-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/issue 576 #588
Feature/issue 576 #588
Conversation
Following up on this comment and expanding on this comment from #576: It seems like we need the list of chosen items to include more specificity about what decision point they're drawn from. I was thinking something like: {
"decision_points": [
{
"namespace": "ssvc",
"name": "Exploitation",
"version": "1.0.0",
"key": "E",
"values": [ "None" ]
},
{
"namespace": "ssvc",
"name": "Automatable",
"version": "2.0.0",
"key": "A",
"values": [ "Yes" ]
}
]
} Which shares the In the current Computed example we have {
"Exploitation": "active"
},
{
"Automatable": "no"
} which is now underspecified since there can be different versions of Exploitation and Automatable. |
Optionally the full Decision Tree ordered with outcomes (compliant to |
Some more issues to be concerned about
|
Ideas for result format objects
The example |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After discussion, we've recognized a number of spinoff issues inherent to this PR. I think we should split this PR apart into smaller chunks to address those issues individually
I think we've already addressed the base issue #576 sufficiently, and the other issues in this PR were split up (see comments above). So I'm closing this PR as unmerged. Smaller chunks of it might still be relevant to future PRs of course. |
This is a major change in Schemas to resolve #576 and try to create new schemas that can be processed by third parties efficiently. This requires some changes to vulnrichment project with ADP exports. Our schema has been updated, but there are external dependencies.
cisagov/vulnrichment#40
There is a new option in the schema called
outcome
which is optional and can be used represent the comprehensive outcomes of the current Decision Tree. This can provide outcomes of the full decision tree, just like the outcomes from a decision point, so the next consumer can use this values to restrict outputs from the decision tree.The JavaScript code also has been updated. This requires a bit of thorough review as there may be other dependencies that are impacted by this schema comprehesnive update. Currently there is a version number in the Computed Schema, but that should be managed before parsers are written to read Computed schema when used alongside of ADP or other data providers.
@j--- may need to help coordinate with CISA developers to ensure the new schema is adopted by CISA developers.