security-insights-spec icon indicating copy to clipboard operation
security-insights-spec copied to clipboard
verified publisher icon ossf

Validation with `cue` is not working

Open aaguiarz opened this issue 7 months ago • 2 comments

If you run

cue vet schema.cue .\SECURITY-INSIGHTS.yml

it does not properly enforce the schema, and successfully validates every file.

cue vet -d '#SecurityInsights'  schema.cue .\SECURITY-INSIGHTS.yml

works well.

Maybe a constraint needs to be added to the schema.cue file by just adding:

#SecurityInsights

aaguiarz avatar Jul 28 '25 21:07 aaguiarz

https://github.com/ossf/security-insights/blob/main/Makefile#L6 demonstrates that we do use the working form of cue vet which specifies -d '#SecurityInsights'

I searched through the user facing documentation and couldn't find any guidance we are providing to use the non-working cue vet schema.cue .\SECURITY-INSIGHTS.yml form.

Is there a change you propose we make to the code or docs?

trumant avatar Aug 08 '25 11:08 trumant

Why not adding #SecurityInsights in the schema.cue?

aaguiarz avatar Aug 08 '25 11:08 aaguiarz