When cve.org rejects our CVE, it tends to return something like INVALID_JSON_SCHEMA without further details.
It would be nice to show human-readable validation errors in this case. Until that time, it would be good to document how to get human-readable validation errors.
Currently I'm using check-jsonschema with the schema from https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0, though that needs me to create a file:. directory with the tags as it appears to misinterpret a reference. Then it works nicely though:
$ check-jsonschema --schemafile CVE_JSON_5.0_schema.json ~/Downloads/CVE-2023-41313.json
(...)
Best Match:
$.cveMetadata.state: 'PUBLISHED' is not one of ['REJECTED']
Best Deep Match:
$.containers.cna.metrics[0].other: 'type' is a required property
2 other errors were produced. Use '--verbose' to see all errors.
When cve.org rejects our CVE, it tends to return something like
INVALID_JSON_SCHEMAwithout further details.It would be nice to show human-readable validation errors in this case. Until that time, it would be good to document how to get human-readable validation errors.
Currently I'm using
check-jsonschemawith the schema from https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0, though that needs me to create afile:.directory with thetagsas it appears to misinterpret a reference. Then it works nicely though: