osv-schema icon indicating copy to clipboard operation
osv-schema copied to clipboard

Published 20 hours ago verified publisher icon ossf

Add `$id` to validation/schema.json

Open joshbuker opened this issue 3 years ago • 3 comments

@oliverchang I'm not sure what the best place for that to live would be, worst case scenario we can point it at the raw link for the main branch (https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json).

Relates to #51 somewhat (aiding parsers in knowing when an object is OSV, and what to expect from said OSV).

joshbuker avatar Jun 27 '22 18:06 joshbuker

Oh, one aspect of this that actually would be directly relevant to #51 is including versioning in said schema reference.

This is valuable for any other schemas that would like to either use an explicit version of OSV (e.g. 1.0.0) or explicitly the latest.

joshbuker avatar Jun 27 '22 19:06 joshbuker

Perhaps the following?

  • https://osv.dev/schema.json - Defaults to latest if no version is supplied
  • https://osv.dev/schema.json/1.0.0 - Allows explicitly requesting a specific version (semver)
  • https://osv.dev/schema.json/latest - Functionally equivalent to not including a version, but allows consumers to explicitly state that they are requesting the latest version

joshbuker avatar Jun 27 '22 19:06 joshbuker

Thanks for raising this!

We can probably set this up to serve from https://ossf.github.io/osv-schema/ (rather than https://osv.dev), and track the different versions via branches/tags in the repo. We might need to tweak with the site generation (which is currently a Jekyll site) to do this, but I haven't looked too closely to figure out how feasible this is.

Would you like to take a stab at this?

oliverchang avatar Jun 28 '22 03:06 oliverchang

See also: https://github.com/google/osv.dev/issues/1166

joshbuker avatar Mar 29 '23 21:03 joshbuker