Update ratings descriptions in schema files for clarity on VEX usage

fahedouch · fahedouch · commit 93da22f2d47d · 2025-11-15T12:11:18.000+01:00
Signed-off-by: fahed dorgaa &lt;fahed.dorgaa@gmail.com&gt;
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
@@ -2681,7 +2681,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
@@ -2841,7 +2841,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }
diff --git a/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json b/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json
@@ -146,7 +146,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of the vulnerability ratings as defined by various risk rating methodologies.",
+          "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {"$ref": "#/definitions/rating"}
         },
         "cwes": {

Original file line number	Diff line number	Diff line change
`@@ -2681,7 +2681,7 @@`
`2681`	`2681`	`"ratings": {`
`2682`	`2682`	`"type": "array",`
`2683`	`2683`	`"title": "Ratings",`
`2684`		`- "description": "List of vulnerability ratings",`
	`2684`	`+ "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",`
`2685`	`2685`	`"items": {`
`2686`	`2686`	`"$ref": "#/definitions/rating"`
`2687`	`2687`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2841,7 +2841,7 @@`
`2841`	`2841`	`"ratings": {`
`2842`	`2842`	`"type": "array",`
`2843`	`2843`	`"title": "Ratings",`
`2844`		`- "description": "List of vulnerability ratings",`
	`2844`	`+ "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",`
`2845`	`2845`	`"items": {`
`2846`	`2846`	`"$ref": "#/definitions/rating"`
`2847`	`2847`	`}`