common Platform Enumeration v2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf) |
628+
| cpe23 | [Common Platform Enumeration v2.3](https://csrc.nist.gov/pubs/ir/7695/final) |
629+
597630
## Revisions
598631

599632
| Date | Revision |
600633
| --- | --- |
634+
| 2023-07-18 | Added hash and identifier tables |
601635
| 2023-07-18 | Updated spec to reflect changes in [OPEV-0015: Expansion of the Vulnerability Field](https://github.com/openvex/community/blob/main/enhancements/opev-0015.md) |
602636
| 2023-07-18 | Updated spec to reflect changes in [OPEV-0014: Expansion of the VEX Product Field](https://github.com/openvex/community/blob/main/enhancements/opev-0014.md) |
603637
| 2023-07-18 | Bumped version of the spec to v0.0.2 after update to meet the VEX-WG doc. |

0 commit comments

Comments
 (0)