JSON Schemas

This section is a collection of JSON schemas for the FederatedCode Data.

Package

https://raw.githubusercontent.com/nexB/federatedcode/main/schemas/package.schema.json
A software package identified by its package url ( PURL ) ignoring versions
type	object
properties
remote_actor	#/$defs/RemoteActor
notes	Notes
	type	array
	items	#/$defs/Note
summary	Summary
	profile summary
	type	string
	maxLength	100
public_key	Public Key
	type	string
local	Local
	type	boolean
	default	True
id	Id
	The object’s unique global identifier
	anyOf	type	string
		format	uuid
		type	null
purl	Purl
	PURL (no version) ex: @pkg:maven/org.apache.logging
	type	string
	maxLength	300
$defs
Note	Note
	A Note is a message send by a Person or Package. The content is either a plain text message or structured YAML. If the author is a Package actor then the content is always YAML If the author is a Person actor then the content is always plain text https://www.w3.org/TR/activitystreams-vocabulary/#dfn-note
	type	object
	properties
	reputation	Reputation
		type	array
		items	#/$defs/Reputation
	reply_to	#/$defs/Note
	id	Id
		The object’s unique global identifier
		anyOf	type	string
			format	uuid
			type	null
	acct	Acct
		type	string
		maxLength	200
	content	Content
		type	string
	mediaType	mediaType
		type	string
		maxLength	20
		default	text/plain
	created_at	Created At
		A field to track when notes are created
		type	string
		format	date-time
	updated_at	Updated At
		A field to track when notes are updated
		type	string
		format	date-time
RemoteActor	RemoteActor
	type	object
	properties
	url	Url
		default	null
		anyOf	type	string
			type	null
	username	Username
		type	string
		maxLength	100
	created_at	Created At
		A field to track when remote actor are created
		type	string
		format	date-time
	updated_at	Updated At
		A field to track when remote actor are updated
		type	string
		format	date-time
Reputation	Reputation
	https://www.w3.org/TR/activitystreams-vocabulary/#dfn-like https://www.w3.org/ns/activitystreams#Dislike
	type	object
	properties
	object_id	Object Id
		default	null
		anyOf	type	string
			format	uuid
			type	null
	voter	Voter
		security@vcio
		type	string
		maxLength	100
	positive	Positive
		type	boolean
		default	True

Vulnerability

https://raw.githubusercontent.com/nexB/federatedcode/main/schemas/vulnerability.schema.json
type	object
properties
repo	#/$defs/Repository
id	Id
	Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-
	default	null
	anyOf	type	string
		maxLength	20
		type	null
remote_url	Remote Url
	default	null
	anyOf	type	string
		maxLength	300
		type	null
$defs
Repository	Repository
	A git repository used as a backing storage for Package and vulnerability data
	type	object
	properties
	id	Id
		The object’s unique global identifier
		anyOf	type	string
			format	uuid
			type	null
	url	Url
		Git Repository url ex: https://github.com/nexB/vulnerablecode-data
		type	string
	path	Path
		path of the repository
		type	string
		maxLength	200
	remote_url	Remote Url
		the url of the repository if this repository is remote
		default	null
		anyOf	type	string
			maxLength	300
			type	null
	last_imported_commit	Last Imported Commit
		default	null
		anyOf	type	string
			maxLength	64
			type	null
	created_at	Created At
		A field to track when repository are created
		type	string
		format	date-time
	updated_at	Updated At
		A field to track when repository are updated
		type	string
		format	date-time