From 93da22f2d47d08097ee866cb5bb19cba49e2b93c Mon Sep 17 00:00:00 2001 From: fahed dorgaa Date: Fri, 14 Nov 2025 14:28:47 +0100 Subject: [PATCH] Update ratings descriptions in schema files for clarity on VEX usage Signed-off-by: fahed dorgaa --- schema/bom-1.6.schema.json | 2 +- schema/bom-1.7.schema.json | 2 +- schema/ext/vulnerability-1.0-SNAPSHOT.schema.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json index 8bc9d3d6..9aa94372 100644 --- a/schema/bom-1.6.schema.json +++ b/schema/bom-1.6.schema.json @@ -2681,7 +2681,7 @@ "ratings": { "type": "array", "title": "Ratings", - "description": "List of vulnerability ratings", + "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.", "items": { "$ref": "#/definitions/rating" } diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json index 785acacb..d9311c03 100644 --- a/schema/bom-1.7.schema.json +++ b/schema/bom-1.7.schema.json @@ -2841,7 +2841,7 @@ "ratings": { "type": "array", "title": "Ratings", - "description": "List of vulnerability ratings", + "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.", "items": { "$ref": "#/definitions/rating" } diff --git a/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json b/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json index 378bd498..efb95c16 100644 --- a/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json +++ b/schema/ext/vulnerability-1.0-SNAPSHOT.schema.json @@ -146,7 +146,7 @@ "ratings": { "type": "array", "title": "Ratings", - "description": "List of the vulnerability ratings as defined by various risk rating methodologies.", + "description": "List of vulnerability ratings. Consumers SHOULD use ratings and SHOULD NOT ignore them; source ratings may differ and aid prioritization.", "items": {"$ref": "#/definitions/rating"} }, "cwes": {